Author: jmm
Date: 2015-01-15 11:27:18 +0000 (Thu, 15 Jan 2015)
New Revision: 31357
Modified:
data/CVE/list
Log:
new samba issue (only for sid/jessie)
ht no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-15 09:10:16 UTC (rev 31356)
+++ data/CVE/list 2015-01-15 11:27:18 UTC (rev 31357)
@@ -1685,7 +1685,9 @@
NOTE:
https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;a=commit;h=8b5f0345dade6b2822d9b52c8ad12e63011a5c12
NOTE: notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327089&styleName=Html&projectId=12310963
CVE-2014-XXXX [crashes on crafted ELF]
- - ht <unfixed> (bug #773308)
+ - ht <unfixed> (low; bug #773308)
+ [wheezy] - ht <no-dsa> (Minor issue)
+ [squeeze] - ht <no-dsa> (Minor issue)
CVE-2014-XXXX [insecure LUA default load path]
- libquvi 0.4.1-3 (low; bug #774555)
[wheezy] - libquvi <no-dsa> (Minor issue)
@@ -6402,8 +6404,14 @@
- sox 14.4.1-5 (bug #773720)
CVE-2014-8144 (Cross-site request forgery (CSRF) vulnerability in doorkeeper
before ...)
NOT-FOR-US: doorkeeper OAuth provider
-CVE-2014-8143
+CVE-2014-8143 [Elevation of privilege to Active Directory Domain Controller]
RESERVED
+ - samba <unfixed>
+ [wheezy] - samba <not-affected> (Only affects 4.0 and later)
+ [squeeze] - samba <not-affected> (Only affects 4.0 and later)
+ - samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
+ NOTE: AD-related packages removed from src:samba4 in
4.0.0~beta2+dfsg1-3.2+deb7u2
+ NOTE: https://www.samba.org/samba/security/CVE-2014-8143
CVE-2014-8142 (Use-after-free vulnerability in the process_nested_data
function in ...)
{DSA-3117-1}
- php5 <unfixed> (unimportant)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
