[Secure-testing-commits] r20449 - data/CVE

Tue Nov 6 06:56:21 UTC 2012

Author: jmm
Date: 2012-11-06 06:56:21 +0000 (Tue, 06 Nov 2012)
New Revision: 20449

Modified:
   data/CVE/list
Log:
tiff3 not affected by recent tiff issue
kfreebsd no-dsa
joomla ITP issue
NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-11-05 21:14:20 UTC (rev 20448)
+++ data/CVE/list	2012-11-06 06:56:21 UTC (rev 20449)
@@ -962,19 +962,23 @@
 	NOT-FOR-US: Mac OS X
 CVE-2012-5365
 	RESERVED
-	- kfreebsd-8 <unfixed> (bug #690986)
-	- kfreebsd-9 <unfixed>
+	- kfreebsd-8 <unfixed> (low; bug #690986)
+	- kfreebsd-9 <unfixed> (low)
 	[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
 	[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
+	[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
+	[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
 CVE-2012-5364
 	RESERVED
 	NOT-FOR-US: Microsoft Windows
 CVE-2012-5363
 	RESERVED
-	- kfreebsd-8 <unfixed> (bug #690986)
+	- kfreebsd-8 <unfixed> (low; bug #690986)
 	[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
 	[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
-	- kfreebsd-9 <unfixed>
+	[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
+	[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
+	- kfreebsd-9 <unfixed> (low)
 CVE-2012-5362
 	RESERVED
 	NOT-FOR-US: Microsoft Windows
@@ -3195,6 +3199,7 @@
 CVE-2012-4564 [ppm2tiff heap overflow]
 	RESERVED
 	- tiff <unfixed> (bug #692345)
+	- tiff3 <not-affected> (The tiff-tools package is only built from the tiff source package)
 CVE-2012-4563
 	RESERVED
 	- gwt <unfixed> (bug #691900)
@@ -3275,9 +3280,9 @@
 	{DSA-2563-1}
 	- viewvc 1.1.5-1.4 (low; bug #691062)
 CVE-2012-4532 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2012-4531 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 ...)
-	TODO: check
+	- joomla <itp> (bug #571794)
 CVE-2012-4530 [kernel: stack disclosure in binfmt_script load_script()]
 	RESERVED
 	- linux <unfixed>
@@ -5841,7 +5846,7 @@
 	- roundcube <not-affected> (only affects rc versions of 0.8)
 	NOTE: http://trac.roundcube.net/ticket/1488519
 CVE-2012-3506 (Unspecified vulnerability in the Apache Open For Business Project (aka ...)
-	TODO: check
+	NOT-FOR-US: OFBiz
 CVE-2012-3505 (tinyproxy before 1.8.3-3 allows remote attackers to cause a denial of ...)
 	{DSA-2564-1}
 	- tinyproxy 1.8.3-3 (bug #685281)
@@ -12094,6 +12099,7 @@
 	RESERVED
 CVE-2012-0959
 	RESERVED
+	NOT-FOR-US: Ubuntu remote login service
 CVE-2012-0958
 	RESERVED
 CVE-2012-0957 [kernel: uts: stack memory leak in UNAME26]
@@ -22361,10 +22367,14 @@
 CVE-2011-2394
 	RESERVED
 CVE-2011-2393 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
-	- kfreebsd-7 <removed>
-	- kfreebsd-8 <undetermined>
-	- kfreebsd-9 <unfixed> (bug #684072)
-	- kfreebsd-10 <undetermined>
+	- kfreebsd-7 <removed> (low)
+	- kfreebsd-8 <unfixed> (low)
+	[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
+	[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
+	- kfreebsd-9 <unfixed> (low; bug #684072)
+	[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
+	[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
+	- kfreebsd-10 <unfixed> (low)
 	NOTE: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt
 CVE-2011-2392
 	RESERVED


