[Secure-testing-commits] r22388 - data/CVE

Moritz Muehlenhoff Tue, 28 May 2013 13:39:59 -0700

Author: jmm
Date: 2013-05-28 20:39:46 +0000 (Tue, 28 May 2013)
New Revision: 22388


Modified:
   data/CVE/list
Log:
autotrace, xen, ekiga qpid-cpp no-dsa
imagemagick and one wireshark issue unimportant
drop rrdtool, plain bug


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2013-05-28 19:55:13 UTC (rev 22387)
+++ data/CVE/list       2013-05-28 20:39:46 UTC (rev 22388)
@@ -232,9 +232,10 @@
        NOTE: http://www.wireshark.org/security/wnpa-sec-2013-29.html
 CVE-2013-3560 [wireshark: MPEG DSM-CC dissector crash]
        RESERVED
-       - wireshark 1.8.7-1 (bug #709167)
+       - wireshark 1.8.7-1 (unimportant; bug #709167)
        [squeeze] - wireshark <not-affected> (Only affects 1.8.x)
        NOTE: http://www.wireshark.org/security/wnpa-sec-2013-28.html
+       NOTE: Not suitable for code injection
 CVE-2013-3559 [wireshark: DCP ETSI dissector crash]
        RESERVED
        - wireshark 1.8.7-1 (bug #709167)
@@ -267,8 +268,6 @@
 CVE-2013-3551
        RESERVED
        - otrs2 3.2.7-1
-CVE-2013-XXXX [rrdtool: format string vulnerability]
-       - rrdtool <unfixed> (bug #708866)
 CVE-2013-3550
        RESERVED
 CVE-2013-3549
@@ -1947,7 +1946,7 @@
 CVE-2013-2764
        RESERVED
 CVE-2013-XXXX [imagemagick: null pointer dereference]
-       - imagemagick <unfixed> (low; bug #704901)
+       - imagemagick <unfixed> (unimportant; bug #704901)
 CVE-2013-2763 (** DISPUTED ** The Schneider Electric M340 PLC modules allow 
remote ...)
        NOT-FOR-US: Schneider Electric M340 modules
 CVE-2013-2762 (The Schneider Electric Magelis XBT HMI controller has a default 
...)
@@ -3643,6 +3642,8 @@
 CVE-2013-2072
        RESERVED
        - xen <unfixed> (low)
+       [squeeze] - xen <no-dsa> (Minor issue, can be postponed to the next Xen 
DSA)
+       [wheezy] - xen <no-dsa> (Minor issue, can be postponed to the next Xen 
DSA)
 CVE-2013-2071 [Information disclosure]
        RESERVED
        - tomcat7 7.0.40-1 (bug #707704)
@@ -3854,6 +3855,7 @@
 CVE-2013-2014 [no limitation for requests and headers size which can cause a 
crash]
        RESERVED
        - keystone <unfixed> (bug #708515)
+       [wheezy] - keystone <no-dsa> (Minor issue)
        NOTE: fixed in 2013.1-1 for experimental
 CVE-2013-2013 [OpenStack keystone password disclosure on command line]
        RESERVED
@@ -4071,6 +4073,8 @@
 CVE-2013-1953 [stack-based buffer overflow in bmp parser]
        RESERVED
        - autotrace <unfixed> (low)
+       [wheezy] - autotrace <no-dsa> (Minor issue)
+       [squeeze] - autotrace <no-dsa> (Minor issue)
        - gimp 2.6.10-1
        NOTE: Gimp was fixed earlier, but only Squeeze version was checked
        NOTE: In gimp code introduced with 
d9c6f88141aecf956c5d721168f795de0e3027b8
@@ -4364,7 +4368,9 @@
 CVE-2013-1864 [Ekiga billion laughs flaw in ptlib]
        RESERVED
        NOTE: http://www.openwall.com/lists/oss-security/2013/03/15/6
-       - ekiga <unfixed> (bug #704133)
+       - ekiga <unfixed> (low; bug #704133)
+       [wheezy] - ekiga <no-dsa> (Minor issue)
+       [squeeze] - ekiga <no-dsa> (Minor issue)
 CVE-2013-1863 (Samba 4.x before 4.0.4, when configured as an Active Directory 
domain ...)
        - samba4 <not-affected> (Debian package only uses ntvfs, see #679678)
        NOTE: http://www.samba.org/samba/history/samba-4.0.4.html
@@ -14416,11 +14422,14 @@
        - linux-2.6 <removed>
        - linux 3.2.35-1
 CVE-2012-4460 (The serializing/deserializing functions in the 
qpid::framing::Buffer ...)
-       - qpid-cpp <unfixed>
+       - qpid-cpp <unfixed> (low)
+       [wheezy] - qpid-cpp <no-dsa> (Minor issue)
 CVE-2012-4459 (Integer overflow in the qpid::framing::Buffer::checkAvailable 
function ...)
-       - qpid-cpp <unfixed>
+       - qpid-cpp <unfixed> (low)
+       [wheezy] - qpid-cpp <no-dsa> (Minor issue)
 CVE-2012-4458 (The AMQP type decoder in Apache Qpid 0.20 and earlier allows 
remote ...)
-       - qpid-cpp <unfixed>
+       - qpid-cpp <unfixed> (low)
+       [wheezy] - qpid-cpp <no-dsa> (Minor issue)
 CVE-2012-4457 (OpenStack Keystone Essex before 2012.1.2 and Folsom before 
folsom-3 ...)
        - keystone 2012.1.1-9 (bug #689210)
 CVE-2012-4456 (The (1) OS-KSADM/services and (2) tenant APIs in OpenStack 
Keystone ...)
@@ -14457,7 +14466,8 @@
        - tiff3 3.9.6-9 (bug #688944)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=860198
 CVE-2012-4446 (The default configuration for Apache Qpid 0.20 and earlier, 
when the ...)
-       - qpid-cpp <unfixed>
+       - qpid-cpp <unfixed> (low)
+       [wheezy] - qpid-cpp <no-dsa> (Minor issue)
 CVE-2012-4445 (Heap-based buffer overflow in the 
eap_server_tls_process_fragment ...)
        {DSA-2557-1}
        - hostapd <removed>


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r22388 - data/CVE

Reply via email to