[Secure-testing-commits] r18985 - data/CVE

Michael Gilbert mgilbert at alioth.debian.org
Tue Apr 17 18:36:28 UTC 2012 

Author: mgilbert
Date: 2012-04-17 18:36:27 +0000 (Tue, 17 Apr 2012)
New Revision: 18985

Modified:
   data/CVE/list
Log:
process weekly external check

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-04-17 15:49:04 UTC (rev 18984)
+++ data/CVE/list	2012-04-17 18:36:27 UTC (rev 18985)
@@ -308,8 +308,9 @@
 CVE-2012-2092
 	RESERVED
 	NOT-FOR-US: cobbler
-CVE-2012-2091
+CVE-2012-2091 [flightgear crafted rotor name buffer overflow]
 	RESERVED
+	- flightgear <unfixed>
 CVE-2012-2090
 	RESERVED
 	- simgear <unfixed> (low; bug #669024)
@@ -1504,6 +1505,7 @@
 	RESERVED
 CVE-2012-1575
 	RESERVED
+	NOT-FOR-US: cumin
 CVE-2012-1574 (The Kerberos/MapReduce security functionality in Apache Hadoop ...)
 	TODO: check
 CVE-2012-1573 (gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before ...)
@@ -1671,7 +1673,8 @@
 CVE-2012-1500
 	RESERVED
 CVE-2012-1499 (The JPEG 2000 codec in OpenJPEG before 1.5 does not properly allocate ...)
-	TODO: check
+	- openjpeg <not-affected> (vulnerable code introduced after 1.3)
+	TODO: recheck any version of openjpeg greater than 1.3
 CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio ...)
 	NOT-FOR-US: Webfolio CMS
 CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x before ...)
@@ -2389,8 +2392,10 @@
 CVE-2012-1172 [PHP 5.3.x Corrupted $_FILES indices lead to security concern]
 	RESERVED
 	- php5 5.4.0-1 (bug #663760)
-CVE-2012-1171
+CVE-2012-1171 [safemode bypass after RSHUTDOWN]
 	RESERVED
+	- php5 <unfixed> (unimportant)
+	NOTE: according to php's security statement, safemode bypass issues are not treated as security-relevant
 CVE-2012-1170
 	RESERVED
 	- moodle <not-affected> (Only affects 2.2)
@@ -2599,6 +2604,8 @@
 	- ldap-account-manager 3.6-2 (bug #661904)
 CVE-2012-1113
 	RESERVED
+	- gallery2 <unfixed>
+	NOTE: see redhat link
 CVE-2012-1112
 	RESERVED
 	NOT-FOR-US: OpenRealty CMS not in Debian
@@ -3163,6 +3170,9 @@
 	- apache2 <not-affected> (LD_LIBRARY_PATH not set in debian package)
 CVE-2012-0882
 	RESERVED
+	- mysql-5.1 <unfixed>
+	NOTE: limited information about issue, only a video of exploit taking place
+	NOTE: see redhat link
 CVE-2012-0881
 	RESERVED
 CVE-2012-0880
@@ -3358,6 +3368,7 @@
 	NOT-FOR-US: Joomla!
 CVE-2012-0818
 	RESERVED
+	NOT-FOR-US: RESTEasy framework for JBoss
 CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote ...)
 	- samba 2:3.6.3-1 (low)
 	- samba4 <unfixed>
@@ -3411,6 +3422,7 @@
 	- cvs 2:1.12.13+real-7
 CVE-2012-0803
 	RESERVED
+	NOT-FOR-US: Apache CXF
 CVE-2012-0802 [spamdyke: incorrect use of the "snprintf()" and "vsnprintf()" func]
 	RESERVED
 	NOT-FOR-US: spamdyke

More information about the Secure-testing-commits mailing list