[Secure-testing-commits] r20464 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Nov 8 07:32:23 UTC 2012


Author: jmm
Date: 2012-11-08 07:32:23 +0000 (Thu, 08 Nov 2012)
New Revision: 20464

Modified:
   data/CVE/list
Log:
new glance issue
new trousers issue
new axis issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-11-08 03:15:05 UTC (rev 20463)
+++ data/CVE/list	2012-11-08 07:32:23 UTC (rev 20464)
@@ -49,7 +49,7 @@
 CVE-2011-5242 (tmhOAuth before 0.61 does not verify that the server hostname matches ...)
 	TODO: check
 CVE-2011-5241 (Services_Twitter 0.6.3 does not verify that the server hostname ...)
-	TODO: check
+	NOT-FOR-US: PEAR module for Twitter
 CVE-2011-5240 (Magento 1.5 and 1.6.2 does not verify that the server hostname matches ...)
 	TODO: check
 CVE-2011-5239 (CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname ...)
@@ -141,11 +141,11 @@
 CVE-2012-5787 (The PayPal merchant SDK does not verify that the server hostname ...)
 	TODO: check
 CVE-2012-5786 (The wsdl_first_https sample code in ...)
-	TODO: check
+	NOT-FOR-US: Apache CXF
 CVE-2012-5785 (Apache Axis2/Java 1.6.2 and earlier does not verify that the server ...)
 	TODO: check
 CVE-2012-5784 (Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal ...)
-	TODO: check
+	- axis <unfixed> (bug #692650)
 CVE-2012-5783 (Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments ...)
 	- commons-httpclient <unfixed> (bug #692442)
 CVE-2012-5782 (Amazon Flexible Payments Service (FPS) PHP Library does not verify ...)
@@ -3238,6 +3238,7 @@
 	RESERVED
 CVE-2012-4573
 	RESERVED
+	- glance <unfixed> (bug #692641)
 CVE-2012-4572
 	RESERVED
 CVE-2012-4571 [python-keyring: CryptedFileKeyring is insecure]
@@ -12840,6 +12841,7 @@
 	RESERVED
 CVE-2012-0698
 	RESERVED
+	- trousers <unfixed> (bug #692649)
 CVE-2011-5066 (The SibRaRecoverableSiXaResource class in the Default Messaging ...)
 	NOT-FOR-US: WebSphere
 CVE-2011-5065 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)




More information about the Secure-testing-commits mailing list