[Secure-testing-commits] r19767 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Jul 20 08:33:06 UTC 2012


Author: jmm
Date: 2012-07-20 08:33:05 +0000 (Fri, 20 Jul 2012)
New Revision: 19767

Modified:
   data/CVE/list
Log:
new issue in plupload (ITPed)
add bug for tiff, clone bug for the annoying duplication of source packages in Wheezy :-/


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-07-19 21:14:21 UTC (rev 19766)
+++ data/CVE/list	2012-07-20 08:33:05 UTC (rev 19767)
@@ -63,7 +63,7 @@
 CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var ...)
 	TODO: check
 CVE-2012-3999 (Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky ...)
-	TODO: check
+	NOT-FOR-US: Sticky Notes
 CVE-2012-3998 (Multiple SQL injection vulnerabilities in Sticky Notes before ...)
 	NOT-FOR-US: Sticky Notes
 CVE-2012-3997 (Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes ...)
@@ -1261,6 +1261,7 @@
 	RESERVED
 CVE-2012-3415
 	RESERVED
+	- plpupload <itp> (bug #668396)
 CVE-2012-3414 [libjs-swfupload]
 	RESERVED
 	- libjs-swfupload 2.2.0.1+ds1-2 (low; bug #681323)
@@ -1319,9 +1320,8 @@
 	RESERVED
 CVE-2012-3401 [tiff2pdf heap-based buffer overflow due to improper initialization of T2P context struct pointer]
 	RESERVED
-	- libtiff-tools <unfixed>
-	TODO: Check if Debian is affected
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/19/1
+	- tiff <unfixed> (bug #682115)
+	- tiff3 <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=837577
 CVE-2012-3400
 	RESERVED




More information about the Secure-testing-commits mailing list