[Secure-testing-commits] r19676 - data/CVE

Yves-Alexis Perez corsac at alioth.debian.org
Sat Jul 7 12:54:01 UTC 2012


Author: corsac
Date: 2012-07-07 12:54:01 +0000 (Sat, 07 Jul 2012)
New Revision: 19676

Modified:
   data/CVE/list
Log:
add CVEs for vlc/naxsi/at-spi2-atk/asterisk


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-07-06 22:08:24 UTC (rev 19675)
+++ data/CVE/list	2012-07-07 12:54:01 UTC (rev 19676)
@@ -1,8 +1,5 @@
-CVE-2012-XXXX [VLC Ogg demuxer heap overflow]
-	- vlc 2.0.2-1
-CVE-2012-XXXX [naxsi: file disclosure in nx_extract]
-	- nginx 1.2.1-2
-	[squeeze] - nginx <not-affected> (naxsi package was introduced in 1.1.18-1)
+CVE-2012-3863 [asterisk: Possible resource leak on uncompleted re-invite transactions]
+	- asterisk <unfixed>
 CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 ...)
 	NOT-FOR-US: Windows utility
 CVE-2012-3846 (Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin ...)
@@ -958,6 +955,7 @@
 	RESERVED
 CVE-2012-3382
 	RESERVED
+	- mono <unfixed>
 CVE-2012-3381 [sblim-sfcb: insecure LD_LIBRARY_PATH usage]
 	RESERVED
 	NOT-FOR-US: sblim-sfcb
@@ -965,14 +963,18 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=838160
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/7
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/8
-CVE-2012-3380
+CVE-2012-3380 [naxsi: file disclosure in nx_extract]
+	- nginx 1.2.1-2
+	[squeeze] - nginx <not-affected> (naxsi package was introduced in 1.1.18-1)
+CVE-2012-3379 [as31: insecure file creation in /tmp]
 	RESERVED
-CVE-2012-3379
+	- as31 2.3.1-5 (bug #655496)
+CVE-2012-3378 [at-spi2-atk: insecure tempdir handling]
 	RESERVED
-CVE-2012-3378
+	- at-spi2-atk 2.5.3-1 (bug #678026)
+CVE-2012-3377 [VLC Ogg demuxer heap overflow]
 	RESERVED
-CVE-2012-3377
-	RESERVED
+	- vlc 2.0.2-1
 CVE-2012-3376
 	RESERVED
 CVE-2012-3375




More information about the Secure-testing-commits mailing list