From b3cecbb890c4c60320ed32b0ac60786d4929effb Mon Sep 17 00:00:00 2001 From: Emilio Pozuelo Monfort Date: Thu, 5 Nov 2020 13:38:43 +0100 Subject: CVE/list: sort release entries after their package entry --- data/CVE/2014.list | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) (limited to 'data/CVE/2014.list') diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 50660e1262..208226dd9d 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -1771,8 +1771,8 @@ CVE-2014-9761 (Multiple stack-based buffer overflows in the GNU C Library (aka g {DLA-411-1} - glibc 2.23-1 (bug #813187) [jessie] - glibc (Minor issue) - [wheezy] - eglibc (Minor issue) - eglibc + [wheezy] - eglibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16962 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8 @@ -4630,11 +4630,11 @@ CVE-2014-8873 (A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8 {DSA-3316-1 DSA-3235-1} - openjdk-8 8u45-b14-1 (high) - openjdk-7 7u79-2.5.5-1 (high) + [wheezy] - openjdk-7 (MIME type setting is harmless on wheezy) + [squeeze] - openjdk-7 (MIME type setting is harmless on this squeeze) - openjdk-6 (high) - [squeeze] - openjdk-6 (MIME type setting is harmless on squeeze) [wheezy] - openjdk-6 (MIME type setting is harmless on wheezy) - [squeeze] - openjdk-7 (MIME type setting is harmless on this squeeze) - [wheezy] - openjdk-7 (MIME type setting is harmless on wheezy) + [squeeze] - openjdk-6 (MIME type setting is harmless on squeeze) NOTE: Starting with mime-support 3.53, MimeType entries in desktop NOTE: files end up in /etc/mailcap, which introduces the user-initiated NOTE: code execution. @@ -5187,6 +5187,7 @@ CVE-2014-8601 (PowerDNS Recursor before 3.6.2 does not limit delegation chaining CVE-2014-8600 (Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.1 ...) - kde-runtime 4:4.14.2-2 (bug #769632) [wheezy] - kde-runtime (Minor issue) + - kdebase-runtime [squeeze] - kdebase-runtime (Minor issue) - webkitkde 1.3.4-2 (unimportant) NOTE: webkitpart: http://quickgit.kde.org/?p=kwebkitpart.git&a=commit&h=641aa7c75631084260ae89aecbdb625e918c6689 @@ -6039,8 +6040,8 @@ CVE-2014-8317 (Cross-site scripting (XSS) vulnerability in the Webform Validatio CVE-2014-8350 (Smarty before 3.1.21 allows remote attackers to bypass the secure mode ...) {DLA-452-1} - smarty3 3.1.21-1 (bug #765920) - - smarty (Only affects 3.x series) [squeeze] - smarty3 (Unsupported in squeeze-lts) + - smarty (Only affects 3.x series) NOTE: https://github.com/smarty-php/smarty/commit/279bdbd3521cd717cae6a3ba48f1c3c6823f439d.patch CVE-2014-8399 (The default configuration in systemd-shim 8 enables the Abandon debugg ...) - systemd-shim 8-4 @@ -10371,9 +10372,9 @@ CVE-2014-6541 (Unspecified vulnerability in the Recovery component in Oracle Dat NOT-FOR-US: Oracle CVE-2014-6540 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) - virtualbox-guest-additions + [squeeze] - virtualbox-guest-additions (Non-free not supported) - virtualbox-guest-additions-iso 4.3.14-1 [wheezy] - virtualbox-guest-additions-iso (Non-free not supported) - [squeeze] - virtualbox-guest-additions (Non-free not supported) NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html CVE-2014-6539 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle E-Business Suite @@ -16737,10 +16738,10 @@ CVE-2014-3874 RESERVED CVE-2014-3873 (The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p1 ...) - kfreebsd-8 - - kfreebsd-9 (bug #750493) + [wheezy] - kfreebsd-8 (Non standard kernel, will be fixed in a point update) [squeeze] - kfreebsd-8 (Unsupported in squeeze-lts) + - kfreebsd-9 (bug #750493) [wheezy] - kfreebsd-9 (introduced by the merge of r237663) - [wheezy] - kfreebsd-8 (Non standard kernel, will be fixed in a point update) CVE-2014-3872 (Multiple SQL injection vulnerabilities in the administration login pag ...) NOT-FOR-US: D-Link firmware CVE-2014-3871 (Multiple SQL injection vulnerabilities in register.php in Geodesic Sol ...) @@ -17150,9 +17151,9 @@ CVE-2014-3690 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel befor CVE-2014-3689 (The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local g ...) {DSA-3067-1 DSA-3066-1} - qemu 2.1+dfsg-6 (bug #765496) + [squeeze] - qemu - qemu-kvm [squeeze] - qemu-kvm - [squeeze] - qemu NOTE: Upstream's quick and easy stopgap for this issue: compile out the hardware acceleration functions which lack sanity checks. NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=83afa38eb20ca27e30683edc7729880e091387fc CVE-2014-3688 (The SCTP implementation in the Linux kernel before 3.17.4 allows remot ...) @@ -17317,9 +17318,9 @@ CVE-2014-3641 (The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder CVE-2014-3640 (The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local ...) {DSA-3045-1 DSA-3044-1} - qemu 2.1+dfsg-5 (bug #762532) + [squeeze] - qemu - qemu-kvm [squeeze] - qemu-kvm - [squeeze] - qemu NOTE: http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html CVE-2014-3639 (The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not ...) {DSA-3026-1 DLA-87-1} -- cgit v1.2.3