[Secure-testing-commits] r19944 - data/CVE

Tue, 14 Aug 2012 03:53:26 -0700 

Author: jmm
Date: 2012-08-14 10:53:15 +0000 (Tue, 14 Aug 2012)
New Revision: 19944

Modified:
   data/CVE/list
Log:
nvidia no-dsa
triage older openssl issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2012-08-14 09:14:18 UTC (rev 19943)
+++ data/CVE/list       2012-08-14 10:53:15 UTC (rev 19944)
@@ -29,7 +29,7 @@
 CVE-2012-4236
        RESERVED
 CVE-2012-4235 (The RSGallery2 (com_rsgallery2) component before 3.2.0 for 
Joomla! ...)
-       TODO: check
+       NOT-FOR-US: Joomla addon
 CVE-2012-4234
        RESERVED
 CVE-2012-4233
@@ -53,9 +53,9 @@
 CVE-2012-4225 [Security issue in NVIDIA UNIX device files to map and program 
registers to redirect the VGA window]
        RESERVED
        - nvidia-graphics-drivers 304.32-1 (bug #684781)
+       [squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        NOTE: http://seclists.org/fulldisclosure/2012/Aug/4
        NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3140
-       NOTE: http://www.ubuntu.com/usn/usn-1523-1/
 CVE-2012-4224
        RESERVED
 CVE-2012-4223
@@ -384,7 +384,7 @@
 CVE-2012-4072
        RESERVED
 CVE-2012-4071 (Cross-site scripting (XSS) vulnerability in the comments module 
in the ...)
-       TODO: check
+       NOT-FOR-US: Joomla addon
 CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in 
Dir2web ...)
        TODO: check
 CVE-2012-4069 (Dir2web 3.0 stores sensitive information under the web root 
with ...)
@@ -999,8 +999,8 @@
 CVE-2012-3790 (Cross-site scripting (XSS) vulnerability in index.php in 
Adiscon ...)
        NOT-FOR-US: Adiscon LogAnalyzer 
 CVE-2011-5095 (The Diffie-Hellman key-exchange implementation in OpenSSL 
0.9.8, when ...)
-       - openssl <unfixed> (bug #684527)
-       NOTE: seems fixed in testing/unstable
+       - openssl 0.9.8a-1 (bug #684527)
+       NOTE: fips version not used in Debian
 CVE-2012-3789 (Unspecified vulnerability in bitcoind and Bitcoin-Qt before 
0.4.7rc3, ...)
        - bitcoin 0.5.0~rc1-1
 CVE-2012-3788
@@ -1479,7 +1479,7 @@
 CVE-2012-3555 (Opera before 11.65 does not ensure that keyboard sequences are 
...)
        NOT-FOR-US: Opera
 CVE-2012-3554 (SQL injection vulnerability in the RSGallery2 (com_rsgallery2) 
...)
-       TODO: check
+       NOT-FOR-US: Joomla addon
 CVE-2012-3552
        RESERVED
 CVE-2012-3551
@@ -20916,7 +20916,8 @@
        NOT-FOR-US: PaX hardening patch
        NOTE: http://seclists.org/oss-sec/2011/q1/579
 CVE-2011-1473 (** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, 
does not ...)
-       - openssl <unfixed> (bug #672456)
+       NOTE: Generic protocol issue, no code fix. Workarounds exist, see bug 
#672456
+       NOTE: and http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
 CVE-2011-1472 (The Nokia E75 phone with firmware before 211.12.01 allows 
physically ...)
        NOT-FOR-US: Nokia E75 phone
 CVE-2009-5062 (IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino 
on AIX ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to