[Secure-testing-commits] r19944 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Aug 14 10:53:15 UTC 2012 

Author: jmm
Date: 2012-08-14 10:53:15 +0000 (Tue, 14 Aug 2012)
New Revision: 19944

Modified:
   data/CVE/list
Log:
nvidia no-dsa
triage older openssl issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-08-14 09:14:18 UTC (rev 19943)
+++ data/CVE/list	2012-08-14 10:53:15 UTC (rev 19944)
@@ -29,7 +29,7 @@
 CVE-2012-4236
 	RESERVED
 CVE-2012-4235 (The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2012-4234
 	RESERVED
 CVE-2012-4233
@@ -53,9 +53,9 @@
 CVE-2012-4225 [Security issue in NVIDIA UNIX device files to map and program registers to redirect the VGA window]
 	RESERVED
 	- nvidia-graphics-drivers 304.32-1 (bug #684781)
+	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	NOTE: http://seclists.org/fulldisclosure/2012/Aug/4
 	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3140
-	NOTE: http://www.ubuntu.com/usn/usn-1523-1/
 CVE-2012-4224
 	RESERVED
 CVE-2012-4223
@@ -384,7 +384,7 @@
 CVE-2012-4072
 	RESERVED
 CVE-2012-4071 (Cross-site scripting (XSS) vulnerability in the comments module in the ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in Dir2web ...)
 	TODO: check
 CVE-2012-4069 (Dir2web 3.0 stores sensitive information under the web root with ...)
@@ -999,8 +999,8 @@
 CVE-2012-3790 (Cross-site scripting (XSS) vulnerability in index.php in Adiscon ...)
 	NOT-FOR-US: Adiscon LogAnalyzer 
 CVE-2011-5095 (The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when ...)
-	- openssl <unfixed> (bug #684527)
-	NOTE: seems fixed in testing/unstable
+	- openssl 0.9.8a-1 (bug #684527)
+	NOTE: fips version not used in Debian
 CVE-2012-3789 (Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, ...)
 	- bitcoin 0.5.0~rc1-1
 CVE-2012-3788
@@ -1479,7 +1479,7 @@
 CVE-2012-3555 (Opera before 11.65 does not ensure that keyboard sequences are ...)
 	NOT-FOR-US: Opera
 CVE-2012-3554 (SQL injection vulnerability in the RSGallery2 (com_rsgallery2) ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2012-3552
 	RESERVED
 CVE-2012-3551
@@ -20916,7 +20916,8 @@
 	NOT-FOR-US: PaX hardening patch
 	NOTE: http://seclists.org/oss-sec/2011/q1/579
 CVE-2011-1473 (** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not ...)
-	- openssl <unfixed> (bug #672456)
+	NOTE: Generic protocol issue, no code fix. Workarounds exist, see bug #672456
+	NOTE: and http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
 CVE-2011-1472 (The Nokia E75 phone with firmware before 211.12.01 allows physically ...)
 	NOT-FOR-US: Nokia E75 phone
 CVE-2009-5062 (IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX ...)

More information about the Secure-testing-commits mailing list