Author: jmm
Date: 2014-04-30 07:05:05 +0000 (Wed, 30 Apr 2014)
New Revision: 26750
Modified:
data/CVE/list
Log:
NFUs
virtualenvwrapper no-dsa
neutron n/a in stable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-04-30 05:57:21 UTC (rev 26749)
+++ data/CVE/list 2014-04-30 07:05:05 UTC (rev 26750)
@@ -1,3 +1,5 @@
+CVE-2013-7374
+ NOT-FOR-US: indicator-datetime
CVE-2014-XXXX [handle BrowseAllow directive securely]
- cups-filters 1.0.53-1
NOTE:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7195
@@ -198,8 +200,9 @@
CVE-2012-6646 (F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation
Security ...)
NOT-FOR-US: F-Secure
CVE-2014-XXXX [Insecure default permissions for ~/.virtualenvs and scripts]
- - virtualenvwrapper <unfixed> (bug #745580)
- TODO: verify
+ - virtualenvwrapper <unfixed> (low; bug #745580)
+ [wheezy] - virtualenvwrapper <no-dsa> (Minor issue)
+ [squeeze] - virtualenvwrapper <no-dsa> (Minor issue)
CVE-2014-2907
RESERVED
- wireshark 1.10.7-1 (bug #745595)
@@ -315,7 +318,6 @@
{DSA-2916-1}
- libmms 0.6.2-4 (bug #745301)
- xine-lib <not-affected> (mmsh is libmms-specific)
- TODO: confirm xine-lib assertion
NOTE:
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
CVE-2014-2893 [scan-build: insecure use of /tmp]
RESERVED
@@ -545,17 +547,17 @@
RESERVED
NOT-FOR-US: MODX Revolution
CVE-2014-2735 (WinSCP before 5.5.3, when FTP with TLS is used, does not verify
that ...)
- TODO: check
+ NOT-FOR-US: WinSCP
CVE-2014-2734
RESERVED
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1091156#c1
NOTE: https://gist.github.com/gdisneyleugers/10446549
CVE-2014-2733 (Siemens SINEMA Server before 12 SP1 allows remote attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: Siemens SINEMA
CVE-2014-2732 (Multiple directory traversal vulnerabilities in the integrated
web ...)
- TODO: check
+ NOT-FOR-US: Siemens SINEMA
CVE-2014-2731 (Multiple unspecified vulnerabilities in the integrated web
server in ...)
- TODO: check
+ NOT-FOR-US: Siemens SINEMA
CVE-2013-7367 (SAP Enterprise Portal does not properly restrict access to the
...)
NOT-FOR-US: SAP
CVE-2013-7366 (The SAP Software Deployment Manager (SDM), in certain
unspecified ...)
@@ -7667,6 +7669,7 @@
CVE-2014-0187 [Neutron security groups bypass through invalid CIDR]
RESERVED
- neutron <unfixed>
+ [wheezy] - neutron <not-affected> (Only affects 2013.1 to 2013.2.3, and
2014.1)
CVE-2014-0186
RESERVED
CVE-2014-0185
@@ -7714,6 +7717,7 @@
NOT-FOR-US: JBoss EAP
CVE-2014-0168
RESERVED
+ NOT-FOR-US: Jolokia
CVE-2014-0167 (The Nova EC2 API security group implementation in OpenStack
Compute ...)
- nova 2013.2.3-1 (bug #744051)
[wheezy] - nova <not-affected> (Only affects 2013.1 to 2013.2.3)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
