[Secure-testing-commits] r19211 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri May 11 06:37:37 UTC 2012
Author: jmm
Date: 2012-05-11 06:37:36 +0000 (Fri, 11 May 2012)
New Revision: 19211
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
qpid-cpp issues fixed before initial upload to archive
no-dsa: krb5
fixed: krb5, drupal7, icedove
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-05-10 23:44:42 UTC (rev 19210)
+++ data/CVE/list 2012-05-11 06:37:36 UTC (rev 19211)
@@ -2281,16 +2281,16 @@
- libstruts1.2-java <not-affected> (Only applies to Struts 2, see bug #657870)
CVE-2012-1591
RESERVED
- - drupal7 <unfixed> (bug #671402)
+ - drupal7 7.14-1 (bug #671402)
CVE-2012-1590
RESERVED
- - drupal7 <unfixed> (bug #671402)
+ - drupal7 7.14-1 (bug #671402)
CVE-2012-1589
RESERVED
- - drupal7 <unfixed> (bug #671402)
+ - drupal7 7.14-1 (bug #671402)
CVE-2012-1588
RESERVED
- - drupal7 <unfixed> (bug #671402)
+ - drupal7 7.14-1 (bug #671402)
CVE-2012-1587
RESERVED
NOTE: To be rejected
@@ -3459,13 +3459,11 @@
{DSA-2466-1}
- ruby-actionpack-2.3 2.3.14-3 (bug #668607)
- rails 2.3.14
- [squeeze] - rails <unfixed>
NOTE: (code lives within ruby-actionpack in unstable)
CVE-2012-1098 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before ...)
- ruby-actionpack-2.3 <unfixed> (bug #668977)
- rails 2.3.14
NOTE: (code lives within ruby-actionpack in unstable)
- [squeeze] - rails <unfixed>
CVE-2012-1097
RESERVED
{DSA-2443-1}
@@ -3677,7 +3675,7 @@
RESERVED
CVE-2012-1012
RESERVED
- - krb5 <unfixed> (bug #670918)
+ - krb5 1.10.1+dfsg-1 (bug #670918)
[squeeze] - krb5 <not-affected> (vulnerable code not present)
NOTE: bug was introduced in krb5 1.10
CVE-2012-1011 (actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows ...)
@@ -4048,10 +4046,7 @@
CVE-2012-0862 [xinetd enables unintentional services over tcpmux port]
RESERVED
- xinetd <unfixed> (bug #672381)
- NOTE: Red Hat bug https://bugzilla.redhat.com/show_bug.cgi?id=790940
- NOTE: Red Hat proposed patch https://bugzilla.redhat.com/attachment.cgi?id=583311
- NOTE: http://seclists.org/oss-sec/2012/q2/283
- NOTE: http://osvdb.org/show/osvdb/81774
+ [squeeze] - xinetd <no-dsa> (Minor issue)
CVE-2012-0861
RESERVED
CVE-2012-0860
@@ -4995,14 +4990,14 @@
NOT-FOR-US: 3S CoDeSys
CVE-2012-0479 (Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, ...)
{DSA-2464-1 DSA-2458-1 DSA-2457-1}
- - icedove <unfixed>
+ - icedove 10.0.4-1
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
- iceape 2.7.4-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0478 (The texImage2D implementation in the WebGL subsystem in Mozilla ...)
- - icedove <unfixed>
+ - icedove 10.0.4-1
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
@@ -5010,7 +5005,7 @@
[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0477 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
{DSA-2464-1 DSA-2458-1 DSA-2457-1}
- - icedove <unfixed>
+ - icedove 10.0.4-1
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
@@ -5019,7 +5014,7 @@
CVE-2012-0476
RESERVED
CVE-2012-0475 (Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and ...)
- - icedove <unfixed> (low)
+ - icedove 10.0.4-1
[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
- iceweasel 12.0-1 (low)
[squeeze] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
@@ -5027,14 +5022,14 @@
[squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9
CVE-2012-0474 (Cross-site scripting (XSS) vulnerability in the docshell ...)
- - icedove <unfixed>
+ - icedove 10.0.4-1
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
- iceape 2.7.4-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0473 (The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x ...)
- - icedove <unfixed>
+ - icedove 10.0.4-1
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
@@ -5046,7 +5041,7 @@
- iceape <not-affected> (Windows-specific)
CVE-2012-0471 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x ...)
{DSA-2464-1 DSA-2458-1 DSA-2457-1}
- - icedove <unfixed>
+ - icedove 10.0.4-1
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
@@ -5054,14 +5049,14 @@
[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0470 (Heap-based buffer overflow in the ...)
{DSA-2464-1 DSA-2458-1 DSA-2457-1}
- - icedove <unfixed>
+ - icedove 10.0.4-1
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
- iceape 2.7.4-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0469 (Use-after-free vulnerability in the ...)
- - icedove <unfixed>
+ - icedove 10.0.4-1
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
@@ -5073,7 +5068,7 @@
- iceape <not-affected> (Only affects Firefox 11 and above)
CVE-2012-0467 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-2464-1 DSA-2458-1 DSA-2457-1}
- - icedove <unfixed>
+ - icedove 10.0.4-1
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
@@ -8863,6 +8858,7 @@
RESERVED
CVE-2011-4151 (The krb5_db2_lockout_audit function in the Key Distribution Center ...)
- krb5 1.10+dfsg~alpha1-1 (low; bug #646367)
+ [squeeze] - krb5 <no-dsa> (Minor issue)
[lenny] - krb5 <not-affected> (introduced in 1.8)
CVE-2010-4967 (SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 ...)
NOT-FOR-US: ATCOM Netvolution
@@ -12213,7 +12209,7 @@
- chromium-browser 18.0.1025.142~r129054-1
CVE-2011-3062 (Off-by-one error in the OpenType Sanitizer in Google Chrome before ...)
- chromium-browser 18.0.1025.142~r129054-1
- - icedove <unfixed>
+ - icedove 10.0.4-1
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
@@ -23655,15 +23651,12 @@
CVE-2009-5007 (The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows ...)
NOT-FOR-US: Cisco AnyConnect SSL VPN trial client
CVE-2009-5006 (The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in ...)
- - qpid-cpp <unfixed>
- TODO: check
+ - qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2009-5005 (The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache ...)
- - qpid-cpp <unfixed>
- TODO: check
+ - qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2009-5004
RESERVED
- - qpid-cpp <unfixed>
- TODO: check
+ - qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2010-3845
RESERVED
- libapache-authenhook-perl 2.00-04+pristine-2 (low; bug #599712)
@@ -25886,8 +25879,7 @@
- linux-2.6 2.6.32-25
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.30)
CVE-2010-3083 (sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat ...)
- - qpid-cpp <unfixed>
- TODO: check
+ - qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 ...)
- python-django 1.2.3-1 (low; bug #596205)
NOTE: http://www.djangoproject.com/weblog/2010/sep/08/security-release/
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2012-05-10 23:44:42 UTC (rev 19210)
+++ data/spu-candidates.txt 2012-05-11 06:37:36 UTC (rev 19211)
@@ -204,6 +204,12 @@
--
+krb5 (CVE-2011-4151)
+#646367
+
+
+--
+
libgssglue (CVE-2011-2709)
patch in bug #670256
@@ -440,6 +446,12 @@
--
+xinetd (CVE-2012-0862)
+https://bugzilla.redhat.com/show_bug.cgi?id=790940
+
+
+--
+
zendframework (CVE-2011-1939)
http://framework.zend.com/security/advisory/ZF2011-02
More information about the Secure-testing-commits
mailing list