[Secure-testing-commits] r30346 - data/CVE

Tue, 25 Nov 2014 23:16:07 -0800 

Author: jmm
Date: 2014-11-26 07:15:21 +0000 (Wed, 26 Nov 2014)
New Revision: 30346

Modified:
   data/CVE/list
Log:
new NFU (concludes external check)
older asterisk issue CVEfied
older libressl issue didn't get a CVE ID by MITRE


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2014-11-26 06:58:43 UTC (rev 30345)
+++ data/CVE/list       2014-11-26 07:15:21 UTC (rev 30346)
@@ -1198,7 +1198,7 @@
        RESERVED
 CVE-2014-XXXX [zoph multiple issues]
        - zoph <removed>
-       NOTE: http://seclists.org/fulldisclosure/2014/Nov/455C
+       NOTE: http://seclists.org/fulldisclosure/2014/Nov/45
 CVE-2014-8988 [information disclosure in MantisBT attachments]
        RESERVED
        - mantis <unfixed>
@@ -2088,6 +2088,7 @@
        NOT-FOR-US: Adobe Flash Player
 CVE-2014-8439
        RESERVED
+       NOT-FOR-US: Adobe Flash Player
 CVE-2014-8438 (Use-after-free vulnerability in Adobe Flash Player before 
13.0.0.252 ...)
        NOT-FOR-US: Adobe Flash Player
 CVE-2014-8437 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 
...)
@@ -6189,8 +6190,10 @@
        RESERVED
 CVE-2014-6611 (The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 
10.2.0, ...)
        NOT-FOR-US: BlackBerry
-CVE-2014-6609
+CVE-2014-6609 [Remote crash based on malformed SIP subscription]
        RESERVED
+       - asterisk <not-affected> (only affects 12.x series)
+       NOTE: http://downloads.asterisk.org/pub/security/AST-2014-009.html
 CVE-2014-6608
        RESERVED
 CVE-2014-6606
@@ -6207,9 +6210,6 @@
        NOT-FOR-US: Microsoft Asha OS
 CVE-2012-6659 (Cross-site scripting (XSS) vulnerability in the admin interface 
in ...)
        NOT-FOR-US: Phorum
-CVE-2014-XXXX [Remote crash based on malformed SIP subscription]
-       - asterisk <not-affected> (only affects 12.x series)
-       NOTE: http://downloads.asterisk.org/pub/security/AST-2014-009.html
 CVE-2014-7144 (OpenStack keystonemiddleware (formerly python-keystoneclient) 
0.x ...)
        - python-keystonemiddleware 1.0.0-3 (bug #762748)
        - python-keystoneclient 1:0.10.1-2 (bug #762749)
@@ -10678,9 +10678,6 @@
        NOT-FOR-US: wysija-newsletters
 CVE-2014-4725 (The MailPoet Newsletters (wysija-newsletters) plugin before 
2.6.7 for ...)
        NOT-FOR-US: wysija-newsletters
-CVE-2014-XXXX [libressl before 2.0.2 under linux PRNG failure]
-       - libressl <itp> (bug #754513)
-       NOTE: http://www.openwall.com/lists/oss-security/2014/07/16/6
 CVE-2014-4978 [insecure use of temporary files]
        RESERVED
        - rawstudio <removed> (low; bug #754899)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to