Author: jmm
Date: 2015-01-29 15:06:56 +0000 (Thu, 29 Jan 2015)
New Revision: 31817
Modified:
data/CVE/list
Log:
mark ffmpeg as not reproducible
remove entries for mariadb-5.5, not in any released version
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-29 10:57:39 UTC (rev 31816)
+++ data/CVE/list 2015-01-29 15:06:56 UTC (rev 31817)
@@ -505,6 +505,7 @@
- linux-2.6 <removed>
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7c4f56070fde2367766fa1fb04852599b5e1ad35
(v3.18-rc1)
NOTE: (Possibly) introduced by
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=483180281f0ac60d1138710eb21f4b9961901294
+ NOTE: CVE Request:
http://article.gmane.org/gmane.comp.security.oss.general/15457
TODO: check in which version the issue was introduced exactly
CVE-2015-1346 (Multiple unspecified vulnerabilities in Google V8 before
3.30.33.15, ...)
- chromium-browser 40.0.2214.91-1
@@ -858,14 +859,14 @@
CVE-2014-9599 (Cross-site scripting (XSS) vulnerability in the filemanager in
...)
TODO: check
CVE-2014-9598 (The picture_Release function in misc/picture.c in VideoLAN VLC
media ...)
- - ffmpeg <unfixed>
+ - ffmpeg <not-affected> (Not reproducible with any ffmpeg release
series)
[squeeze] - ffmpeg <end-of-life>
- libav <unfixed>
TODO: check, this was originally reported for VLC; but upstream states
that it is in libavcodec
NOTE: https://trac.videolan.org/vlc/ticket/13390
NOTE: http://seclists.org/fulldisclosure/2015/Jan/72
CVE-2014-9597 (The picture_pool_Delete function in misc/picture_pool.c in
VideoLAN ...)
- - ffmpeg <unfixed>
+ - ffmpeg <not-affected> (Not reproducible with any ffmpeg release
series)
[squeeze] - ffmpeg <end-of-life>
- libav <unfixed>
TODO: check, this was originally reported for VLC; but upstream states
that it is in libavcodec
@@ -3110,7 +3111,6 @@
CVE-2015-0432 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and
earlier ...)
{DSA-3135-1}
- mysql-5.5 <unfixed> (bug #775881)
- - mariadb-5.5 <removed>
- mariadb-10.0 <unfixed> (bug #775882)
- percona-xtradb-cluster-5.5 <undetermined>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
@@ -3166,7 +3166,6 @@
CVE-2015-0411 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and
earlier, ...)
{DSA-3135-1}
- mysql-5.5 <unfixed> (bug #775881)
- - mariadb-5.5 <removed>
- mariadb-10.0 <unfixed> (bug #775882)
- percona-xtradb-cluster-5.5 <undetermined>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
@@ -3176,7 +3175,6 @@
- openjdk-8 8u40~b22-1
CVE-2015-0409 (Unspecified vulnerability in Oracle MySQL Server 5.6.21 and
earlier ...)
- mysql-5.5 <not-affected> (Only MySQL 5.6)
- - mariadb-5.5 <not-affected> (Only MySQL 5.6)
- mariadb-10.0 <not-affected> (Vulnerable code not present, see
https://bugs.debian.org/775882#39)
- percona-xtradb-cluster-5.5 <undetermined>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
@@ -3230,7 +3228,6 @@
CVE-2015-0391 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and
earlier, ...)
- mysql-5.5 5.5.39-1
[wheezy] - mysql-5.5 5.5.40-0+wheezy1
- - mariadb-5.5 <removed>
- mariadb-10.0 10.0.14-2
- percona-xtradb-cluster-5.5 <undetermined>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
@@ -3246,7 +3243,6 @@
NOT-FOR-US: Oracle
CVE-2015-0385 (Unspecified vulnerability in Oracle MySQL Server 5.6.21 and
earlier ...)
- mysql-5.5 <not-affected> (Only MySQL 5.6)
- - mariadb-5.5 <not-affected> (Only MySQL 5.6)
- mariadb-10.0 <not-affected> (Vulnerable code not present, see
https://bugs.debian.org/775882#39)
- percona-xtradb-cluster-5.5 <undetermined>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
@@ -3260,14 +3256,12 @@
CVE-2015-0382 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and
earlier ...)
{DSA-3135-1}
- mysql-5.5 <unfixed> (bug #775881)
- - mariadb-5.5 <removed>
- mariadb-10.0 <unfixed> (bug #775882)
- percona-xtradb-cluster-5.5 <undetermined>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0381 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and
earlier ...)
{DSA-3135-1}
- mysql-5.5 <unfixed> (bug #775881)
- - mariadb-5.5 <removed>
- mariadb-10.0 <unfixed> (bug #775882)
- percona-xtradb-cluster-5.5 <undetermined>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
@@ -3290,7 +3284,6 @@
CVE-2015-0374 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and
earlier ...)
{DSA-3135-1}
- mysql-5.5 <unfixed> (bug #775881)
- - mariadb-5.5 <removed>
- mariadb-10.0 <unfixed> (bug #775882)
- percona-xtradb-cluster-5.5 <undetermined>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
@@ -11223,7 +11216,6 @@
CVE-2014-6568 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and
earlier, ...)
{DSA-3135-1}
- mysql-5.5 <unfixed> (bug #775881)
- - mariadb-5.5 <removed>
- mariadb-10.0 <unfixed> (bug #775882)
- percona-xtradb-cluster-5.5 <undetermined>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
@@ -11248,7 +11240,6 @@
CVE-2014-6559 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and
earlier, ...)
{DSA-3054-1}
- mysql-5.5 5.5.40-1
- - mariadb-5.5 <removed>
- mariadb-10.0 10.0.15-1
- percona-xtradb-cluster-5.5 <undetermined>
CVE-2014-6558 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67,
and ...)
@@ -11263,7 +11254,6 @@
CVE-2014-6555 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and
earlier ...)
{DSA-3054-1}
- mysql-5.5 5.5.40-1
- - mariadb-5.5 <removed>
- mariadb-10.0 10.0.15-1
- percona-xtradb-cluster-5.5 <undetermined>
CVE-2014-6554 (Unspecified vulnerability in the Oracle Access Manager
component in ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
