[Secure-testing-commits] r20516 - data/CVE

Yves-Alexis Perez corsac at alioth.debian.org
Mon Nov 19 14:35:34 UTC 2012


Author: corsac
Date: 2012-11-19 14:35:34 +0000 (Mon, 19 Nov 2012)
New Revision: 20516

Modified:
   data/CVE/list
Log:
add a bunch of NFUs + mark broadcom firmwares issue as affecting firmware-nonfree


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-11-19 07:09:18 UTC (rev 20515)
+++ data/CVE/list	2012-11-19 14:35:34 UTC (rev 20516)
@@ -244,7 +244,7 @@
 CVE-2012-5778
 	RESERVED
 CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in the ...)
-	TODO: check
+	NOT-FOR-US: EmpireCMS
 CVE-2012-5776
 	RESERVED
 CVE-2012-5775
@@ -2159,21 +2159,21 @@
 CVE-2012-4956
 	RESERVED
 CVE-2012-4955 (Cross-site scripting (XSS) vulnerability in Dell OpenManage Server ...)
-	TODO: check
+	NOT-FOR-US: Dell OpenManage SA
 CVE-2012-4954 (The edit-profile page in Vanilla Forums before 2.1a32 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Vanilla Forums
 CVE-2012-4953 (The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, ...)
-	TODO: check
+	NOT-FOR-US: Symantec Endpoint Protection
 CVE-2012-4952
 	RESERVED
 CVE-2012-4951 (Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in ...)
-	TODO: check
+	NOT-FOR-US: VeriFone VeriCentre Web Console
 CVE-2012-4950
 	RESERVED
 CVE-2012-4949 (SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote ...)
-	TODO: check
+	NOT-FOR-US: ESRI ArcGIS
 CVE-2012-4948 (The default configuration of Fortinet Fortigate UTM appliances uses ...)
-	TODO: check
+	NOT-FOR-US: Fortinet Fortigate UTM applianced
 CVE-2012-4947
 	RESERVED
 CVE-2012-4946
@@ -2425,7 +2425,7 @@
 CVE-2012-4848
 	RESERVED
 CVE-2012-4847 (IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote ...)
-	TODO: check
+	NOT-FOR-US: IBM Cognos Business Intelligence
 CVE-2012-4846
 	RESERVED
 CVE-2012-4845 (The FTP client in AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does ...)
@@ -2573,9 +2573,9 @@
 CVE-2012-4778
 	RESERVED
 CVE-2012-4777 (The code-optimization feature in the reflection implementation in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft .NET Framework
 CVE-2012-4776 (The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET ...)
-	TODO: check
+	NOT-FOR-US: Microsoft .NET Framework
 CVE-2012-4775 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
 	NOT-FOR-US: Internet Explorer
 CVE-2012-4774
@@ -3143,9 +3143,9 @@
 CVE-2012-4614
 	RESERVED
 CVE-2012-4613 (EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA Data Protection Manager Appliance
 CVE-2012-4612 (Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA Data Protection Manager Appliance
 CVE-2012-4611
 	RESERVED
 CVE-2012-4610 (EMC Avamar Client for VMware 6.1 stores the cleartext server root ...)
@@ -5920,7 +5920,7 @@
 	[squeeze] - isc-dhcp <not-affected> (Vulnerable code not present)
 	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1
 CVE-2012-3569 (Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used ...)
-	TODO: check
+	NOT-FOR-US: VMware OVF Tool
 CVE-2012-3568 (Opera before 12.00 Beta allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Opera
 CVE-2012-3567 (Opera before 12.00 Beta allows remote attackers to cause a denial of ...)
@@ -6659,7 +6659,7 @@
 CVE-2012-3331
 	RESERVED
 CVE-2012-3330 (The proxy server in IBM WebSphere Application Server 7.0 before ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2012-3329
 	RESERVED
 CVE-2012-3328
@@ -8300,7 +8300,9 @@
 CVE-2012-2620
 	RESERVED
 CVE-2012-2619 (The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, ...)
-	TODO: check
+	- firmware-nonfree <unfixed>
+	[squeeze] - firmware-nonfree <no-dsa> (non-free notsupported)
+	NOTE: need to find a changelog for firmwares
 CVE-2012-2618
 	RESERVED
 CVE-2012-2617
@@ -8433,7 +8435,7 @@
 CVE-2012-2554
 	RESERVED
 CVE-2012-2553 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
-	TODO: check
+	NOT-FOR-US:  Microsoft Windows
