Author: thijs
Date: 2013-06-15 13:20:17 +0000 (Sat, 15 Jun 2013)
New Revision: 22610
Modified:
data/CVE/list
data/next-point-update.txt
Log:
wheezy 7.1
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-06-15 12:49:35 UTC (rev 22609)
+++ data/CVE/list 2013-06-15 13:20:17 UTC (rev 22610)
@@ -3716,6 +3716,8 @@
CVE-2013-2850 (Heap-based buffer overflow in the
iscsi_add_notunderstood_response ...)
- linux 3.9.4-1
- linux-2.6 <removed>
+ [wheezy] - linux 3.2.46-1
+ [jessie] - linux 3.2.46-1
CVE-2013-2849 (Multiple cross-site scripting (XSS) vulnerabilities in Google
Chrome ...)
{DSA-2695-1}
- chromium-browser 27.0.1453.93-1
@@ -3904,7 +3906,8 @@
RESERVED
- modsecurity-apache 2.6.6-9 (bug #710217)
- libapache-mod-security <removed> (bug #710217)
- [wheezy] - modsecurity-apache <no-dsa> (Minor issue)
+ [wheezy] - modsecurity-apache 2.6.6-6+deb7u1
+ [jessie] - modsecurity-apache 2.6.6-6+deb7u1
[squeeze] - libapache-mod-security <no-dsa> (Minor issue)
NOTE: https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES
NOTE:
https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba
@@ -5416,6 +5419,8 @@
CVE-2013-2146 (arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel
before ...)
- linux-2.6 <removed>
- linux 3.9.4-1
+ [wheezy] - linux 3.2.46-1
+ [jessie] - linux 3.2.46-1
CVE-2013-2145 [arbitrary code execution when verifying SIGNATURE]
RESERVED
- libmodule-signature-perl 0.73-1 (bug #711239)
@@ -5749,14 +5754,15 @@
RESERVED
- openvpn 2.3.1-1 (low; bug #707329)
[squeeze] - openvpn <no-dsa> (Minor issue)
- [wheezy] - openvpn <no-dsa> (Minor issue)
+ [wheezy] - openvpn 2.2.1-8+deb7u1
NOTE:
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
CVE-2013-2060
RESERVED
NOT-FOR-US: OpenShift
CVE-2013-2059 (OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier,
Grizzly ...)
- keystone 2013.1.1-2 (bug #707598)
- [wheezy] - keystone <no-dsa> (Minor issue)
+ [wheezy] - keystone 2012.1.1-13+wheezy1
+ [jessie] - keystone 2012.1.1-13+wheezy1
NOTE:
http://lists.openstack.org/pipermail/openstack-announce/2013-May/000099.html
CVE-2013-2058 [linux: chipidea: allow disabling streaming in host mode]
RESERVED
@@ -5823,7 +5829,7 @@
CVE-2013-2038 [DoS (packet parser crash) in the AIS driver when processing
malformed packet]
RESERVED
- gpsd 3.6-5 (bug #706665)
- [wheezy] - gpsd <no-dsa> (Minor issue)
+ [wheezy] - gpsd 3.6-4+deb7u1
NOTE:
http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html
CVE-2013-2037 [httplib2: SSL cert incorrect error handling]
RESERVED
@@ -6266,7 +6272,7 @@
RESERVED
- nfs-utils 1:1.2.8-1 (low; bug #707401)
[squeeze] - nfs-utils <no-dsa> (Minor issue)
- [wheezy] - nfs-utils <no-dsa> (Minor issue)
+ [wheezy] - nfs-utils 1:1.2.6-4
CVE-2013-1922 (qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format
of a raw ...)
- xen <not-affected> (qemu-nbd-xen built, but not installed into the
binary packages)
- qemu 1.5.0+dfsg-1 (low; bug #705544)
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2013-06-15 12:49:35 UTC (rev 22609)
+++ data/next-point-update.txt 2013-06-15 13:20:17 UTC (rev 22610)
@@ -1,10 +0,0 @@
-CVE-2013-2038 [DoS (packet parser crash) in the AIS driver when processing
malformed packet]
- [wheezy] - gpsd 3.6-4+deb7u1
-CVE-2013-1923 [rpc.gssd is vulnerable to DNS spoofing]
- [wheezy] - nfs-utils 1:1.2.6-4
-CVE-2013-2059 (OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier,
Grizzly ...)
- [wheezy] - keystone 2012.1.1-13+wheezy1
-CVE-2013-2061
- [wheezy] - openvpn 2.2.1-8+deb7u1
-CVE-2013-2765
- [wheezy] - modsecurity-apache 2.6.6-6+deb7u1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
