[Secure-testing-commits] r20688 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Dec 21 11:59:58 UTC 2012 

Author: jmm
Date: 2012-12-21 11:59:58 +0000 (Fri, 21 Dec 2012)
New Revision: 20688

Modified:
   data/CVE/list
Log:
filed bugs for sanlock and zendframework
fail2ban no-dsa
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-12-21 06:40:48 UTC (rev 20687)
+++ data/CVE/list	2012-12-21 11:59:58 UTC (rev 20688)
@@ -1534,9 +1534,9 @@
 CVE-2012-6272
 	RESERVED
 CVE-2012-6271 (Adobe Shockwave Player through 11.6.8.638 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave
 CVE-2012-6270 (Adobe Shockwave Player through 11.6.8.638 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave
 CVE-2012-6269
 	RESERVED
 CVE-2012-6268
@@ -2326,7 +2326,7 @@
 CVE-2012-6008
 	RESERVED
 CVE-2012-6007 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-6006
 	RESERVED
 CVE-2012-6005
@@ -2356,9 +2356,9 @@
 CVE-2012-5993
 	RESERVED
 CVE-2012-5992 (Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-5991 (screens/base/web_auth_custom.html on Cisco Wireless LAN Controller ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-5990
 	RESERVED
 CVE-2012-5989
@@ -2382,7 +2382,7 @@
 CVE-2012-5980
 	RESERVED
 CVE-2012-5978 (Multiple directory traversal vulnerabilities in the (1) View ...)
-	TODO: check
+	NOT-FOR-US: VMware View
 CVE-2012-5977
 	RESERVED
 CVE-2012-5976
@@ -2398,13 +2398,13 @@
 CVE-2012-5971
 	RESERVED
 CVE-2012-5970 (The Huawei E585 device allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: Huawei device
 CVE-2012-5969 (Multiple directory traversal vulnerabilities on the Huawei E585 device ...)
-	TODO: check
+	NOT-FOR-US: Huawei device
 CVE-2012-5968 (The Huawei E585 device does not validate the status of admin sessions, ...)
-	TODO: check
+	NOT-FOR-US: Huawei device
 CVE-2012-5967 (SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through ...)
-	TODO: check
+	NOT-FOR-US: Centreon
 CVE-2012-5966 (The restricted telnet shell on the D-Link DSL2730U router allows ...)
 	NOT-FOR-US: D-Link DSL2730U router
 CVE-2012-5965
@@ -2428,7 +2428,7 @@
 CVE-2012-5956 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
 	NOT-FOR-US: ManageEngine AssetExplorer 5.6
 CVE-2012-5955 (Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2012-5954
 	RESERVED
 CVE-2012-5953
@@ -2898,7 +2898,7 @@
 CVE-2012-5766
 	RESERVED
 CVE-2012-5765 (The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2012-5764
 	RESERVED
 CVE-2012-5763
@@ -3048,9 +3048,9 @@
 CVE-2012-5692 (Unspecified vulnerability in admin/sources/base/core.php in Invision ...)
 	NOT-FOR-US: Invision Power Board
 CVE-2012-5691 (Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2012-5690 (RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2012-5689
 	RESERVED
 CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 ...)
@@ -3165,8 +3165,7 @@
 	RESERVED
 CVE-2012-5657 [zendframework: information disclosure flaw ZF2012-05]
 	RESERVED
-	- zendframework <unfixed>
-	TODO: Check which Debian packages are unfixed and submit bug report
+	- zendframework <unfixed> (bug #696483)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/12/20/2
 	NOTE: http://framework.zend.com/security/advisory/ZF2012-05
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=889037
@@ -3206,7 +3205,8 @@
 	- squid3 <unfixed> (bug #696187)
 CVE-2012-5642 [fail2ban: input variable quoting flaw]
 	RESERVED
-	- fail2ban <unfixed> (bug #696184)
+	- fail2ban <unfixed> (low; bug #696184)
+	[squeeze] - fail2ban <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/12/17/1
 CVE-2012-5641
 	RESERVED
@@ -3221,7 +3221,7 @@
 	NOTE: Since 3.3.0 openoffice.org is a transitional source package
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=58295
 CVE-2012-5638 (The setup_logging function in log.h in SANLock uses world-writable ...)
-	- sanlock <unfixed>
+	- sanlock <unfixed> (bug #696424)
 CVE-2012-5637
 	RESERVED
 CVE-2012-5636
@@ -3703,7 +3703,7 @@
 	[wheezy] - vlc 2.0.3-4
 	[squeeze] - vlc <no-dsa> (Minor issue)
 CVE-2012-5469 (The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2012-5468 (Heap-based buffer overflow in iconvert.c in the bogolexer component in ...)
 	{DSA-2585-1}
 	- bogofilter 1.2.2+dfsg1-2 (bug #695139)

More information about the Secure-testing-commits mailing list