Author: jmm
Date: 2012-12-12 15:22:04 +0000 (Wed, 12 Dec 2012)
New Revision: 20652
Modified:
data/CVE/list
Log:
two logrotate entries do not apply to Debian
one logrotate entry isn't a logrotate issue, but affects cobbler
thttpd isn't unimportant, it's still a DoS issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-12-12 14:38:53 UTC (rev 20651)
+++ data/CVE/list 2012-12-12 15:22:04 UTC (rev 20652)
@@ -1,5 +1,5 @@
CVE-2012-XXXX [thttpd: Local DoS vulnerability]
- - thttpd <removed> (unimportant)
+ - thttpd <removed> (low)
NOTE: http://www.openwall.com/lists/oss-security/2012/12/12/1
CVE-2012-6331
RESERVED
@@ -2520,8 +2520,8 @@
NOT-FOR-US: gofer component of PULP project
CVE-2012-5627 [Insecure salt value usage when in the same mysql session]
RESERVED
- - mysql-5.1 <unfixed>
- - mysql-5.5 <unfixed>
+ - mysql-5.1 <unfixed> (low)
+ - mysql-5.5 <unfixed> (low)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=883719
CVE-2012-5626
RESERVED
@@ -27014,11 +27014,11 @@
- xpdf 3.02-9
- poppler <not-affected> (never used t1lib)
CVE-2011-1551 (SUSE openSUSE Factory assigns ownership of the
/var/log/cobbler/ ...)
- - logrotate 3.7.8-6
+ - cobbler <itp> (bug #545583)
CVE-2011-1550 (The default configuration of logrotate on SUSE openSUSE Factory
uses ...)
- - logrotate 3.7.8-6
+ - logrotate <not-affected> (SuSE-specific, see CVE-2011-1548 for Debian)
CVE-2011-1549 (The default configuration of logrotate on Gentoo Linux uses
root ...)
- - logrotate 3.7.8-6
+ - logrotate <not-affected> (Gentoo-specific, see CVE-2011-1548 for
Debian)
CVE-2011-1548 (The default configuration of logrotate on Debian GNU/Linux uses
root ...)
- logrotate 3.7.8-6
CVE-2009-5064 (** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6)
2.13 and ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
