[Secure-testing-commits] r18400 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Feb 8 08:07:55 UTC 2012 

Author: jmm
Date: 2012-02-08 08:07:55 +0000 (Wed, 08 Feb 2012)
New Revision: 18400

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
openssh no-dsa
NFUs
new cvs issue (fixed in sid)
gnash fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-02-07 21:14:24 UTC (rev 18399)
+++ data/CVE/list	2012-02-08 08:07:55 UTC (rev 18400)
@@ -179,23 +179,23 @@
 CVE-2012-0922
 	RESERVED
 CVE-2011-5075 (translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 ...)
-	TODO: check
+	NOT-FOR-US: Support Incident Tracker
 CVE-2011-5074 (Multiple cross-site request forgery (CSRF) vulnerabilities in Support ...)
-	TODO: check
+	NOT-FOR-US: Support Incident Tracker
 CVE-2011-5073 (Multiple cross-site scripting (XSS) vulnerabilities in Support ...)
-	TODO: check
+	NOT-FOR-US: Support Incident Tracker
 CVE-2011-5072 (Multiple SQL injection vulnerabilities in Support Incident Tracker ...)
-	TODO: check
+	NOT-FOR-US: Support Incident Tracker
 CVE-2011-5071 (Multiple SQL injection vulnerabilities in Support Incident Tracker ...)
-	TODO: check
+	NOT-FOR-US: Support Incident Tracker
 CVE-2011-5070 (Multiple cross-site scripting (XSS) vulnerabilities in Support ...)
-	TODO: check
+	NOT-FOR-US: Support Incident Tracker
 CVE-2011-5069 (Unrestricted file upload vulnerability in incident_attachments.php in ...)
-	TODO: check
+	NOT-FOR-US: Support Incident Tracker
 CVE-2011-5068 (Multiple cross-site request forgery (CSRF) vulnerabilities in Support ...)
-	TODO: check
+	NOT-FOR-US: Support Incident Tracker
 CVE-2011-5067 (move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 ...)
-	TODO: check
+	NOT-FOR-US: Support Incident Tracker
 CVE-2012-0921
 	RESERVED
 CVE-2012-0920
@@ -430,9 +430,8 @@
 CVE-2012-0815
 	RESERVED
 CVE-2012-0814 (The auth_parse_options function in auth-options.c in sshd in OpenSSH ...)
-	- openssh-server <unfixed> (bug #657445)
-	TODO: Check unstable status
-	TODO: is this DSA or PRSC?
+	- openssh-server 1:5.6p1-1 (low; bug #657445)
+	[squeeze] - openssh-server <no-dsa> (Minor issue)
 CVE-2012-0813 [wicd cleartext passwords]
 	RESERVED
 	- wicd <unfixed> (unimportant; bug #652417)
@@ -466,7 +465,7 @@
 	RESERVED
 CVE-2012-0804
 	RESERVED
-	- cvs <unfixed>
+	- cvs 2:1.12.13+real-7
 CVE-2012-0803
 	RESERVED
 CVE-2012-0802 [spamdyke: incorrect use of the "snprintf()" and "vsnprintf()" func]
@@ -1387,7 +1386,7 @@
 CVE-2012-0396 (EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly ...)
 	TODO: check
 CVE-2012-0395 (Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2012-0394 (** DISPUTED ** The DebuggingInterceptor component in Apache Struts ...)
 	- libstruts1.2-java <not-affected> (Affects Struts 2, #657870)
 CVE-2012-0393 (The ParameterInterceptor component in Apache Struts before 2.3.1.1 ...)
@@ -1567,9 +1566,9 @@
 CVE-2012-0313 (Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 ...)
 	NOT-FOR-US: glucose
 CVE-2012-0312 (Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before ...)
-	TODO: check
+	NOT-FOR-US: osCommerce
 CVE-2012-0311 (Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before ...)
-	TODO: check
+	NOT-FOR-US: osCommerce
 CVE-2012-0310 (CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, ...)
 	NOT-FOR-US: Cogent DataHub
 CVE-2012-0309 (Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and ...)
@@ -4195,7 +4194,7 @@
 	- dolibarr <itp> (bug #634783)
 CVE-2011-4328 [gnash cookie infoleak]
 	RESERVED
-	- gnash <unfixed> (low; bug #649384)
+	- gnash 0.8.10-1 (low; bug #649384)
 	[squeeze] - gnash <no-dsa> (Minor issue)
 CVE-2011-4327
 	RESERVED
@@ -5802,7 +5801,7 @@
 	- chromium-browser 15.0.874.106~r107270-1 (unimportant)
 	- webkit <not-affected> (Chrome issue)
 CVE-2011-3874 (Stack-based buffer overflow in libsysutils in Android 2.2.x through ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2011-3873 (Google Chrome before 14.0.835.202 does not properly implement shader ...)
 	- chromium-browser 14.0.835.202~r103287-1
 	[squeeze] - chromium-browser <not-affected>
@@ -5900,15 +5899,15 @@
 CVE-2011-3834 (Multiple integer overflows in the in_avi.dll plugin in Winamp before ...)
 	NOT-FOR-US: Winamp
 CVE-2011-3833 (Unrestricted file upload vulnerability in ftp_upload_file.php in ...)
-	TODO: check
+	NOT-FOR-US: Support Incident Tracker
 CVE-2011-3832 (Eval injection vulnerability in config.php in Support Incident Tracker ...)
-	TODO: check
+	NOT-FOR-US: Support Incident Tracker
 CVE-2011-3831 (SQL injection vulnerability in incident_attachments.php in Support ...)
-	TODO: check
+	NOT-FOR-US: Support Incident Tracker
 CVE-2011-3830 (Cross-site scripting (XSS) vulnerability in search.php in Support ...)
-	TODO: check
+	NOT-FOR-US: Support Incident Tracker
 CVE-2011-3829 (ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows ...)
-	TODO: check
+	NOT-FOR-US: Support Incident Tracker
 CVE-2011-3828 (DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote ...)
 	NOT-FOR-US: DVR Remote
 CVE-2011-3827

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2012-02-07 21:14:24 UTC (rev 18399)
+++ data/spu-candidates.txt	2012-02-08 08:07:55 UTC (rev 18400)
@@ -156,6 +156,12 @@
 
 --
 
+openssh (CVE-2012-0814)
+#657445
+spu update suggested in bug log
+
+--
+
 openvas-scanner (CVE-2011-3351)
 #641327
 maintainer notified through bugreport

More information about the Secure-testing-commits mailing list