[Secure-testing-commits] r33237 - data/CVE

Sun, 29 Mar 2015 10:27:03 -0700 

Author: jmm
Date: 2015-03-29 17:26:39 +0000 (Sun, 29 Mar 2015)
New Revision: 33237

Modified:
   data/CVE/list
Log:
dokuwiki no-dsa
mark cups as unimportant
vlc n/a in wheezy


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-03-29 14:15:31 UTC (rev 33236)
+++ data/CVE/list       2015-03-29 17:26:39 UTC (rev 33237)
@@ -869,6 +869,8 @@
        NOTE: Upstream commit: 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea
 CVE-2015-XXXX [Insufficient escaping in user manager allows XSS attack]
        - dokuwiki 0.0.20140929.d-1 (bug #780817)
+       [wheezy] - dokuwiki <no-dsa> (Minor issue)
+       [squeeze] - dokuwiki <no-dsa> (Minor issue)
 CVE-2015-XXXX [Incorrect fix for CVE-2012-1836]
        - inspircd 2.0.16-1 (bug #780880)
        NOTE: Correct fix: 
https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
@@ -11692,10 +11694,9 @@
        NOT-FOR-US: Red Hat vdms and vdsclient
 CVE-2014-8166 [code execution via unescape ANSI escape sequences]
        RESERVED
-       - cups <unfixed> (low)
-       [wheezy] - cups <no-dsa> (Minor issue)
-       [squeeze] - cups <no-dsa> (Minor issue)
+       - cups <unfixed> (unimportant)
        NOTE: Patch: https://bugzilla.redhat.com/attachment.cgi?id=916761
+        NOTE: Terminal emulators need to perform proper escaping
 CVE-2014-8165 (scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python 
uses the ...)
        - powerpc-utils <not-affected> (Vulnerable code not present)
        NOTE: http://sourceforge.net/p/powerpc-utils/mailman/message/32884230
@@ -15914,7 +15915,7 @@
 CVE-2014-6440 [Heap Overflow in VLC Transcode Module]
        RESERVED
        - vlc 2.1.5-1 (low)
-       [wheezy] - vlc <no-dsa> (Minor issue)
+       [wheezy] - vlc <not-affected> (Introduced in 2.1)
        [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
 CVE-2014-6439 (Cross-site scripting (XSS) vulnerability in the CORS 
functionality in ...)
        - elasticsearch 1.0.3+dfsg-4 (bug #763958; low)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to