Author: jmm
Date: 2012-05-11 14:23:15 +0000 (Fri, 11 May 2012)
New Revision: 19220
Modified:
data/CVE/list
Log:
drop openjpeg TODO, version in experimental is recent enough
two CVE IDs for php security fix fallout
filed bug for net-snmp
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-05-11 10:20:36 UTC (rev 19219)
+++ data/CVE/list 2012-05-11 14:23:15 UTC (rev 19220)
@@ -488,8 +488,11 @@
RESERVED
CVE-2012-2336
RESERVED
+ - php5 5.4.3 (unimportant)
+ NOTE: Rather harmless bug
CVE-2012-2335
RESERVED
+ NOT-FOR-US: Incomplete wrapper provided by PHP as workaround for
CVE-2012-1823/CVE-2012-2311
CVE-2012-2334
RESERVED
CVE-2012-2333 [OpenSSL invalid TLS/DTLS record attack]
@@ -958,7 +961,7 @@
RESERVED
CVE-2012-2141 [Array index error, leading to out-of heap-based buffer read
(snmpd crash)]
RESERVED
- - net-snmp <unfixed>
+ - net-snmp <unfixed> (bug #672492)
NOTE: Red Hat patch:
https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff
CVE-2012-2140
RESERVED
@@ -2499,7 +2502,6 @@
RESERVED
CVE-2012-1499 (The JPEG 2000 codec in OpenJPEG before 1.5 does not properly
allocate ...)
- openjpeg <not-affected> (vulnerable code introduced after 1.3)
- TODO: recheck any version of openjpeg greater than 1.3
CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Webfolio ...)
NOT-FOR-US: Webfolio CMS
CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x
before ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
