[Secure-testing-commits] r19425 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Jun 4 10:51:03 UTC 2012 

Author: jmm
Date: 2012-06-04 10:51:03 +0000 (Mon, 04 Jun 2012)
New Revision: 19425

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
krb5 no-dsa
fixup rails entry


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-06-04 07:34:06 UTC (rev 19424)
+++ data/CVE/list	2012-06-04 10:51:03 UTC (rev 19425)
@@ -901,6 +901,7 @@
 	RESERVED
 CVE-2012-2664
 	RESERVED
+	NOT-FOR-US: sosreport (Red Hat tool)
 CVE-2012-2663
 	RESERVED
 	- iptables <unfixed> (bug #675445)
@@ -908,15 +909,12 @@
 	RESERVED
 CVE-2012-2661
 	RESERVED
-	[squeeze] - ruby-activerecord <not-affected>
+	- rails <not-affected> (Doesn't affects RoR in Squeeze)
 	- ruby-activerecord-3.2 <unfixed> (bug #675396)
-	NOTE: Versions Affected: 3.0.0 and ALL later versions. Not affected: 2.3.14. Fixed Versions: 3.2.4, 3.1.5, 3.0.13
 	NOTE: http://seclists.org/oss-sec/2012/q2/448
 CVE-2012-2660
 	RESERVED
-	[squeeze] - ruby-activerecord <not-affected>
 	- ruby-activerecord-3.2 <unfixed> (bug #675429)
-	NOTE: Versions affected: all, fixed in versions 3.2.4, 3.1.5, 3.0.13
 	NOTE: http://seclists.org/oss-sec/2012/q2/449
 CVE-2012-2659
 	RESERVED
@@ -4994,7 +4992,8 @@
 	RESERVED
 CVE-2012-1013
 	RESERVED
-	- krb5 <unfixed>
+	- krb5 <unfixed> (low)
+	[squeeze] - krb5 <no-dsa> (Minor issue)
 	NOTE: DoS only triggered by clients with admin permissions
 CVE-2012-1012
 	RESERVED
@@ -5866,9 +5865,8 @@
 CVE-2012-0677
 	RESERVED
 CVE-2012-0676 (WebKit in Apple Safari before 5.1.7 does not properly track state ...)
-	- webkit <undetermined>
+	- webkit <unfixed>
 	NOTE: http://packetstormsecurity.sebug.net/files/download/112596/APPLE-SA-2012-05-09-2.txt
-	TODO: Check. Seems to be a general webkit issue instantiated for Apple.
 CVE-2012-0675 (Time Machine in Apple Mac OS X before 10.7.4 does not require ...)
 	NOT-FOR-US: Time Machine
 CVE-2012-0674 (Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the ...)
@@ -5876,9 +5874,8 @@
 CVE-2012-0673
 	RESERVED
 CVE-2012-0672 (WebKit in Apple iOS before 5.1.1 allows remote attackers to execute ...)
-	- webkit <undetermined>
+	- webkit <unfixed>
 	NOTE: http://dl.packetstormsecurity.net/1205-advisories/APPLE-SA-2012-05-09-2.txt
-	TODO: Check. Seems to be a general webkit issue instantiated for Apple.
 CVE-2012-0671 (Apple QuickTime before 7.7.2 allows remote attackers to execute ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2012-0670 (Integer overflow in Apple QuickTime before 7.7.2 allows remote ...)
@@ -10564,7 +10561,7 @@
 CVE-2011-4032
 	RESERVED
 CVE-2011-4031 (Integer underflow in the asfrtp_parse_packet function in ...)
-	- libav <undetermined> (bug #675767)
+	- libav <unfixed> (bug #675767)
 CVE-2011-4030 (The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and ...)
 	- plone3 <not-affected> (Only affects Plone 4.x)
 CVE-2011-4029

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2012-06-04 07:34:06 UTC (rev 19424)
+++ data/spu-candidates.txt	2012-06-04 10:51:03 UTC (rev 19425)
@@ -215,6 +215,9 @@
 krb5 (CVE-2011-4151)
 #646367
 
+krb5 (CVE-2012-1013)
+https://github.com/krb5/krb5/commit/c5be6209311d4a8f10fda37d0d3f876c1b33b77b
+http://krbdev.mit.edu/rt/Ticket/Display.html?id=7152
 
 --

More information about the Secure-testing-commits mailing list