[Secure-testing-commits] r27175 - in data: . CVE

Fri, 06 Jun 2014 07:58:43 -0700 

Author: jmm
Date: 2014-06-06 14:57:49 +0000 (Fri, 06 Jun 2014)
New Revision: 27175

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
no-dsa: mediawiki, kfreebsd8, sendmail, icedtea-web
jboss not-affected
mark apache2 as undetermined for now
remove zabbix from dsa-needed, this was for squeeze
one libav issue N/A for wheezy


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2014-06-06 12:00:09 UTC (rev 27174)
+++ data/CVE/list       2014-06-06 14:57:49 UTC (rev 27175)
@@ -81,9 +81,12 @@
        [squeeze] - xen <not-affected> (Xen versions from 4.2 onwards are 
vulnerable)
 CVE-2014-3966 [mediawiki Javascript inject by anonymous users on private wikis 
with $wgRawHtml enabled]
        - mediawiki <unfixed> (low; bug #750527)
+       [wheezy] - mediawiki <no-dsa> (Minor issue)
+       [squeeze] - mediawiki <end-of-life>
        NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=65501
 CVE-2014-3956 (The sm_close_on_exec function in conf.c in sendmail before 
8.14.9 has ...)
-       - sendmail 8.14.4-6 (bug #750562)
+       - sendmail 8.14.4-6 (low; bug #750562)
+       [wheezy] - sendmail <no-dsa> (Minor issue)
        NOTE: http://www.openwall.com/lists/oss-security/2014/06/03/1
 CVE-2014-3940 [missing check during hugepage migration]
        RESERVED
@@ -197,6 +200,7 @@
        - kfreebsd-8 <removed>
        - kfreebsd-9 <unfixed> (bug #750493)
        [wheezy] - kfreebsd-9 <not-affected> (introduced by the merge of 
r237663)
+       [wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a 
point update)
        TODO: for wheezy maintainers are double-checking
 CVE-2014-3872 (Multiple SQL injection vulnerabilities in the administration 
login ...)
        NOT-FOR-US: D-Link firmware
@@ -1000,6 +1004,7 @@
        RESERVED
 CVE-2014-3481
        RESERVED
+       - jbossas4 <not-affected> (Only builds a few libraries, not the full 
application server, #581226)
 CVE-2014-3480
        RESERVED
 CVE-2014-3479
@@ -2160,6 +2165,7 @@
        - kfreebsd-10 10.0-5 (bug #746949)
        - kfreebsd-9 <unfixed> (bug #746951)
        - kfreebsd-8 <removed> (bug #746952)
+       [wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a 
point update)
        [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
 CVE-2014-2999
        RESERVED
@@ -6499,6 +6505,7 @@
 CVE-2014-1453 (The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not 
...)
        {DSA-2952-1}
        - kfreebsd-8 <removed>
+       [wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a 
point update)
        [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
        - kfreebsd-9 <unfixed> (bug #743984)
        - kfreebsd-10 10.0-4
@@ -11733,7 +11740,8 @@
        RESERVED
        NOT-FOR-US: fedup (Fedora specific)
 CVE-2013-6493 (The LiveConnect implementation in 
plugin/icedteanp/IcedTeaNPPlugin.cc ...)
-       - icedtea-web 1.4.2-1
+       - icedtea-web 1.4.2-1 (low)
+       [wheezy] - icedtea-web <no-dsa> (Minor issue)
 CVE-2013-6492 (The Piranha Configuration Tool in Piranha 0.8.6 does not 
properly ...)
        NOT-FOR-US: Pirhana
 CVE-2013-6491 (The python-qpid client (common/rpc/impl_qpid.py) in OpenStack 
Oslo ...)
@@ -13778,7 +13786,8 @@
        NOTE: Upstream commit: 
https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d
        NOTE: http://martin.swende.se/blog/HTTPChunked.html
 CVE-2013-5704 (The mod_headers module in the Apache HTTP Server 2.2.22 allows 
remote ...)
-       - apache2 <unfixed>
+       - apache2 <undetermined>
+       NOTE: http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2
 CVE-2013-5703 (The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to 
execute ...)
        NOT-FOR-US: DrayTek Vigor 2700 router
 CVE-2013-5702 (Multiple cross-site scripting (XSS) vulnerabilities in 
WebCenter in ...)
@@ -26962,6 +26971,7 @@
 CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg 
before 1.1 ...)
        - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks 
missing)
        - libav 6:9.10-1
+       [wheezy] - libav <not-affected> (Vulnerable code not present)
        NOTE: Fix in ffmpeg: 
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594
        NOTE: Fix in libav: 
http://git.libav.org/?p=libav.git;a=commit;h=78aa2ed620178044a227fbbe48f749c0dc86023f
 CVE-2013-0855 (Integer overflow in the alac_decode_close function in ...)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2014-06-06 12:00:09 UTC (rev 27174)
+++ data/dsa-needed.txt 2014-06-06 14:57:49 UTC (rev 27175)
@@ -60,5 +60,3 @@
 --
 xlhtml
 --
-zabbix
---


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to