[Secure-testing-commits] r22206 - data/CVE

Moritz Muehlenhoff Wed, 08 May 2013 15:52:27 -0700

Author: jmm
Date: 2013-05-08 22:52:10 +0000 (Wed, 08 May 2013)
New Revision: 22206


Modified:
   data/CVE/list
Log:
no-dsa: libapache2-mod-ruid2, mantis, openvpn
one more openjdk issue fixed
yum unimportant
record texlive fix in experimental, will be uploaded to sid now that the freeze 
is over


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2013-05-08 21:14:36 UTC (rev 22205)
+++ data/CVE/list       2013-05-08 22:52:10 UTC (rev 22206)
@@ -3169,7 +3169,10 @@
        RESERVED
 CVE-2013-2061 [use of non-constant-time memcmp in HMAC comparison in 
openvpn_decrypt]
        RESERVED
+       TODO: File bug
        - openvpn <unfixed> (low)
+       [squeeze] - openvpn <no-dsa> (Minor issue)
+       [wheezy] - openvpn <no-dsa> (Minor issue)
        NOTE: 
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
 CVE-2013-2060
        RESERVED
@@ -3549,7 +3552,10 @@
        RESERVED
 CVE-2013-1934 [mantis: XSS issue on Configuration Report page when displaying 
complex value]
        RESERVED
-       - mantis <unfixed>
+       - mantis <unfixed> (low)
+       [wheezy] - mantis <no-dsa> (Minor issue)
+       [squeeze] - mantis <no-dsa> (Minor issue)
+       TODO: File bug
        NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
        NOTE: http://www.mantisbt.org/bugs/view.php?id=15416
 CVE-2013-1933 (The extract_from_ocr function in lib/docsplit/text_extractor.rb 
in the ...)
@@ -3634,9 +3640,9 @@
        NOT-FOR-US: ldoce ruby gem
 CVE-2013-1910 [Not removing bad metadata and using it in next run]
        RESERVED
-       - yum <unfixed>
+       - yum <unfixed> (unimportant)
        NOTE: 
http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=c148eb10b798270b3d15087433c8efb2a79a69d0
-       TODO: check if this is relevant for Debian
+       NOTE: Only used for bootstraps of chroots, see README.Debian
 CVE-2013-1909
        RESERVED
 CVE-2013-1908
@@ -3698,7 +3704,8 @@
        - owncloud <not-affected> (only affecting 5.0 branch)
 CVE-2013-1889
        RESERVED
-       - libapache2-mod-ruid2 0.9.8-1 (bug #704066)
+       - libapache2-mod-ruid2 0.9.8-1 (low; bug #704066)
+       [wheezy] - libapache2-mod-ruid2 <no-dsa> (Minor issue)
        NOTE: Fix: 
https://github.com/mind04/mod-ruid2/commit/1fed9dda70cd44d54301df19730a29ae0989e0a2
 CVE-2013-1888 [Insecure temporary directory handling /tmp/pip-build]
        RESERVED
@@ -3968,6 +3975,7 @@
 CVE-2013-1811 [Reporter can change issue status to 'new']
        RESERVED
        - mantis <unfixed> (low; bug #698481)
+       [wheezy] - mantis <no-dsa> (Minor issue)
        [squeeze] - mantis <no-dsa> (Minor issue)
 CVE-2013-1810 [summary.php category/project names XSS vulnerability]
        RESERVED
@@ -4590,9 +4598,8 @@
 CVE-2013-1559 (Unspecified vulnerability in the Oracle WebCenter Content 
component in ...)
        NOT-FOR-US: Oracle Fusion Middleware
 CVE-2013-1558 (Unspecified vulnerability in the Java Runtime Environment (JRE) 
...)
-       - openjdk-7 <unfixed>
-       - openjdk-6 <unfixed>
-       TODO: not listed in icedtea release announcement, check
+       - openjdk-7 7u21-2.3.9-1
+       - openjdk-6 6b27-1.12.5-1
 CVE-2013-1557 (Unspecified vulnerability in the Java Runtime Environment (JRE) 
...)
        - openjdk-7 7u21-2.3.9-1
        - openjdk-6 6b27-1.12.5-1
@@ -6039,7 +6046,7 @@
 CVE-2013-0928 (The NetWorker command processor in rrobotd.exe in the Device 
Manager ...)
        NOT-FOR-US: EMC AlphaStor
 CVE-2013-0927 (Google Chrome OS before 26.0.1410.57 relies on a Pango 
pango-utils.c ...)
-       TODO: check
+       NOT-FOR-US: Chrome OS
 CVE-2013-0926 (Google Chrome before 26.0.1410.43 does not properly handle 
active ...)
        - chromium-browser 26.0.1410.43-1
 CVE-2013-0925 (Google Chrome before 26.0.1410.43 does not ensure that an 
extension ...)
@@ -19803,7 +19810,7 @@
 CVE-2012-2121 (The KVM implementation in the Linux kernel before 3.3.4 does 
not ...)
        - linux-2.6 3.2.17-1
 CVE-2012-2120 (latex2man in texlive-extra-utils 2011.20120322, and possibly 
other ...)
-       - texlive-extra <unfixed> (low; bug #668779)
+       - texlive-extra 2012.20130315-1 (low; bug #668779)
        [wheezy] - texlive-extra <no-dsa> (Minor issue)
        [squeeze] - texlive-extra <no-dsa> (Minor issue)
 CVE-2012-2119 (Buffer overflow in the macvtap device driver in the Linux 
kernel ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r22206 - data/CVE

Reply via email to