Author: nion
Date: 2012-11-18 14:36:50 +0000 (Sun, 18 Nov 2012)
New Revision: 20509
Modified:
data/CVE/list
Log:
new yui issues
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-11-18 14:21:36 UTC (rev 20508)
+++ data/CVE/list 2012-11-18 14:36:50 UTC (rev 20509)
@@ -2,13 +2,15 @@
- bugzilla <removed> (low)
[squeeze] - bugzilla <not-affected> (vulnerable code not present in 3.x)
- bugzilla4 <itp> (bug #669643)
-
CVE-2012-5883 (Cross-site scripting (XSS) vulnerability in the Flash component
...)
- TODO: check
+ - yui3 <not-affected>
+ - yui <unfixed> (bug #693608)
CVE-2012-5882 (Cross-site scripting (XSS) vulnerability in the Flash component
...)
- TODO: check
+ - yui3 <not-affected>
+ - yui <unfixed> (bug #693608)
CVE-2012-5881 (Cross-site scripting (XSS) vulnerability in the Flash component
...)
- TODO: check
+ - yui3 <not-affected>
+ - yui <unfixed> (bug #693608)
CVE-2012-5880
RESERVED
CVE-2012-5879
@@ -50,7 +52,7 @@
CVE-2012-5861
RESERVED
CVE-2012-5860 (Unspecified vulnerability on Oberthur ID-One COSMO 5.2, 5.2a,
and 64 ...)
- TODO: check
+ NOT-FOR-US: ID-One COSMO
CVE-2012-XXXX [xscreensaver lock bypass]
- libpam-rsa <unfixed> (high; bug #693087)
CVE-2012-5859
@@ -146,7 +148,7 @@
CVE-2012-5824 (Trillian 5.1.0.19 does not verify that the server hostname
matches a ...)
NOT-FOR-US: Trillian
CVE-2012-5823 (Open Source Classifieds does not verify that the server
hostname ...)
- TODO: check
+ NOT-FOR-US: Open Source Classifieds
CVE-2012-5822 (The contribution feature in Zamboni does not verify that the
server ...)
NOT-FOR-US: Zamboni
CVE-2012-5821 (Lynx does not verify that the server's certificate is signed by
a ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
