[Secure-testing-commits] r20547 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Nov 26 12:11:57 UTC 2012 

Author: jmm
Date: 2012-11-26 12:11:57 +0000 (Mon, 26 Nov 2012)
New Revision: 20547

Modified:
   data/CVE/list
Log:
tomcat DIGEST issue was split into three CVE IDs
gegl fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-11-26 09:34:28 UTC (rev 20546)
+++ data/CVE/list	2012-11-26 12:11:57 UTC (rev 20547)
@@ -104,11 +104,14 @@
 CVE-2012-5888 (Cross-site scripting (XSS) vulnerability in Basic SEO Features ...)
 	NOT-FOR-US: Typo3 extension (seo_basics)
 CVE-2012-5887 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...)
-	TODO: check
+	- tomcat6 6.0.35-5+nmu1 (bug #692439)
+	- tomcat7 7.0.28-3+nmu1 (bug #692440)
 CVE-2012-5886 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...)
-	TODO: check
+	- tomcat6 6.0.35-5+nmu1 (bug #692439)
+	- tomcat7 7.0.28-3+nmu1 (bug #692440)
 CVE-2012-5885 (The replay-countermeasure functionality in the HTTP Digest Access ...)
-	TODO: check
+	- tomcat6 6.0.35-5+nmu1 (bug #692439)
+	- tomcat7 7.0.28-3+nmu1 (bug #692440)
 CVE-2011-5244 (Multiple off-by-one errors in the (1) token and (2) linetoken ...)
 	TODO: check
 	NOTE: new vulnerability in afmparse.c?
@@ -3945,7 +3948,7 @@
 	NOTE: http://seclists.org/oss-sec/2012/q3/509
 	NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=d46ba1c027a11e45821ba897a4928819bccc8f22
 CVE-2012-4433 (Multiple integer overflows in operations/external/ppm-load.c in GEGL ...)
-	- gegl <unfixed> (bug #692435)
+	- gegl 0.2.0-2+nmu1 (bug #692435)
 	NOTE: http://seclists.org/oss-sec/2012/q4/215
 CVE-2012-4432 (Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x ...)
 	- optipng <not-affected> (Introduced in 0.7, bug #687998)
@@ -6450,8 +6453,6 @@
 	- sudo <not-affected> (Red Hat-specific postinst script)
 CVE-2012-3439
 	REJECTED
-	- tomcat6 6.0.35-5+nmu1 (bug #692439)
-	- tomcat7 7.0.28-3+nmu1 (bug #692440)
 CVE-2012-3438 (The Magick_png_malloc function in coders/png.c in GraphicsMagick ...)
 	- graphicsmagick 1.3.16-1.1 (low; bug #683284)
 	[squeeze] - graphicsmagick <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list