[Secure-testing-commits] r19993 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Aug 20 13:22:30 UTC 2012 

Author: jmm
Date: 2012-08-20 13:22:29 +0000 (Mon, 20 Aug 2012)
New Revision: 19993

Modified:
   data/CVE/list
Log:
new gimp issues
new gimp issue already fixed a long time ago
new gimp issue is a non-issue
new squidclamav issue
condor fixed



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-08-20 13:19:49 UTC (rev 19992)
+++ data/CVE/list	2012-08-20 13:22:29 UTC (rev 19993)
@@ -241,6 +241,8 @@
 	NOT-FOR-US: phplist
 CVE-2012-4245
 	RESERVED
+	- gimp <unfixed> (unimportant)
+	NOTE: The interface isn't designed or advertised to be secure, this is hardly a security issue in practice
 CVE-2012-4244
 	RESERVED
 CVE-2012-4243
@@ -1817,7 +1819,7 @@
 CVE-2012-3502
 	RESERVED
 CVE-2012-3501
-	RESERVED
+	- squidclamav <unfixed> (bug #685398)
 CVE-2012-3500
 	RESERVED
 CVE-2012-3499
@@ -1864,7 +1866,7 @@
 	NOTE: http://www.fetchmail.info/fetchmail-SA-2012-02.txt
 CVE-2012-3481 [gimp gif plug-in heap-based buffer overflow]
 	RESERVED
-	TODO: check
+	- gimp <unfixed> (bug #685397)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/08/20/8
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=776572
 CVE-2012-3480
@@ -2061,7 +2063,7 @@
 	NOTE: this is at least fixed in 4.00, I could not trace this back to an exact version
 CVE-2012-3416
 	RESERVED
-	- condor <unfixed> (bug #685366)
+	- condor 7.8.2~dfsg.1-1 (bug #685366)
 CVE-2012-3415
 	RESERVED
 	- plpupload <itp> (bug #668396)
@@ -2126,15 +2128,10 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
 CVE-2012-3403 [Gimp CEL plug-in heap buffer overflow when loading external palette files]
 	RESERVED
-	TODO: check
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/20/7
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3403
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=839020#c19
+	- gimp <unfixed> (bug #685397)
 CVE-2012-3402 [Gimp PSD plug-in Heap-buffer overflow by decoding certain PSD headers]
-	RESERVED
-	TODO: check
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/20/6
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3402
+	- gimp 2.4.0~rc1-1
+	NOTE: Only affects 2.2 series
 CVE-2012-3401 (The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in ...)
 	- tiff 4.0.2-2 (bug #682115)
 	- tiff3 3.9.6-7 (bug #682195)

More information about the Secure-testing-commits mailing list