[Secure-testing-commits] r19735 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri Jul 13 12:53:29 UTC 2012
Author: jmm
Date: 2012-07-13 12:53:28 +0000 (Fri, 13 Jul 2012)
New Revision: 19735
Modified:
data/CVE/list
Log:
automake 1.7 fixed
automake 1.4 not affected
bitcoin fixed
one libexif issue is in exif
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-07-13 10:31:17 UTC (rev 19734)
+++ data/CVE/list 2012-07-13 12:53:28 UTC (rev 19735)
@@ -1273,13 +1273,12 @@
RESERVED
CVE-2012-3386
RESERVED
- - automake <unfixed>
- [squeeze] - automake <no-dsa> (Minor issue)
+ - automake <not-affected> (Vulnerable code not present)
- automake1.10 1:1.10.3-3
[squeeze] - automake1.10 <no-dsa> (Minor issue)
- automake1.11 1:1.11.6-1 (bug #681097)
[squeeze] - automake1.11 <no-dsa> (Minor issue)
- - automake1.7 <unfixed>
+ - automake1.7 1.7.9-10
[squeeze] - automake1.7 <no-dsa> (Minor issue)
- automake1.9 1.9.6+nogfdl-4
[squeeze] - automake1.9 <no-dsa> (Minor issue)
@@ -1403,7 +1402,6 @@
CVE-2012-3357 [viewvc log msg leak in SVN revision view with unreadable copy source]
RESERVED
- viewvc <unfixed> (bug #679069)
- TODO: Check if 1.1.5-1.1 is affected
NOTE: http://viewvc.tigris.org/issues/show_bug.cgi?id=353
NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755
NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756
@@ -1413,7 +1411,6 @@
CVE-2012-3356 [viewvc complete authz support for remote SVN views]
RESERVED
- viewvc <unfixed> (bug #679069)
- TODO: Check if 1.1.5-1.1 is affected
NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758
CVE-2012-3355 [rhythmbox insecure temporary directory used by loading template files]
RESERVED
@@ -1663,7 +1660,7 @@
CVE-2012-3239
RESERVED
CVE-2012-3238 (Cross-site scripting (XSS) vulnerability in the Backup/Restore ...)
- TODO: check
+ NOT-FOR-US: Astaro appliance
CVE-2012-3237
RESERVED
CVE-2012-3236
@@ -2205,7 +2202,7 @@
CVE-2012-2971
RESERVED
CVE-2012-2970 (The Synel SY-780/A Time & Attendance terminal allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Synel terminal
CVE-2012-2969
RESERVED
CVE-2012-2968
@@ -2476,9 +2473,8 @@
RESERVED
CVE-2012-2845
RESERVED
- - libexif <unfixed> (bug #681454)
- TODO: check if Debian is affected
- NOTE: Marcus Meissner said CVE-2012-2845 is actually for "exif", the commandline tool. Not the library libexif
+ - exif <unfixed> (low; bug #681454)
+ [squeeze] - exif <no-dsa> (Minor crasher)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2844
@@ -3370,9 +3366,7 @@
RESERVED
CVE-2012-2459
RESERVED
- - bitcoin <unfixed>
- TODO: check
- NOTE: should be fixed in 0.6.2 but need to identify the relevant commit
+ - bitcoin 0.6.2.1-1
NOTE: https://bitcointalk.org/index.php?topic=81749.0
CVE-2012-2458
RESERVED
@@ -4684,7 +4678,7 @@
CVE-2012-2019 (Unspecified vulnerability in HP Operations Agent before 11.03.12 ...)
NOT-FOR-US: HP Operations Agent
CVE-2012-2018 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...)
- TODO: check
+ NOT-FOR-US: HP Network Node Manager
CVE-2012-2017 (Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, ...)
NOT-FOR-US: HP Photosmart Wireless e-All-in-One
CVE-2012-2016 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
@@ -4967,13 +4961,13 @@
CVE-2012-1895
RESERVED
CVE-2012-1894 (Microsoft Office for Mac 2011 uses world-writable permissions for the ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2012-1893 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2012-1892
RESERVED
CVE-2012-1891 (Heap-based buffer overflow in Microsoft Data Access Components (MDAC) ...)
