[Secure-testing-commits] r19944 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Aug 14 10:53:15 UTC 2012
Author: jmm
Date: 2012-08-14 10:53:15 +0000 (Tue, 14 Aug 2012)
New Revision: 19944
Modified:
data/CVE/list
Log:
nvidia no-dsa
triage older openssl issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-08-14 09:14:18 UTC (rev 19943)
+++ data/CVE/list 2012-08-14 10:53:15 UTC (rev 19944)
@@ -29,7 +29,7 @@
CVE-2012-4236
RESERVED
CVE-2012-4235 (The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2012-4234
RESERVED
CVE-2012-4233
@@ -53,9 +53,9 @@
CVE-2012-4225 [Security issue in NVIDIA UNIX device files to map and program registers to redirect the VGA window]
RESERVED
- nvidia-graphics-drivers 304.32-1 (bug #684781)
+ [squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
NOTE: http://seclists.org/fulldisclosure/2012/Aug/4
NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3140
- NOTE: http://www.ubuntu.com/usn/usn-1523-1/
CVE-2012-4224
RESERVED
CVE-2012-4223
@@ -384,7 +384,7 @@
CVE-2012-4072
RESERVED
CVE-2012-4071 (Cross-site scripting (XSS) vulnerability in the comments module in the ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in Dir2web ...)
TODO: check
CVE-2012-4069 (Dir2web 3.0 stores sensitive information under the web root with ...)
@@ -999,8 +999,8 @@
CVE-2012-3790 (Cross-site scripting (XSS) vulnerability in index.php in Adiscon ...)
NOT-FOR-US: Adiscon LogAnalyzer
CVE-2011-5095 (The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when ...)
- - openssl <unfixed> (bug #684527)
- NOTE: seems fixed in testing/unstable
+ - openssl 0.9.8a-1 (bug #684527)
+ NOTE: fips version not used in Debian
CVE-2012-3789 (Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, ...)
- bitcoin 0.5.0~rc1-1
CVE-2012-3788
@@ -1479,7 +1479,7 @@
CVE-2012-3555 (Opera before 11.65 does not ensure that keyboard sequences are ...)
NOT-FOR-US: Opera
CVE-2012-3554 (SQL injection vulnerability in the RSGallery2 (com_rsgallery2) ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2012-3552
RESERVED
CVE-2012-3551
@@ -20916,7 +20916,8 @@
NOT-FOR-US: PaX hardening patch
NOTE: http://seclists.org/oss-sec/2011/q1/579
CVE-2011-1473 (** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not ...)
- - openssl <unfixed> (bug #672456)
+ NOTE: Generic protocol issue, no code fix. Workarounds exist, see bug #672456
+ NOTE: and http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
CVE-2011-1472 (The Nokia E75 phone with firmware before 211.12.01 allows physically ...)
NOT-FOR-US: Nokia E75 phone
CVE-2009-5062 (IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX ...)
More information about the Secure-testing-commits
mailing list