Author: jmm
Date: 2012-06-25 11:39:43 +0000 (Mon, 25 Jun 2012)
New Revision: 19589
Modified:
data/CVE/list
Log:
imp4, horde3, gridengine, boost fixed
new apt issue
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-06-25 07:54:21 UTC (rev 19588)
+++ data/CVE/list 2012-06-25 11:39:43 UTC (rev 19589)
@@ -1,9 +1,9 @@
CVE-2012-XXXX [extplorer CSRF]
- extplorer 2.1.0b6+dfsg.3-3
CVE-2012-3791 (Multiple SQL injection vulnerabilities in Simple Web Content
...)
- TODO: check
+ NOT-FOR-US: Simple Web Content Management System
CVE-2012-3790 (Cross-site scripting (XSS) vulnerability in index.php in
Adiscon ...)
- TODO: check
+ NOT-FOR-US: Adiscon LogAnalyzer
CVE-2011-5095 (The Diffie-Hellman key-exchange implementation in OpenSSL
0.9.8, when ...)
TODO: check
CVE-2012-3789
@@ -409,9 +409,9 @@
CVE-2012-3589
RESERVED
CVE-2012-3588 (Directory traversal vulnerability in preview.php in the Plugin
...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2012-3587 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the
...)
- TODO: check
+ - apt <unfixed>
CVE-2012-3586
RESERVED
CVE-2012-3585
@@ -431,15 +431,15 @@
CVE-2012-XXXX [at-spi2-atk insecure tmp]
- at-spi2-atk <unfixed> (bug #678026)
CVE-2012-3578 (Unrestricted file upload vulnerability in html/Upload.php in
the ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2012-3577 (Unrestricted file upload vulnerability in doupload.php in the
Nmedia ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2012-3576 (Unrestricted file upload vulnerability in php/upload.php in the
...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2012-3575 (Unrestricted file upload vulnerability in uploader.php in the
RBX ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2012-3574 (Unrestricted file upload vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2012-3573
RESERVED
CVE-2012-3572
@@ -1472,7 +1472,7 @@
CVE-2012-3064
RESERVED
CVE-2012-3063 (Cisco Application Control Engine (ACE) before A4(2.3) and A5
before ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-3062
RESERVED
CVE-2012-3061
@@ -1482,7 +1482,7 @@
CVE-2012-3059
RESERVED
CVE-2012-3058 (Cisco Adaptive Security Appliances (ASA) 5500 series devices,
and the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-3057
RESERVED
CVE-2012-3056
@@ -1586,7 +1586,7 @@
CVE-2012-3007
RESERVED
CVE-2012-3006 (The Innominate mGuard Smart HW before HW-101130 and BD before
...)
- TODO: check
+ NOT-FOR-US: Innominate mGuard Smart
CVE-2012-3005
RESERVED
CVE-2012-3004
@@ -2117,7 +2117,7 @@
CVE-2012-2754
RESERVED
CVE-2012-2753 (Untrusted search path vulnerability in TrGUI.exe in the
Endpoint ...)
- TODO: check
+ NOT-FOR-US: Endpoint Connect
CVE-2012-2752 (Untrusted search path vulnerability in VMware vMA 4.x and 5.x
before ...)
NOT-FOR-US: VMware
CVE-2012-2751
@@ -2213,11 +2213,11 @@
CVE-2012-2719
RESERVED
CVE-2012-2718 (SQL injection vulnerability in the Counter module for Drupal
allows ...)
- TODO: check
+ NOT-FOR-US: Drupal module
CVE-2012-2717
RESERVED
CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment
...)
- TODO: check
+ NOT-FOR-US: Drupal module
CVE-2012-2715
RESERVED
CVE-2012-2714
@@ -2314,7 +2314,7 @@
CVE-2012-2677
RESERVED
- boost1.42 <removed>
- - boost1.49 <unfixed> (bug #677197)
+ - boost1.49 1.49.0-3.1 (bug #677197)
CVE-2012-2676
RESERVED
NOT-FOR-US: Hoard memory allocator
@@ -2429,11 +2429,11 @@
CVE-2012-2639
RESERVED
CVE-2012-2638 (Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in
SmallPICT ...)
- TODO: check
+ NOT-FOR-US: SmallPICT
CVE-2012-2637 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO
4.04 ...)
- TODO: check
+ NOT-FOR-US: KENT-WEB WEB PATIO
CVE-2012-2636 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO
4.04 ...)
- TODO: check
+ NOT-FOR-US: KENT-WEB WEB PATIO
CVE-2012-2635 (The Dolphin Browser HD application before 7.6 and Dolphin for
Pad ...)
NOT-FOR-US: Dolphin
CVE-2012-2634 (Cross-site scripting (XSS) vulnerability in FeedDemon before
4.0, when ...)
@@ -6737,7 +6737,7 @@
CVE-2012-0910
RESERVED
CVE-2012-0909 (Cross-site scripting (XSS) vulnerability in Horde_Form in Horde
...)
- - horde3 <unfixed>
+ - horde3 3.3.12+debian0-2.2
[squeeze] - horde3 <unfixed>
CVE-2012-0907 (Directory traversal vulnerability in the web player in NeoAxis
NeoAxis ...)
NOT-FOR-US: NeoAxis NeoAxis web player
@@ -7090,7 +7090,7 @@
- moodle 1.9.9.dfsg2-5
CVE-2012-0791 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
IMP ...)
{DSA-2485-1}
- - imp4 <unfixed> (bug #659392)
+ - imp4 4.3.10+debian0-1.1 (bug #659392)
CVE-2012-0790 (Cross-site scripting (XSS) vulnerability in smokeping_cgi in
Smokeping ...)
- smokeping 2.6.7-1 (bug #659899)
CVE-2012-0789 (Memory leak in the timezone functionality in PHP before 5.3.9
allows ...)
@@ -7668,7 +7668,7 @@
CVE-2012-0524 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0523 (Unspecified vulnerability in the Oracle Grid Engine component
in ...)
- - gridengine <unfixed>
+ - gridengine 6.2u5-7.1
NOTE: http://www.securityfocus.com/bid/53132
NOTE: http://gridscheduler.sourceforge.net/security.html
CVE-2012-0522 (Unspecified vulnerability in the Oracle JDeveloper component in
Oracle ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
