diff options
| author | Joey Hess <joeyh@debian.org> | 2014-03-27 21:14:10 +0000 |
|---|---|---|
| committer | Joey Hess <joeyh@debian.org> | 2014-03-27 21:14:10 +0000 |
| commit | 540e4fa144347c8c576ea13afd6f913c00de6f12 (patch) | |
| tree | 183a3ffa5442ca6f7cdbfdd86ba637f5dc5dd7c2 | |
| parent | 47acd4324585c6048188804fbaf6489255efb0a5 (diff) | |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@26300 e39458fd-73e7-0310-bf30-c45bca0a0e42
| -rw-r--r-- | data/CVE/2003.list | 6 | ||||
| -rw-r--r-- | data/CVE/2004.list | 12 | ||||
| -rw-r--r-- | data/CVE/2006.list | 6 | ||||
| -rw-r--r-- | data/CVE/2013.list | 5 |
4 files changed, 17 insertions, 12 deletions
diff --git a/data/CVE/2003.list b/data/CVE/2003.list index 2853d86aee..bdaa5f80de 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -2152,9 +2152,9 @@ CVE-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard link NOT-FOR-US: IBM U2 UniVerse CVE-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...) - mpg123 0.59r-1 - - mp3gain 1.5.2-r2-6 (low) - [wheezy] - mp3gain <no-dsa> (Minor issue) - [squeeze] - mp3gain <no-dsa> (Minor issue) + - mp3gain 1.5.2-r2-6 (low) + [wheezy] - mp3gain <no-dsa> (Minor issue) + [squeeze] - mp3gain <no-dsa> (Minor issue) CVE-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...) NOT-FOR-US: IRIX CVE-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...) diff --git a/data/CVE/2004.list b/data/CVE/2004.list index c1ddd98914..913f054f6a 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -3841,9 +3841,9 @@ CVE-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ... NOT-FOR-US: Proxytunnel CVE-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...) - mpg123 0.59r-19 - - mp3gain 1.5.2-r2-6 (low) - [wheezy] - mp3gain <no-dsa> (Minor issue) - [squeeze] - mp3gain <no-dsa> (Minor issue) + - mp3gain 1.5.2-r2-6 (low) + [wheezy] - mp3gain <no-dsa> (Minor issue) + [squeeze] - mp3gain <no-dsa> (Minor issue) CVE-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...) {DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1} - libgd2 2.0.30-1 @@ -4327,9 +4327,9 @@ CVE-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setu CVE-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...) {DSA-564-1} - mpg123 0.59r-16 - - mp3gain 1.5.2-r2-6 (low) - [wheezy] - mp3gain <no-dsa> (Minor issue) - [squeeze] - mp3gain <no-dsa> (Minor issue) + - mp3gain 1.5.2-r2-6 (low) + [wheezy] - mp3gain <no-dsa> (Minor issue) + [squeeze] - mp3gain <no-dsa> (Minor issue) CVE-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to ...) {DSA-567-1} - kdegraphics 3.3.2-1 diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 99647dd312..33214e6a4e 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -12669,9 +12669,9 @@ CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-assisted ...) {DSA-1074-1} - mpg123 0.59r-22 (bug #361863) - - mp3gain 1.5.2-r2-6 (low) - [wheezy] - mp3gain <no-dsa> (Minor issue) - [squeeze] - mp3gain <no-dsa> (Minor issue) + - mp3gain 1.5.2-r2-6 (low) + [wheezy] - mp3gain <no-dsa> (Minor issue) + [squeeze] - mp3gain <no-dsa> (Minor issue) CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 ...) NOT-FOR-US: HP Colour LaserJet 2500 and 4600 Toolbox CVE-2006-1653 (PHP remote file inclusion vulnerability in loadkernel.php in ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 2306bcf12d..75ea2673c8 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -2514,6 +2514,7 @@ CVE-2013-6418 [TOCTOU vulnerability in certificate validation] [wheezy] - pywbem <no-dsa> (Minor issue) NOTE: fix: https://bugzilla.redhat.com/attachment.cgi?id=851357 CVE-2013-6417 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...) + {DSA-2888-1} - rails-4.0 4.0.2+dfsg-1 (bug #731290) - rails-3.2 3.2.16-3+0 - ruby-actionpack-3.2 3.2.16-1 (bug #731288) @@ -2528,6 +2529,7 @@ CVE-2013-6416 (Cross-site scripting (XSS) vulnerability in the simple_format hel - rails <not-affected> (vulnerable code not present) NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-6415 (Cross-site scripting (XSS) vulnerability in the number_to_currency ...) + {DSA-2888-1} - rails-4.0 4.0.2+dfsg-1 (bug #731290) - rails-3.2 3.2.16-3+0 - ruby-actionpack-3.2 3.2.16-1 (bug #731288) @@ -2535,6 +2537,7 @@ CVE-2013-6415 (Cross-site scripting (XSS) vulnerability in the number_to_currenc - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-6414 (actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on ...) + {DSA-2888-1} - rails-4.0 4.0.2+dfsg-1 (bug #731290) - rails-3.2 3.2.16-3+0 - ruby-actionpack-3.2 3.2.16-1 (bug #731288) @@ -7154,6 +7157,7 @@ CVE-2013-4492 (Cross-site scripting (XSS) vulnerability in exceptions.rb in the - libi18n-ruby <removed> [squeeze] - libi18n-ruby <not-affected> (vulnerable code not present) CVE-2013-4491 (Cross-site scripting (XSS) vulnerability in ...) + {DSA-2888-1} - rails-4.0 4.0.2+dfsg-1 (bug #731290) - rails-3.2 3.2.16-3+0 - ruby-actionpack-3.2 3.2.16-1 (bug #731288) @@ -7498,6 +7502,7 @@ CVE-2013-4391 (Integer overflow in the valid_user_field function in ...) CVE-2013-4390 (Open redirect vulnerability in the AbstractAuthenticationFormServlet ...) NOT-FOR-US: Apache Sling CVE-2013-4389 (Multiple format string vulnerabilities in log_subscriber.rb files in ...) + {DSA-2888-1 DSA-2887-1} - rails-4.0 <not-affected> (Only affects 3.x) - ruby-actionmailer-3.2 3.2.16-1 (bug #726576) - ruby-actionmailer-2.3 <not-affected> (Only affects 3.x) |