[Secure-testing-commits] r18927 - data/CVE

Thu Apr 12 07:12:18 UTC 2012

Author: jmm
Date: 2012-04-12 07:12:18 +0000 (Thu, 12 Apr 2012)
New Revision: 18927

Modified:
   data/CVE/list
Log:
wicd fixed
imagemagick fixed
samba fixed
samba pidl issue also in samba4 (experimental only and fixed)
mantis fixed
libxml2 fixed
Adobe Reader NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-04-12 05:33:08 UTC (rev 18926)
+++ data/CVE/list	2012-04-12 07:12:18 UTC (rev 18927)
@@ -20,7 +20,7 @@
 	RESERVED
 CVE-2012-2095 [wicd command execution with root privileges]
 	RESERVED
-	- wicd <unfixed> (low; bug #668397)
+	- wicd 1.7.2-1 (low; bug #668397)
 	[squeeze] - wicd <no-dsa> (Minor issue)
 CVE-2012-2215 (Directory traversal vulnerability in the Preboot Service in Novell ...)
 	NOT-FOR-US: Novell ZENworks Configuration Management
@@ -924,7 +924,7 @@
 	RESERVED
 CVE-2012-1798
 	RESERVED
-	- imagemagick <unfixed> (bug #667635)
+	- imagemagick 8:6.7.4.0-4 (bug #667635)
 CVE-2012-1797 (IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has ...)
 	NOT-FOR-US: IBM DB2
 CVE-2012-1796 (Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as ...)
@@ -1364,7 +1364,7 @@
 	- joomla <itp> (bug #571794)
 CVE-2012-1610
 	RESERVED
-	- imagemagick <unfixed> (bug #667635)
+	- imagemagick 8:6.7.4.0-4 (bug #667635)
 CVE-2012-1609
 	RESERVED
 CVE-2012-1608
@@ -2298,7 +2298,8 @@
 	- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
 CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before ...)
-	- samba <unfixed> (bug #668309)
+	- samba 2:3.6.4-1 (bug #668309)
+	- samba4 4.0.0~alpha19+dfsg1-1 (bug #668309)
 CVE-2012-1181 (fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP ...)
 	{DSA-2436-1}
 	- libapache2-mod-fcgid 1:2.3.6-1.1 (bug #615814)
@@ -2516,22 +2517,22 @@
 	NOT-FOR-US: phxEventManager not in Debian
 CVE-2012-1123
 	RESERVED
-	- mantis <unfixed> (bug #662858)
+	- mantis 1.2.10-1 (bug #662858)
 CVE-2012-1122
 	RESERVED
-	- mantis <unfixed> (low; bug #662858)
+	- mantis 1.2.10-1 (low; bug #662858)
 CVE-2012-1121
 	RESERVED
-	- mantis <unfixed> (low; bug #662858)
+	- mantis 1.2.10-1 (low; bug #662858)
 CVE-2012-1120
 	RESERVED
-	- mantis <unfixed> (low; bug #662858)
+	- mantis 1.2.10-1 (low; bug #662858)
 CVE-2012-1119
 	RESERVED
-	- mantis <unfixed> (low; bug #662858)
+	- mantis 1.2.10-1 (low; bug #662858)
 CVE-2012-1118
 	RESERVED
-	- mantis <unfixed> (low; bug #662858)
+	- mantis 1.2.10-1 (low; bug #662858)
 CVE-2012-1117
 	RESERVED
 	NOT-FOR-US: Joomla!
@@ -3231,7 +3232,7 @@
 CVE-2012-0841
 	RESERVED
 	{DSA-2417-1}
-	- libxml2 <unfixed> (bug #660846)
+	- libxml2 2.7.8.dfsg-8 (bug #660846)
 CVE-2012-0840 (tables/apr_hash.c in the Apache Portable Runtime (APR) library through ...)
 	- apr 1.4.6-1 (low; bug #655435)
 	[squeeze] - apr <no-dsa> (exploitability in httpd extremely limited, not known to be exploitable in svn)
@@ -3428,13 +3429,13 @@
 CVE-2012-0778
 	RESERVED
 CVE-2012-0777 (The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2012-0776 (The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2012-0775 (The JavaScript implementation in Adobe Reader and Acrobat 9.x before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2012-0774 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2012-0773 (The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2012-0772 (An unspecified ActiveX control in Adobe Flash Player before ...)
@@ -5125,10 +5126,10 @@
 	RESERVED
 CVE-2012-0260
 	RESERVED
-	- imagemagick <unfixed> (bug #667635)
+	- imagemagick 8:6.7.4.0-4 (bug #667635)
 CVE-2012-0259
 	RESERVED
-	- imagemagick <unfixed> (bug #667635)
+	- imagemagick 8:6.7.4.0-4 (bug #667635)
 CVE-2012-0258 (Heap-based buffer overflow in the WWCabFile ActiveX component in the ...)
 	NOT-FOR-US: Invensys Wonderware Application Server
 CVE-2012-0257 (Heap-based buffer overflow in the WWCabFile ActiveX component in the ...)


