[Secure-testing-commits] r20713 - in data: CVE DSA
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Dec 27 13:16:07 UTC 2012
Author: jmm
Date: 2012-12-27 13:16:07 +0000 (Thu, 27 Dec 2012)
New Revision: 20713
Modified:
data/CVE/list
data/DSA/list
Log:
nusoap, ojs no-dsa
mahara dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-12-27 12:56:04 UTC (rev 20712)
+++ data/CVE/list 2012-12-27 13:16:07 UTC (rev 20713)
@@ -230,7 +230,8 @@
- falconpl 0.9.6.9-git20120606-2 (bug #696681)
NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1
CVE-2012-XXXX [libnusoap-php: Curl insecure usage]
- - libnusoap-php <unfixed> (bug #696707)
+ - libnusoap-php <unfixed> (low; bug #696707)
+ [squeeze] - libnusoap-php <no-dsa> (Minor issue)
NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1
CVE-2012-6428 (Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 ...)
NOT-FOR-US: Carlo Gavazzi EOS-Box
@@ -4780,7 +4781,8 @@
CVE-2011-5197 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: Public Knowledge Project Open Harvester Systems
CVE-2011-5196 (Cross-site request forgery (CSRF) vulnerability in ...)
- - ojs <removed>
+ - ojs <removed> (low)
+ [squeeze] - ojs <no-dsa> (Minor issue)
CVE-2011-5195 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: Public Knowledge Project Open Conference Systems
CVE-2011-5194 (Cross-site scripting (XSS) vulnerability in ...)
@@ -13951,11 +13953,14 @@
CVE-2012-1470 (Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php ...)
- ocportal <itp> (bug #625865)
CVE-2012-1469 (Multiple cross-site scripting (XSS) vulnerabilities in Open Journal ...)
- - ojs <removed>
+ - ojs <removed> (low)
+ [squeeze] - ojs <no-dsa> (Minor issue)
CVE-2012-1468 (Incomplete blacklist vulnerability in Open Journal Systems before ...)
- - ojs <removed>
+ - ojs <removed> (low)
+ [squeeze] - ojs <no-dsa> (Minor issue)
CVE-2012-1467 (Multiple directory traversal vulnerabilities in the iBrowser plugin ...)
- - ojs <removed>
+ - ojs <removed> (low)
+ [squeeze] - ojs <no-dsa> (Minor issue)
CVE-2012-1466 (The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 ...)
NOT-FOR-US: NetMechanica NetDecision
CVE-2012-1465 (Stack-based buffer overflow in the HTTP Server in NetMechanica ...)
@@ -19635,6 +19640,7 @@
NOTE: Related to CVE-2011-3368 and CVE-2011-3639 but a different issue
CVE-2011-4316
RESERVED
+ NOTE: jmm> I've contacted Dave Jorm from the Red Hat security team for further details
CVE-2011-4315 (Heap-based buffer overflow in compression-pointer processing in ...)
- nginx 1.1.8-1 (low)
[squeeze] - nginx 0.7.67-3+squeeze1
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2012-12-27 12:56:04 UTC (rev 20712)
+++ data/DSA/list 2012-12-27 13:16:07 UTC (rev 20713)
@@ -1,3 +1,6 @@
+[27 Dec 2012] DSA-2591-1 mahara - several
+ {CVE-2012-2239 CVE-2012-2243 CVE-2012-2244 CVE-2012-2246 CVE-2012-2247 CVE-2012-2253}
+ [squeeze] - mahara 1.2.6-2+squeeze6
[26 Dec 2012] DSA-2590-1 wireshark - several
{CVE-2012-4048 CVE-2012-4296}
[squeeze] - wireshark 1.2.11-6+squeeze8
More information about the Secure-testing-commits
mailing list