[Secure-testing-commits] r32496 - data/CVE

Wed, 25 Feb 2015 10:54:13 -0800 

Author: jmm
Date: 2015-02-25 18:53:43 +0000 (Wed, 25 Feb 2015)
New Revision: 32496

Modified:
   data/CVE/list
Log:
libidn non-issue
add upstream fix for apache/lua


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-02-25 18:49:56 UTC (rev 32495)
+++ data/CVE/list       2015-02-25 18:53:43 UTC (rev 32496)
@@ -1461,13 +1461,8 @@
        - jabberd2 <unfixed> (bug #779154)
        NOTE: https://github.com/jabberd2/jabberd2/issues/85
        NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13
-       TODO: check
 CVE-2015-2059
-       RESERVED
-       - libidn <unfixed>
-       NOTE: https://github.com/jabberd2/jabberd2/issues/85
-       NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13
-       TODO: check
+       NOTE: Mis-use of an API (even if poorly documented) is hardly a 
security issue
 CVE-2015-1545 (The deref_parseCtrl function in servers/slapd/overlays/deref.c 
in ...)
        - openldap 2.4.40-4 (bug #776988)
        [wheezy] - openldap <no-dsa> (Minor issue)
@@ -3629,8 +3624,8 @@
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-15/
 CVE-2015-0833
        RESERVED
-       - iceweasel <not-affected> (specific to Firefox on Windows)
-       - icedove <not-affected> (specific to Thunderbird on Windows)
+       - iceweasel <not-affected> (Specific to Firefox on Windows)
+       - icedove <not-affected> (Specific to Thunderbird on Windows)
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-12/
 CVE-2015-0832
        RESERVED
@@ -3653,7 +3648,7 @@
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-17/
 CVE-2015-0828
        RESERVED
-       - iceweasel <not-affected> (Does not affect ESR version)
+       - iceweasel <not-affected> (Doesn't affect the memory allocator used in 
the Debian builds)
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-18/
 CVE-2015-0827
        RESERVED
@@ -6961,6 +6956,7 @@
        - apache2 <unfixed> (low)
        [wheezy] - apache2 <not-affected> (no mod_lua in 2.2)
        [squeeze] - apache2 <not-affected> (no mod_lua in 2.2)
+       NOTE: 
https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef
 CVE-2015-0227 (Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote 
...)
        - wss4j 1.6.15-2 (bug #777741)
 CVE-2015-0226


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to