[Secure-testing-commits] r18904 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Tue Apr 10 03:34:57 UTC 2012
Author: geissert
Date: 2012-04-10 03:34:57 +0000 (Tue, 10 Apr 2012)
New Revision: 18904
Modified:
data/CVE/list
Log:
iproute, quagga, moodle, osc, rails, wpasupplicant, nm, pidgin, etc
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-04-10 03:31:59 UTC (rev 18903)
+++ data/CVE/list 2012-04-10 03:34:57 UTC (rev 18904)
@@ -1239,8 +1239,10 @@
- suckless-tools <unfixed> (unimportant; bug #667796)
CVE-2012-1619
RESERVED
-CVE-2012-1618
+CVE-2012-1618 [jdbc pgsql SQL injection]
RESERVED
+ - libpgjava <unfixed>
+ TODO: check
CVE-2012-1617
RESERVED
CVE-2012-1616
@@ -1366,6 +1368,8 @@
- gnutls28 3.0.17-2 (high)
CVE-2012-1572
RESERVED
+ - keystone <unfixed>
+ TODO: check
CVE-2012-1571 [CDF crasher bugs in file, found by CERT/CC BFF tool]
RESERVED
{DSA-2422-1}
@@ -1378,6 +1382,7 @@
- libtasn1-3 2.12-1 (high)
CVE-2012-1568
RESERVED
+ - linux-2.6 <not-affected> (execshield issue)
CVE-2012-1567
RESERVED
NOT-FOR-US: LinuxMint
@@ -2024,6 +2029,8 @@
RESERVED
CVE-2012-1257
RESERVED
+ - pidgin <unfixed>
+ TODO: check
CVE-2012-1256 (The single sign-on (SSO) implementation in EasyVista before ...)
NOT-FOR-US: EasyVista
CVE-2012-1255
@@ -2240,10 +2247,16 @@
RESERVED
CVE-2012-1170
RESERVED
+ - moodle <unfixed>
+ TODO: check
CVE-2012-1169
RESERVED
+ - moodle <unfixed>
+ TODO: check
CVE-2012-1168
RESERVED
+ - moodle <unfixed>
+ TODO: check
CVE-2012-1167
RESERVED
CVE-2012-1166 [ldm (LTSP display manager)]
@@ -2267,20 +2280,35 @@
- libzip <unfixed> (bug #664990)
CVE-2012-1161
RESERVED
+ - moodle <unfixed>
+ TODO: check
CVE-2012-1160
RESERVED
+ - moodle <unfixed>
+ TODO: check
CVE-2012-1159
RESERVED
+ - moodle <unfixed>
+ TODO: check
CVE-2012-1158
RESERVED
+ - moodle <unfixed>
+ TODO: check
CVE-2012-1157
RESERVED
+ - moodle <unfixed>
+ TODO: check
CVE-2012-1156
RESERVED
+ - moodle <unfixed>
+ TODO: check
CVE-2012-1155
RESERVED
+ - moodle <unfixed>
+ TODO: check
CVE-2012-1154
RESERVED
+ NOT-FOR-US: mod_cluster
CVE-2012-1153
RESERVED
NOT-FOR-US: AppRain CMS, not in Debian
@@ -2317,6 +2345,7 @@
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-1145
RESERVED
+ NOT-FOR-US: RHN Satellite
CVE-2012-1144
RESERVED
{DSA-2428-1}
@@ -2475,9 +2504,12 @@
- systemd 43-1 (bug #662029)
CVE-2012-1100
RESERVED
+ NOT-FOR-US: JBoss Operations Network
CVE-2012-1099 (Cross-site scripting (XSS) vulnerability in ...)
+ - rails <unfixed>
TODO: check
CVE-2012-1098 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before ...)
+ - rails <unfixed>
TODO: check
CVE-2012-1097
RESERVED
@@ -2485,10 +2517,16 @@
- linux-2.6 3.2.10-1 (low)
CVE-2012-1096
RESERVED
+ - wpasupplicant <unfixed>
+ - network-manager <unfixed>
+ TODO: check
CVE-2012-1095
RESERVED
+ - osc <unfixed>
+ TODO: check
CVE-2012-1094
RESERVED
+ NOT-FOR-US: mod_cluster
CVE-2012-1093 [init script x11-common creates directories in insecure manner]
RESERVED
- xorg 1:7.6+12 (bug #661627)
@@ -2508,6 +2546,8 @@
NOT-FOR-US: Apache Wicket
CVE-2012-1088
RESERVED
+ - iproute <unfixed>
+ TODO: check
CVE-2012-1087 (Cross-site scripting (XSS) vulnerability in the Post data records to ...)
NOT-FOR-US: bc_post2facebook extension for TYPO3
CVE-2012-1086 (Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) ...)
@@ -3011,6 +3051,8 @@
NOT-FOR-US: OxWall
CVE-2012-0871
RESERVED
+ - systemd <unfixed>
+ TODO: check
CVE-2012-0870 (Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used ...)
- samba 2:3.4.0~pre1-1
[lenny] - samba <not-affected> (pre-release issue)
@@ -3126,6 +3168,7 @@
- phpldapadmin 1.2.2-1 (bug #658907)
CVE-2012-0833
RESERVED
+ NOT-FOR-US: 389 LDAP server
CVE-2012-0832
RESERVED
CVE-2012-0831 (PHP before 5.3.10 does not properly perform a temporary change to the ...)
@@ -5007,6 +5050,7 @@
CVE-2012-0256 (Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before ...)
- trafficserver 3.0.4-1
CVE-2012-0255 (The BGP implementation in bgpd in Quagga before 0.99.20.1 does not ...)
+ - quagga <unfixed>
TODO: check
CVE-2012-0254
RESERVED
@@ -5957,6 +6001,7 @@
[squeeze] - tucan <no-dsa> (Minor issue)
CVE-2012-0062
RESERVED
+ NOT-FOR-US: JBoss Operations Network
CVE-2012-0061
RESERVED
- rpm 4.9.1.3-1 (bug #667031)
@@ -5965,6 +6010,7 @@
- rpm 4.9.1.3-1 (bug #667031)
CVE-2012-0059
RESERVED
+ NOT-FOR-US: RHN Satellite
CVE-2012-0058
RESERVED
- linux-2.6 3.2.2-1
@@ -6069,6 +6115,7 @@
[lenny] - znc <not-affected> (Only affects 0.200 and 0.202)
CVE-2012-0032
RESERVED
+ NOT-FOR-US: JBoss Operations Network
CVE-2012-0031 (scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow ...)
{DSA-2405-1}
- apache2 2.2.22-1 (low)
@@ -9176,7 +9223,8 @@
CVE-2011-3700 (Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain ...)
NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3699 (John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain ...)
- NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
+ - libphp-adodb <unfixed> (unimportant)
+ NOTE: path is already known
CVE-2011-3698 (AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive ...)
NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3697 (Achievo 1.4.5 allows remote attackers to obtain sensitive information ...)
More information about the Secure-testing-commits
mailing list