[Secure-testing-commits] r18492 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2012-02-20 16:25:56 +0000 (Mon, 20 Feb 2012)
New Revision: 18492

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
annotate entries for glassfish and jboss
chromium updates
new no-dsa libxslt issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-02-20 12:13:38 UTC (rev 18491)
+++ data/CVE/list	2012-02-20 16:25:56 UTC (rev 18492)
@@ -3213,7 +3213,7 @@
 	- virtualbox-guest-additions-iso 4.1.8-1 (bug #659951)
 	[squeeze] - virtualbox-guest-additions-iso <not-affected> (Vulnerable code not present, see #659950)
 CVE-2012-0104 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 ...)
-	NOT-FOR-US: Oracle GlassFish Enterprise Server
+	- glassfish <not-affected> (Debian package only builds a few API elements)
 CVE-2012-0103 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...)
 	NOT-FOR-US: Oracle Solaris Kernel
 CVE-2012-0102 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
@@ -3259,7 +3259,7 @@
 CVE-2012-0082 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
 	NOT-FOR-US: Oracle Database Server
 CVE-2012-0081 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 ...)
-	NOT-FOR-US: Oracle GlassFish Enterprise Server
+	- glassfish <not-affected> (Debian package only builds a few API elements)
 CVE-2012-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
 	NOT-FOR-US: Oracle PeopleSoft Products
 CVE-2012-0079 (Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote ...)
@@ -3875,7 +3875,7 @@
 CVE-2011-4609
 	RESERVED
 CVE-2011-4608 (mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat ...)
-	NOT-FOR-US: JBoss Enterprise Application Platform
+	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
 CVE-2011-4607 [http://seclists.org/oss-sec/2011/q4/500]
 	RESERVED
 	- putty 0.62-1 (unimportant)
@@ -5956,7 +5956,8 @@
 	- chromium-browser 17.0.963.56~r121963-1
 	- webkit <undetermined>
 CVE-2011-3970 (libxslt, as used in Google Chrome before 17.0.963.46, allows remote ...)
-	TODO: check
+	- libxslt <unfixed> (low; bug filed)
+	[squeeze] - libxslt <no-dsa> (Minor issue)
 CVE-2011-3969 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 ...)
 	- chromium-browser 17.0.963.56~r121963-1
 	- webkit <undetermined>
@@ -5976,8 +5977,7 @@
 	- chromium-browser 17.0.963.56~r121963-1
 	- webkit <undetermined>
 CVE-2011-3963 (Google Chrome before 17.0.963.46 does not properly handle PDF FAX ...)
-	- chromium-browser <unfixed>
-	- webkit <undetermined>
+	- chromium-browser <not-affected> (Only affects proprietary Chrome)
 CVE-2011-3962 (Google Chrome before 17.0.963.46 does not properly perform path ...)
 	- chromium-browser 17.0.963.56~r121963-1
 	- webkit <undetermined>
@@ -5994,7 +5994,7 @@
 	- chromium-browser 17.0.963.56~r121963-1
 	- webkit <undetermined>
 CVE-2011-3957 (Use-after-free vulnerability in the garbage-collection functionality ...)
-	- chromium-browser <unfixed>
+	- chromium-browser 17.0.963.56~r121963-1
 	- webkit <undetermined>
 CVE-2011-3956 (The extension implementation in Google Chrome before 17.0.963.46 does ...)
 	- chromium-browser 17.0.963.56~r121963-1

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2012-02-20 12:13:38 UTC (rev 18491)
+++ data/spu-candidates.txt	2012-02-20 16:25:56 UTC (rev 18492)
@@ -127,6 +127,11 @@
 
 --
 
+libxslt (CVE-2011-3970)
+http://git.gnome.org/browse/libxslt/commit/?id=fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b
+
+--
+
 loggerhead (CVE-2011-0728)
 
 --