[Secure-testing-commits] r19445 - data/CVE

Thu Jun 7 07:33:22 UTC 2012

Author: jmm
Date: 2012-06-07 07:33:22 +0000 (Thu, 07 Jun 2012)
New Revision: 19445

Modified:
   data/CVE/list
Log:
new nova issue
nut fixed
one chromium issue not-affected
NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-06-06 21:14:35 UTC (rev 19444)
+++ data/CVE/list	2012-06-07 07:33:22 UTC (rev 19445)
@@ -334,7 +334,7 @@
 	RESERVED
 CVE-2012-2944 (Buffer overflow in the addchar function in common/parseconf.c in upsd ...)
 	{DSA-2484-1}
-	- nut <unfixed>
+	- nut 2.6.4-1
 	NOTE: https://alioth.debian.org/tracker/index.php?func=detail&aid=313636&group_id=30602&atid=411542
 CVE-2012-2943 (CRLF injection vulnerability in cryptographp.inc.php in Cryptographp ...)
 	NOT-FOR-US: Cryptographp
@@ -717,7 +717,7 @@
 	RESERVED
 	- libapache2-mod-auth-openid 0.7-0.1 (bug #674165)
 CVE-2012-2759 (Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2012-2758
 	RESERVED
 CVE-2012-2757
@@ -731,7 +731,7 @@
 CVE-2012-2753
 	RESERVED
 CVE-2012-2752 (Untrusted search path vulnerability in VMware vMA 4.x and 5.x before ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2012-2751
 	RESERVED
 CVE-2012-2750
@@ -953,6 +953,7 @@
 	- postgresql-8.4 8.4.12-1
 CVE-2012-2654
 	RESERVED
+	- nova <unfixed> (bug #676465)
 CVE-2012-2653
 	RESERVED
 	{DSA-2481-1}
@@ -1414,13 +1415,13 @@
 CVE-2012-2430
 	RESERVED
 CVE-2012-2429 (The server in xArrow before 3.4.1 performs an invalid read operation, ...)
-	TODO: check
+	NOT-FOR-US: xArrow
 CVE-2012-2428 (Integer overflow in the server in xArrow before 3.4.1 allows remote ...)
-	TODO: check
+	NOT-FOR-US: xArrow
 CVE-2012-2427 (Heap-based buffer overflow in the server in xArrow before 3.4.1 allows ...)
-	TODO: check
+	NOT-FOR-US: xArrow
 CVE-2012-2426 (The server in xArrow before 3.4.1 does not properly allocate memory, ...)
-	TODO: check
+	NOT-FOR-US: xArrow
 CVE-2012-2425 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...)
 	NOT-FOR-US: Intuit
 CVE-2012-2424 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...)
@@ -6626,7 +6627,7 @@
 CVE-2012-0410
 	RESERVED
 CVE-2012-0409 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2012-0408
 	RESERVED
 CVE-2012-0407 (Integer overflow in the DPA_Utilities library in EMC Data Protection ...)
@@ -9384,6 +9385,7 @@
 	RESERVED
 CVE-2011-4409
 	RESERVED
+	NOT-FOR-US: Ubuntu One
 CVE-2011-4408
 	RESERVED
 CVE-2011-4407 [apt-add-repository does not perform ssl verification where it *needs* to]
@@ -13463,7 +13465,7 @@
 CVE-2011-3113 (The PDF functionality in Google Chrome before 19.0.1084.52 does not ...)
 	- chromium-browser <unfixed>
 CVE-2011-3112 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...)
-	TODO: check
+	- chromium-browser <not-affected> (PDF functionality specific to Chrome)
 CVE-2011-3111 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...)
 	- libv8 <unfixed>
 CVE-2011-3110 (The PDF functionality in Google Chrome before 19.0.1084.52 allows ...)
@@ -14040,7 +14042,6 @@
 	- rails 2.3.14	
 CVE-2011-2929 (The template selection functionality in ...)
 	- rails <not-affected> (Only affects RoR 3.0 and above)
-	TODO: recheck when rails > 3.0 gets uploaded
 CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux ...)
 	{DSA-2310-1 DSA-2303-1}
 	- linux-2.6 3.0.0-2
@@ -14375,7 +14376,6 @@
 CVE-2011-2833 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
 	- chromium-browser <undetermined>
 	- webkit <undetermined>
-	TODO: check iOS
 CVE-2011-2832
 	RESERVED
 CVE-2011-2831 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
@@ -15332,7 +15332,6 @@
 	- openjdk-6 6b21~pre1-1
 	- icedtea-web <unfixed>
 	NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
-	TODO: check
 CVE-2011-2512 [qemu-kvm: OOB memory access caused by negative vq notifies]
 	RESERVED
 	{DSA-2270-1}


