[Secure-testing-commits] r20613 - data/CVE

Moritz Muehlenhoff Wed, 05 Dec 2012 23:21:26 -0800

Author: jmm
Date: 2012-12-06 07:21:16 +0000 (Thu, 06 Dec 2012)
New Revision: 20613


Modified:
   data/CVE/list
Log:
record some ITP issues
NFUs
plib will be fixed in Wheezy
dovecot bug a non-issue, will be rejected
openslp no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2012-12-05 21:14:25 UTC (rev 20612)
+++ data/CVE/list       2012-12-06 07:21:16 UTC (rev 20613)
@@ -259,7 +259,7 @@
 CVE-2012-6045 (Cross-site scripting (XSS) vulnerability in gb/user/index.php 
in Ramui ...)
        NOT-FOR-US: Ramui Forum
 CVE-2012-6044 (M-Player 0.4 allows remote attackers to cause a denial of 
service ...)
-       TODO: check
+       NOT-FOR-US: M-Player (different from mplayer in the archive)
 CVE-2012-6043 (Cross-site scripting (XSS) vulnerability in downloads.php in 
...)
        TODO: check
 CVE-2012-6042 (GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to 
cause a ...)
@@ -1256,9 +1256,8 @@
 CVE-2012-5621 [Ekiga (x < 4.0.0): DoS (crash) after receiving call from other 
party with not UTF-8 valid name]
        RESERVED
        - ekiga <unfixed>
-CVE-2012-5620 [Dovecot DoS in 2.x]
+CVE-2012-5620
        RESERVED
-       - dovecot <unfixed> (bug #695138)
 CVE-2012-5619
        RESERVED
        - sleuthkit <unfixed> (unimportant; bug #695097)
@@ -1766,7 +1765,7 @@
 CVE-2012-5451
        RESERVED
 CVE-2012-5450 (Cross-site request forgery (CSRF) vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: CMS Made Simple
 CVE-2012-5449
        RESERVED
 CVE-2012-5448
@@ -1911,7 +1910,7 @@
        - openjdk-6 <unfixed>
        - openjdk-7 <unfixed>
 CVE-2012-5372 (Rubinius computes hash values without properly restricting the 
ability ...)
-       TODO: check
+       - rubinius  <itp> (bug #591817)
 CVE-2012-5371 (Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 
computes ...)
        - ruby1.8 <not-affected> (Only affects 1.9.x)
        - ruby1.9.1 1.9.3.194-4 (bug #693024)
@@ -1923,7 +1922,7 @@
 CVE-2012-5368 (phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is 
obtained ...)
        - phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see 
#691728)
 CVE-2012-5367 (Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 
allow ...)
-       TODO: check
+       NOT-FOR-US: OrangeHRM
 CVE-2012-5366
        RESERVED
        NOT-FOR-US: Mac OS X
@@ -2478,7 +2477,7 @@
 CVE-2012-5130 (Skia, as used in Google Chrome before 23.0.1271.91, allows 
remote ...)
        - chromium-browser <unfixed>
 CVE-2012-5129 (Heap-based buffer overflow in the WebGL subsystem in Google 
Chrome OS ...)
-       TODO: check
+       NOT-FOR-US: Chrome OS
 CVE-2012-5128 (Google V8 before 3.13.7.5, as used in Google Chrome before ...)
        - libv8 <unfixed> (bug #694808)
 CVE-2012-5127 (Integer overflow in Google Chrome before 23.0.1271.64 allows 
remote ...)
@@ -4206,7 +4205,6 @@
 CVE-2012-4552 (Stack-based buffer overflow in the error function in 
ssg/ssgParser.cxx ...)
        - plib <unfixed> (low; bug #694810)
        [squeeze] - plib <no-dsa> (Minor issue)
-       [wheezy] - plib <no-dsa> (Minor issue)
 CVE-2012-4551 (Use-after-free vulnerability in libunity-webapps before 2.4.1 
allows ...)
        NOT-FOR-US: libunity-webapps
 CVE-2012-4550
@@ -4555,6 +4553,8 @@
 CVE-2012-4428
        RESERVED
        - openslp-dfsg <unfixed> (bug #687597; low)
+       [squeeze] - openslp-dfsg <no-dsa> (Minor issue)
+       [wheezy] - openslp-dfsg <no-dsa> (Minor issue)
        NOTE: no upstream solution as of 11/17/2012
 CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers 
to force ...)
        - gnome-shell <unfixed> (unimportant)
@@ -11598,9 +11598,9 @@
        - phppgadmin 5.0.4-1
        [squeeze] - phppgadmin <no-dsa> (Minor issue, will be fixed through a 
point update)
 CVE-2012-1599 (Joomla! 1.5.x before 1.5.26 does not properly check 
permissions, which ...)
-       TODO: check
+       - joomla <itp> (bug #571794)
 CVE-2012-1598 (Joomla! 1.5.x before 1.5.26 has unspecified impact and attack 
vectors ...)
-       TODO: check
+       - joomla <itp> (bug #571794)
 CVE-2012-1597 (Cross-site scripting (XSS) vulnerability in the textEncode 
function in ...)
        NOT-FOR-US: eZ Publish
 CVE-2012-1596 (The mp2t_process_fragmented_payload function in ...)
@@ -11686,10 +11686,10 @@
        NOT-FOR-US: YVS
 CVE-2012-1563
        RESERVED
-       NOT-FOR-US: Joomla!
+       - joomla <itp> (bug #571794)
 CVE-2012-1562
        RESERVED
-       NOT-FOR-US: Joomla!
+       - joomla <itp> (bug #571794)
 CVE-2012-1561
        RESERVED
        NOT-FOR-US: Drupal Finder
@@ -12700,9 +12700,9 @@
        {DSA-2500-1}
        - mantis 1.2.10-1 (low; bug #669924)
 CVE-2012-1117 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 
2.5.1 ...)
-       NOT-FOR-US: Joomla!
+       - joomla <itp> (bug #571794)
 CVE-2012-1116 (SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 
2.5.2 ...)
-       NOT-FOR-US: Joomla!
+       - joomla <itp> (bug #571794)
 CVE-2012-1115
        RESERVED
        - phpldapadmin 1.2.2-3 (bug #662050)
@@ -13423,11 +13423,11 @@
 CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL 
...)
        - libstruts1.2-java <not-affected> (struts 2 issue)
 CVE-2012-0837 (Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows 
attackers to ...)
-       NOT-FOR-US: Joomla!
+       - joomla <itp> (bug #571794)
 CVE-2012-0836 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows 
...)
-       NOT-FOR-US: Joomla!
+       - joomla <itp> (bug #571794)
 CVE-2012-0835 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 
2.5.x ...)
-       NOT-FOR-US: Joomla!
+       - joomla <itp> (bug #571794)
 CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php 
in ...)
        - phpldapadmin 1.2.2-1 (bug #658907)
 CVE-2012-0833 (The acllas__handle_group_entry function in ...)
@@ -13467,13 +13467,13 @@
        [squeeze] - libvpx <not-affected> (Introduced in 0.9.7)
        NOTE: 
http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html
 CVE-2012-0822 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 
1.7.x ...)
-       NOT-FOR-US: Joomla!
+       - joomla <itp> (bug #571794)
 CVE-2012-0821 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 
1.7.4 ...)
-       NOT-FOR-US: Joomla!
+       - joomla <itp> (bug #571794)
 CVE-2012-0820 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 
1.7.x ...)
-       NOT-FOR-US: Joomla!
+       - joomla <itp> (bug #571794)
 CVE-2012-0819 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 
1.7.4 ...)
-       NOT-FOR-US: Joomla!
+       - joomla <itp> (bug #571794)
 CVE-2012-0818 (RESTEasy before 2.3.1 allows remote attackers to read arbitrary 
files ...)
        NOT-FOR-US: RESTEasy framework for JBoss
 CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote 
...)
@@ -15240,7 +15240,7 @@
        NOT-FOR-US: Ariadne CMS not in Debian
 CVE-2011-4937
        RESERVED
-       NOT-FOR-US: Joomla
+       - joomla <itp> (bug #571794)
 CVE-2011-4936
        RESERVED
        - joomla <itp> (bug #571794)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r20613 - data/CVE

Reply via email to