[Secure-testing-commits] r31191 - data/CVE

Moritz Muehlenhoff Wed, 07 Jan 2015 22:30:57 -0800

Author: jmm
Date: 2015-01-08 06:30:03 +0000 (Thu, 08 Jan 2015)
New Revision: 31191


Modified:
   data/CVE/list
Log:
track kernel fix for AMD CPU erratum instead of unclear amd64-microcode
arc no-dsa
cabextract fixed nby moving to system-copy of mspack
solr n/a


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-01-08 05:31:58 UTC (rev 31190)
+++ data/CVE/list       2015-01-08 06:30:03 UTC (rev 31191)
@@ -331,6 +331,7 @@
        [squeeze] - zoo <no-dsa> (Minor issue)
 CVE-2015-XXXX [buffer over-read]
        - arc <unfixed> (low; bug #774439)
+       [jessie] - arc <no-dsa> (Minor issue)
        [wheezy] - arc <no-dsa> (Minor issue)
        [squeeze] - arc <no-dsa> (Minor issue)
 CVE-2015-0557 [directory traversal via //multiple/leading/slash]
@@ -418,7 +419,7 @@
        NOTE: Plain bug, security implications rather far-fetched
 CVE-2014-9556 [DoS; infinite loop]
        - libmspack 0.4-2 (bug #773041)
-       - cabextract <unfixed> (bug #772891)
+       - cabextract 1.4-5 (bug #772891)
        [wheezy] - cabextract <no-dsa> (Minor issue)
        [squeeze] - cabextract <no-dsa> (Minor issue)
 CVE-2012-6685 [ruby-nokogiri XXE]
@@ -15632,8 +15633,8 @@
        NOTE: 
https://issues.apache.org/jira/secure/attachment/12680198/QPID-6218.patch
 CVE-2014-3628 [Cross-site scripting (XSS) vulnerability via the 
fieldvaluecache object]
        RESERVED
-       - lucene-solr <unfixed>
-       TODO: check, search for more details
+       - lucene-solr <not-affected> (Only affects later 4.x releases)
+       NOTE: https://issues.apache.org/jira/browse/SOLR-6738
 CVE-2014-3627 (The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 
0.23.11 ...)
        NOT-FOR-US: Apache Hadoop
 CVE-2014-3626
@@ -26630,10 +26631,11 @@
 CVE-2012-6608 (Cross-site scripting (XSS) vulnerability in 
xmlservices/E_book.php in ...)
        NOT-FOR-US: Elastix
 CVE-2013-6885 (The microcode on AMD 16h 00h through 0Fh processors does not 
properly ...)
-       - amd64-microcode <unfixed>
-       [wheezy] - amd64-microcode <no-dsa> (Non-free not supported)
-       NOTE: Workaround in Linux via 
https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=3b56496865f9f7d9bcb2f93b44c63f274f08e3b6
 (v3.14-rc1)
-       NOTE: http://www.openwall.com/lists/oss-security/2013/11/28/1
+       - linux 3.14.2-1
+       - linux-2.6 <removed>
+       NOTE: https://lkml.org/lkml/2014/1/14/198
+       NOTE: Might also be fixed in amd64-microcode, but details are not 
published 
(https://packages.qa.debian.org/a/amd64-microcode/news/20141218T224849Z.html)
+       NOTE: and since this is fixed on the kernel-side, only track the kernel 
packages
 CVE-2013-6857
        RESERVED
 CVE-2013-6856


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r31191 - data/CVE

Reply via email to