[Secure-testing-commits] r20713 - in data: CVE DSA

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Dec 27 13:16:07 UTC 2012


Author: jmm
Date: 2012-12-27 13:16:07 +0000 (Thu, 27 Dec 2012)
New Revision: 20713

Modified:
   data/CVE/list
   data/DSA/list
Log:
nusoap, ojs no-dsa
mahara dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-12-27 12:56:04 UTC (rev 20712)
+++ data/CVE/list	2012-12-27 13:16:07 UTC (rev 20713)
@@ -230,7 +230,8 @@
 	- falconpl 0.9.6.9-git20120606-2 (bug #696681)
 	NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1
 CVE-2012-XXXX [libnusoap-php: Curl insecure usage]
-	- libnusoap-php <unfixed> (bug #696707)
+	- libnusoap-php <unfixed> (low; bug #696707)
+	[squeeze] - libnusoap-php <no-dsa> (Minor issue)
 	NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1
 CVE-2012-6428 (Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 ...)
 	NOT-FOR-US: Carlo Gavazzi EOS-Box
@@ -4780,7 +4781,8 @@
 CVE-2011-5197 (Cross-site request forgery (CSRF) vulnerability in ...)
 	NOT-FOR-US: Public Knowledge Project Open Harvester Systems
 CVE-2011-5196 (Cross-site request forgery (CSRF) vulnerability in ...)
-	- ojs <removed>
+	- ojs <removed> (low)
+	[squeeze] - ojs <no-dsa> (Minor issue)
 CVE-2011-5195 (Cross-site request forgery (CSRF) vulnerability in ...)
 	NOT-FOR-US: Public Knowledge Project Open Conference Systems
 CVE-2011-5194 (Cross-site scripting (XSS) vulnerability in ...)
@@ -13951,11 +13953,14 @@
 CVE-2012-1470 (Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php ...)
 	- ocportal <itp> (bug #625865)
 CVE-2012-1469 (Multiple cross-site scripting (XSS) vulnerabilities in Open Journal ...)
-	- ojs <removed>
+	- ojs <removed> (low)
+	[squeeze] - ojs <no-dsa> (Minor issue)
 CVE-2012-1468 (Incomplete blacklist vulnerability in Open Journal Systems before ...)
-	- ojs <removed>
+	- ojs <removed> (low)
+	[squeeze] - ojs <no-dsa> (Minor issue)
 CVE-2012-1467 (Multiple directory traversal vulnerabilities in the iBrowser plugin ...)
-	- ojs <removed>
+	- ojs <removed> (low)
+	[squeeze] - ojs <no-dsa> (Minor issue)
 CVE-2012-1466 (The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 ...)
 	NOT-FOR-US: NetMechanica NetDecision
 CVE-2012-1465 (Stack-based buffer overflow in the HTTP Server in NetMechanica ...)
@@ -19635,6 +19640,7 @@
 	NOTE: Related to CVE-2011-3368 and CVE-2011-3639 but a different issue
 CVE-2011-4316
 	RESERVED
+	NOTE: jmm> I've contacted Dave Jorm from the Red Hat security team for further details
 CVE-2011-4315 (Heap-based buffer overflow in compression-pointer processing in ...)
 	- nginx 1.1.8-1 (low)
 	[squeeze] - nginx 0.7.67-3+squeeze1

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2012-12-27 12:56:04 UTC (rev 20712)
+++ data/DSA/list	2012-12-27 13:16:07 UTC (rev 20713)
@@ -1,3 +1,6 @@
+[27 Dec 2012] DSA-2591-1 mahara - several
+	{CVE-2012-2239 CVE-2012-2243 CVE-2012-2244 CVE-2012-2246 CVE-2012-2247 CVE-2012-2253}
+	[squeeze] - mahara 1.2.6-2+squeeze6
 [26 Dec 2012] DSA-2590-1 wireshark - several
 	{CVE-2012-4048 CVE-2012-4296}
 	[squeeze] - wireshark 1.2.11-6+squeeze8




More information about the Secure-testing-commits mailing list