[Secure-testing-commits] r19822 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Jul 30 12:38:50 UTC 2012 

Author: jmm
Date: 2012-07-30 12:38:50 +0000 (Mon, 30 Jul 2012)
New Revision: 19822

Modified:
   data/CVE/list
Log:
bind9 also not affected in sid
new php issue
php non-issue
NFUs
filed bug for zabbix



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-07-30 10:35:28 UTC (rev 19821)
+++ data/CVE/list	2012-07-30 12:38:50 UTC (rev 19822)
@@ -423,9 +423,8 @@
 CVE-2012-3869
 	RESERVED
 CVE-2012-3868 (Race condition in the ns_client structure management in ISC BIND 9.9.x ...)
-	TODO: check
 	NOTE: https://kb.isc.org/article/AA-00730
-	[squeeze] - bind9 <not-affected> (Vulnerable code not present)
+	- bind9 <not-affected> (Vulnerable code not present, only affects 9.9.x)
 CVE-2012-3867
 	RESERVED
 	{DSA-2511-1}
@@ -1325,7 +1324,7 @@
 	- openttd <unfixed> (low; bug #683258)
 CVE-2012-3435 [Zabbix SQL injection flaw]
 	RESERVED
-	TODO: check
+	- zabbix <unfixed> (bug #683273)
 	NOTE: http://seclists.org/oss-sec/2012/q3/127
 CVE-2012-3434 [WordPress plugin Count Per Day XSS (SSCHADV2012-015)]
 	RESERVED
@@ -1339,6 +1338,7 @@
 	NOTE: CVE assigment http://www.openwall.com/lists/oss-security/2012/07/27/1
 CVE-2012-3431
 	RESERVED
+	NOT-FOR-US: Teeid
 CVE-2012-3430 [kernel: recv{from,msg}() on an rds socket can leak kernel memory]
 	RESERVED
 	- linux <unfixed>
@@ -1574,11 +1574,13 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835849
 CVE-2012-3367
 	RESERVED
+	NOT-FOR-US: Red Hat Certificate System
 CVE-2012-3366 (The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers ...)
 	{DSA-2503-1}
 	- bcfg2 1.2.2-2 (bug #679272)
 CVE-2012-3365 (The SQLite functionality in PHP before 5.3.15 allows remote attackers ...)
-	TODO: check
+	- php5 <unfixed> (unimportant)
+	NOTE: open_basedir not supported
 CVE-2012-3364
 	RESERVED
 	- linux 3.2.23-1
@@ -3048,7 +3050,7 @@
 CVE-2012-2689
 	RESERVED
 CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function in the ...)
-	TODO: check
+	- php5 <unfixed> (low; bug #683274)
 CVE-2012-2687 [apache mod_negotiation XSS]
 	RESERVED
 	- apache2 2.2.22-8 (low)
@@ -3120,6 +3122,7 @@
 	- iptables <unfixed> (bug #675445)
 CVE-2012-2662
 	RESERVED
+	NOT-FOR-US: Red Hat Certificate System
 CVE-2012-2661 (The Active Record component in Ruby on Rails 3.0.x before 3.0.13, ...)
 	- rails <not-affected> (Doesn't affects RoR in Squeeze)
 	- ruby-activerecord-3.2 3.2.6-1 (bug #675396; bug #675429)

More information about the Secure-testing-commits mailing list