Author: jmm
Date: 2012-06-04 10:51:03 +0000 (Mon, 04 Jun 2012)
New Revision: 19425
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
krb5 no-dsa
fixup rails entry
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-06-04 07:34:06 UTC (rev 19424)
+++ data/CVE/list 2012-06-04 10:51:03 UTC (rev 19425)
@@ -901,6 +901,7 @@
RESERVED
CVE-2012-2664
RESERVED
+ NOT-FOR-US: sosreport (Red Hat tool)
CVE-2012-2663
RESERVED
- iptables <unfixed> (bug #675445)
@@ -908,15 +909,12 @@
RESERVED
CVE-2012-2661
RESERVED
- [squeeze] - ruby-activerecord <not-affected>
+ - rails <not-affected> (Doesn't affects RoR in Squeeze)
- ruby-activerecord-3.2 <unfixed> (bug #675396)
- NOTE: Versions Affected: 3.0.0 and ALL later versions. Not affected:
2.3.14. Fixed Versions: 3.2.4, 3.1.5, 3.0.13
NOTE: http://seclists.org/oss-sec/2012/q2/448
CVE-2012-2660
RESERVED
- [squeeze] - ruby-activerecord <not-affected>
- ruby-activerecord-3.2 <unfixed> (bug #675429)
- NOTE: Versions affected: all, fixed in versions 3.2.4, 3.1.5, 3.0.13
NOTE: http://seclists.org/oss-sec/2012/q2/449
CVE-2012-2659
RESERVED
@@ -4994,7 +4992,8 @@
RESERVED
CVE-2012-1013
RESERVED
- - krb5 <unfixed>
+ - krb5 <unfixed> (low)
+ [squeeze] - krb5 <no-dsa> (Minor issue)
NOTE: DoS only triggered by clients with admin permissions
CVE-2012-1012
RESERVED
@@ -5866,9 +5865,8 @@
CVE-2012-0677
RESERVED
CVE-2012-0676 (WebKit in Apple Safari before 5.1.7 does not properly track
state ...)
- - webkit <undetermined>
+ - webkit <unfixed>
NOTE:
http://packetstormsecurity.sebug.net/files/download/112596/APPLE-SA-2012-05-09-2.txt
- TODO: Check. Seems to be a general webkit issue instantiated for Apple.
CVE-2012-0675 (Time Machine in Apple Mac OS X before 10.7.4 does not require
...)
NOT-FOR-US: Time Machine
CVE-2012-0674 (Safari in Apple iOS before 5.1.1 allows remote attackers to
spoof the ...)
@@ -5876,9 +5874,8 @@
CVE-2012-0673
RESERVED
CVE-2012-0672 (WebKit in Apple iOS before 5.1.1 allows remote attackers to
execute ...)
- - webkit <undetermined>
+ - webkit <unfixed>
NOTE:
http://dl.packetstormsecurity.net/1205-advisories/APPLE-SA-2012-05-09-2.txt
- TODO: Check. Seems to be a general webkit issue instantiated for Apple.
CVE-2012-0671 (Apple QuickTime before 7.7.2 allows remote attackers to execute
...)
NOT-FOR-US: Apple QuickTime
CVE-2012-0670 (Integer overflow in Apple QuickTime before 7.7.2 allows remote
...)
@@ -10564,7 +10561,7 @@
CVE-2011-4032
RESERVED
CVE-2011-4031 (Integer underflow in the asfrtp_parse_packet function in ...)
- - libav <undetermined> (bug #675767)
+ - libav <unfixed> (bug #675767)
CVE-2011-4030 (The CMFEditions component 2.x in Plone 4.0.x through 4.0.9,
4.1, and ...)
- plone3 <not-affected> (Only affects Plone 4.x)
CVE-2011-4029
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2012-06-04 07:34:06 UTC (rev 19424)
+++ data/spu-candidates.txt 2012-06-04 10:51:03 UTC (rev 19425)
@@ -215,6 +215,9 @@
krb5 (CVE-2011-4151)
#646367
+krb5 (CVE-2012-1013)
+https://github.com/krb5/krb5/commit/c5be6209311d4a8f10fda37d0d3f876c1b33b77b
+http://krbdev.mit.edu/rt/Ticket/Display.html?id=7152
--
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