- TODO: check
+ NOT-FOR-US: Microsoft Data Access Components
CVE-2012-1890 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
NOT-FOR-US: Microsoft Windows
CVE-2012-1889 (Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses ...)
@@ -5015,7 +5009,7 @@
CVE-2012-1871
RESERVED
CVE-2012-1870 (The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows XP
CVE-2012-1869
RESERVED
CVE-2012-1868 (Race condition in the thread-creation implementation in win32k.sys in ...)
@@ -5029,15 +5023,15 @@
CVE-2012-1864 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
NOT-FOR-US: Microsoft Windows
CVE-2012-1863 (Cross-site scripting (XSS) vulnerability in Microsoft Office ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2012-1862 (Open redirect vulnerability in Microsoft Office SharePoint Server 2007 ...)
- TODO: check
+ NOT-FOR-US: Microsoft SharePoint
CVE-2012-1861 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
- TODO: check
+ NOT-FOR-US: Microsoft SharePoint
CVE-2012-1860 (Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft SharePoint
CVE-2012-1859 (Cross-site scripting (XSS) vulnerability in scriptresx.ashx in ...)
- TODO: check
+ NOT-FOR-US: Microsoft SharePoint
CVE-2012-1858 (The toStaticHTML API (aka the SafeHTML component) in Microsoft ...)
NOT-FOR-US: MicrosoftInternet Explorer, Communicator, Lync
CVE-2012-1857 (Cross-site scripting (XSS) vulnerability in the Enterprise Portal ...)
@@ -5047,7 +5041,7 @@
CVE-2012-1855 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not ...)
NOT-FOR-US: Microsoft .NET Framework
CVE-2012-1854 (Untrusted search path vulnerability in VBE6.dll in Microsoft Office ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2012-1853
RESERVED
CVE-2012-1852
@@ -5847,11 +5841,11 @@
CVE-2012-1525
RESERVED
CVE-2012-1524 (Microsoft Internet Explorer 9 does not properly handle objects in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1522 (Microsoft Internet Explorer 9 does not properly handle objects in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1521 (Use-after-free vulnerability in the XML parser in Google Chrome before ...)
- chromium-browser 18.0.1025.168~r134367-1
CVE-2012-1520
@@ -5915,7 +5909,7 @@
CVE-2012-1494
RESERVED
CVE-2012-1493 (F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP appliances
CVE-2012-1492
RESERVED
CVE-2012-1491
@@ -8702,7 +8696,7 @@
CVE-2012-0411
RESERVED
CVE-2012-0410 (Directory traversal vulnerability in WebAccess in Novell GroupWise ...)
- TODO: check
+ NOT-FOR-US: Groupwise
CVE-2012-0409 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before ...)
NOT-FOR-US: EMC
CVE-2012-0408
@@ -8933,13 +8927,13 @@
CVE-2012-0304 (Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions ...)
NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2012-0303 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Symantec Message Filter
CVE-2012-0302 (Cross-site scripting (XSS) vulnerability in Brightmail Control Center ...)
- TODO: check
+ NOT-FOR-US: Symantec Message Filter
CVE-2012-0301 (Session fixation vulnerability in Brightmail Control Center in ...)
- TODO: check
+ NOT-FOR-US: Symantec Message Filter
CVE-2012-0300 (Brightmail Control Center in Symantec Message Filter 6.3 does not ...)
- TODO: check
+ NOT-FOR-US: Symantec Message Filter
CVE-2012-0299 (The file-management scripts in the management GUI in Symantec Web ...)
NOT-FOR-US: Symantec Web Gateway
CVE-2012-0298 (The file-management scripts in the management GUI in Symantec Web ...)
@@ -9979,7 +9973,7 @@
CVE-2012-0176 (Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 ...)
NOT-FOR-US: Microsoft Silverlight
CVE-2012-0175 (The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2012-0174 (Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows ...)
NOT-FOR-US: Microsoft Windows
CVE-2012-0173 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)
More information about the Secure-testing-commits
mailing list