[Secure-testing-commits] r29663 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2014-10-26 12:51:10 +0000 (Sun, 26 Oct 2014)
New Revision: 29663

Modified:
   data/CVE/list
Log:
fix source package name for konqueror in oldstable
mark unsupported browsers as unimportant; they can still be fixed up
  for jessie to disable ssl3 as their maintainers see fit


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2014-10-26 12:31:44 UTC (rev 29662)
+++ data/CVE/list       2014-10-26 12:51:10 UTC (rev 29663)
@@ -11377,20 +11377,20 @@
 CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and 
other ...)
        - aolserver4-nsopenssl <unfixed>
        - apache2 2.4.10-6
-       - arora <unfixed>
+       - arora <unfixed> (unimportant)
        - bouncycastle <unfixed>
        - chromium-browser <unfixed>
-       - conkeror <unfixed>
+       - conkeror <unfixed> (unimportant)
        - cyassl <unfixed>
        - dwb <unfixed>
        - openssl 1.0.1j-1
        - galeon <unfixed>
        - gnutls26 <unfixed>
        - gnutls28 <unfixed>
-       - kazehakase <unfixed>
-       [squeeze] - kdebase <unfixed>
-       - kde-baseapps <unfixed>
-       - epiphany-browser <unfixed>
+       - kazehakase <unfixed> (unimportant)
+       - kdebase <removed> (unimportant)
+       - kde-baseapps <unfixed> (unimportant)
+       - epiphany-browser <unfixed> (unimportant)
        - fossil <unfixed>
        - gatling <unfixed>
        - haskell-tls <unfixed>
@@ -11400,9 +11400,9 @@
        [squeeze] - iceweasel <end-of-life>
        - lighttpd <unfixed>
        - matrixssl <unfixed>
-       - midori <unfixed>
+       - midori <unfixed> (unimportant)
        - mini-httpd <unfixed>
-       - netsurf <unfixed>
+       - netsurf <unfixed> (unimportant)
        - nginx <unfixed>
        - nss <unfixed>
        - ocsigenserver <unfixed>
@@ -11410,17 +11410,18 @@
        - openjdk-7 <unfixed>
        - openjdk-8 <unfixed>
        - polarssl <unfixed>
-       - surf <unfixed>
+       - surf <unfixed> (unimportant)
        - tlslite <unfixed>
        - tntnet <unfixed>
        - tomcatjss <unfixed>
-       - uzbl <unfixed>
+       - uzbl <unfixed> (unimportant)
        - webfs <unfixed>
        - yaws <unfixed>
        NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf
        NOTE: 
http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
        NOTE: This is only about the SSLv3 CBC padding, not about any downgrade 
attack or support for the fallback SCSV
        NOTE: Fix is to disable SSLv3 in library or application configurations 
+        NOTE: Browsers based on webkit (with the exception of Chromium) or 
khtml are not covered by security support
 CVE-2014-3565 (snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ 
option is ...)
        - net-snmp 5.7.2.1~dfsg-7 (bug #760132)
        [wheezy] - net-snmp <no-dsa> (Minor issue)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits