[Secure-testing-commits] r20615 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Dec 6 08:03:29 UTC 2012
Author: jmm
Date: 2012-12-06 08:03:28 +0000 (Thu, 06 Dec 2012)
New Revision: 20615
Modified:
data/CVE/list
Log:
new tomcat issues
new mesa issue
many zope issues turned out to be Plone-specific and are not packaged in Debian
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-12-06 07:27:23 UTC (rev 20614)
+++ data/CVE/list 2012-12-06 08:03:28 UTC (rev 20615)
@@ -1323,10 +1323,13 @@
NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5605
RESERVED
+ NOT-FOR-US: Red Hat CloudForms
CVE-2012-5604
RESERVED
+ NOT-FOR-US: Red Hat CloudForms
CVE-2012-5603
RESERVED
+ NOT-FOR-US: Red Hat CloudForms
CVE-2012-5602
REJECTED
CVE-2012-5601
@@ -1550,6 +1553,7 @@
- linux-2.6 <removed>
CVE-2012-5516
RESERVED
+ NOT-FOR-US: Red Hat Enterprise Virtualisation Manager
CVE-2012-5515
RESERVED
- xen 4.1.3-5
@@ -1581,80 +1585,63 @@
NOTE: https://plone.org/products/plone/security/advisories/20121106/23
CVE-2012-5506 [ Zope/Plone: DoS through RSS on private folder ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/22
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5505 [ Zope/Plone: Attempting to access a view with no name returns an internal data structure ]
RESERVED
- zope2.12 <unfixed> (bug #692899)
NOTE: https://plone.org/products/plone/security/advisories/20121106/21
CVE-2012-5504 [ Zope/Plone: Persistent XSS ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/20
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5503 [ Zope/Plone: Users connected through FTP can list hidden folder contents ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/19
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5502 [ Zope/Plone: Persistent XSS via filtering bypass ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/18
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5501 [ Zope/Plone: Crafted URL allows downloading of BLOBs that are not visible to the user ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/17
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5500 [ Zope/Plone: Anonymous users can batch change titles of content items ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/16
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5499 [ Zope/Plone: Partial denial of service through internal function ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/15
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5498 [ Zope/Plone: Partial denial of service through Collections functionality ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/14
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5497 [ Zope/Plone: Anonymous users can list user account names ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/13
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5496 [ Zope/Plone: DoS through unsanitised inputs into Kupu ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/12
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5495 [ Zope/Plone: Restricted Python injection ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/11
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5494 [ Zope/Plone: Reflexive XSS ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/10
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5493 [ Zope/Plone: Restricted Python sandbox escape ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/09
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5492 [ Zope/Plone: Partial permissions bypass ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/08
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5491 [ Zope/Plone: Form detail exposure ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/07
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5490 [ Zope/Plone: Reflexive XSS ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/06
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5489 [ Zope/Plone: Partial restricted Python sandbox escape ]
RESERVED
- zope2.12 <unfixed> (bug #692899)
NOTE: https://plone.org/products/plone/security/advisories/20121106/05
CVE-2012-5488 [ Zope/Plone: Restricted Python injection ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
- NOTE: https://plone.org/products/plone/security/advisories/20121106/04
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5487 [ Zope/Plone: Restricted Python sandbox escape ]
RESERVED
- zope2.12 <unfixed> (bug #692899)
@@ -1665,7 +1652,7 @@
NOTE: https://plone.org/products/plone/security/advisories/20121106/02
CVE-2012-5485 [ Restricted Python injection ]
RESERVED
- - zope2.12 <unfixed> (bug #692899)
+ NOT-FOR-US: Plone not packaged in Debian, see bug #692899
NOTE: https://plone.org/products/plone/security/advisories/20121106/01
CVE-2012-5484
RESERVED
@@ -2466,7 +2453,8 @@
CVE-2012-5130 (Skia, as used in Google Chrome before 23.0.1271.91, allows remote ...)
- chromium-browser <unfixed>
CVE-2012-5129 (Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS ...)
- NOT-FOR-US: Chrome OS
+ - mesa <unfixed> (bug #695248)
+ [squeeze] - mesa <not-affected> (Vulnerable code not present)
CVE-2012-5128 (Google V8 before 3.13.7.5, as used in Google Chrome before ...)
- libv8 <unfixed> (bug #694808)
CVE-2012-5127 (Integer overflow in Google Chrome before 23.0.1271.64 allows remote ...)
@@ -4130,6 +4118,7 @@
- pgbouncer 1.5.2-4
CVE-2012-4574
RESERVED
+ NOT-FOR-US: Red Hat CloudForms
CVE-2012-4573 (The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex ...)
- glance 2012.1.1-2 (bug #692641)
CVE-2012-4572
@@ -4235,6 +4224,8 @@
- xen 4.1.3-4
CVE-2012-4534
RESERVED
+ - tomcat7 <unfixed> (bug #695251)
+ - tomcat6 <unfixed> (bug #695250)
CVE-2012-4533 (Cross-site scripting (XSS) vulnerability in the "extra" details in the ...)
{DSA-2563-1}
- viewvc 1.1.5-1.4 (low; bug #691062)
@@ -4530,6 +4521,8 @@
- optipng <not-affected> (Introduced in 0.7, bug #687998)
CVE-2012-4431
RESERVED
+ - tomcat7 <unfixed> (bug #695251)
+ - tomcat6 <unfixed> (bug #695250)
CVE-2012-4430 (The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 ...)
{DSA-2558-1}
- bacula 5.2.6+dfsg-4 (bug #687923)
@@ -6710,6 +6703,8 @@
- freeradius 2.1.12+dfsg-1.1 (medium; bug #687175)
CVE-2012-3546
RESERVED
+ - tomcat7 <unfixed> (bug #695251)
+ - tomcat6 <unfixed> (bug #695250)
CVE-2012-3545
RESERVED
CVE-2012-3544
@@ -6727,6 +6722,7 @@
REJECTED
CVE-2012-3538
RESERVED
+ NOT-FOR-US: Red Hat CloudForms
CVE-2012-3537 (The Crowbar Ohai plugin ...)
NOT-FOR-US: crowbar ohai plugin
NOTE: https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87
@@ -8830,6 +8826,7 @@
RESERVED
CVE-2012-2696
RESERVED
+ NOT-FOR-US: Red Hat Enterprise Virtualisation
CVE-2012-2695 (The Active Record component in Ruby on Rails before 3.0.14, 3.1.x ...)
- ruby-activerecord-3.2 3.2.6-1 (bug #675429)
CVE-2012-2694 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...)
@@ -13331,8 +13328,10 @@
[squeeze] - xinetd <no-dsa> (Minor issue)
CVE-2012-0861
RESERVED
+ NOT-FOR-US: Red Hat Enterprise Virtualisation
CVE-2012-0860
RESERVED
+ NOT-FOR-US: Red Hat Enterprise Virtualisation
CVE-2012-0859 (The render_line function in the vorbis codec (vorbis.c) in libavcodec ...)
{DSA-2471-1}
- libav 6:0.8.3-1
More information about the Secure-testing-commits
mailing list