[Secure-testing-commits] r19103 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Apr 30 12:39:24 UTC 2012 

Author: jmm
Date: 2012-04-30 12:39:23 +0000 (Mon, 30 Apr 2012)
New Revision: 19103

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
new elixir issue
filed bug for dokuwiki (no-dsa)
gridengine issue affect Debian
spring issues confirmed, bugs filed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-04-30 07:57:53 UTC (rev 19102)
+++ data/CVE/list	2012-04-30 12:39:23 UTC (rev 19103)
@@ -529,6 +529,7 @@
 	RESERVED
 CVE-2012-2146
 	RESERVED
+	- elixir <unfixed> (low)
 CVE-2012-2145
 	RESERVED
 CVE-2012-2144
@@ -570,7 +571,8 @@
 	RESERVED
 CVE-2012-2129 [dokuwiki doku.php 'target' param xss]
 	RESERVED
-	- dokuwiki <unfixed>
+	- dokuwiki <unfixed> (low; bug #670917)
+	[squeeze] - dokuwiki <no-dsa> (Minor issue)
 	NOTE: http://secunia.com/advisories/48848/
 CVE-2012-2128
 	RESERVED
@@ -4436,10 +4438,9 @@
 	RESERVED
 CVE-2012-0523 [Local Oracle Grid Engine Vulnerability]
 	RESERVED
-	- gridengine <undetermined>
+	- gridengine <unfixed>
 	NOTE: http://www.securityfocus.com/bid/53132
 	NOTE: http://gridscheduler.sourceforge.net/security.html
-	TODO: check
 CVE-2012-0522
 	RESERVED
 CVE-2012-0521
@@ -6011,8 +6012,7 @@
 	[lenny] - horde3 <not-affected> (Introduced in 3.3.12)
 CVE-2012-0208 [Oracle Grid Engine 'qrsh' Remote Code Injection Vulnerability]
 	RESERVED
-	- gridengine <undetermined>
-	TODO: check
+	- gridengine <unfixed>
 	NOTE: http://www.securityfocus.com/bid/53123/info
 	NOTE: http://gridscheduler.sourceforge.net/security.html
 CVE-2012-0207
@@ -12386,8 +12386,8 @@
 	{DSA-2293-1}
 	- libxfont 1:1.4.4-1
 CVE-2011-2894 (Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through ...)
-	- libspring-security-2.0-java <unfixed>
-	- libspring-java <unfixed>
+	- libspring-security-2.0-java <unfixed> (bug #670901)
+	- libspring-java <unfixed> (bug #670901)
 CVE-2011-2893 (The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows ...)
 	NOT-FOR-US: IBM Lotus Symphony
 CVE-2011-2892 (Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a ...)
@@ -12942,13 +12942,13 @@
 	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
 CVE-2011-2732
 	RESERVED
-	- libspring-security-2.0-java <unfixed>
+	- libspring-security-2.0-java <unfixed> (bug #670901)
 CVE-2011-2731
 	RESERVED
-	- libspring-security-2.0-java <unfixed>
+	- libspring-security-2.0-java <unfixed> (bug #670901)
 CVE-2011-2730
 	RESERVED
-	- libspring-2.5-java <unfixed>
+	- libspring-2.5-java <unfixed> (bug #670901)
 CVE-2011-2729 (native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 ...)
 	- commons-daemon 1.0.7-1
 	[squeeze] - commons-daemon <not-affected> (Support for libcap was only added in 1.0.6)
@@ -14390,7 +14390,7 @@
 	NOTE: for details
 CVE-2011-2187
 	RESERVED
-	- xscreensaver 5.14-1
+	- xscreensaver 5.14-1 (bug #627382)
 	[squeeze] - xscreensaver <not-affected> (introduced in 5.13)
 CVE-2011-2186
 	RESERVED

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2012-04-30 07:57:53 UTC (rev 19102)
+++ data/spu-candidates.txt	2012-04-30 12:39:23 UTC (rev 19103)
@@ -64,6 +64,11 @@
 
 --
 
+dokuwiki (CVE-2012-2129)
+#670917
+
+--
+
 emacs23 (CVE-2012-0035)
 #655300

More information about the Secure-testing-commits mailing list