[Secure-testing-commits] r19589 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Jun 25 11:39:43 UTC 2012 

Author: jmm
Date: 2012-06-25 11:39:43 +0000 (Mon, 25 Jun 2012)
New Revision: 19589

Modified:
   data/CVE/list
Log:
imp4, horde3, gridengine, boost fixed
new apt issue
NFUs 


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-06-25 07:54:21 UTC (rev 19588)
+++ data/CVE/list	2012-06-25 11:39:43 UTC (rev 19589)
@@ -1,9 +1,9 @@
 CVE-2012-XXXX [extplorer CSRF]
 	- extplorer 2.1.0b6+dfsg.3-3
 CVE-2012-3791 (Multiple SQL injection vulnerabilities in Simple Web Content ...)
-	TODO: check
+	NOT-FOR-US: Simple Web Content Management System
 CVE-2012-3790 (Cross-site scripting (XSS) vulnerability in index.php in Adiscon ...)
-	TODO: check
+	NOT-FOR-US: Adiscon LogAnalyzer 
 CVE-2011-5095 (The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when ...)
 	TODO: check
 CVE-2012-3789
@@ -409,9 +409,9 @@
 CVE-2012-3589
 	RESERVED
 CVE-2012-3588 (Directory traversal vulnerability in preview.php in the Plugin ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2012-3587 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the ...)
-	TODO: check
+	- apt <unfixed>
 CVE-2012-3586
 	RESERVED
 CVE-2012-3585
@@ -431,15 +431,15 @@
 CVE-2012-XXXX [at-spi2-atk insecure tmp]
 	- at-spi2-atk <unfixed> (bug #678026)
 CVE-2012-3578 (Unrestricted file upload vulnerability in html/Upload.php in the ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2012-3577 (Unrestricted file upload vulnerability in doupload.php in the Nmedia ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2012-3576 (Unrestricted file upload vulnerability in php/upload.php in the ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2012-3575 (Unrestricted file upload vulnerability in uploader.php in the RBX ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2012-3574 (Unrestricted file upload vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2012-3573
 	RESERVED
 CVE-2012-3572
@@ -1472,7 +1472,7 @@
 CVE-2012-3064
 	RESERVED
 CVE-2012-3063 (Cisco Application Control Engine (ACE) before A4(2.3) and A5 before ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-3062
 	RESERVED
 CVE-2012-3061
@@ -1482,7 +1482,7 @@
 CVE-2012-3059
 	RESERVED
 CVE-2012-3058 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-3057
 	RESERVED
 CVE-2012-3056
@@ -1586,7 +1586,7 @@
 CVE-2012-3007
 	RESERVED
 CVE-2012-3006 (The Innominate mGuard Smart HW before HW-101130 and BD before ...)
-	TODO: check
+	NOT-FOR-US: Innominate mGuard Smart
 CVE-2012-3005
 	RESERVED
 CVE-2012-3004
@@ -2117,7 +2117,7 @@
 CVE-2012-2754
 	RESERVED
 CVE-2012-2753 (Untrusted search path vulnerability in TrGUI.exe in the Endpoint ...)
-	TODO: check
+	NOT-FOR-US: Endpoint Connect
 CVE-2012-2752 (Untrusted search path vulnerability in VMware vMA 4.x and 5.x before ...)
 	NOT-FOR-US: VMware
 CVE-2012-2751
@@ -2213,11 +2213,11 @@
 CVE-2012-2719
 	RESERVED
 CVE-2012-2718 (SQL injection vulnerability in the Counter module for Drupal allows ...)
-	TODO: check
+	NOT-FOR-US: Drupal module
 CVE-2012-2717
 	RESERVED
 CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment ...)
-	TODO: check
+	NOT-FOR-US: Drupal module
 CVE-2012-2715
 	RESERVED
 CVE-2012-2714
@@ -2314,7 +2314,7 @@
 CVE-2012-2677
 	RESERVED
 	- boost1.42 <removed>
-	- boost1.49 <unfixed> (bug #677197)
+	- boost1.49 1.49.0-3.1 (bug #677197)
 CVE-2012-2676
 	RESERVED
 	NOT-FOR-US: Hoard memory allocator
@@ -2429,11 +2429,11 @@
 CVE-2012-2639
 	RESERVED
 CVE-2012-2638 (Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT ...)
-	TODO: check
+	NOT-FOR-US: SmallPICT
 CVE-2012-2637 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 ...)
-	TODO: check
+	NOT-FOR-US: KENT-WEB WEB PATIO
 CVE-2012-2636 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 ...)
-	TODO: check
+	NOT-FOR-US: KENT-WEB WEB PATIO
 CVE-2012-2635 (The Dolphin Browser HD application before 7.6 and Dolphin for Pad ...)
 	NOT-FOR-US: Dolphin
 CVE-2012-2634 (Cross-site scripting (XSS) vulnerability in FeedDemon before 4.0, when ...)
@@ -6737,7 +6737,7 @@
 CVE-2012-0910
 	RESERVED
 CVE-2012-0909 (Cross-site scripting (XSS) vulnerability in Horde_Form in Horde ...)
-	- horde3 <unfixed>
+	- horde3 3.3.12+debian0-2.2
 	[squeeze] - horde3 <unfixed>
 CVE-2012-0907 (Directory traversal vulnerability in the web player in NeoAxis NeoAxis ...)
 	NOT-FOR-US: NeoAxis NeoAxis web player
@@ -7090,7 +7090,7 @@
 	- moodle 1.9.9.dfsg2-5
 CVE-2012-0791 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP ...)
 	{DSA-2485-1}
-	- imp4 <unfixed> (bug #659392)
+	- imp4 4.3.10+debian0-1.1 (bug #659392)
 CVE-2012-0790 (Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping ...)
 	- smokeping 2.6.7-1 (bug #659899)
 CVE-2012-0789 (Memory leak in the timezone functionality in PHP before 5.3.9 allows ...)
@@ -7668,7 +7668,7 @@
 CVE-2012-0524 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
 	NOT-FOR-US: Oracle PeopleSoft Products
 CVE-2012-0523 (Unspecified vulnerability in the Oracle Grid Engine component in ...)
-	- gridengine <unfixed>
+	- gridengine 6.2u5-7.1
 	NOTE: http://www.securityfocus.com/bid/53132
 	NOTE: http://gridscheduler.sourceforge.net/security.html
 CVE-2012-0522 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)

More information about the Secure-testing-commits mailing list