[Secure-testing-commits] r20688 - data/CVE

Moritz Muehlenhoff Fri, 21 Dec 2012 04:00:14 -0800

Author: jmm
Date: 2012-12-21 11:59:58 +0000 (Fri, 21 Dec 2012)
New Revision: 20688


Modified:
   data/CVE/list
Log:
filed bugs for sanlock and zendframework
fail2ban no-dsa
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2012-12-21 06:40:48 UTC (rev 20687)
+++ data/CVE/list       2012-12-21 11:59:58 UTC (rev 20688)
@@ -1534,9 +1534,9 @@
 CVE-2012-6272
        RESERVED
 CVE-2012-6271 (Adobe Shockwave Player through 11.6.8.638 allows remote 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: Adobe Shockwave
 CVE-2012-6270 (Adobe Shockwave Player through 11.6.8.638 allows remote 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: Adobe Shockwave
 CVE-2012-6269
        RESERVED
 CVE-2012-6268
@@ -2326,7 +2326,7 @@
 CVE-2012-6008
        RESERVED
 CVE-2012-6007 (Cross-site scripting (XSS) vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2012-6006
        RESERVED
 CVE-2012-6005
@@ -2356,9 +2356,9 @@
 CVE-2012-5993
        RESERVED
 CVE-2012-5992 (Multiple cross-site request forgery (CSRF) vulnerabilities on 
Cisco ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2012-5991 (screens/base/web_auth_custom.html on Cisco Wireless LAN 
Controller ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2012-5990
        RESERVED
 CVE-2012-5989
@@ -2382,7 +2382,7 @@
 CVE-2012-5980
        RESERVED
 CVE-2012-5978 (Multiple directory traversal vulnerabilities in the (1) View 
...)
-       TODO: check
+       NOT-FOR-US: VMware View
 CVE-2012-5977
        RESERVED
 CVE-2012-5976
@@ -2398,13 +2398,13 @@
 CVE-2012-5971
        RESERVED
 CVE-2012-5970 (The Huawei E585 device allows remote attackers to cause a 
denial of ...)
-       TODO: check
+       NOT-FOR-US: Huawei device
 CVE-2012-5969 (Multiple directory traversal vulnerabilities on the Huawei E585 
device ...)
-       TODO: check
+       NOT-FOR-US: Huawei device
 CVE-2012-5968 (The Huawei E585 device does not validate the status of admin 
sessions, ...)
-       TODO: check
+       NOT-FOR-US: Huawei device
 CVE-2012-5967 (SQL injection vulnerability in menuXML.php in Centreon 2.3.3 
through ...)
-       TODO: check
+       NOT-FOR-US: Centreon
 CVE-2012-5966 (The restricted telnet shell on the D-Link DSL2730U router 
allows ...)
        NOT-FOR-US: D-Link DSL2730U router
 CVE-2012-5965
@@ -2428,7 +2428,7 @@
 CVE-2012-5956 (Multiple cross-site scripting (XSS) vulnerabilities in 
ManageEngine ...)
        NOT-FOR-US: ManageEngine AssetExplorer 5.6
 CVE-2012-5955 (Unspecified vulnerability in the IBM HTTP Server component 5.3 
in IBM ...)
-       TODO: check
+       NOT-FOR-US: WebSphere
 CVE-2012-5954
        RESERVED
 CVE-2012-5953
@@ -2898,7 +2898,7 @@
 CVE-2012-5766
        RESERVED
 CVE-2012-5765 (The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x 
before ...)
-       TODO: check
+       NOT-FOR-US: IBM Rational ClearQuest
 CVE-2012-5764
        RESERVED
 CVE-2012-5763
@@ -3048,9 +3048,9 @@
 CVE-2012-5692 (Unspecified vulnerability in admin/sources/base/core.php in 
Invision ...)
        NOT-FOR-US: Invision Power Board
 CVE-2012-5691 (Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 
and ...)
-       TODO: check
+       NOT-FOR-US: RealPlayer
 CVE-2012-5690 (RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 
...)
-       TODO: check
+       NOT-FOR-US: RealPlayer
 CVE-2012-5689
        RESERVED
 CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when 
DNS64 ...)
@@ -3165,8 +3165,7 @@
        RESERVED
 CVE-2012-5657 [zendframework: information disclosure flaw ZF2012-05]
        RESERVED
-       - zendframework <unfixed>
-       TODO: Check which Debian packages are unfixed and submit bug report
+       - zendframework <unfixed> (bug #696483)
        NOTE: http://www.openwall.com/lists/oss-security/2012/12/20/2
        NOTE: http://framework.zend.com/security/advisory/ZF2012-05
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=889037
@@ -3206,7 +3205,8 @@
        - squid3 <unfixed> (bug #696187)
 CVE-2012-5642 [fail2ban: input variable quoting flaw]
        RESERVED
-       - fail2ban <unfixed> (bug #696184)
+       - fail2ban <unfixed> (low; bug #696184)
+       [squeeze] - fail2ban <no-dsa> (Minor issue)
        NOTE: http://www.openwall.com/lists/oss-security/2012/12/17/1
 CVE-2012-5641
        RESERVED
@@ -3221,7 +3221,7 @@
        NOTE: Since 3.3.0 openoffice.org is a transitional source package
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=58295
 CVE-2012-5638 (The setup_logging function in log.h in SANLock uses 
world-writable ...)
-       - sanlock <unfixed>
+       - sanlock <unfixed> (bug #696424)
 CVE-2012-5637
        RESERVED
 CVE-2012-5636
@@ -3703,7 +3703,7 @@
        [wheezy] - vlc 2.0.3-4
        [squeeze] - vlc <no-dsa> (Minor issue)
 CVE-2012-5469 (The Portable phpMyAdmin plugin before 1.3.1 for WordPress 
allows ...)
-       TODO: check
+       NOT-FOR-US: Wordpress plugin
 CVE-2012-5468 (Heap-based buffer overflow in iconvert.c in the bogolexer 
component in ...)
        {DSA-2585-1}
        - bogofilter 1.2.2+dfsg1-2 (bug #695139)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r20688 - data/CVE

Reply via email to