[Secure-testing-commits] r20006 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Aug 22 06:32:42 UTC 2012
Author: jmm
Date: 2012-08-22 06:32:41 +0000 (Wed, 22 Aug 2012)
New Revision: 20006
Modified:
data/CVE/list
Log:
geshi CVEfied
inn issue should also be in inn2
ruby-sqlite issue doesn't affect Debian
new xml-light issue (bug filed)
add bug to munin issue
another munin issue CVEfied
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-08-22 05:53:50 UTC (rev 20005)
+++ data/CVE/list 2012-08-22 06:32:41 UTC (rev 20006)
@@ -22,14 +22,6 @@
NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4352
RESERVED
-CVE-2012-XXXX [geshi XSS in contrib/langwiz.php]
- - geshi <unfixed> (bug #685323)
- [squeeze] - geshi <no-dsa> (shipped as example/.gz)
- TODO: request CVE id
-CVE-2012-XXXX [geshi information disclosure in contrib/cssgen.php]
- - geshi <unfixed> (bug #685324)
- [squeeze] - geshi <no-dsa> (shipped as example/.gz)
- TODO: request CVE id
CVE-2012-4351
RESERVED
CVE-2012-4350
@@ -483,10 +475,6 @@
- redeclipse 1.2-3 (bug #684143)
CVE-2012-XXXX [world-writeable directory]
- gpe-tetris <unfixed> (bug #684178)
-CVE-2012-XXXX [remote execution as www-data]
- - munin <unfixed>
- [squeeze] - munin <not-affected> (vulnerable code introduced in 2.x)
- NOTE: http://www.munin-monitoring.org/ticket/1238
CVE-2012-XXXX [base name disclosure]
- spip 2.1.17-1 (bug #683667)
CVE-2012-XXXX [insecure default configuration / authentication bypass]
@@ -1788,10 +1776,15 @@
CVE-2012-3523 [inn prone to STARTTLS plaintext command injection]
RESERVED
- inn <unfixed> (bug #685581)
-CVE-2012-3522
+ - inn2 <unfixed>
+CVE-2012-3522 [geshi XSS in contrib/langwiz.php]
RESERVED
-CVE-2012-3521
+ - geshi <unfixed> (bug #685323)
+ [squeeze] - geshi <no-dsa> (shipped as example/.gz)
+CVE-2012-3521 [geshi information disclosure in contrib/cssgen.php]
RESERVED
+ - geshi <unfixed> (bug #685324)
+ [squeeze] - geshi <no-dsa> (shipped as example/.gz)
CVE-2012-3520
RESERVED
CVE-2012-3519
@@ -1806,11 +1799,15 @@
RESERVED
CVE-2012-3514
RESERVED
-CVE-2012-3513
+ - xml-light <unfixed> (bug #685584)
+CVE-2012-3513 [remote execution as www-data]
RESERVED
+ - munin <unfixed> (bug #684076)
+ [squeeze] - munin <not-affected> (vulnerable code introduced in 2.x)
+ NOTE: http://www.munin-monitoring.org/ticket/1238
CVE-2012-3512 [local privilege escalation munin to root]
RESERVED
- - munin <unfixed>
+ - munin <unfixed> (bug #684075)
NOTE: http://www.munin-monitoring.org/ticket/1234
CVE-2012-3511
RESERVED
@@ -22680,8 +22677,7 @@
- dhcpcd <not-affected> (old shell quoting code is not vulnerable)
NOTE: Debian's dhcpcd.sh is not vulnerable.
CVE-2011-0995 (The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 ...)
- - ruby-sqlite3 <unfixed>
- TODO: check
+ - ruby-sqlite3 <not-affected> (SuSE-specific packaging flaw)
CVE-2011-0994 (Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter ...)
NOT-FOR-US: Novell File Reporter
CVE-2011-0993
More information about the Secure-testing-commits
mailing list