[Secure-testing-commits] r19781 - data/CVE

Nico Golde nion at alioth.debian.org
Sun Jul 22 13:04:48 UTC 2012 

Author: nion
Date: 2012-07-22 13:04:48 +0000 (Sun, 22 Jul 2012)
New Revision: 19781

Modified:
   data/CVE/list
Log:
a couple of more fixes that havent been recorded yet

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-07-22 13:00:19 UTC (rev 19780)
+++ data/CVE/list	2012-07-22 13:04:48 UTC (rev 19781)
@@ -4479,7 +4479,7 @@
 	- linux-2.6 3.2.16-1
 CVE-2012-2122 (sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before ...)
 	{DSA-2496-1}
-	- mysql-5.1 <unfixed> (bug #677018)
+	- mysql-5.1 <removed> (bug #677018)
 	- mysql-5.5 5.5.24+dfsg-1
 	NOTE: https://www.secmaniac.com/blog/2012/06/11/massive-mysql-authentication-bypass-exploit/
 	NOTE: http://seclists.org/oss-sec/2012/q2/493
@@ -4512,7 +4512,7 @@
 	NOT-FOR-US: musl libc not in Debian
 CVE-2012-2113
 	RESERVED
-	- tiff <unfixed> (bug #678140)
+	- tiff 4.0.2-1 (bug #678140)
 CVE-2012-2112
 	RESERVED
 	{DSA-2455-1}
@@ -5389,10 +5389,10 @@
 	TODO: check
 CVE-2012-1757 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier ...)
 	- mysql-5.1 <not-affected> (Only affects 5.5)
-	- mysql-5.5 <unfixed> (bug #682210)
+	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
 CVE-2012-1756 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier ...)
 	- mysql-5.1 <not-affected> (Only affects 5.5)
-	- mysql-5.5 <unfixed> (bug #682210)
+	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
 CVE-2012-1755
 	RESERVED
 CVE-2012-1754 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...)
@@ -5435,10 +5435,10 @@
 	TODO: check
 CVE-2012-1735 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier ...)
 	- mysql-5.1 <not-affected> (Only affects 5.5)
-	- mysql-5.5 <unfixed> (bug #682210)
+	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
 CVE-2012-1734 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, ...)
 	- mysql-5.1 <removed> (bug #682212)
-	- mysql-5.5 <unfixed> (bug #682210)
+	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
 CVE-2012-1733 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
 	TODO: check
 CVE-2012-1732 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...)
@@ -5554,7 +5554,7 @@
 	- mysql-5.5 5.5.23-1
 CVE-2012-1689 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, ...)
 	- mysql-5.1 <removed> (bug #682212)
-	- mysql-5.5 <unfixed> (bug #682210)
+	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
 CVE-2012-1688 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
 	{DSA-2496-1}
 	- mysql-5.1 5.1.62-1 (bug #670636)
@@ -7652,7 +7652,7 @@
 	[squeeze] - apr <no-dsa> (exploitability in httpd extremely limited, not known to be exploitable in svn)
 	NOTE: Commit http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD@eris.apache.org%3E seems to cause regressions
 CVE-2012-0839 (OCaml 3.12.1 and earlier computes hash values without restricting the ...)
-	- ocaml <unfixed> (low; bug #659149)
+	- ocaml 4.00.0~beta2-1 (low; bug #659149)
 CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL ...)
 	- libstruts1.2-java <not-affected> (struts 2 issue)
 CVE-2012-0837
@@ -8345,7 +8345,7 @@
 	NOT-FOR-US: Oracle Financial Services Software
 CVE-2012-0540 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier ...)
 	- mysql-5.1 <removed> (bug #682212)
-	- mysql-5.5 <unfixed> (bug #682210)
+	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
 CVE-2012-0539 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows ...)
 	NOT-FOR-US: Oracle Sun Solaris
 CVE-2012-0538 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
@@ -23939,7 +23939,7 @@
 	- lbreakout2 <unfixed> (unimportant; bug #608980)
 	NOTE: sgid games is dropped before buffer overflow
 CVE-2011-XXXX [Crash with long GGI_DISPLAY environment variable]
-	- libggi <unfixed> (bug #608981)
+	- libggi <removed> (bug #608981)
 CVE-2011-0343 (Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on ...)
 	- syslog-ng 3.1.3-2 (bug #608491)
 	[lenny] - syslog-ng <not-affected> (2.0 not affected, also Freebsd-specific, which is not supported in Lenny anyway)

More information about the Secure-testing-commits mailing list