[Secure-testing-commits] r19534 - data/CVE

Thijs Kinkhorst thijs at alioth.debian.org
Tue Jun 19 07:31:47 UTC 2012


Author: thijs
Date: 2012-06-19 07:31:47 +0000 (Tue, 19 Jun 2012)
New Revision: 19534

Modified:
   data/CVE/list
Log:
clarify affected status and meaning of fixed version


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-06-19 07:27:50 UTC (rev 19533)
+++ data/CVE/list	2012-06-19 07:31:47 UTC (rev 19534)
@@ -3371,6 +3371,8 @@
 	- mysql-5.5 5.5.24+dfsg-1
 	NOTE: https://www.secmaniac.com/blog/2012/06/11/massive-mysql-authentication-bypass-exploit/
 	NOTE: http://seclists.org/oss-sec/2012/q2/493
+	NOTE: Issue only triggered with specific optimisation in glibc enabled; no builds in Debian known to be affected.
+	NOTE: Fixed versions indicate application of upstream patch which prevents issue regardless of opt.settings.
 CVE-2012-2121 (The KVM implementation in the Linux kernel before 3.3.4 does not ...)
 	- linux-2.6 3.2.17-1
 CVE-2012-2120 (latex2man in texlive-extra-utils 2011.20120322, and possibly other ...)




More information about the Secure-testing-commits mailing list