[Secure-testing-commits] r19250 - in data: . CVE

Moritz Muehlenhoff Tue, 15 May 2012 03:03:03 -0700

Author: jmm
Date: 2012-05-15 10:02:49 +0000 (Tue, 15 May 2012)
New Revision: 19250


Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
no-dsa: pam-shield, libsoup2.4
new issues: spip, connman (should be removed)
fixed: gridengine, kernel
glassfish not-affected


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2012-05-15 09:15:00 UTC (rev 19249)
+++ data/CVE/list       2012-05-15 10:02:49 UTC (rev 19250)
@@ -1,3 +1,5 @@
+CVE-2012-XXXX [two XSS]
+       - spip 2.1.14-1 (low; bug #672961)
 CVE-2012-1675 (The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 
11.2.0.2, ...)
        NOT-FOR-US: Oracle Database
 CVE-2012-2623
@@ -692,7 +694,8 @@
        - mahara 1.4.2-1
 CVE-2012-2350 [pam_shield default configuration does not take any action]
        RESERVED
-       - pam-shield <unfixed> (medium; bug #658830)
+       - pam-shield <unfixed> (low; bug #658830)
+       [squeeze] - pam-shield <no-dsa> (Minor issue)
 CVE-2012-2349
        RESERVED
 CVE-2012-2348
@@ -742,7 +745,7 @@
        RESERVED
 CVE-2012-2333 [OpenSSL invalid TLS/DTLS record attack]
        RESERVED
-       - openssl <unfixed> (bug #672452)
+       - openssl 1.0.1c-1 (bug #672452)
        NOTE: http://seclists.org/oss-sec/2012/q2/299
        NOTE: http://www.openssl.org/news/secadv_20120510.txt
 CVE-2012-2332 [SQL injection in serendipity before 1.7.1]
@@ -780,13 +783,16 @@
        RESERVED
 CVE-2012-2322
        RESERVED
+       - connman <unfixed> (bug #672989)
 CVE-2012-2321
        RESERVED
+       - connman <unfixed> (bug #672989)
 CVE-2012-2320
        RESERVED
+       - connman <unfixed> (bug #672989)
 CVE-2012-2319
        RESERVED
-       - linux-2.6 <unfixed> (low)
+       - linux-2.6 3.2.17-1 (low)
 CVE-2012-2318 [Improper validation of incoming plaintext messages in MSN 
protocol plug-in]
        RESERVED
        - pidgin 2.10.4-1
@@ -1232,7 +1238,8 @@
        - linux-2.6 <unfixed>
 CVE-2012-2132 [libsoup 2.32.2 sets ssl trusted flag despite no verification]
        RESERVED
-       - libsoup2.4 <unfixed> (bug #672880)
+       - libsoup2.4 <unfixed> (low; bug #672880)
+       [squeeze] - libsoup2.4 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.novell.com/show_bug.cgi?id=758431
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=817692
 CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in 
...)
@@ -1270,7 +1277,7 @@
        RESERVED
 CVE-2012-2121
        RESERVED
-       - linux-2.6 <unfixed>
+       - linux-2.6 3.2.17-1
 CVE-2012-2120
        RESERVED
        - texlive-extra <unfixed> (low; bug #668779)
@@ -1346,7 +1353,7 @@
        - nova 2012.1-2 (bug #670637)
 CVE-2012-2100
        RESERVED
-       - linux-2.6 <unfixed>
+       - linux-2.6 3.2.2-1
        NOTE: incomplete fix of CVE-2009-4307, introducing another issue:
        NOTE: https://lkml.org/lkml/2012/2/20/422
 CVE-2012-2099
@@ -2499,7 +2506,7 @@
 CVE-2012-1601
        RESERVED
        {DSA-2469-1}
-       - linux-2.6 <unfixed> (low)
+       - linux-2.6 3.2.17-1 (low)
 CVE-2012-1600 [XSS from 5.0.4 release]
        RESERVED
        - phppgadmin 5.0.4-1
@@ -5037,9 +5044,9 @@
 CVE-2012-0552 (Unspecified vulnerability in the Oracle Spatial component in 
Oracle ...)
        NOT-FOR-US: Oracle Database Server
 CVE-2012-0551 (Unspecified vulnerability in the GlassFish Enterprise Server 
component ...)
-       - glassfish <undetermined>
+       - glassfish <not-affected> (Debian only builds some core libs, not the 
full application stack)
 CVE-2012-0550 (Unspecified vulnerability in the GlassFish Enterprise Server 
component ...)
-       - glassfish <undetermined>
+       - glassfish <not-affected> (Debian only builds some core libs, not the 
full application stack)
 CVE-2012-0549 (Unspecified vulnerability in the Oracle AutoVue Office 
component in ...)
        NOT-FOR-US: Oracle Supply Chain Products Suite
 CVE-2012-0548 (Unspecified vulnerability in Oracle SPARC Enterprise M Series 
Servers ...)
@@ -6687,7 +6694,7 @@
        [squeeze] - horde3 <not-affected> (Introduced in 3.3.12)
        [lenny] - horde3 <not-affected> (Introduced in 3.3.12)
 CVE-2012-0208 (Unspecified vulnerability in the Oracle Grid Engine component 
in ...)
-       - gridengine <unfixed>
+       - gridengine 6.2u5-6
        NOTE: http://www.securityfocus.com/bid/53123/info
        NOTE: http://gridscheduler.sourceforge.net/security.html
 CVE-2012-0207

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt     2012-05-15 09:15:00 UTC (rev 19249)
+++ data/spu-candidates.txt     2012-05-15 10:02:49 UTC (rev 19250)
@@ -222,6 +222,12 @@
 
 --
 
+libsoup2.4 (CVE-2012-2132)
+#672880
+https://bugzilla.gnome.org/show_bug.cgi?id=666280
+
+--
+
 libvirt (CVE-2011-4600)
 
http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=ae1232b298323dd7bef909426e2ebafa6bca9157
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4600
@@ -307,6 +313,11 @@
 
 --
 
+pam-shield (CVE-2012-2350)
+#658830
+
+--
+
 perl (CVE-2011-2728)
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2728
 
http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r19250 - in data: . CVE

Reply via email to