[Secure-testing-commits] r20591 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Dec 3 06:54:15 UTC 2012 

Author: jmm
Date: 2012-12-03 06:54:15 +0000 (Mon, 03 Dec 2012)
New Revision: 20591

Modified:
   data/CVE/list
Log:
new openjdk issues
new mediawiki issues
new kernel issues specific to Android


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-12-02 21:14:21 UTC (rev 20590)
+++ data/CVE/list	2012-12-03 06:54:15 UTC (rev 20591)
@@ -1847,6 +1847,7 @@
 	RESERVED
 CVE-2012-5395
 	RESERVED
+	- mediawiki <unfixed>
 CVE-2012-5394
 	RESERVED
 CVE-2012-5393
@@ -1855,6 +1856,7 @@
 	RESERVED
 CVE-2012-5391
 	RESERVED
+	- mediawiki <unfixed>
 CVE-2012-5390
 	RESERVED
 CVE-2012-5389
@@ -1876,7 +1878,8 @@
 CVE-2012-5374
 	RESERVED
 CVE-2012-5373 (Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash ...)
-	TODO: check
+	- openjdk-6 <unfixed>
+	- openjdk-7 <unfixed>
 CVE-2012-5372 (Rubinius computes hash values without properly restricting the ability ...)
 	TODO: check
 CVE-2012-5371 (Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes ...)
@@ -5049,11 +5052,14 @@
 CVE-2012-4223
 	RESERVED
 CVE-2012-4222 (drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) ...)
-	TODO: check
+	- linux <not-affected> (Android-specific drivers)
+	- linux-2.6 <not-affected> (Android-specific drivers)
 CVE-2012-4221 (Integer overflow in diagchar_core.c in the Qualcomm Innovation Center ...)
-	TODO: check
+	- linux <not-affected> (Android-specific drivers)
+	- linux-2.6 <not-affected> (Android-specific drivers)
 CVE-2012-4220 (diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics ...)
-	TODO: check
+	- linux <not-affected> (Android-specific drivers)
+	- linux-2.6 <not-affected> (Android-specific drivers)
 CVE-2012-4219 (show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows ...)
 	- phpmyadmin <unfixed> (unimportant)
 	NOTE: Path disclosure irrelevant in Debian
@@ -8703,6 +8709,8 @@
 CVE-2012-2740 (SQL injection vulnerability in public_html/lists/admin in phpList ...)
 	NOT-FOR-US: phplist
 CVE-2012-2739 (Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 ...)
+	- openjdk-6 <unfixed>
+	- openjdk-7 <unfixed>
 	NOTE: http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
 	NOTE: http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
 	NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/12

More information about the Secure-testing-commits mailing list