[Secure-testing-commits] r19402 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Jun 1 08:45:59 UTC 2012 

Author: jmm
Date: 2012-06-01 08:45:59 +0000 (Fri, 01 Jun 2012)
New Revision: 19402

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
pastescript/gimp no-dsa
unixodbc non issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-06-01 08:23:41 UTC (rev 19401)
+++ data/CVE/list	2012-06-01 08:45:59 UTC (rev 19402)
@@ -696,7 +696,8 @@
 	RESERVED
 CVE-2012-2763
 	RESERVED
-	- gimp 2.8.0-1
+	- gimp 2.8.0-1 (low)
+	[squeeze] - gimp <no-dsa> (Only exploitable in rare setuos)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/05/31/1
 	NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html
 	NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfubof.c
@@ -919,10 +920,12 @@
 	RESERVED
 CVE-2012-2658
 	RESERVED
-	- unixodbc <unfixed> (bug #675058)
+	- unixodbc <unfixed> (unimportant; bug #675058)
+	NOTE: Only triggerable by trusted input, not a security issue
 CVE-2012-2657
 	RESERVED
-	- unixodbc <unfixed> (bug #675058)
+	- unixodbc <unfixed> (unimportant; bug #675058)
+	NOTE: Only triggerable by trusted input, not a security issue
 CVE-2012-2656
 	RESERVED
 CVE-2012-2655
@@ -5307,6 +5310,7 @@
 	- linux-2.6 2.6.33-1
 CVE-2012-0878 (Paste Script 1.7.5 and earlier does not properly set group memberships ...)
 	- pastescript 1.7.5-2 (low; bug #661061)
+	[squeeze] - pastescript <no-dsa> (Minor issue)
 	NOTE: https://groups.google.com/d/topic/paste-users/KqZRujMcJHE/discussion
 CVE-2012-0877
 	RESERVED

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2012-06-01 08:23:41 UTC (rev 19401)
+++ data/spu-candidates.txt	2012-06-01 08:45:59 UTC (rev 19402)
@@ -168,6 +168,12 @@
 
 --
 
+gimp (CVE-2012-2763)
+http://www.openwall.com/lists/oss-security/2012/05/31/1
+http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html
+
+--
+
 gnash (CVE-2011-4328)
 #649384
 
@@ -318,6 +324,13 @@
 
 --
 
+pastescript (CVE-2012-0878)
+#661061
+https://groups.google.com/d/topic/paste-users/KqZRujMcJHE/discussion
+
+
+--
+
 perl (CVE-2011-2728)
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2728
 http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77

More information about the Secure-testing-commits mailing list