 CVE-2012-2552 (Cross-site scripting (XSS) vulnerability in the SQL Server Report ...)
 	NOT-FOR-US: Microsoft SQL Server
 CVE-2012-2551 (The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, ...)
@@ -8453,7 +8455,7 @@
 CVE-2012-2544
 	RESERVED
 CVE-2012-2543 (Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Excel
 CVE-2012-2542
 	RESERVED
 CVE-2012-2541
@@ -8475,11 +8477,11 @@
 CVE-2012-2533
 	RESERVED
 CVE-2012-2532 (Microsoft FTP Service 7.0 and 7.5 for Internet Information Services ...)
-	TODO: check
+	NOT-FOR-US: Microsoft FTP Service
 CVE-2012-2531 (Microsoft Internet Information Services (IIS) 7.5 uses weak ...)
-	TODO: check
+	NOT-FOR-US: Microsoft IIS
 CVE-2012-2530 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2012-2529 (Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2012-2528 (Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and ...)
@@ -8501,7 +8503,7 @@
 CVE-2012-2520 (Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 ...)
 	NOT-FOR-US: Microsoft Infopath
 CVE-2012-2519 (Untrusted search path vulnerability in Entity Framework in ADO.NET in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft .NET framework
 CVE-2012-2518
 	RESERVED
 CVE-2012-2517
@@ -8630,7 +8632,7 @@
 CVE-2012-2456
 	RESERVED
 CVE-2012-2455 (Advanced Productivity Software DTE Axiom before 12.3.3 does not ...)
-	TODO: check
+	NOT-FOR-US: Advanced Productivity Software DTE Axiom
 CVE-2012-2454
 	RESERVED
 CVE-2012-2453
@@ -10198,9 +10200,9 @@
 	- cifs-utils 2:5.3-2 (low; bug #665923)
 	[squeeze] - cifs-utils <no-dsa> (Minor issue)
 CVE-2012-1896 (Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider ...)
-	TODO: check
+	NOT-FOR-US: Microsoft .NET Framework
 CVE-2012-1895 (The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft .NET Framework
 CVE-2012-1894 (Microsoft Office for Mac 2011 uses world-writable permissions for the ...)
 	NOT-FOR-US: Microsoft Office
 CVE-2012-1893 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
@@ -10216,11 +10218,11 @@
 CVE-2012-1888 (Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 ...)
 	NOT-FOR-US: Microsoft Visio
 CVE-2012-1887 (Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Excel
 CVE-2012-1886 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Excel
 CVE-2012-1885 (Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Excel
 CVE-2012-1884
 	RESERVED
 CVE-2012-1883
@@ -10369,13 +10371,13 @@
 CVE-2012-1814 (Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV ...)
 	NOT-FOR-US: DeltaV (SCADA system) not in Debian
 CVE-2012-1813 (eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows ...)
-	TODO: check
+	NOT-FOR-US: C3-ilex EOScada
 CVE-2012-1812 (eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows ...)
-	TODO: check
+	NOT-FOR-US: C3-ilex EOScada
 CVE-2012-1811 (EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote ...)
-	TODO: check
+	NOT-FOR-US: C3-ilex EOScada
 CVE-2012-1810 (EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote ...)
-	TODO: check
+	NOT-FOR-US: C3-ilex EOScada
 CVE-2012-1809 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, ...)
 	NOT-FOR-US: Koyo ECOM
 CVE-2012-1808 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, ...)
@@ -11001,9 +11003,9 @@
 CVE-2012-1540
 	RESERVED
 CVE-2012-1539 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2012-1538 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2012-1537
 	RESERVED
 CVE-2012-1536
@@ -11026,9 +11028,9 @@
 CVE-2012-1529 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 ...)
 	NOT-FOR-US: Internet Explorer
 CVE-2012-1528 (Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2012-1527 (Integer underflow in Windows Shell in Microsoft Windows XP SP2 and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2012-1526 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2012-1525 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before ...)




More information about the Secure-testing-commits mailing list