[Secure-testing-commits] r32582 - data/CVE

Mon, 02 Mar 2015 10:19:04 -0800 

Author: jmm
Date: 2015-03-02 18:18:32 +0000 (Mon, 02 Mar 2015)
New Revision: 32582

Modified:
   data/CVE/list
Log:
xterm non-issue
rope no-dsa
neutron already fixed a long time ago
kgb-bot short of actionable information so far, setting to undetermined until 
the reporter provides further information


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-03-02 18:15:00 UTC (rev 32581)
+++ data/CVE/list       2015-03-02 18:18:32 UTC (rev 32582)
@@ -18,9 +18,6 @@
        - putty 0.63-10
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2015/02/27/4
        NOTE: https://www.trustmatta.com/advisories/MATTA-2015-002.txt (not yet 
published)
-CVE-2015-XXXX [buffer overflow with -S option]
-       - xterm 312-2 (bug #779397)
-       TODO: check security impact
 CVE-2015-2172 [DokuWiki privilege escalation in RPC API]
        - dokuwiki <unfixed> (bug #779547)
        NOTE: https://github.com/splitbrain/dokuwiki/issues/1056
@@ -2097,7 +2094,7 @@
        NOT-FOR-US: typo3 extension
 CVE-2015-1554 [can be crashed by some network traffic]
        RESERVED
-       - kgb-bot <unfixed> (bug #776424)
+       - kgb-bot <undetermined> (bug #776424)
 CVE-2014-XXXX [Digest authentification never replay Ldap requests]
        - squid <undetermined>
        - squid3 3.4.8-6 (bug #776464)
@@ -21168,6 +21165,7 @@
 CVE-2014-3539 [pickle.load of remotely supplied data with no authentication 
required]
        RESERVED
        - rope <unfixed> (bug #777525)
+       [jessie] - rope <no-dsa> (Minor issue)
        [squeeze] - rope <no-dsa> (Minor issue)
        [wheezy] - rope <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1116485
@@ -33031,7 +33029,8 @@
 CVE-2013-6433 (The default configuration in the Red Hat openstack-neutron 
package ...)
        - quantum <removed>
        [wheezy] - quantum <no-dsa> (Minor issue)
-       - neutron <unfixed>
+       - neutron 2014.1-1
+       NOTE: Likely fixed even earlier than 2014.1-1, but that was the oldest 
version checked
 CVE-2013-6432 (The ping_recvmsg function in net/ipv4/ping.c in the Linux 
kernel ...)
        - linux 3.12.6-1
        [wheezy] - linux <not-affected> (Vulnerable code introduced in 3.11)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to