[Secure-testing-commits] r18449 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Wed Feb 15 23:15:49 UTC 2012 

Author: geissert
Date: 2012-02-15 23:15:49 +0000 (Wed, 15 Feb 2012)
New Revision: 18449

Modified:
   data/CVE/list
Log:
NFUs, ITP, and some unverified issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-02-15 23:05:56 UTC (rev 18448)
+++ data/CVE/list	2012-02-15 23:15:49 UTC (rev 18449)
@@ -2964,9 +2964,9 @@
 CVE-2012-0156
 	RESERVED
 CVE-2012-0155 (Microsoft Internet Explorer 9 does not properly handle objects in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0154 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0153
 	RESERVED
 CVE-2012-0152
@@ -2974,19 +2974,19 @@
 CVE-2012-0151
 	RESERVED
 CVE-2012-0150 (Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0149 (afd.sys in the Ancillary Function Driver in Microsoft Windows Server ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0148 (afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0147
 	RESERVED
 CVE-2012-0146
 	RESERVED
 CVE-2012-0145 (Cross-site scripting (XSS) vulnerability in wizardlist.aspx in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0144 (Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0143
 	RESERVED
 CVE-2012-0142
@@ -2998,11 +2998,11 @@
 CVE-2012-0139
 	RESERVED
 CVE-2012-0138 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0137 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0136 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0135
 	RESERVED
 CVE-2012-0134
@@ -4262,27 +4262,27 @@
 CVE-2011-4437
 	RESERVED
 CVE-2012-0020 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0019 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0018
 	RESERVED
 CVE-2012-0017 (Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0016
 	RESERVED
 CVE-2012-0015 (Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0014 (Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0013 (Incomplete blacklist vulnerability in the Windows Packager ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2012-0012 (Microsoft Internet Explorer 9 does not properly handle the creation ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0011 (Microsoft Internet Explorer 7 through 9 does not properly handle ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0010 (Microsoft Internet Explorer 6 through 9 does not properly perform ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2012-0009 (Untrusted search path vulnerability in the Windows Object Packager ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2012-0008
@@ -7763,6 +7763,7 @@
 CVE-2011-3329
 	RESERVED
 CVE-2011-3328 (The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when ...)
+	- libpng <unfixed>
 	TODO: check
 CVE-2011-3327 (Heap-based buffer overflow in the ecommunity_ecom2str function in ...)
 	{DSA-2316-1}
@@ -12453,8 +12454,10 @@
 	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported)
 	[lenny] - open-vm-tools <no-dsa> (Contrib not supported)
 CVE-2011-1680 (ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ ...)
+	- ncpfs <unfixed>
 	TODO: check
 CVE-2011-1679 (ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the ...)
+	- ncpfs <unfixed>
 	TODO: check
 CVE-2011-1678 (smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to ...)
 	- samba 2:3.4.7~dfsg-2 (low)
@@ -12463,10 +12466,12 @@
 	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
 	NOTE: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=f6eae44a3d05b6515a59651e6bed8b6dde689aec
 CVE-2011-1677 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ ...)
+	- util-linux <unfixed>
 	TODO: check
 CVE-2011-1676 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp ...)
 	NOTE: This was found to be a non-issue, see http://thread.gmane.org/gmane.comp.security.oss.general/4374/focus=4983
 CVE-2011-1675 (mount in util-linux 2.19 and earlier attempts to append to the ...)
+	- util-linux <unfixed>
 	TODO: check
 CVE-2011-1674 (The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote ...)
 	NOT-FOR-US: NetGear ProSafe WNAP210
@@ -13274,14 +13279,19 @@
 CVE-2008-7280 (Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket ...)
 	- otrs2 2.2.7-1
 CVE-2008-7279 (The CustomerInterface component in Open Ticket Request System (OTRS) ...)
+	- otrs2 <unfixed>
 	TODO: check
 CVE-2008-7278 (The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, ...)
+	- otrs2 <unfixed>
 	TODO: check
 CVE-2008-7277 (Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw ...)
+	- otrs2 <unfixed>
 	TODO: check
 CVE-2008-7276 (Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) ...)
+	- otrs2 <unfixed>
 	TODO: check
 CVE-2008-7275 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...)
+	- otrs2 <unfixed>
 	TODO: check
 CVE-2011-1432 (The STARTTLS implementation in SCO SCOoffice Server does not properly ...)
 	NOT-FOR-US: SCO SCOoffice Server
@@ -13418,9 +13428,9 @@
 CVE-2011-1378 (IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2011-1377 (The Web Services Security component in the Web Services Feature Pack ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2011-1376 (iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2011-1375 (IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and ...)
 	NOT-FOR-US: IBM AIX
 CVE-2011-1374
@@ -109049,7 +109059,7 @@
 	NOTE: I think it is not a problem on Debian as far as everybody knows the full
 	NOTE: path of phpMyAdmin is /usr/share/phpmyadmin.
 CVE-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...)
-	NOT-FOR-US: oscommerce
+	- oscommerce <itp> (bug #532489)
 CVE-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for ...)
 	NOT-FOR-US: Opera
 CVE-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded ...)

More information about the Secure-testing-commits mailing list