[Secure-testing-commits] r18490 - in data: . CVE
Nico Golde
nion at alioth.debian.org
Mon Feb 20 11:42:37 UTC 2012
Author: nion
Date: 2012-02-20 11:42:37 +0000 (Mon, 20 Feb 2012)
New Revision: 18490
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- mathopd should be fixed via spu
- NFUs
- CVE-2012-0904 seems to be a non-issue (vlc)
- CVE-2012-0789 fixed in php5 5.3.9-1
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-02-20 10:50:39 UTC (rev 18489)
+++ data/CVE/list 2012-02-20 11:42:37 UTC (rev 18490)
@@ -212,57 +212,57 @@
CVE-2012-1088
RESERVED
CVE-2012-1087 (Cross-site scripting (XSS) vulnerability in the Post data records to ...)
- TODO: check
+ NOT-FOR-US: bc_post2facebook extension for TYPO3
CVE-2012-1086 (Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) ...)
- TODO: check
+ NOT-FOR-US: aeurltool extension for TYPO3
CVE-2012-1085 (Unspecified vulnerability in the BE User Switch (beuserswitch) ...)
- TODO: check
+ NOT-FOR-US: beuserswitch for TYPO3
CVE-2012-1084 (Cross-site scripting (XSS) vulnerability in the BE User Switch ...)
- TODO: check
+ NOT-FOR-US: beuserswitch for TYPO3
CVE-2012-1083 (Cross-site request forgery (CSRF) vulnerability in the Terminal PHP ...)
- TODO: check
+ NOT-FOR-US: terminal extension TYPO3
CVE-2012-1082 (Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell ...)
- TODO: check
+ NOT-FOR-US: terminal extension TYPO3
CVE-2012-1081 (Cross-site scripting (XSS) vulnerability in the Yet another Google ...)
- TODO: check
+ NOT-FOR-US: ya_googlesearch extension for TYPO3
CVE-2012-1080 (Cross-site scripting (XSS) vulnerability in the Euro Calculator ...)
- TODO: check
+ NOT-FOR-US: skt_eurocalc extension for TYPO3
CVE-2012-1079 (Unspecified vulnerability in the Webservices for TYPO3 ...)
- TODO: check
+ NOT-FOR-US: typo3_webservice extension for TYPO3
CVE-2012-1078 (The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 ...)
- TODO: check
+ NOT-FOR-US: sysutils extension for TYPO3
CVE-2012-1077 (SQL injection vulnerability in the Post data records to facebook ...)
- TODO: check
+ NOT-FOR-US: bc_post2facebook extension for TYPO3
CVE-2012-1076 (Cross-site scripting (XSS) vulnerability in the Documents download ...)
- TODO: check
+ NOT-FOR-US: rtg_files extension for TYPO3
CVE-2012-1075 (SQL injection vulnerability in the Documents download (rtg_files) ...)
- TODO: check
+ NOT-FOR-US: rtg_files extension for TYPO3
CVE-2012-1074 (SQL injection vulnerability in the White Papers (mm_whtppr) extension ...)
- TODO: check
+ NOT-FOR-US: mm_whtppr extension for TYPO3
CVE-2012-1073 (Cross-site scripting (XSS) vulnerability in the Category-System ...)
- TODO: check
+ NOT-FOR-US: toi_category extension for TYPO3
CVE-2012-1072 (SQL injection vulnerability in the Category-System (toi_category) ...)
- TODO: check
+ NOT-FOR-US: toi_category extension for TYPO3
CVE-2012-1071 (SQL injection vulnerability in the Kitchen recipe (mv_cooking) ...)
- TODO: check
+ NOT-FOR-US: mv_cooking extension for TYPO3
CVE-2012-1070 (Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) ...)
- TODO: check
+ NOT-FOR-US: irfaq extension for TYPO3
CVE-2012-1069 (Cross-site scripting (XSS) vulnerability in module/kb/search_word in ...)
- TODO: check
+ NOT-FOR-US: lknSupport
CVE-2012-1068 (Cross-site scripting (XSS) vulnerability in the rc_ajax function in ...)
- TODO: check
+ NOT-FOR-US: WP-RecentComments plugin for WordPress
CVE-2012-1067 (SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for ...)
- TODO: check
+ NOT-FOR-US: WP-RecentComments plugin for WordPress
CVE-2012-1066 (Cross-site scripting (XSS) vulnerability in the template module in ...)
- TODO: check
+ NOT-FOR-US: SmartyCMS
CVE-2012-1065 (Insecure method vulnerability in TuxScripting.dll in the TuxSystem ...)
- TODO: check
+ NOT-FOR-US: TuxSystem
CVE-2012-1064
RESERVED
CVE-2011-5080 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: jftcaforms extension for TYPO3
CVE-2011-5079 (Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 ...)
- TODO: check
+ NOT-FOR-US: irfaq extension for TYPO3
CVE-2010-5085 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
TODO: check
CVE-2010-5084 (The cross-site request forgery (CSRF) protection mechanism in e107 ...)
@@ -270,35 +270,38 @@
CVE-2010-5083 (SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 ...)
TODO: check
CVE-2012-1063 (Multiple SQL injection vulnerabilities in ManageEngine Applications ...)
- TODO: check
+ NOT-FOR-US: ManageEngine Applications Manager
CVE-2012-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
- TODO: check
+ NOT-FOR-US: ManageEngine Applications Manager
CVE-2012-1061 (SQL injection vulnerability in GForge Advanced Server 6.0.0 and other ...)
