[Secure-testing-commits] r19250 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue May 15 10:02:50 UTC 2012 

Author: jmm
Date: 2012-05-15 10:02:49 +0000 (Tue, 15 May 2012)
New Revision: 19250

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
no-dsa: pam-shield, libsoup2.4
new issues: spip, connman (should be removed)
fixed: gridengine, kernel
glassfish not-affected


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-05-15 09:15:00 UTC (rev 19249)
+++ data/CVE/list	2012-05-15 10:02:49 UTC (rev 19250)
@@ -1,3 +1,5 @@
+CVE-2012-XXXX [two XSS]
+	- spip 2.1.14-1 (low; bug #672961)
 CVE-2012-1675 (The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, ...)
 	NOT-FOR-US: Oracle Database
 CVE-2012-2623
@@ -692,7 +694,8 @@
 	- mahara 1.4.2-1
 CVE-2012-2350 [pam_shield default configuration does not take any action]
 	RESERVED
-	- pam-shield <unfixed> (medium; bug #658830)
+	- pam-shield <unfixed> (low; bug #658830)
+	[squeeze] - pam-shield <no-dsa> (Minor issue)
 CVE-2012-2349
 	RESERVED
 CVE-2012-2348
@@ -742,7 +745,7 @@
 	RESERVED
 CVE-2012-2333 [OpenSSL invalid TLS/DTLS record attack]
 	RESERVED
-	- openssl <unfixed> (bug #672452)
+	- openssl 1.0.1c-1 (bug #672452)
 	NOTE: http://seclists.org/oss-sec/2012/q2/299
 	NOTE: http://www.openssl.org/news/secadv_20120510.txt
 CVE-2012-2332 [SQL injection in serendipity before 1.7.1]
@@ -780,13 +783,16 @@
 	RESERVED
 CVE-2012-2322
 	RESERVED
+	- connman <unfixed> (bug #672989)
 CVE-2012-2321
 	RESERVED
+	- connman <unfixed> (bug #672989)
 CVE-2012-2320
 	RESERVED
+	- connman <unfixed> (bug #672989)
 CVE-2012-2319
 	RESERVED
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 3.2.17-1 (low)
 CVE-2012-2318 [Improper validation of incoming plaintext messages in MSN protocol plug-in]
 	RESERVED
 	- pidgin 2.10.4-1
@@ -1232,7 +1238,8 @@
 	- linux-2.6 <unfixed>
 CVE-2012-2132 [libsoup 2.32.2 sets ssl trusted flag despite no verification]
 	RESERVED
-	- libsoup2.4 <unfixed> (bug #672880)
+	- libsoup2.4 <unfixed> (low; bug #672880)
+	[squeeze] - libsoup2.4 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=758431
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=817692
 CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in ...)
@@ -1270,7 +1277,7 @@
 	RESERVED
 CVE-2012-2121
 	RESERVED
-	- linux-2.6 <unfixed>
+	- linux-2.6 3.2.17-1
 CVE-2012-2120
 	RESERVED
 	- texlive-extra <unfixed> (low; bug #668779)
@@ -1346,7 +1353,7 @@
 	- nova 2012.1-2 (bug #670637)
 CVE-2012-2100
 	RESERVED
-	- linux-2.6 <unfixed>
+	- linux-2.6 3.2.2-1
 	NOTE: incomplete fix of CVE-2009-4307, introducing another issue:
 	NOTE: https://lkml.org/lkml/2012/2/20/422
 CVE-2012-2099
@@ -2499,7 +2506,7 @@
 CVE-2012-1601
 	RESERVED
 	{DSA-2469-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 3.2.17-1 (low)
 CVE-2012-1600 [XSS from 5.0.4 release]
 	RESERVED
 	- phppgadmin 5.0.4-1
@@ -5037,9 +5044,9 @@
 CVE-2012-0552 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
 	NOT-FOR-US: Oracle Database Server
 CVE-2012-0551 (Unspecified vulnerability in the GlassFish Enterprise Server component ...)
-	- glassfish <undetermined>
+	- glassfish <not-affected> (Debian only builds some core libs, not the full application stack)
 CVE-2012-0550 (Unspecified vulnerability in the GlassFish Enterprise Server component ...)
-	- glassfish <undetermined>
+	- glassfish <not-affected> (Debian only builds some core libs, not the full application stack)
 CVE-2012-0549 (Unspecified vulnerability in the Oracle AutoVue Office component in ...)
 	NOT-FOR-US: Oracle Supply Chain Products Suite
 CVE-2012-0548 (Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers ...)
@@ -6687,7 +6694,7 @@
 	[squeeze] - horde3 <not-affected> (Introduced in 3.3.12)
 	[lenny] - horde3 <not-affected> (Introduced in 3.3.12)
 CVE-2012-0208 (Unspecified vulnerability in the Oracle Grid Engine component in ...)
-	- gridengine <unfixed>
+	- gridengine 6.2u5-6
 	NOTE: http://www.securityfocus.com/bid/53123/info
 	NOTE: http://gridscheduler.sourceforge.net/security.html
 CVE-2012-0207

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2012-05-15 09:15:00 UTC (rev 19249)
+++ data/spu-candidates.txt	2012-05-15 10:02:49 UTC (rev 19250)
@@ -222,6 +222,12 @@
 
 --
 
+libsoup2.4 (CVE-2012-2132)
+#672880
+https://bugzilla.gnome.org/show_bug.cgi?id=666280
+
+--
+
 libvirt (CVE-2011-4600)
 http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=ae1232b298323dd7bef909426e2ebafa6bca9157
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4600
@@ -307,6 +313,11 @@
 
 --
 
+pam-shield (CVE-2012-2350)
+#658830
+
+--
+
 perl (CVE-2011-2728)
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2728
 http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77

More information about the Secure-testing-commits mailing list