[Secure-testing-commits] r19925 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Aug 10 10:40:42 UTC 2012 

Author: jmm
Date: 2012-08-10 10:40:42 +0000 (Fri, 10 Aug 2012)
New Revision: 19925

Modified:
   data/CVE/list
Log:
various bitcoin issues (all resolved in sid)
new sudo issue RHEL-specific


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-08-10 07:47:03 UTC (rev 19924)
+++ data/CVE/list	2012-08-10 10:40:42 UTC (rev 19925)
@@ -481,7 +481,7 @@
 CVE-2012-4005 (The NHN Japan NAVER LINE application before 2.5.5 for Android does not ...)
 	NOT-FOR-US: NHN Japan NAVER LINE 
 CVE-2012-4004 (Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile ...)
-	TODO: check
+	NOT-FOR-US: Sleipnir Mobile
 CVE-2012-4003
 	RESERVED
 	- glpi 0.83.31-1 (unimportant)
@@ -948,7 +948,7 @@
 CVE-2011-5095 (The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when ...)
 	- openssl <unfixed>
 CVE-2012-3789 (Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, ...)
-	TODO: check
+	- bitcoin 0.5.0~rc1-1
 CVE-2012-3788
 	RESERVED
 CVE-2012-3787
@@ -1685,7 +1685,7 @@
 	RESERVED
 	- icinga <not-affected> (Debian uses dbconfig, which does the right thing, bug #683320)
 CVE-2012-3440 (A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux ...)
-	TODO: check
+	- sudo <not-affected> (Red Hat-specific postinst script)
 CVE-2012-3439
 	RESERVED
 CVE-2012-3438 (The Magick_png_malloc function in coders/png.c in GraphicsMagick ...)
@@ -2028,7 +2028,7 @@
 CVE-2012-3343 (Cross-site request forgery (CSRF) vulnerability in Microdasys before ...)
 	NOT-FOR-US: Microdasys
 CVE-2010-5141 (wxBitcoin and bitcoind before 0.3.5 do not properly handle script ...)
-	TODO: check
+	- bitcoin <not-affected> (Fixed before initial release)
 CVE-2012-3342
 	RESERVED
 CVE-2012-3341
@@ -2838,13 +2838,13 @@
 	RESERVED
 	- hadoop <itp> (bug #535861)
 CVE-2010-5140 (wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins ...)
-	TODO: check
+	- bitcoin <not-affected> (Fixed before initial release)
 CVE-2010-5139 (Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote ...)
-	TODO: check
+	- bitcoin <not-affected> (Fixed before initial release)
 CVE-2010-5138 (wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial ...)
-	TODO: check
+	- bitcoin 0.4.0-1
 CVE-2010-5137 (wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a ...)
-	TODO: check
+	- bitcoin <not-affected> (Fixed before initial release)
 CVE-2012-2944 (Buffer overflow in the addchar function in common/parseconf.c in upsd ...)
 	{DSA-2484-1}
 	- nut 2.6.4-1

More information about the Secure-testing-commits mailing list