[Secure-testing-commits] r19772 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Jul 20 12:10:50 UTC 2012 

Author: jmm
Date: 2012-07-20 12:10:50 +0000 (Fri, 20 Jul 2012)
New Revision: 19772

Modified:
   data/CVE/list
Log:
mysql-5.1 bugnum
mark dubious mysql issue as <undetermined>
new ecryptfs-utils issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-07-20 11:01:28 UTC (rev 19771)
+++ data/CVE/list	2012-07-20 12:10:50 UTC (rev 19772)
@@ -1283,6 +1283,7 @@
 	[squeeze] - bash <no-dsa> (Minor issue)
 CVE-2012-3409
 	RESERVED
+	- ecryptfs-utils <unfixed>
 CVE-2012-3408 [Puppet allows agents with certnames of IP addresses to be impersonated]
 	RESERVED
 	- puppet <unfixed> (low)
@@ -5460,7 +5461,7 @@
 	- mysql-5.5 <unfixed> (bug #682210)
 CVE-2012-1734
 	RESERVED
-	- mysql-5.1 <removed>
+	- mysql-5.1 <removed> (bug #682212)
 	- mysql-5.5 <unfixed> (bug #682210)
 CVE-2012-1733
 	RESERVED
@@ -5577,8 +5578,8 @@
 	- mysql-5.5 5.5.23-1
 CVE-2012-1689
 	RESERVED
-	- mysql-5.1 <removed>
-	- mysql-5.5 <unfixed>  (bug #682210)
+	- mysql-5.1 <removed> (bug #682212)
+	- mysql-5.5 <unfixed> (bug #682210)
 CVE-2012-1688 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
 	{DSA-2496-1}
 	- mysql-5.1 5.1.62-1 (bug #670636)
@@ -6856,7 +6857,6 @@
 	NOTE: memory leak
 CVE-2012-1147 (readfilemap.c in expat before 2.1.0 allows context-dependent attackers ...)
 	- expat <not-affected> (readfilemap.c is not used in *IX)
-	NOTE: resource leak
 CVE-2012-1146 (The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in ...)
 	- linux-2.6 3.2.10-1 (low)
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -7521,9 +7521,9 @@
 	- apache2 <not-affected> (LD_LIBRARY_PATH not set in debian package)
 CVE-2012-0882
 	RESERVED
-	- mysql-5.1 <unfixed> (bug #675872)
+	- mysql-5.1 <undetermined> (bug #675872)
 	NOTE: limited information about issue, only a video of exploit taking place
-	NOTE: see redhat link
+	NOTE: This is likely fixed in current releases (5.1.62 updated yassl), marking as <undetermined> for now
 CVE-2012-0881
 	RESERVED
 CVE-2012-0880
@@ -8384,7 +8384,7 @@
 	NOT-FOR-US: Oracle Financial Services Software
 CVE-2012-0540
 	RESERVED
-	- mysql-5.1 <removed>
+	- mysql-5.1 <removed> (bug #682212)
 	- mysql-5.5 <unfixed> (bug #682210)
 CVE-2012-0539 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows ...)
 	NOT-FOR-US: Oracle Sun Solaris

More information about the Secure-testing-commits mailing list