[Secure-testing-commits] r20613 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Dec 6 07:21:16 UTC 2012 

Author: jmm
Date: 2012-12-06 07:21:16 +0000 (Thu, 06 Dec 2012)
New Revision: 20613

Modified:
   data/CVE/list
Log:
record some ITP issues
NFUs
plib will be fixed in Wheezy
dovecot bug a non-issue, will be rejected
openslp no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-12-05 21:14:25 UTC (rev 20612)
+++ data/CVE/list	2012-12-06 07:21:16 UTC (rev 20613)
@@ -259,7 +259,7 @@
 CVE-2012-6045 (Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui ...)
 	NOT-FOR-US: Ramui Forum
 CVE-2012-6044 (M-Player 0.4 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOT-FOR-US: M-Player (different from mplayer in the archive)
 CVE-2012-6043 (Cross-site scripting (XSS) vulnerability in downloads.php in ...)
 	TODO: check
 CVE-2012-6042 (GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a ...)
@@ -1256,9 +1256,8 @@
 CVE-2012-5621 [Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name]
 	RESERVED
 	- ekiga <unfixed>
-CVE-2012-5620 [Dovecot DoS in 2.x]
+CVE-2012-5620
 	RESERVED
-	- dovecot <unfixed> (bug #695138)
 CVE-2012-5619
 	RESERVED
 	- sleuthkit <unfixed> (unimportant; bug #695097)
@@ -1766,7 +1765,7 @@
 CVE-2012-5451
 	RESERVED
 CVE-2012-5450 (Cross-site request forgery (CSRF) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CVE-2012-5449
 	RESERVED
 CVE-2012-5448
@@ -1911,7 +1910,7 @@
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 CVE-2012-5372 (Rubinius computes hash values without properly restricting the ability ...)
-	TODO: check
+	- rubinius  <itp> (bug #591817)
 CVE-2012-5371 (Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes ...)
 	- ruby1.8 <not-affected> (Only affects 1.9.x)
 	- ruby1.9.1 1.9.3.194-4 (bug #693024)
@@ -1923,7 +1922,7 @@
 CVE-2012-5368 (phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained ...)
 	- phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see #691728)
 CVE-2012-5367 (Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow ...)
-	TODO: check
+	NOT-FOR-US: OrangeHRM
 CVE-2012-5366
 	RESERVED
 	NOT-FOR-US: Mac OS X
@@ -2478,7 +2477,7 @@
 CVE-2012-5130 (Skia, as used in Google Chrome before 23.0.1271.91, allows remote ...)
 	- chromium-browser <unfixed>
 CVE-2012-5129 (Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS ...)
-	TODO: check
+	NOT-FOR-US: Chrome OS
 CVE-2012-5128 (Google V8 before 3.13.7.5, as used in Google Chrome before ...)
 	- libv8 <unfixed> (bug #694808)
 CVE-2012-5127 (Integer overflow in Google Chrome before 23.0.1271.64 allows remote ...)
@@ -4206,7 +4205,6 @@
 CVE-2012-4552 (Stack-based buffer overflow in the error function in ssg/ssgParser.cxx ...)
 	- plib <unfixed> (low; bug #694810)
 	[squeeze] - plib <no-dsa> (Minor issue)
-	[wheezy] - plib <no-dsa> (Minor issue)
 CVE-2012-4551 (Use-after-free vulnerability in libunity-webapps before 2.4.1 allows ...)
 	NOT-FOR-US: libunity-webapps
 CVE-2012-4550
@@ -4555,6 +4553,8 @@
 CVE-2012-4428
 	RESERVED
 	- openslp-dfsg <unfixed> (bug #687597; low)
+	[squeeze] - openslp-dfsg <no-dsa> (Minor issue)
+	[wheezy] - openslp-dfsg <no-dsa> (Minor issue)
 	NOTE: no upstream solution as of 11/17/2012
 CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...)
 	- gnome-shell <unfixed> (unimportant)
@@ -11598,9 +11598,9 @@
 	- phppgadmin 5.0.4-1
 	[squeeze] - phppgadmin <no-dsa> (Minor issue, will be fixed through a point update)
 CVE-2012-1599 (Joomla! 1.5.x before 1.5.26 does not properly check permissions, which ...)
-	TODO: check
+	- joomla <itp> (bug #571794)
 CVE-2012-1598 (Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors ...)
-	TODO: check
+	- joomla <itp> (bug #571794)
 CVE-2012-1597 (Cross-site scripting (XSS) vulnerability in the textEncode function in ...)
 	NOT-FOR-US: eZ Publish
 CVE-2012-1596 (The mp2t_process_fragmented_payload function in ...)
@@ -11686,10 +11686,10 @@
 	NOT-FOR-US: YVS
 CVE-2012-1563
 	RESERVED
-	NOT-FOR-US: Joomla!
+	- joomla <itp> (bug #571794)
 CVE-2012-1562
 	RESERVED
-	NOT-FOR-US: Joomla!
+	- joomla <itp> (bug #571794)
 CVE-2012-1561
 	RESERVED
 	NOT-FOR-US: Drupal Finder
@@ -12700,9 +12700,9 @@
 	{DSA-2500-1}
 	- mantis 1.2.10-1 (low; bug #669924)
 CVE-2012-1117 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 ...)
-	NOT-FOR-US: Joomla!
+	- joomla <itp> (bug #571794)
 CVE-2012-1116 (SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 ...)
-	NOT-FOR-US: Joomla!
+	- joomla <itp> (bug #571794)
 CVE-2012-1115
 	RESERVED
 	- phpldapadmin 1.2.2-3 (bug #662050)
@@ -13423,11 +13423,11 @@
 CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL ...)
 	- libstruts1.2-java <not-affected> (struts 2 issue)
 CVE-2012-0837 (Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to ...)
-	NOT-FOR-US: Joomla!
+	- joomla <itp> (bug #571794)
 CVE-2012-0836 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows ...)
-	NOT-FOR-US: Joomla!
+	- joomla <itp> (bug #571794)
 CVE-2012-0835 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x ...)
-	NOT-FOR-US: Joomla!
+	- joomla <itp> (bug #571794)
 CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in ...)
 	- phpldapadmin 1.2.2-1 (bug #658907)
 CVE-2012-0833 (The acllas__handle_group_entry function in ...)
@@ -13467,13 +13467,13 @@
 	[squeeze] - libvpx <not-affected> (Introduced in 0.9.7)
 	NOTE: http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html
 CVE-2012-0822 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x ...)
-	NOT-FOR-US: Joomla!
+	- joomla <itp> (bug #571794)
 CVE-2012-0821 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 ...)
-	NOT-FOR-US: Joomla!
+	- joomla <itp> (bug #571794)
 CVE-2012-0820 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x ...)
-	NOT-FOR-US: Joomla!
+	- joomla <itp> (bug #571794)
 CVE-2012-0819 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 ...)
-	NOT-FOR-US: Joomla!
+	- joomla <itp> (bug #571794)
 CVE-2012-0818 (RESTEasy before 2.3.1 allows remote attackers to read arbitrary files ...)
 	NOT-FOR-US: RESTEasy framework for JBoss
 CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote ...)
@@ -15240,7 +15240,7 @@
 	NOT-FOR-US: Ariadne CMS not in Debian
 CVE-2011-4937
 	RESERVED
-	NOT-FOR-US: Joomla
+	- joomla <itp> (bug #571794)
 CVE-2011-4936
 	RESERVED
 	- joomla <itp> (bug #571794)

More information about the Secure-testing-commits mailing list