[Secure-testing-commits] r31549 - data/CVE

Tue, 20 Jan 2015 08:14:20 -0800 

Author: jmm
Date: 2015-01-20 16:13:34 +0000 (Tue, 20 Jan 2015)
New Revision: 31549

Modified:
   data/CVE/list
Log:
gtk3 n/a
glance no-dsa
new potential libav/ffmpeg issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-01-20 16:12:43 UTC (rev 31548)
+++ data/CVE/list       2015-01-20 16:13:34 UTC (rev 31549)
@@ -13,6 +13,7 @@
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2015/01/18/12
 CVE-2014-XXXX [GTK+ improperly handled the menu key, possibly allowing lock 
screen bypass]
        - gtk+3.0 <unfixed> (bug #759145)
+       [wheezy] - gtk+3.0 <not-affected> (Vulnerable code not present)
        NOTE: http://www.ubuntu.com/usn/USN-2475-1/
 CVE-2015-1182 [Remote attack using crafted certificates]
        - polarssl <unfixed> (bug #775776)
@@ -241,6 +242,7 @@
        RESERVED
 CVE-2014-9623 [Glance user storage quota bypass]
        - glance <unfixed>
+       [wheezy] - glance <no-dsa> (Minor issue)
        NOTE: Versions: up to 2014.1.3 and 2014.2 version up to 2014.2.1
 CVE-2014-9619
        RESERVED
@@ -302,8 +304,18 @@
        TODO: check
 CVE-2014-9598
        RESERVED
+       - ffmpeg <unfixed>
+       - libav <unfixed>
+       TODO: check, this was originally reported for VLC; but upstream states 
that it is in libavcodec
+       NOTE: https://trac.videolan.org/vlc/ticket/13390
+       NOTE: http://seclists.org/fulldisclosure/2015/Jan/72
 CVE-2014-9597
        RESERVED
+       - ffmpeg <unfixed>
+       - libav <unfixed>
+       TODO: check, this was originally reported for VLC; but upstream states 
that it is in libavcodec
+       NOTE: https://trac.videolan.org/vlc/ticket/13389
+       NOTE: http://seclists.org/fulldisclosure/2015/Jan/72
 CVE-2014-9596 (Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 
9.3.1 ...)
        NOT-FOR-US: Panasonic Arbitrator Back-End Server
 CVE-2014-9595 (Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 
7.00 ...)
@@ -2057,7 +2069,6 @@
 CVE-2014-10022 (Apache Traffic Server before 5.1.2 allows remote attackers to 
cause a ...)
        - trafficserver <unfixed>
        [wheezy] - trafficserver <not-affected> (Only affects 5.x)
-       NOTE: CVE Request: 
https://marc.info/?l=oss-security&m=142053376523895&w=2
        NOTE: https://issues.apache.org/jira/browse/TS-3223 (fixed in 5.1.2)
        NOTE: 
https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;a=commit;h=8b5f0345dade6b2822d9b52c8ad12e63011a5c12
        NOTE: notes: 
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327089&styleName=Html&projectId=12310963


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to