Author: jmm
Date: 2012-10-09 21:33:40 +0000 (Tue, 09 Oct 2012)
New Revision: 20315
Modified:
data/CVE/list
Log:
qpid-cpp tpu upload
ocaml hash collisions no-dsa
libsoup CVE ID rather a midori bug
wireshark fixed
libproc-processtable-perl no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-10-09 21:14:23 UTC (rev 20314)
+++ data/CVE/list 2012-10-09 21:33:40 UTC (rev 20315)
@@ -229,15 +229,15 @@
CVE-2012-5241
RESERVED
CVE-2012-5240 (Buffer overflow in the dissect_tlv function in ...)
- - wireshark <unfixed> (bug #689972)
+ - wireshark 1.8.2-2 (bug #689972)
[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-5239
REJECTED
CVE-2012-5238 (epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark
1.8.x ...)
- - wireshark <unfixed> (bug #689972)
+ - wireshark 1.8.2-2 (bug #689972)
[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-5237 (The dissect_hsrp function in epan/dissectors/packet-hsrp.c in
the HSRP ...)
- - wireshark <unfixed> (bug #689972)
+ - wireshark 1.8.2-2 (bug #689972)
[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-5236
RESERVED
@@ -1008,9 +1008,9 @@
CVE-2012-4897 (Untrusted search path vulnerability in the installer in VMware
Movie ...)
TODO: check
CVE-2012-4896 (Heap-based buffer overflow in SumatraPDF before 2.1 allows
remote ...)
- TODO: check
+ NOT-FOR-US: SumatraPDF
CVE-2012-4895 (Heap-based buffer overflow in SumatraPDF before 2.1 allows
remote ...)
- TODO: check
+ NOT-FOR-US: SumatraPDF
CVE-2012-4894 (Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows
...)
TODO: check
CVE-2012-4893 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
@@ -3870,7 +3870,7 @@
CVE-2012-3820
RESERVED
CVE-2012-3819 (Stack consumption vulnerability in dartwebserver.dll 1.9 and
earlier, ...)
- TODO: check
+ NOT-FOR-US: dartwebserver.dll
CVE-2012-3818 (The fpm exporter in Revelation 0.4.13-2 and earlier encrypts
the ...)
- revelation <unfixed> (bug #680059)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3818
@@ -4675,6 +4675,7 @@
NOT-FOR-US: Ushahidi
CVE-2012-3467 (Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator
mechanism ...)
- qpid-cpp 0.16-7 (bug #684456)
+ [wheezy] - qpid-cpp 0.16-6+deb7u1
CVE-2012-3466 [gpg passphrases cached forever]
RESERVED
- gnome-keyring 3.4.1-5 (bug #683655)
@@ -5150,7 +5151,7 @@
CVE-2012-3320
RESERVED
CVE-2012-3319 (IBM Rational Business Developer 8.x before 8.0.1.4 allows
remote ...)
- TODO: check
+ NOT-FOR-US: IBM Rational Business Developer
CVE-2012-3318
RESERVED
CVE-2012-3317
@@ -5160,7 +5161,7 @@
CVE-2012-3315
RESERVED
CVE-2012-3314 (IBM Tivoli Federated Identity Manager (TFIM) and Tivoli
Federated ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli
CVE-2012-3313 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-3312 (The datasource definition editor in IBM InfoSphere Guardium 8.2
and ...)
@@ -5256,9 +5257,9 @@
CVE-2012-3268
RESERVED
CVE-2012-3267 (Unspecified vulnerability in HP Network Node Manager i (NNMi)
9.20 ...)
- TODO: check
+ NOT-FOR-US: HP NNMi
CVE-2012-3266 (Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on
HP IBRIX ...)
- TODO: check
+ NOT-FOR-US: HP IBRIX
CVE-2012-3265
RESERVED
CVE-2012-3264 (Unspecified vulnerability in a SOAP feature in HP SiteScope
11.10 ...)
@@ -5726,7 +5727,7 @@
CVE-2012-3036
RESERVED
CVE-2012-3035 (Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1
allows ...)
- TODO: check
+ NOT-FOR-US: Emerson DeltaV
CVE-2012-3034 (WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in
SIMATIC ...)
NOT-FOR-US: Siemens WinCC
CVE-2012-3033
@@ -5798,7 +5799,7 @@
CVE-2012-3000
RESERVED
CVE-2012-2999 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the web ...)
- TODO: check
+ NOT-FOR-US: Cerberus FTP
CVE-2012-2998 (SQL injection vulnerability in the ad hoc query module in Trend
Micro ...)
NOT-FOR-US: Trend Micro Control Manager
CVE-2012-2997
@@ -7994,8 +7995,7 @@
{DSA-2469-1}
- linux-2.6 3.2.19-1
CVE-2012-2132 (libsoup 2.32.2 and earlier does not validate certificates or
clear the ...)
- - libsoup2.4 <unfixed> (low; bug #672880)
- [squeeze] - libsoup2.4 <no-dsa> (Minor issue)
+ - midori <unfixed> (unimportant; bug #672880)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=758431
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=817692
CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in
...)
@@ -11106,6 +11106,8 @@
NOTE: Commit
http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%[email protected]%3E
seems to cause regressions
CVE-2012-0839 (OCaml 3.12.1 and earlier computes hash values without
restricting the ...)
- ocaml 4.00.0~beta2-1 (low; bug #659149)
+ [wheezy] - ocaml <no-dsa> (Minor issue)
+ [squeeze] - ocaml <no-dsa> (Minor issue)
CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL
...)
- libstruts1.2-java <not-affected> (struts 2 issue)
CVE-2012-0837 (Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows
attackers to ...)
@@ -15099,6 +15101,7 @@
NOTE:
http://git.libav.org/?p=libav.git;a=commitdiff;h=494cfacdb9ba3f0549e37f76b3a2f86a7aeeac3c
CVE-2011-4363 (ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl,
when ...)
- libproc-processtable-perl <unfixed> (low; bug #650500)
+ [wheezy] - libproc-processtable-perl <no-dsa> (Minor issue)
[squeeze] - libproc-processtable-perl <no-dsa> (Minor issue)
[lenny] - libproc-processtable-perl <no-dsa> (Minor issue)
CVE-2011-4362 (Integer signedness error in the base64_decode function in the
HTTP ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
