[Secure-testing-commits] r19533 - data/CVE

Helmut Grohne helmut-guest at alioth.debian.org
Tue Jun 19 07:27:50 UTC 2012 

Author: helmut-guest
Date: 2012-06-19 07:27:50 +0000 (Tue, 19 Jun 2012)
New Revision: 19533

Modified:
   data/CVE/list
Log:
marked chromium-browser PDF issues as not-affected
NFUs, rssowl <itp>, serendipity <undetermined>, chromium-browser <undetermined>

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-06-19 04:46:01 UTC (rev 19532)
+++ data/CVE/list	2012-06-19 07:27:50 UTC (rev 19533)
@@ -582,7 +582,8 @@
 	{DSA-2495-1}
 	- openconnect 3.18-1 (bug #677594)
 CVE-2012-3290 (Multiple unspecified vulnerabilities in Google Chrome before ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	NOTE: Seems to be device-specific.
 CVE-2012-3289 (VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, ...)
 	TODO: check
 CVE-2012-3288 (VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware ...)
@@ -1665,7 +1666,7 @@
 	NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html
 	NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfubof.c
 CVE-2012-2762 (SQL injection vulnerability in include/functions_trackbacks.inc.php in ...)
-	TODO: check
+	- serendipity <undetermined>
 CVE-2012-2761
 	RESERVED
 CVE-2012-2760
@@ -1995,7 +1996,7 @@
 CVE-2012-2631 (Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB ShoppingCart ...)
 	TODO: check
 CVE-2012-2630 (The Puella Magi Madoka Magica iP application 1.05 and earlier for ...)
-	TODO: check
+	NOT-FOR-US: Puella Magi Madoka Magica iP (Android application)
 CVE-2012-2629
 	RESERVED
 CVE-2012-2628
@@ -5360,17 +5361,17 @@
 CVE-2012-1256 (The single sign-on (SSO) implementation in EasyVista before ...)
 	NOT-FOR-US: EasyVista
 CVE-2012-1255 (SQL injection vulnerability in Segue 2.2.10.2 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: Segue (CMS)
 CVE-2012-1254 (Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Segue (CMS)
 CVE-2012-1253 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...)
 	- roundcube 0.7-1
 CVE-2012-1252 (Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows ...)
-	TODO: check
+	- rssowl <itp> (bug #346541)
 CVE-2012-1251 (Opera before 9.63 does not properly verify X.509 certificates from SSL ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2012-1250 (Logitec LAN-W300N/R routers with firmware before 2.27 do not properly ...)
-	TODO: check
+	NOT-FOR-US: Logitec LAN-W300N/R device
 CVE-2012-1249 (The iLunascape application 1.0.4.0 and earlier for Android does not ...)
 	NOT-FOR-US: iLunascape
 CVE-2012-1248 (app/config/core.php in baserCMS 1.6.15 and earlier does not properly ...)
@@ -6092,7 +6093,7 @@
 CVE-2012-0986
 	RESERVED
 CVE-2012-0985 (Multiple buffer overflows in the Wireless Manager ActiveX control ...)
-	TODO: check
+	NOT-FOR-US: Sony VAIO wireless LAN management ActiveX
 CVE-2012-0984
 	RESERVED
 CVE-2012-0983 (SQL injection vulnerability in Scriptsez.net Ez Album allows remote ...)
@@ -14483,15 +14484,15 @@
 CVE-2011-3115 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...)
 	- libv8 <unfixed>
 CVE-2011-3114 (Multiple buffer overflows in the PDF functionality in Google Chrome ...)
-	- chromium-browser <unfixed>
+	- chromium-browser <not-affected> (PDF functionality not built)
 CVE-2011-3113 (The PDF functionality in Google Chrome before 19.0.1084.52 does not ...)
-	- chromium-browser <unfixed>
+	- chromium-browser <not-affected> (PDF functionality not built)
 CVE-2011-3112 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...)
 	- chromium-browser <not-affected> (PDF functionality specific to Chrome)
 CVE-2011-3111 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...)
 	- libv8 <unfixed>
 CVE-2011-3110 (The PDF functionality in Google Chrome before 19.0.1084.52 allows ...)
-	- chromium-browser <unfixed>
+	- chromium-browser <not-affected> (PDF functionality not built)
 CVE-2011-3109 (Google Chrome before 19.0.1084.52 on Linux does not properly perform a ...)
 	- chromium-browser <unfixed>
 CVE-2011-3108 (Use-after-free vulnerability in Google Chrome before 19.0.1084.52 ...)
@@ -14519,7 +14520,7 @@
 CVE-2011-3098 (Google Chrome before 19.0.1084.46 on Windows uses an incorrect search ...)
 	- chromium-browser <not-affected> (Windows-specific)
 CVE-2011-3097 (The PDF functionality in Google Chrome before 19.0.1084.46 allows ...)
-	- chromium-browser <unfixed>
+	- chromium-browser <not-affected> (PDF functionality not built)
 CVE-2011-3096 (Use-after-free vulnerability in Google Chrome before 19.0.1084.46 on ...)
 	- chromium-browser <unfixed>
 CVE-2011-3095 (The OGG container in Google Chrome before 19.0.1084.46 allows remote ...)
@@ -14705,7 +14706,7 @@
 	- chromium-browser 17.0.963.56~r121963-1
 	- webkit <undetermined>
 CVE-2011-3015 (Multiple integer overflows in the PDF codecs in Google Chrome before ...)
-	- chromium-browser <unfixed>
+	- chromium-browser <not-affected> (PDF functionality not built)
 	- webkit <undetermined>
 CVE-2011-3014 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through ...)
 	NOT-FOR-US: Novell Data Synchronizer

More information about the Secure-testing-commits mailing list