[Secure-testing-commits] r23363 - in data: . CVE

Tue, 20 Aug 2013 10:53:58 -0700 

Author: jmm
Date: 2013-08-20 17:52:13 +0000 (Tue, 20 Aug 2013)
New Revision: 23363

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
no-dsa; hawtjni, filezilla, eglibc, lcms
distribute unimportant
DSA needed: chrony, nas


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2013-08-20 13:45:25 UTC (rev 23362)
+++ data/CVE/list       2013-08-20 17:52:13 UTC (rev 23363)
@@ -991,7 +991,9 @@
        RESERVED
        {DSA-2736-1}
        - putty 0.63-1 (bug #718779)
-       - filezilla <unfixed> (bug #718800)
+       - filezilla <unfixed> (low; bug #718800)
+       [squeeze] - filezilla <no-dsa> (Minor issue)
+       [wheezy] - filezilla <no-dsa> (Minor issue)
        NOTE: http://www.securityfocus.com/archive/1/527763/30/0
        NOTE: 
http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896
 CVE-2013-4851 (The vfs_hang_addrlist function in sys/kern/vfs_export.c in the 
NFS ...)
@@ -2345,6 +2347,8 @@
 CVE-2013-4237 [Buffer overwrite when using readdir_r on file systems returning 
file names longer than NAME_MAX characters]
        RESERVED
        - eglibc <unfixed> (bug #719558)
+       [wheezy] - eglibc <unfixed> (low; bug #719558)
+       [squeeze] - eglibc <unfixed> (low; bug #719558)
        NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=14699
        NOTE: http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html
 CVE-2013-4236
@@ -2443,19 +2447,25 @@
        RESERVED
        {DSA-2736-1}
        - putty 0.63-1
-       - filezilla <unfixed> (bug #719070)
+       - filezilla <unfixed> (low; bug #719070)
+       [squeeze] - filezilla <no-dsa> (Minor issue)
+       [wheezy] - filezilla <no-dsa> (Minor issue)
        NOTE: 
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html
 CVE-2013-4207 [non-coprime values in DSA signatures can cause buffer overflow 
in modular inverse]
        RESERVED
        {DSA-2736-1}
        - putty 0.63-1
-       - filezilla <unfixed> (bug #719070)
+       - filezilla <unfixed> (low; bug #719070)
+       [squeeze] - filezilla <no-dsa> (Minor issue)
+       [wheezy] - filezilla <no-dsa> (Minor issue)
        NOTE: 
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html
 CVE-2013-4206 [buffer underrun in modmul can corrupt the heap]
        RESERVED
        {DSA-2736-1}
        - putty 0.63-1
-       - filezilla <unfixed> (bug #719070)
+       - filezilla <unfixed> (low; bug #719070)
+       [squeeze] - filezilla <no-dsa> (Minor issue)
+       [wheezy] - filezilla <no-dsa> (Minor issue)
        NOTE: 
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html
 CVE-2013-4205 [CLONE_NEWUSER local DoS]
        RESERVED
@@ -2594,9 +2604,11 @@
        - gksu-polkit <not-affected> (CVE for improperly applied fix for 
CVE-2012-5617 on Red Hat)
 CVE-2013-4160
        RESERVED
-       - lcms <unfixed>
-       TODO: The version for lcms in Debian is very old, most affected code 
apparently not present, needs to be checked
+       - lcms <unfixed> (low)
+       [squeeze] - lcms <no-dsa> (Minor issue)
+       [wheezy] - lcms <no-dsa> (Minor issue)
        - lcms2 <unfixed> (bug #714529)
+       [wheezy] - lcms2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9
        NOTE: https://bugzilla.novell.com/show_bug.cgi?id=826097#c9
 CVE-2013-4159
@@ -4198,7 +4210,8 @@
        NOT-FOR-US: Infotecs ViPNet Client
 CVE-2013-3495 [Intel VT-d Interrupt Remapping engines can be evaded by native 
NMI interrupts]
        RESERVED
-       - xen <unfixed>
+       - xen <unfixed> (unimportant)
+       NOTE: Hardware design flaw, no software solution
 CVE-2013-3494
        RESERVED
 CVE-2013-3493
@@ -7986,7 +7999,8 @@
        NOT-FOR-US: Drupal module Filebrowser
 CVE-2013-2035
        RESERVED
-       - hawtjni <unfixed> (bug #708293)
+       - hawtjni <unfixed> (low; bug #708293)
+       [wheezy] - hawtjni <unfixed> (low; bug #708293)
 CVE-2013-2034 [jenkins CSRF]
        RESERVED
        - jenkins 1.509.2+dfsg-1 (bug #706725)
@@ -9391,8 +9405,8 @@
 CVE-2013-1634
        RESERVED
 CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve 
packages ...)
-       - distribute <unfixed>
-       TODO: check
+       - distribute <unfixed> (unimportant)
+       NOTE: Lack of a security feature, not a vulnerability
 CVE-2013-1632
        RESERVED
 CVE-2013-1631

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2013-08-20 13:45:25 UTC (rev 23362)
+++ data/dsa-needed.txt 2013-08-20 17:52:13 UTC (rev 23363)
@@ -17,14 +17,14 @@
 --
 cacti
 --
+chrony
+--
 drupal6/oldstable
 --
 gimp/oldstable
 --
 gnutls26/oldstable
 --
-hawtjni
---
 iceape (jmm)
 --
 icedove (jmm)
@@ -53,6 +53,8 @@
 --
 mysql-5.5/stable
 --
+nas
+--
 openoffice.org/oldstable only
 --
 openswan


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to