- TODO: check
+ NOT-FOR-US: GForge Advanced Server
CVE-2012-1060 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Taxonomy module for Drupal
CVE-2012-1059 (Cross-site scripting (XSS) vulnerability in the shirt module in ...)
- TODO: check
+ NOT-FOR-US: shirt module in OSCommerce
CVE-2012-1058 (Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 ...)
- TODO: check
+ NOT-FOR-US: Flyspray
CVE-2012-1057 (Cross-site request forgery (CSRF) vulnerability in the clickthrough ...)
- TODO: check
+ NOT-FOR-US: Forward module for Drupal
CVE-2012-1056 (The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 ...)
- TODO: check
+ NOT-FOR-US: Forward module for Drupal
CVE-2012-1055 (Heap-based buffer overflow in PhotoLine 17.01 and possibly other ...)
- TODO: check
+ NOT-FOR-US: PhotoLine
CVE-2012-1054
RESERVED
CVE-2012-1053
RESERVED
CVE-2012-1052 (Buffer overflow in IvanView 1.2.15 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: IvanView
CVE-2012-1051 (Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2012-1050 (Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before ...)
- TODO: check
+ - mathopd <unfixed> (low; bug #660627)
+ [lenny] - mathopd <no-dsa> (Minor issue, configuration specific)
+ [squeeze] - mathopd <no-dsa> (Minor issue, configuration specific)
+ NOTE: this is only an issue in specific configurations but not in the Debian configuration
CVE-2012-1049 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
- TODO: check
+ NOT-FOR-US: ManageEngine ADManager Plus
CVE-2012-1048 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: eFront Community++
CVE-2012-1047 (Directory traversal vulnerability in the WWWHELP Service ...)
@@ -387,7 +390,7 @@
CVE-2011-5076 (SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, ...)
NOT-FOR-US: HDWiki
CVE-2012-1009 (NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build ...)
- TODO: check
+ NOT-FOR-US: NetSarang
CVE-2012-1008 (OfficeSIP Server 3.1 allows remote attackers to cause a denial of ...)
NOT-FOR-US: OfficeSIP Server
CVE-2012-1007 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
@@ -620,7 +623,8 @@
CVE-2012-0905 (SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase ...)
NOT-FOR-US: deV!L'z Clanportal
CVE-2012-0904 (VLC media player 1.1.11 allows remote attackers to cause a denial of ...)
- TODO: check
+ - vlc <not-affected>
+ NOTE: not reproducible, no public fix from the vlc team either
CVE-2012-0903 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop ...)
NOT-FOR-US: Zimbra Desktop
CVE-2012-0902 (AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of ...)
@@ -783,7 +787,7 @@
- php5 5.3.10-1
NOTE: http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
CVE-2012-0829 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew ...)
- TODO: check
+ NOT-FOR-US: Mibew Messenger
CVE-2012-0828
RESERVED
- xchat <not-affected> (Only affects Xchat on Windows and Maemo)
@@ -905,7 +909,7 @@
CVE-2012-0790 (Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping ...)
- smokeping 2.6.7-1 (bug #659899)
CVE-2012-0789 (Memory leak in the timezone functionality in PHP before 5.3.9 allows ...)
- TODO: check
+ - php5 5.3.9-1
CVE-2012-0788 (The PDORow implementation in PHP before 5.3.9 does not properly ...)
{DSA-2408-1}
- php5 5.3.9-1
@@ -955,7 +959,7 @@
CVE-2012-0768
RESERVED
CVE-2012-0767 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2012-0766 (The Shockwave 3D Asset component in Adobe Shockwave Player before ...)
NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0765 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp ...)
@@ -1915,7 +1919,7 @@
CVE-2012-0353
RESERVED
CVE-2012-0352 (Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series ...)
- TODO: check
+ NOT-FOR-US: Cisco NX-OS
CVE-2012-0351
RESERVED
CVE-2012-0350
@@ -3208,7 +3212,7 @@
- virtualbox-guest-additions-iso 4.1.8-1 (bug #659951)
[squeeze] - virtualbox-guest-additions-iso <not-affected> (Vulnerable code not present, see #659950)
CVE-2012-0104 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 ...)
- TODO: check
+ NOT-FOR-US: Oracle GlassFish Enterprise Server
CVE-2012-0103 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...)
NOT-FOR-US: Oracle Solaris Kernel
CVE-2012-0102 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
@@ -3254,7 +3258,7 @@
CVE-2012-0082 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
NOT-FOR-US: Oracle Database Server
CVE-2012-0081 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 ...)
- TODO: check
+ NOT-FOR-US: Oracle GlassFish Enterprise Server
CVE-2012-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0079 (Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote ...)
@@ -3870,7 +3874,7 @@
CVE-2011-4609
RESERVED
CVE-2011-4608 (mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat ...)
- TODO: check
+ NOT-FOR-US: JBoss Enterprise Application Platform
CVE-2011-4607 [http://seclists.org/oss-sec/2011/q4/500]
RESERVED
- putty 0.62-1 (unimportant)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2012-02-20 10:50:39 UTC (rev 18489)
+++ data/spu-candidates.txt 2012-02-20 11:42:37 UTC (rev 18490)
@@ -290,3 +290,7 @@
--
zorp (CVE-2009-3555)
+
+--
+
+mathopd (CVE-2012-1050)
More information about the Secure-testing-commits
mailing list