Author: jmm Date: 2014-06-06 14:57:49 +0000 (Fri, 06 Jun 2014) New Revision: 27175
Modified: data/CVE/list data/dsa-needed.txt Log: no-dsa: mediawiki, kfreebsd8, sendmail, icedtea-web jboss not-affected mark apache2 as undetermined for now remove zabbix from dsa-needed, this was for squeeze one libav issue N/A for wheezy Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-06-06 12:00:09 UTC (rev 27174) +++ data/CVE/list 2014-06-06 14:57:49 UTC (rev 27175) @@ -81,9 +81,12 @@ [squeeze] - xen <not-affected> (Xen versions from 4.2 onwards are vulnerable) CVE-2014-3966 [mediawiki Javascript inject by anonymous users on private wikis with $wgRawHtml enabled] - mediawiki <unfixed> (low; bug #750527) + [wheezy] - mediawiki <no-dsa> (Minor issue) + [squeeze] - mediawiki <end-of-life> NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=65501 CVE-2014-3956 (The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has ...) - - sendmail 8.14.4-6 (bug #750562) + - sendmail 8.14.4-6 (low; bug #750562) + [wheezy] - sendmail <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2014/06/03/1 CVE-2014-3940 [missing check during hugepage migration] RESERVED @@ -197,6 +200,7 @@ - kfreebsd-8 <removed> - kfreebsd-9 <unfixed> (bug #750493) [wheezy] - kfreebsd-9 <not-affected> (introduced by the merge of r237663) + [wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update) TODO: for wheezy maintainers are double-checking CVE-2014-3872 (Multiple SQL injection vulnerabilities in the administration login ...) NOT-FOR-US: D-Link firmware @@ -1000,6 +1004,7 @@ RESERVED CVE-2014-3481 RESERVED + - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) CVE-2014-3480 RESERVED CVE-2014-3479 @@ -2160,6 +2165,7 @@ - kfreebsd-10 10.0-5 (bug #746949) - kfreebsd-9 <unfixed> (bug #746951) - kfreebsd-8 <removed> (bug #746952) + [wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update) [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts) CVE-2014-2999 RESERVED @@ -6499,6 +6505,7 @@ CVE-2014-1453 (The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not ...) {DSA-2952-1} - kfreebsd-8 <removed> + [wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update) [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts) - kfreebsd-9 <unfixed> (bug #743984) - kfreebsd-10 10.0-4 @@ -11733,7 +11740,8 @@ RESERVED NOT-FOR-US: fedup (Fedora specific) CVE-2013-6493 (The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc ...) - - icedtea-web 1.4.2-1 + - icedtea-web 1.4.2-1 (low) + [wheezy] - icedtea-web <no-dsa> (Minor issue) CVE-2013-6492 (The Piranha Configuration Tool in Piranha 0.8.6 does not properly ...) NOT-FOR-US: Pirhana CVE-2013-6491 (The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo ...) @@ -13778,7 +13786,8 @@ NOTE: Upstream commit: https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d NOTE: http://martin.swende.se/blog/HTTPChunked.html CVE-2013-5704 (The mod_headers module in the Apache HTTP Server 2.2.22 allows remote ...) - - apache2 <unfixed> + - apache2 <undetermined> + NOTE: http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2 CVE-2013-5703 (The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute ...) NOT-FOR-US: DrayTek Vigor 2700 router CVE-2013-5702 (Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in ...) @@ -26962,6 +26971,7 @@ CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 ...) - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:9.10-1 + [wheezy] - libav <not-affected> (Vulnerable code not present) NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=78aa2ed620178044a227fbbe48f749c0dc86023f CVE-2013-0855 (Integer overflow in the alac_decode_close function in ...) Modified: data/dsa-needed.txt =================================================================== --- data/dsa-needed.txt 2014-06-06 12:00:09 UTC (rev 27174) +++ data/dsa-needed.txt 2014-06-06 14:57:49 UTC (rev 27175) @@ -60,5 +60,3 @@ -- xlhtml -- -zabbix --- _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits