[Secure-testing-commits] r19195 - in data: . CVE

Thu May 10 07:39:49 UTC 2012

Author: jmm
Date: 2012-05-10 07:39:48 +0000 (Thu, 10 May 2012)
New Revision: 19195

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
triage stable status:
  glassfish not-affected
  no-dsa: ecrypts-utils, flightgear, bugzilla
  one kernel issue not in stable


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-05-10 05:13:48 UTC (rev 19194)
+++ data/CVE/list	2012-05-10 07:39:48 UTC (rev 19195)
@@ -1118,6 +1118,7 @@
 CVE-2012-2091 [flightgear crafted rotor name buffer overflow]
 	RESERVED
 	- flightgear <unfixed>
+	[squeeze] - flightgear <no-dsa> (Minor issue)
 CVE-2012-2090
 	RESERVED
 	- simgear <unfixed> (low; bug #669024)
@@ -4209,6 +4210,7 @@
 CVE-2012-0810
 	RESERVED
 	- linux-2.6 <unfixed>
+	[squeeze] - linux-2.6 <not-affected> (rt patchset not yet present)
 CVE-2012-0809 (Format string vulnerability in the sudo_debug function in Sudo 1.8.0 ...)
 	- sudo 1.8.3p2-1 (bug #657985)
 	[squeeze] - sudo <not-affected> (Vulnerable code not present)
@@ -5171,6 +5173,7 @@
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2012-0448 (Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, ...)
 	- bugzilla <removed> (low)
+	[squeeze] - bugzilla <no-dsa> (Minor issue)
 CVE-2012-0447 (Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and ...)
 	- icedove <unfixed>
 	- xulrunner <not-affected> (Only affects Firefox >= 4)
@@ -5223,6 +5226,7 @@
 	RESERVED
 CVE-2012-0440 (Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in ...)
 	- bugzilla <removed> (low)
+	[squeeze] - bugzilla <no-dsa> (Minor issue)
 CVE-2012-0439
 	RESERVED
 CVE-2012-0438
@@ -5701,7 +5705,7 @@
 	- openjdk-7 7~u3-2.1-1
 	- sun-java6 <removed>
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
-	- glassfish <unfixed> (bug #653964)
+	- glassfish <not-affected> (Debian only builds some core libs, not the full application stack)
 CVE-2011-5034 (Apache Geronimo 2.2.1 and earlier computes hash values for form ...)
 	TODO: check
 	NOTE: It's not clear if this issue is in Geronimo itself,
@@ -15794,6 +15798,7 @@
 	RESERVED
 	{DSA-2443-1}
 	- ecryptfs-utils 92-1
+	[squeeze] - ecryptfs-utils <no-dsa> (Minor issue)
 	- linux-2.6 3.1.1-1
 	NOTE: cannot be fixed in ecryptfs-utils (squeeze, lenny) until kernel fix is in place
 CVE-2011-1832

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2012-05-10 05:13:48 UTC (rev 19194)
+++ data/spu-candidates.txt	2012-05-10 07:39:48 UTC (rev 19195)
@@ -42,9 +42,11 @@
 
 --
 
-bugzilla (CVE-2012-0465, CVE-2012-0466)
+bugzilla (CVE-2012-0440, CVE-2012-0448, CVE-2012-0465, CVE-2012-0466)
 https://bugzilla.mozilla.org/show_bug.cgi?id=728639
 https://bugzilla.mozilla.org/show_bug.cgi?id=745397
+https://bugzilla.mozilla.org/show_bug.cgi?id=714472
+https://bugzilla.mozilla.org/show_bug.cgi?id=718319
 
 --
 
@@ -77,6 +79,10 @@
 
 --
 
+ecryptfs-utils (CVE-2011-1833)
+
+--
+
 elixir (CVE-2012-2146)
 #670919
 
@@ -125,6 +131,11 @@
 
 --
 
+flightgear (CVE-2012-2090, CVE-2012-2091)
+#669024
+
+--
+
 fuse (CVE-2010-3879 
 #602333
 
@@ -439,6 +450,11 @@
 
 --
 
+xorg (CVE-2012-1093)
+#661627
+
+--
+
 nss (CVE-2011-XXXX)
 https://bugzilla.mozilla.org/show_bug.cgi?id=641052
 


