Author: jmm
Date: 2014-11-13 18:40:51 +0000 (Thu, 13 Nov 2014)
New Revision: 30041
Modified:
data/CVE/list
Log:
wordpress non-issue
riece no-dsa also for jessie
more glibc/eglibc fixes
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-13 18:33:50 UTC (rev 30040)
+++ data/CVE/list 2014-11-13 18:40:51 UTC (rev 30041)
@@ -394,6 +394,7 @@
[squeeze] - kexec-tools <not-affected> (coldreboot script not present)
CVE-2010-XXXX [insecure handling of /tmp files in debian/preinst]
- riece 8.0.0-1.3 (bug #601325)
+ [jessie] - riece <no-dsa> (Minor issue)
[wheezy] - riece <no-dsa> (Minor issue)
[squeeze] - riece <no-dsa> (Minor issue)
CVE-2014-7401
@@ -7104,6 +7105,7 @@
RESERVED
- glibc 2.19-12
- eglibc <removed>
+ [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie,
workaround for #769128)
[wheezy] - eglibc <no-dsa> (Will be fixed in a point update)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17325
NOTE: https://sourceware.org/ml/libc-alpha/2014-08/msg00473.html
@@ -7606,6 +7608,7 @@
RESERVED
- glibc 2.17-1
- eglibc <removed>
+ [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie,
workaround for #769128)
[wheezy] - eglibc <no-dsa> (Will be fixed in a point update)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=14134
NOTE:
https://sourceware.org/git/?p=glibc.git;a=commit;h=6e230d11837f3ae7b375ea69d7905f0d18eb79e5
@@ -20245,6 +20248,7 @@
CVE-2014-0475 (Multiple directory traversal vulnerabilities in GNU C Library
(aka ...)
{DSA-2976-1 DLA-43-1}
- glibc 2.19-6
+ [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie,
workaround for #769128)
- eglibc <removed>
CVE-2014-0474 (The (1) FilePathField, (2) GenericIPAddressField, and (3) ...)
{DSA-2934-1}
@@ -27875,6 +27879,7 @@
CVE-2013-4788 (The PTR_MANGLE implementation in the GNU C Library (aka glibc
or ...)
- glibc 2.17-94 (low; bug #717178)
- eglibc <removed>
+ [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie,
workaround for #769128)
[wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Incorrect hardening, only applies to
statically linked binaries)
CVE-2013-4787 (Android 1.6 Donut through 4.2 Jelly Bean does not properly
check ...)
@@ -42946,9 +42951,8 @@
CVE-2012-5869
RESERVED
CVE-2012-5868 (WordPress 3.4.2 does not invalidate a wordpress_sec session
cookie ...)
- - wordpress <unfixed> (low; bug #696868)
- [squeeze] - wordpress <no-dsa> (Minor issue)
- [wheezy] - wordpress <no-dsa> (Minor issue)
+ - wordpress <unfixed> (unimportant; bug #696868)
+ NOTE: non-issue, see
https://wordpress.org/support/topic/old-bug-cve-2012-5868
CVE-2012-5867
RESERVED
CVE-2012-5866 (Cross-site scripting (XSS) vulnerability in include.php in
Achievo ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
