[Secure-testing-commits] r19987 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Aug 20 09:02:45 UTC 2012 

Author: jmm
Date: 2012-08-20 09:02:44 +0000 (Mon, 20 Aug 2012)
New Revision: 19987

Modified:
   data/CVE/list
Log:
new phpmyadmin non-issue
wireshark fixed in sid, updated squeeze status for some issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-08-20 02:45:35 UTC (rev 19986)
+++ data/CVE/list	2012-08-20 09:02:44 UTC (rev 19987)
@@ -124,47 +124,39 @@
 CVE-2012-4299
 	RESERVED
 CVE-2012-4298 (Integer signedness error in the vwr_read_rec_data_ethernet function in ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark 1.8.2-1
+	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
 CVE-2012-4297 (Buffer overflow in the dissect_gsm_rlcmac_downlink function in ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark 1.8.2-1
+	[squeeze] - wireshark <not-affected> (Only affects 1.6.x and 1.8.x)
 CVE-2012-4296 (Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark 1.8.2-1
 CVE-2012-4295 (Array index error in the channelised_fill_sdh_g707_format function in ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark 1.8.2-1
+	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
 CVE-2012-4294 (Buffer overflow in the channelised_fill_sdh_g707_format function in ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark 1.8.2-1
+	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
 CVE-2012-4293 (plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark 1.8.2-1
 CVE-2012-4292 (The dissect_stun_message function in epan/dissectors/packet-stun.c in ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark 1.8.2-1
 CVE-2012-4291 (The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark 1.8.2-1
 CVE-2012-4290 (The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark 1.8.2-1
 CVE-2012-4289 (epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark 1.8.2-1
 CVE-2012-4288 (Integer overflow in the dissect_xtp_ecntl function in ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark 1.8.2-1
 CVE-2012-4287 (epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark 1.8.2-1
+	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
 CVE-2012-4286 (The pcapng_read_packet_block function in wiretap/pcapng.c in the ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark 1.8.2-1
+	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
 CVE-2012-4285 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark 1.8.2-1
 CVE-2012-4284
 	RESERVED
 CVE-2011-5099 (SQL injection vulnerability in helper/popup.php in the ccNewsletter ...)
@@ -307,6 +299,8 @@
 	RESERVED
 CVE-2012-4219
 	RESERVED
+	- phpmyadmin <unfixed> (unimportant)
+	NOTE: Path disclosure irrelevant in Debian
 CVE-2012-4218
 	RESERVED
 CVE-2012-4217
@@ -9910,7 +9904,7 @@
 	NOT-FOR-US: Cisco
 CVE-2012-0283 (Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList ...)
 	- dokuwiki 0.0.20120125b-1 (low; bug #683378)
-	[squeeze] - dokuwiki <not-affected>
+	[squeeze] - dokuwiki <not-affected> (Vulnerable functionality not present, see #683378)
 CVE-2012-0282 (Heap-based buffer overflow in XnView before 1.99 allows remote ...)
 	NOT-FOR-US: XnView
 CVE-2012-0281

More information about the Secure-testing-commits mailing list