[Secure-testing-commits] r19250 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue May 15 10:02:50 UTC 2012
Author: jmm
Date: 2012-05-15 10:02:49 +0000 (Tue, 15 May 2012)
New Revision: 19250
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
no-dsa: pam-shield, libsoup2.4
new issues: spip, connman (should be removed)
fixed: gridengine, kernel
glassfish not-affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-05-15 09:15:00 UTC (rev 19249)
+++ data/CVE/list 2012-05-15 10:02:49 UTC (rev 19250)
@@ -1,3 +1,5 @@
+CVE-2012-XXXX [two XSS]
+ - spip 2.1.14-1 (low; bug #672961)
CVE-2012-1675 (The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, ...)
NOT-FOR-US: Oracle Database
CVE-2012-2623
@@ -692,7 +694,8 @@
- mahara 1.4.2-1
CVE-2012-2350 [pam_shield default configuration does not take any action]
RESERVED
- - pam-shield <unfixed> (medium; bug #658830)
+ - pam-shield <unfixed> (low; bug #658830)
+ [squeeze] - pam-shield <no-dsa> (Minor issue)
CVE-2012-2349
RESERVED
CVE-2012-2348
@@ -742,7 +745,7 @@
RESERVED
CVE-2012-2333 [OpenSSL invalid TLS/DTLS record attack]
RESERVED
- - openssl <unfixed> (bug #672452)
+ - openssl 1.0.1c-1 (bug #672452)
NOTE: http://seclists.org/oss-sec/2012/q2/299
NOTE: http://www.openssl.org/news/secadv_20120510.txt
CVE-2012-2332 [SQL injection in serendipity before 1.7.1]
@@ -780,13 +783,16 @@
RESERVED
CVE-2012-2322
RESERVED
+ - connman <unfixed> (bug #672989)
CVE-2012-2321
RESERVED
+ - connman <unfixed> (bug #672989)
CVE-2012-2320
RESERVED
+ - connman <unfixed> (bug #672989)
CVE-2012-2319
RESERVED
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 3.2.17-1 (low)
CVE-2012-2318 [Improper validation of incoming plaintext messages in MSN protocol plug-in]
RESERVED
- pidgin 2.10.4-1
@@ -1232,7 +1238,8 @@
- linux-2.6 <unfixed>
CVE-2012-2132 [libsoup 2.32.2 sets ssl trusted flag despite no verification]
RESERVED
- - libsoup2.4 <unfixed> (bug #672880)
+ - libsoup2.4 <unfixed> (low; bug #672880)
+ [squeeze] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=758431
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=817692
CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in ...)
@@ -1270,7 +1277,7 @@
RESERVED
CVE-2012-2121
RESERVED
- - linux-2.6 <unfixed>
+ - linux-2.6 3.2.17-1
CVE-2012-2120
RESERVED
- texlive-extra <unfixed> (low; bug #668779)
@@ -1346,7 +1353,7 @@
- nova 2012.1-2 (bug #670637)
CVE-2012-2100
RESERVED
- - linux-2.6 <unfixed>
+ - linux-2.6 3.2.2-1
NOTE: incomplete fix of CVE-2009-4307, introducing another issue:
NOTE: https://lkml.org/lkml/2012/2/20/422
CVE-2012-2099
@@ -2499,7 +2506,7 @@
CVE-2012-1601
RESERVED
{DSA-2469-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 3.2.17-1 (low)
CVE-2012-1600 [XSS from 5.0.4 release]
RESERVED
- phppgadmin 5.0.4-1
@@ -5037,9 +5044,9 @@
CVE-2012-0552 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
NOT-FOR-US: Oracle Database Server
CVE-2012-0551 (Unspecified vulnerability in the GlassFish Enterprise Server component ...)
- - glassfish <undetermined>
+ - glassfish <not-affected> (Debian only builds some core libs, not the full application stack)
CVE-2012-0550 (Unspecified vulnerability in the GlassFish Enterprise Server component ...)
- - glassfish <undetermined>
+ - glassfish <not-affected> (Debian only builds some core libs, not the full application stack)
CVE-2012-0549 (Unspecified vulnerability in the Oracle AutoVue Office component in ...)
NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-0548 (Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers ...)
@@ -6687,7 +6694,7 @@
[squeeze] - horde3 <not-affected> (Introduced in 3.3.12)
[lenny] - horde3 <not-affected> (Introduced in 3.3.12)
CVE-2012-0208 (Unspecified vulnerability in the Oracle Grid Engine component in ...)
- - gridengine <unfixed>
+ - gridengine 6.2u5-6
NOTE: http://www.securityfocus.com/bid/53123/info
NOTE: http://gridscheduler.sourceforge.net/security.html
CVE-2012-0207
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2012-05-15 09:15:00 UTC (rev 19249)
+++ data/spu-candidates.txt 2012-05-15 10:02:49 UTC (rev 19250)
@@ -222,6 +222,12 @@
--
+libsoup2.4 (CVE-2012-2132)
+#672880
+https://bugzilla.gnome.org/show_bug.cgi?id=666280
+
+--
+
libvirt (CVE-2011-4600)
http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=ae1232b298323dd7bef909426e2ebafa6bca9157
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4600
@@ -307,6 +313,11 @@
--
+pam-shield (CVE-2012-2350)
+#658830
+
+--
+
perl (CVE-2011-2728)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2728
http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77
More information about the Secure-testing-commits
mailing list