Author: jmm
Date: 2016-09-20 17:39:56 +0000 (Tue, 20 Sep 2016)
New Revision: 44758
Modified:
data/CVE/list
Log:
further cleanups of older no-dsa entries
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-20 17:29:46 UTC (rev 44757)
+++ data/CVE/list 2016-09-20 17:39:56 UTC (rev 44758)
@@ -39008,16 +39008,14 @@
CVE-2015-4157 (SAP Content Server allows remote attackers to cause a denial of
...)
NOT-FOR-US: SAP Content Server
CVE-2015-4156 (GNU Parallel before 20150522 (Nepal), when using (1) --cat or
(2) ...)
- - parallel <unfixed> (bug #787954)
- [jessie] - parallel <no-dsa> (Minor issue)
- [wheezy] - parallel <no-dsa> (Minor issue)
+ - parallel <unfixed> (unimportant; bug #787954)
NOTE: https://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
NOTE: https://lists.gnu.org/archive/html/parallel/2015-05/msg00024.html
+ NOTE: Not exploitable with kernel hardening since wheezy
CVE-2015-4155 (GNU Parallel before 20150422, when using (1) --pipe, (2)
--tmux, (3) ...)
- - parallel <unfixed> (bug #787954)
- [jessie] - parallel <no-dsa> (Minor issue)
- [wheezy] - parallel <no-dsa> (Minor issue)
+ - parallel <unfixed> (unimportant; bug #787954)
NOTE: https://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
+ NOTE: Not exploitable with kernel hardening since wheezy
CVE-2015-4154
RESERVED
CVE-2015-4153 (Directory traversal vulnerability in the zM Ajax Login &
Register ...)
@@ -49577,12 +49575,11 @@
NOTE: http://dev.mutt.org/hg/mutt/rev/babc30377614
NOTE: Rendered non-exploitable by Linux hardening since wheezy
CVE-2015-XXXX [djvudigital: insecure use of /tmp]
- - djvulibre 3.5.27.1-3 (bug #775193)
- [jessie] - djvulibre <no-dsa> (Minor issue)
- [wheezy] - djvulibre <no-dsa> (Minor issue)
+ - djvulibre 3.5.27.1-3 (unimportant; bug #775193)
[squeeze] - djvulibre <no-dsa> (Minor issue)
NOTE: Originally was addressed in 3.5.27.1-1 but it was reintroduced
NOTE: with the 3.5.27.1-2 upload, cf. https://bugs.debian.org/775193#17
+ NOTE: Not exploitable with kernel hardening since wheezy
CVE-2015-5701 [mktexlsr: reintroduced insecure use of /tmp, in revision 36855]
RESERVED
- texlive-bin <not-affected> (Vulnerable code not reintroduced, patch
mktexlsr-use-mktemp still applied)
@@ -55302,10 +55299,9 @@
[wheezy] - kexec-tools <no-dsa> (Minor issue)
[squeeze] - kexec-tools <not-affected> (coldreboot script not present)
CVE-2010-XXXX [insecure handling of /tmp files in debian/preinst]
- - riece 8.0.0-1.3 (bug #601325)
- [jessie] - riece <no-dsa> (Minor issue)
- [wheezy] - riece <no-dsa> (Minor issue)
+ - riece 8.0.0-1.3 (unimportant; bug #601325)
[squeeze] - riece <no-dsa> (Minor issue)
+ NOTE: Not exploitable with kernel hardening since wheezy
CVE-2014-7401
RESERVED
CVE-2014-8483 (The blowfishECB function in core/cipher.cpp in Quassel IRC
0.10.0 ...)
@@ -72276,10 +72272,10 @@
NOT-FOR-US: Android Jelly Bean
CVE-2014-1938 [insecure use of /tmp]
RESERVED
- - python-rply 0.7.4-1 (low; bug #737627)
- [jessie] - python-rply <no-dsa> (Minor issue)
+ - python-rply 0.7.4-1 (unimportant; bug #737627)
NOTE: this CVE is for the insecure use of /tmp as followup for
CVE-2014-1604
NOTE: https://github.com/alex/rply/issues/42
+ NOTE: Not exploitable with kernel hardening since wheezy
CVE-2014-1937 [insecure use of /tmp]
RESERVED
- gamera 3.4.1-1 (low; bug #737324)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
