[Secure-testing-commits] r20454 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Nov 6 11:04:24 UTC 2012
Author: jmm
Date: 2012-11-06 11:04:24 +0000 (Tue, 06 Nov 2012)
New Revision: 20454
Modified:
data/CVE/list
Log:
new commons-httpclient issue
new lynx issue (no-dsa)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-11-06 10:46:31 UTC (rev 20453)
+++ data/CVE/list 2012-11-06 11:04:24 UTC (rev 20454)
@@ -7,7 +7,9 @@
CVE-2012-5822 (The contribution feature in Zamboni does not verify that the server ...)
TODO: check
CVE-2012-5821 (Lynx does not verify that the server's certificate is signed by a ...)
- TODO: check
+ - lynx-cur <unfixed> (low; bug #692443)
+ [squeeze] - lynx-cur <no-dsa> (Minor issue)
+ [wheezy] - lynx-cur <no-dsa> (Minor issue)
CVE-2012-5820 (The developer-account sample code in Google AdMob does not verify that ...)
TODO: check
CVE-2012-5819 (FilesAnywhere does not verify that the server hostname matches a ...)
@@ -83,7 +85,7 @@
CVE-2012-5784 (Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal ...)
TODO: check
CVE-2012-5783 (Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments ...)
- TODO: check
+ - commons-httpclient <unfixed> (bug #692442)
CVE-2012-5782 (Amazon Flexible Payments Service (FPS) PHP Library does not verify ...)
TODO: check
CVE-2012-5781 (Amazon Elastic Load Balancing API Tools does not verify that the ...)
@@ -3573,7 +3575,6 @@
CVE-2012-4433 [gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers]
RESERVED
- gegl <unfixed> (bug #692435)
- TODO: check
NOTE: http://seclists.org/oss-sec/2012/q4/215
CVE-2012-4432 (Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x ...)
- optipng <not-affected> (Introduced in 0.7, bug #687998)
More information about the Secure-testing-commits
mailing list