[Secure-testing-commits] r19848 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Aug 1 14:28:44 UTC 2012 

Author: jmm
Date: 2012-08-01 14:28:44 +0000 (Wed, 01 Aug 2012)
New Revision: 19848

Modified:
   data/CVE/list
Log:
libvirt issue doesn't affect stable
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-08-01 08:03:46 UTC (rev 19847)
+++ data/CVE/list	2012-08-01 14:28:44 UTC (rev 19848)
@@ -94,10 +94,8 @@
 	NOT-FOR-US: Wangkongbao not in Debian
 CVE-2012-4030
 	RESERVED
-	TODO: check
 CVE-2012-4029
 	RESERVED
-	TODO: check
 CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential data, ...)
 	NOT-FOR-US: Tridium Niagara AX Framework
 CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX Framework ...)
@@ -266,7 +264,7 @@
 CVE-2012-3952
 	RESERVED
 CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL ...)
-	TODO: check
+	NOT-FOR-US: Plixer Scrutinizer
 CVE-2012-3950
 	RESERVED
 CVE-2012-3949
@@ -392,15 +390,15 @@
 CVE-2012-3889 (The in_mod plugin in Winamp before 5.63 allows remote attackers to ...)
 	NOT-FOR-US: Winamp
 CVE-2012-3888 (The login implementation in AirDroid 1.0.4 beta allows remote ...)
-	TODO: check
+	NOT-FOR-US: AirDroid
 CVE-2012-3887 (AirDroid before 1.0.7 beta uses a cleartext base64 format for data ...)
-	TODO: check
+	NOT-FOR-US: AirDroid
 CVE-2012-3886 (AirDroid 1.0.4 beta uses the MD5 algorithm for values in the ...)
-	TODO: check
+	NOT-FOR-US: AirDroid
 CVE-2012-3885 (The default configuration of AirDroid 1.0.4 beta uses a four-character ...)
-	TODO: check
+	NOT-FOR-US: AirDroid
 CVE-2012-3884 (AirDroid 1.0.4 beta implements authentication through direct ...)
-	TODO: check
+	NOT-FOR-US: AirDroid
 CVE-2012-3883
 	RESERVED
 CVE-2012-3882
@@ -479,7 +477,7 @@
 CVE-2012-3849
 	RESERVED
 CVE-2012-3848 (Multiple cross-site scripting (XSS) vulnerabilities in the web console ...)
-	TODO: check
+	NOT-FOR-US: Plixer Scrutinizer
 CVE-2012-3863 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and ...)
 	- asterisk <unfixed>
 CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 ...)
@@ -1314,6 +1312,7 @@
 CVE-2012-3445 [libvirt: crash in virTypedParameterArrayClear]
 	RESERVED
 	- libvirt <unfixed> (bug #683483)
+	[squeeze] - libvirt <not-affected> (Vulnerable code not present)
 	NOTE: https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=844734
 CVE-2012-3444 [Denial-of-service via get_image_dimensions]
@@ -7632,7 +7631,6 @@
 	- python2.7 <unfixed>
 	- python3.1 <unfixed>
 	- python3.2 <unfixed>
-	NOTE: the same hash DoS attack as other languages/bindings
 CVE-2012-0875 [systemtap invalid read leading to kernel DoS]
 	RESERVED
 	- systemtap 1.7-1 (low; bug #660929; bug #660886)

More information about the Secure-testing-commits mailing list