[Secure-testing-commits] r20459 - data/CVE

Wed Nov 7 17:38:47 UTC 2012

Author: jmm
Date: 2012-11-07 17:38:46 +0000 (Wed, 07 Nov 2012)
New Revision: 20459

Modified:
   data/CVE/list
Log:
new kernel issue
yui3 not affected by recent yui issue
NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-11-07 07:35:51 UTC (rev 20458)
+++ data/CVE/list	2012-11-07 17:38:46 UTC (rev 20459)
@@ -81,55 +81,55 @@
 CVE-2012-5817 (Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools ...)
 	TODO: check
 CVE-2012-5816 (AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server ...)
-	TODO: check
+	NOT-FOR-US: AOL Instant Messenger
 CVE-2012-5815 (The Rackspace app 2.1.5 for iOS does not verify that the server ...)
 	NOT-FOR-US: Rackspace app for iOS
 CVE-2012-5814 (Weberknecht, as used in GitHub Gaug.es and other products, does not ...)
-	TODO: check
+	NOT-FOR-US: Weberknecht
 CVE-2012-5813 (The Android_Pusher library for Android does not verify that the server ...)
-	TODO: check
+	NOT-FOR-US: Android app/lib
 CVE-2012-5812 (The ACRA library for Android does not verify that the server hostname ...)
-	TODO: check
+	NOT-FOR-US: Android app/lib
 CVE-2012-5811 (The Breezy application for Android does not verify that the server ...)
-	TODO: check
+	NOT-FOR-US: Android app/lib
 CVE-2012-5810 (The Chase mobile banking application for Android does not verify that ...)
-	TODO: check
+	NOT-FOR-US: Android app/lib
 CVE-2012-5809 (The Groupon Redemptions application for Android does not verify that ...)
-	TODO: check
+	NOT-FOR-US: Android app/lib
 CVE-2012-5808 (The LinkPoint module in Zen Cart does not verify that the server ...)
-	TODO: check
+	NOT-FOR-US: Zen Cart module
 CVE-2012-5807 (The Authorize.Net eCheck module in Zen Cart does not verify that the ...)
-	TODO: check
+	NOT-FOR-US: Zen Cart module
 CVE-2012-5806 (The PayPal Payments Pro module in Zen Cart does not verify that the ...)
-	TODO: check
+	NOT-FOR-US: Zen Cart module
 CVE-2012-5805 (The PayPal IPN functionality in Zen Cart does not verify that the ...)
-	TODO: check
+	NOT-FOR-US: Zen Cart module
 CVE-2012-5804 (The CyberSource module in Ubercart does not verify that the server ...)
-	TODO: check
+	NOT-FOR-US: Ubercart module
 CVE-2012-5803 (The Authorize.Net module in Ubercart does not verify that the server ...)
-	TODO: check
+	NOT-FOR-US: Ubercart module
 CVE-2012-5802 (The PayPal module in Ubercart does not verify that the server hostname ...)
-	TODO: check
+	NOT-FOR-US: Ubercart module
 CVE-2012-5801 (The PayPal module in PrestaShop does not verify that the server ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2012-5800 (The eBay module in PrestaShop does not verify that the server hostname ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2012-5799 (The Canada Post (aka CanadaPost) module in PrestaShop does not verify ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2012-5798 (The PayPal Pro PayFlow EC module in osCommerce does not verify that ...)
-	TODO: check
+	NOT-FOR-US: osCommerce module
 CVE-2012-5797 (The PayPal Pro PayFlow module in osCommerce does not verify that the ...)
-	TODO: check
+	NOT-FOR-US: osCommerce module
 CVE-2012-5796 (The PayPal Pro module in osCommerce does not verify that the server ...)
-	TODO: check
+	NOT-FOR-US: osCommerce module
 CVE-2012-5795 (The PayPal Express module in osCommerce does not verify that the ...)
-	TODO: check
+	NOT-FOR-US: osCommerce module
 CVE-2012-5794 (The MoneyBookers module in osCommerce does not verify that the server ...)
-	TODO: check
+	NOT-FOR-US: osCommerce module
 CVE-2012-5793 (The Authorize.Net module in osCommerce does not verify that the server ...)
-	TODO: check
+	NOT-FOR-US: osCommerce module
 CVE-2012-5792 (The Sage Pay Direct module in osCommerce does not verify that the ...)
-	TODO: check
+	NOT-FOR-US: osCommerce module
 CVE-2012-5791 (PayPal Invoicing does not verify that the server hostname matches a ...)
 	TODO: check
 CVE-2012-5790 (PayPal Payments Standard PHP Library 20120427 does not verify that the ...)
@@ -815,6 +815,7 @@
 CVE-2012-5475 [YUI 2.x security issue regarding embedded SWF files]
 	RESERVED
 	- yui <unfixed> (bug #692434)
+	- yui3 <not-affected>
 	NOTE: http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/
 CVE-2012-5474
 	RESERVED
@@ -935,9 +936,9 @@
 CVE-2012-5418
 	RESERVED
 CVE-2012-5417 (Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-5416 (Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-5415
 	RESERVED
 CVE-2012-5414
@@ -1505,7 +1506,7 @@
 CVE-2012-5171
 	RESERVED
 CVE-2012-5170 (Open redirect vulnerability in Pebble before 2.6.4 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Pebble blog
 CVE-2012-5169 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: ATutor AContent
 CVE-2012-5168 (ATutor AContent before 1.2-1 allows remote attackers to modify ...)
@@ -3567,6 +3568,8 @@
 	- condor <not-affected> (This bug only affects the Aviary contrib module, which isn't built in the Debian condor package, #690556)
 CVE-2012-4461
 	RESERVED
+	- linux-2.6 <removed>
+	- linux <unfixed>
 CVE-2012-4460
 	RESERVED
 CVE-2012-4459
@@ -5388,11 +5391,11 @@
 CVE-2012-3751
 	RESERVED
 CVE-2012-3750 (The Passcode Lock implementation in Apple iOS before 6.0.1 does not ...)
-	TODO: check
+	NOT-FOR-US: iOS
 CVE-2012-3749 (The extensions APIs in the kernel in Apple iOS before 6.0.1 provide ...)
-	TODO: check
+	NOT-FOR-US: iOS
 CVE-2012-3748 (Race condition in WebKit in Apple iOS before 6.0.1 and Safari before ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3747 (WebKit, as used in Apple iOS before 6, allows remote attackers to ...)
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3746 (UIWebView in UIKit in Apple iOS before 6 does not properly use the ...)


