Author: thijs
Date: 2014-07-13 12:40:35 +0000 (Sun, 13 Jul 2014)
New Revision: 27702
Modified:
data/CVE/list
data/next-point-update.txt
Log:
7.6 point update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-13 08:03:24 UTC (rev 27701)
+++ data/CVE/list 2014-07-13 12:40:35 UTC (rev 27702)
@@ -65,7 +65,7 @@
RESERVED
CVE-2014-XXXX [Quassel: /var/lib/quassel/quasselCert.pem world-readable]
- quassel 0.10.0-2 (low)
- [wheezy] - quassel <no-dsa> (Minor issue)
+ [wheezy] - quassel 0.8.0-1+deb7u2
[squeeze] - quassel <no-dsa> (Minor issue)
CVE-2014-4908 [XSS via views/kohana_error_page.php and views/template.php]
- pnp4nagios <unfixed> (low)
@@ -1651,7 +1651,7 @@
CVE-2014-4150 [Insecure use of temporary file]
RESERVED
- scheme48 1.9-4 (bug #748766)
- [wheezy] - scheme48 <no-dsa> (Minor issue)
+ [wheezy] - scheme48 1.8+dfsg-1+deb7u1
[squeeze] - scheme48 1.8+dfsg-1+deb6u1
CVE-2014-4027 (The rd_build_device_space function in
drivers/target/target_core_rd.c ...)
- linux 3.14.2-1
@@ -3752,7 +3752,7 @@
RESERVED
- ldns 1.6.17-4 (low; bug #746758)
[squeeze] - ldns <no-dsa> (Minor issue)
- [wheezy] - ldns <no-dsa> (Minor issue)
+ [wheezy] - ldns 1.6.13-1+deb7u1
CVE-2014-3230 [HTTPS_CA_DIR or HTTPS_CA_FILE disables peer certificate
verification for IO::Socket::SSL]
RESERVED
- liblwp-protocol-https-perl 6.04-3 (bug #746579)
@@ -3762,7 +3762,7 @@
CVE-2014-3207 (Cross-site scripting (XSS) vulnerability in wserver.ml in SKS
...)
- sks 1.1.5-1 (low; bug #746626)
[squeeze] - sks <no-dsa> (Minor issue)
- [wheezy] - sks <no-dsa> (Minor issue)
+ [wheezy] - sks 1.1.3-2+deb7u1
NOTE:
https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=952077
CVE-2014-3137 [JSON content-type not restrictive enough]
@@ -4713,7 +4713,7 @@
CVE-2014-2856 (Cross-site scripting (XSS) vulnerability in scheduler/client.c
in ...)
- cups 1.7.2-1
[squeeze] - cups <no-dsa> (minor issue)
- [wheezy] - cups <no-dsa> (minor issue)
+ [wheezy] - cups 1.5.3-5+deb7u2
NOTE: http://www.cups.org/str.php?L4356
CVE-2014-XXXX [node-marked: multiple content injection vulnerabilities]
- node-marked 0.3.1+dfsg-1
@@ -13428,10 +13428,10 @@
- libjpeg-turbo 1.3.0-3 (low; bug #729873)
- libjpeg6b 6b1-4 (low; bug #729867)
[squeeze] - libjpeg6b <no-dsa> (Minor issue)
- [wheezy] - libjpeg6b <no-dsa> (Minor issue)
+ [wheezy] - libjpeg6b 6b1-3+deb7u1
- libjpeg8 8d-2 (low; bug #729867)
[squeeze] - libjpeg8 <no-dsa> (Minor issue)
- [wheezy] - libjpeg8 <no-dsa> (Minor issue)
+ [wheezy] - libjpeg8 8d-1+deb7u1
- iceweasel 24.2.0esr-1
[squeeze] - iceweasel <end-of-life>
- icedove 24.2.0-1
@@ -13446,11 +13446,11 @@
[squeeze] - chromium-browser <end-of-life>
- libjpeg-turbo 1.3.0-3 (low; bug #729873)
- libjpeg6b 6b1-4 (low; bug #729867)
+ [wheezy] - libjpeg6b 6b1-3+deb7u1
[squeeze] - libjpeg6b <no-dsa> (Minor issue)
- [wheezy] - libjpeg6b <no-dsa> (Minor issue)
- libjpeg8 8d-2 (low; bug #729867)
[squeeze] - libjpeg8 <no-dsa> (Minor issue)
- [wheezy] - libjpeg8 <no-dsa> (Minor issue)
+ [wheezy] - libjpeg8 8d-1+deb7u1
- iceweasel 24.2.0esr-1
[squeeze] - iceweasel <end-of-life>
- icedove 24.2.0-1
@@ -13956,7 +13956,7 @@
CVE-2013-6438 (The dav_xml_get_cdata function in main/util.c in the mod_dav
module in ...)
- apache2 2.4.9-1
[squeeze] - apache2 <no-dsa> (will be fixed in point release unless
CVE-2014-0098 needs a DSA)
- [wheezy] - apache2 <no-dsa> (will be fixed in point release unless
CVE-2014-0098 needs a DSA)
+ [wheezy] - apache2 2.2.22-13+deb7u2
CVE-2013-6437 (The libvirt driver in OpenStack Compute (Nova) before 2013.2.2
and ...)
- nova 2013.2.2
[wheezy] - nova <not-affected> (Vulnerable code not present)
@@ -24853,8 +24853,8 @@
NOTE: Vulnerable code introduced in
http://libvirt.org/git/?p=libvirt.git;a=commit;h=7ac2c4fe624f30f2c8270116513fa2ddab07631f
CVE-2013-2217 (cache.py in Suds 0.4, when tempdir is set to None, allows local
users ...)
- suds 0.4.1-8 (low; bug #714340)
- [wheezy] - suds <no-dsa> (Minor issue)
[squeeze] - suds 0.3.9-1+deb6u1
+ [wheezy] - suds 0.4.1-5+deb7u1
CVE-2013-2216
RESERVED
CVE-2013-2215
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2014-07-13 08:03:24 UTC (rev 27701)
+++ data/next-point-update.txt 2014-07-13 12:40:35 UTC (rev 27702)
@@ -1,20 +0,0 @@
-CVE-2014-2856
- [wheezy] - cups 1.5.3-5+deb7u2
-CVE-2014-3207
- [wheezy] - sks 1.1.3-2+deb7u1
-CVE-2013-6438
- [wheezy] - apache2 2.2.22-13+deb7u2
-CVE-2013-2217
- [wheezy] - suds 0.4.1-5+deb7u1
-CVE-2014-4150
- [wheezy] - scheme48 1.8+dfsg-1+deb7u1
-CVE-2014-3209
- [wheezy] - ldns 1.6.13-1+deb7u1
-CVE-2013-6629
- [wheezy] - libjpeg6b 6b1-3+deb7u1
- [wheezy] - libjpeg8 8d-1+deb7u1
-CVE-2013-6630
- [wheezy] - libjpeg6b 6b1-3+deb7u1
- [wheezy] - libjpeg8 8d-1+deb7u1
-CVE-2014-XXXX [Quassel: /var/lib/quassel/quasselCert.pem world-readable]
- [wheezy] - quassel 0.8.0-1+deb7u2
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
