[Secure-testing-commits] r19009 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Thu Apr 19 02:36:57 UTC 2012 

Author: geissert
Date: 2012-04-19 02:36:57 +0000 (Thu, 19 Apr 2012)
New Revision: 19009

Modified:
   data/CVE/list
Log:
NFUs, tracking issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-04-19 02:27:39 UTC (rev 19008)
+++ data/CVE/list	2012-04-19 02:36:57 UTC (rev 19009)
@@ -1748,6 +1748,7 @@
 CVE-2012-1502
 	RESERVED
 	{DSA-2430-1}
+	- python-pam <undetermined>
 CVE-2012-1501
 	RESERVED
 CVE-2012-1500
@@ -5778,10 +5779,11 @@
 	NOT-FOR-US: Microsoft
 CVE-2012-0153
 	RESERVED
+	NOT-FOR-US: Microsoft
 CVE-2012-0152 (The Remote Desktop Protocol (RDP) service in Microsoft Windows Server ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2012-0151 (The Authenticode Signature Verification function in Microsoft Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0150 (Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows ...)
 	NOT-FOR-US: Microsoft
 CVE-2012-0149 (afd.sys in the Ancillary Function Driver in Microsoft Windows Server ...)
@@ -5789,23 +5791,28 @@
 CVE-2012-0148 (afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, ...)
 	NOT-FOR-US: Microsoft
 CVE-2012-0147 (Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0146 (Open redirect vulnerability in Microsoft Forefront Unified Access ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0145 (Cross-site scripting (XSS) vulnerability in wizardlist.aspx in ...)
 	NOT-FOR-US: Microsoft
 CVE-2012-0144 (Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft ...)
 	NOT-FOR-US: Microsoft
 CVE-2012-0143
 	RESERVED
+	NOT-FOR-US: Microsoft
 CVE-2012-0142
 	RESERVED
+	NOT-FOR-US: Microsoft
 CVE-2012-0141
 	RESERVED
+	NOT-FOR-US: Microsoft
 CVE-2012-0140
 	RESERVED
+	NOT-FOR-US: Microsoft
 CVE-2012-0139
 	RESERVED
+	NOT-FOR-US: Microsoft
 CVE-2012-0138 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle ...)
 	NOT-FOR-US: Microsoft
 CVE-2012-0137 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle ...)
@@ -5817,17 +5824,17 @@
 CVE-2012-0134
 	RESERVED
 CVE-2012-0133 (HP ProCurve 5400 zl switches with certain serial numbers include a ...)
-	TODO: check
+	NOT-FOR-US: HP ProCurve
 CVE-2012-0132 (Cross-site scripting (XSS) vulnerability in HP Business Availability ...)
-	TODO: check
+	NOT-FOR-US: HP Business Availability
 CVE-2012-0131 (Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX ...)
 	NOT-FOR-US: HP HP-UX
 CVE-2012-0130 (HP Onboard Administrator (OA) before 3.50 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: HP Onboard Administrator
 CVE-2012-0129 (HP Onboard Administrator (OA) before 3.50 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: HP Onboard Administrator
 CVE-2012-0128 (HP Onboard Administrator (OA) before 3.50 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: HP Onboard Administrator
 CVE-2012-0127 (Unspecified vulnerability in HP Performance Manager 9.00 allows remote ...)
 	NOT-FOR-US: HP Performance Manager
 CVE-2012-0126 (Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 ...)
@@ -12233,6 +12240,7 @@
 	- libxml2 2.7.8.dfsg-5 (low; bug #643648)
 	[squeeze] - libxml2 <no-dsa> (denial-of-service only issue)
 CVE-2011-2820 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+	- chromium-browser <undetermined>
 	[squeeze] - chromium-browser <not-affected>
 CVE-2011-2819 (Google Chrome before 13.0.782.107 allows remote attackers to bypass ...)
 	- chromium-browser 13.0.782.107~r94237-1
@@ -14922,7 +14930,7 @@
 	NOT-FOR-US: Silverlight
 CVE-2011-1843 (Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow ...)
 	- tinyproxy 1.8.2-2 (unimportant; bug #627503)
-	[squeeze] - tinyproxy 1.8.2-1squeeze2
+	[squeeze] - tinyproxy 1.8.2-1squeeze2 (unimportant)
 	NOTE: Only exploitable through config files, which are under admin control
 CVE-2011-1842 (dbus_backend/lsd.py in the D-Bus backend in language-selector before ...)
 	NOT-FOR-US: Ubuntu-specific language-selector package
@@ -20405,6 +20413,8 @@
 	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
 	- xulrunner <not-affected> (Only affects Firefox 4.0/3.6, not yet in unstable)
 	- iceweasel <not-affected> (Only affects Firefox 4.0/3.6, not yet in unstable)
+	- iceape <undetermined>
+	- icedove <undetermined>
 CVE-2011-0080 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
 	- xulrunner <removed>
@@ -20463,6 +20473,7 @@
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.14-1
 	[lenny] - iceape <not-affected> (Only a stub package)
+	- icedove <undetermined>
 CVE-2011-0072 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
 	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
 	- xulrunner <removed>
@@ -20510,6 +20521,7 @@
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.14-1
 	[lenny] - iceape <not-affected> (Only a stub package)
+	- icedove <undetermined>
 CVE-2011-0066 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and ...)
 	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
 	- xulrunner <removed>
@@ -32588,6 +32600,7 @@
 CVE-2010-0474
 	RESERVED
 	{DSA-2188-1}
+	- webkit <undetermined>
 CVE-2010-0473
 	RESERVED
 CVE-2010-0472 (kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 ...)

More information about the Secure-testing-commits mailing list