Author: jmm
Date: 2012-10-08 07:32:01 +0000 (Mon, 08 Oct 2012)
New Revision: 20301
Modified:
data/CVE/list
Log:
ruby1.9.1 fixed
xml-light fixed
glib fixed
tiff, tiff3 fixed
eucalyptus fixed
blender no-dsa
ocportal ITPed
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-10-07 21:14:26 UTC (rev 20300)
+++ data/CVE/list 2012-10-08 07:32:01 UTC (rev 20301)
@@ -148,7 +148,7 @@
CVE-2012-5235
RESERVED
CVE-2012-5234 (Open redirect vulnerability in index.php in ocPortal before
7.1.6 ...)
- TODO: check
+ - ocportal <itp> (bug #625865)
CVE-2012-5233 (Cross-site scripting (XSS) vulnerability in the stickynote
module ...)
TODO: check
CVE-2012-5232 (Cross-site scripting (XSS) vulnerability in the Quickl Form
component ...)
@@ -2196,14 +2196,14 @@
- linux <not-affected> (Vulnerable code introduced in 3.3)
CVE-2012-4466
RESERVED
- - ruby1.9.1 <unfixed> (low; bug #689075)
+ - ruby1.9.1 1.9.3.194-2 (low; bug #689075)
[squeeze] - ruby1.9.1 <no-dsa> (Minor issue)
CVE-2012-4465
RESERVED
- cgit <itp> (bug #515793)
CVE-2012-4464
RESERVED
- - ruby1.9.1 <unfixed> (low; bug #689075)
+ - ruby1.9.1 1.9.3.194-2 (low; bug #689075)
[squeeze] - ruby1.9.1 <not-affected> (Introduced in 1.9.3)
CVE-2012-4463 [Improper sanitization of MC_EXT_SELECTED variable when viewing
multiple files]
RESERVED
@@ -2250,8 +2250,8 @@
- wordpress <unfixed> (bug #689031)
CVE-2012-4447 [libtiff: Heap-buffer overflow when processing a TIFF image with
PixarLog Compression]
RESERVED
- - tiff <unfixed> (bug #688944)
- - tiff3 <unfixed> (bug #688944)
+ - tiff 4.0.2-4 (bug #688944)
+ - tiff3 3.9.6-9 (bug #688944)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=860198
CVE-2012-4446
RESERVED
@@ -3163,11 +3163,11 @@
CVE-2012-4066
RESERVED
CVE-2012-4065 (Eucalyptus before 3.1.1 does not properly restrict the binding
of ...)
- - eucalyptus <unfixed> (bug #689599)
+ - eucalyptus 3.1.0-9 (bug #689599)
CVE-2012-4064 (Eucalyptus before 3.1.1 does not properly restrict the binding
of ...)
- - eucalyptus <unfixed> (bug #689599)
+ - eucalyptus 3.1.0-9 (bug #689599)
CVE-2012-4063 (The Apache Santuario configuration in Eucalyptus before 3.1.1
does not ...)
- - eucalyptus <unfixed> (bug #689599)
+ - eucalyptus 3.1.0-9 (bug #689599)
CVE-2012-4062
RESERVED
CVE-2012-4061 (Multiple SQL injection vulnerabilities in ASP-DEv XM Diary
allow ...)
@@ -4397,7 +4397,7 @@
- jabberd2 <unfixed> (bug #685666)
CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other
privileged ...)
- dbus 1.6.8-1 (bug #689070)
- - glib2.0 <unfixed>
+ - glib2.0 2.33.12+really2.32.4-2
[squeeze] - glib2.0 <not-affected> (Vulnerable code not present)
NOTE: fixed in 2.34.0-1 from experimental
NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6
@@ -4438,7 +4438,7 @@
- qemu 1.1.2+dfsg-1
- qemu-kvm 1.1.2+dfsg-1
CVE-2012-3514 (OCaml Xml-Light Library before r234 computes hash values
without ...)
- - xml-light <unfixed> (bug #685584)
+ - xml-light 2.2-15 (bug #685584)
CVE-2012-3513 [remote execution as www-data]
RESERVED
- munin 2.0.6-1 (bug #684076)
@@ -7158,7 +7158,9 @@
- wordpress 3.0.3-1
CVE-2010-5105 [blender /tmp/quit.blend temp file issue]
RESERVED
- - blender <unfixed> (bug #584621)
+ - blender <unfixed> (low; bug #584621)
+ [squeeze] - blender <no-dsa> (Minor issue)
+ [wheezy] - blender <no-dsa> (Minor issue)
CVE-2010-5104 (The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x
before ...)
- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5103 (SQL injection vulnerability in the list module in TYPO3 4.2.x
before ...)
@@ -9177,11 +9179,11 @@
CVE-2012-1605 (The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and
6.0 ...)
- typo3-src <not-affected> (vulnerable code not yet present)
CVE-2012-1604 (Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows
remote ...)
- TODO: check
+ NOT-FOR-US: NextBBS
CVE-2012-1603 (Multiple SQL injection vulnerabilities in ajaxserver.php in
NextBBS ...)
- TODO: check
+ NOT-FOR-US: NextBBS
CVE-2012-1602 (user.php in NextBBS 0.6 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: NextBBS
CVE-2012-1601 (The KVM implementation in the Linux kernel before 3.3.6 allows
host OS ...)
{DSA-2469-1}
- linux-2.6 3.2.17-1 (low)
@@ -9473,7 +9475,7 @@
CVE-2012-1472 (VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does
not ...)
NOT-FOR-US: VMware vCenter Chargeback Manager
CVE-2012-1471 (Directory traversal vulnerability in catalogue_file.php in
ocPortal ...)
- TODO: check
+ - ocportal <itp> (bug #625865)
CVE-2012-1470 (Multiple cross-site scripting (XSS) vulnerabilities in
code_editor.php ...)
TODO: check
CVE-2012-1469 (Multiple cross-site scripting (XSS) vulnerabilities in Open
Journal ...)
@@ -11389,9 +11391,9 @@
CVE-2012-0693 (** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS)
5.03 ...)
NOT-FOR-US: WHMCompleteSolution
CVE-2012-0692 (CA License (aka CA Licensing) before 1.90.03 allows local users
to ...)
- TODO: check
+ NOT-FOR-US: CA License
CVE-2012-0691 (CA License (aka CA Licensing) before 1.90.03 does not properly
...)
- TODO: check
+ NOT-FOR-US: CA License
CVE-2012-0690 (TIBCO Spotfire Web Application, Web Player Application,
Automation ...)
NOT-FOR-US: TIBCO Spotfire
CVE-2012-0689 (The server in TIBCO ActiveMatrix Platform in TIBCO Silver
Fabric ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
