[Secure-testing-commits] r20554 - data/CVE

[Arne Wichmann]

Author: aw-guest
Date: 2012-11-26 21:33:17 +0000 (Mon, 26 Nov 2012)
New Revision: 20554

Modified:
   data/CVE/list
Log:
CVE-2012-2372, CVE-2002-2439, CVE-2012-4398 - severity low
CVE-2012-3375 - linux-2.6 not-affected
CVE-2012-2882, CVE-2012-5359, CVE-2012-5360, CVE-2012-5361 - bug reported


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-11-26 21:14:18 UTC (rev 20553)
+++ data/CVE/list	2012-11-26 21:33:17 UTC (rev 20554)
@@ -1571,17 +1571,17 @@
 CVE-2012-5361
 	RESERVED
 	- ffmpeg <removed>
-	- libav <unfixed>
+	- libav <unfixed> (bug #694483)
 	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
 CVE-2012-5360
 	RESERVED
 	- ffmpeg <removed>
-	- libav <unfixed>
+	- libav <unfixed> (bug #694483)
 	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
 CVE-2012-5359
 	RESERVED
 	- ffmpeg <removed>
-	- libav <unfixed>
+	- libav <unfixed> (bug #694483)
 	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
 CVE-2012-5358
 	RESERVED
@@ -4270,7 +4270,7 @@
 	NOTE: http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1
 CVE-2012-4398
 	RESERVED
-	- linux <unfixed>
+	- linux <unfixed> (low)
 	- linux-2.6 <removed>
 CVE-2012-4397 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
 	- owncloud 4.0.1debian-1
@@ -6879,7 +6879,7 @@
 	NOTE: http://seclists.org/bugtraq/2012/Jul/48
 CVE-2012-3375 (The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before ...)
 	- linux 3.2.23-1
-	- linux-2.6 <removed>
+	- linux-2.6 <not-affected> (http://anonscm.debian.org/viewvc/kernel-sec/retired/CVE-2012-3375?revision=2730&view=markup)
 CVE-2012-3374 (Buffer overflow in markup.c in the MXit protocol plugin in libpurple ...)
 	{DSA-2509-1}
 	- pidgin 2.10.6-1 (bug #680661)
@@ -7955,7 +7955,7 @@
 	- chromium-browser 22.0.1229.94~r161065-1
 CVE-2012-2882 (FFmpeg, as used in Google Chrome before 22.0.1229.79, does not ...)
 	- chromium-browser 22.0.1229.94~r161065-1
-	- libav <unfixed>
+	- libav <unfixed> (bug #694483)
 	- ffmpeg <removed>
 	NOTE: https://chromiumcodereview.appspot.com/10829204
 CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle plug-ins, ...)
@@ -9308,7 +9308,7 @@
 	- linux-2.6 3.2.19-1
 CVE-2012-2372
 	RESERVED
-	- linux <unfixed>
+	- linux <unfixed> (low)
 CVE-2012-2371 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
 	NOT-FOR-US: WP-FaceThumb plugin for WordPress
 CVE-2012-2370 (Multiple integer overflows in the read_bitmap_file_data function in ...)
@@ -10028,6 +10028,7 @@
 	- nova 2012.1-2 (bug #670637)
 CVE-2012-2100 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux ...)
 	- linux-2.6 3.2.2-1
+	[squeeze] - linux-2.6 2.6.32-41squeeze1
 	NOTE: incomplete fix of CVE-2009-4307, introducing another issue:
 	NOTE: https://lkml.org/lkml/2012/2/20/422
 CVE-2012-2099
@@ -14497,10 +14498,10 @@
 	[squeeze] - gcc-4.1 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
 	- gcc-4.3 <removed>
 	[squeeze] - gcc-4.3 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
-	- gcc-4.4 <unfixed>
+	- gcc-4.4 <unfixed> (low)
 	[squeeze] - gcc-4.4 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
 	[wheezy] - gcc-4.4 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
-	- gcc-4.6 <unfixed>
+	- gcc-4.6 <unfixed> (low)
 	[wheezy] - gcc-4.6 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
 	NOTE: Are there apps known to be exploitable through this?
 	NOTE: Any application using unguarded memory allocation would be susceptible to DoS anyway?