[Secure-testing-commits] r19672 - data/CVE
Yves-Alexis Perez
corsac at alioth.debian.org
Fri Jul 6 06:42:55 UTC 2012
Author: corsac
Date: 2012-07-06 06:42:55 +0000 (Fri, 06 Jul 2012)
New Revision: 19672
Modified:
data/CVE/list
Log:
fix a bunch of TODO: check (mostly NFUs)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-07-06 06:10:55 UTC (rev 19671)
+++ data/CVE/list 2012-07-06 06:42:55 UTC (rev 19672)
@@ -2,41 +2,41 @@
- nginx 1.2.1-2
[squeeze] - nginx <not-affected> (naxsi package was introduced in 1.1.18-1)
CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 ...)
- TODO: check
+ NOT-FOR-US: Windows utility
CVE-2012-3846 (Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin ...)
- TODO: check
+ NOT-FOR-US: php-pastebin not in Debian
CVE-2012-3845 (Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: LAN Messenger not in Debian
CVE-2012-3844 (Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows ...)
- TODO: check
+ NOT-FOR-US: vBulletin not in Debian
CVE-2012-3843 (Cross-site scripting (XSS) vulnerability in the registration page in ...)
- TODO: check
+ NOT-FOR-US: e107 not in Debian
CVE-2012-3842 (Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in ...)
- TODO: check
+ NOT-FOR-US: DirectAdmin not in Debian
CVE-2012-3841 (Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local ...)
- TODO: check
+ NOT-FOR-US: KMPlayer not in Debian (not the KDE interface to mplayer)
CVE-2012-3840 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: MyClientBase not in Debian
CVE-2012-3839 (Multiple SQL injection vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: MyClientBase not in Debian
CVE-2012-3838 (Gekko before 1.2.0 allows remote attackers to obtain the installation ...)
- TODO: check
+ NOT-FOR-US: Baby Gekko not in Debian
CVE-2012-3837 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Baby Gekko not in Debian
CVE-2012-3836 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko ...)
- TODO: check
+ NOT-FOR-US: Baby Gekko not in Debian
CVE-2012-3835 (Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open ...)
- TODO: check
+ NOT-FOR-US: OSSIM not in Debian (different from Open Source Software Image Map)
CVE-2012-3834 (SQL injection vulnerability in forensics/base_qry_main.php in ...)
- TODO: check
+ NOT-FOR-US: OSSIM not in Debian (different from Open Source Software Image Map)
CVE-2012-3833 (Cross-site scripting (XSS) vulnerability in the default index page in ...)
- TODO: check
+ NOT-FOR-US: Quick.CMS not in Debian
CVE-2012-3832 (Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in ...)
- TODO: check
+ NOT-FOR-US: Decoda not in Debian
CVE-2012-3831 (Cross-site scripting (XSS) vulnerability in decoda/templates/video.php ...)
- TODO: check
+ NOT-FOR-US: Decoda not in Debian
CVE-2012-3830 (Cross-site scripting (XSS) vulnerability in decoda/templates/video.php ...)
- TODO: check
+ NOT-FOR-US: Decoda not in Debian
CVE-2012-3829 (Joomla! 2.5.3 allows remote attackers to obtain the installation path ...)
- joomla <itp> (bug #571794)
CVE-2012-3828 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows ...)
@@ -44,7 +44,7 @@
CVE-2012-3827
RESERVED
CVE-2011-5096 (Stack-based buffer overflow in cstore.exe in the Media Application ...)
- TODO: check
+ NOT-FOR-US: Not in Debian
CVE-2012-3826 (Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x ...)
- wireshark 1.6.8-1 (unimportant)
[squeeze] - wireshark <not-affected> (vulnerable code appeared in 1.4/1.6)
@@ -92,7 +92,7 @@
RESERVED
- asterisk <unfixed>
CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the ...)
- TODO: check
+ NOT-FOR-US: Not in Debian
CVE-2012-3810
RESERVED
CVE-2012-3809
@@ -1752,7 +1752,7 @@
CVE-2012-3008
RESERVED
CVE-2012-3007 (Stack-based buffer overflow in slssvc.exe before 58.x in Invensys ...)
- TODO: check
+ NOT-FOR-US: Not in Debian
CVE-2012-3006 (The Innominate mGuard Smart HW before HW-101130 and BD before ...)
NOT-FOR-US: Innominate mGuard Smart
CVE-2012-3005
@@ -2754,9 +2754,9 @@
CVE-2012-2561 (HP Business Service Management (BSM) 9.12 does not properly restrict ...)
NOT-FOR-US: HP Business Service Management
CVE-2012-2560 (Directory traversal vulnerability in WellinTech KingView 6.53 allows ...)
- TODO: check
+ NOT-FOR-US: Not in Debian
CVE-2012-2559 (WellinTech KingHistorian 3.0 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Not in Debian
CVE-2012-2558
RESERVED
CVE-2012-2557
@@ -2842,9 +2842,9 @@
CVE-2012-2517
RESERVED
CVE-2012-2516 (An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the ...)
- TODO: check
+ NOT-FOR-US: KeyWorks not in Debian
CVE-2012-2515 (Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX ...)
- TODO: check
+ NOT-FOR-US: KeyWorks not in Debian
CVE-2012-2514 (The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and ...)
NOT-FOR-US: SAP NetWeaver
CVE-2012-2513 (The Diaginput function in disp+work.exe 7010.29.15.58313 and ...)
@@ -3808,7 +3808,7 @@
CVE-2012-2182
RESERVED
CVE-2012-2181 (Directory traversal vulnerability in the Dojo module in IBM WebSphere ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere not in Debian
CVE-2012-2180 (The chaining functionality in the Distributed Relational Database ...)
NOT-FOR-US: IBM DB2
CVE-2012-2179 (libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite ...)
@@ -4680,11 +4680,11 @@
CVE-2012-1833
RESERVED
CVE-2012-1832 (WellinTech KingView 6.53 allows remote attackers to execute arbitrary ...)
- TODO: check
+ NOT-FOR-US: WellinTech KingView not in Debian
CVE-2012-1831 (Heap-based buffer overflow in WellinTech KingView 6.53 allows remote ...)
- TODO: check
+ NOT-FOR-US: WellinTech KingView not in Debian
CVE-2012-1830 (Stack-based buffer overflow in WellinTech KingView 6.53 allows remote ...)
- TODO: check
+ NOT-FOR-US: WellinTech KingView not in Debian
CVE-2012-1829 (Multiple cross-site scripting (XSS) vulnerabilities in AutoFORM PDM ...)
NOT-FOR-US: AutoFORM PDM Archive
CVE-2012-1828 (The administrative functions in AutoFORM PDM Archive before 7.1 do not ...)
@@ -11052,7 +11052,7 @@
CVE-2011-4409 (The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 ...)
NOT-FOR-US: Ubuntu One
CVE-2011-4408 (The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and ...)
- TODO: check
+ - ubuntu-sso-client <unfixed>
CVE-2011-4407 [apt-add-repository does not perform ssl verification where it *needs* to]
RESERVED
- software-properties 0.76.7debian2+nmu2
@@ -13391,6 +13391,9 @@
RESERVED
CVE-2011-3671 (Use-after-free vulnerability in the nsHTMLSelectElement function in ...)
TODO: check
+ - icedove <unfixed>
+ - iceweasel <unfixed>
+ - iceape <unfixed>
CVE-2011-3670 (Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before ...)
{DSA-2406-1 DSA-2402-1 DSA-2400-1}
- icedove 7.0-1
More information about the Secure-testing-commits
mailing list