[Secure-testing-commits] r20571 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Nov 28 16:03:30 UTC 2012 

Author: jmm
Date: 2012-11-28 16:03:30 +0000 (Wed, 28 Nov 2012)
New Revision: 20571

Modified:
   data/CVE/list
Log:
python fixed
libxml2 fixed
webkit unimportant
new kernel issue in hyperv tools


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-11-28 09:20:41 UTC (rev 20570)
+++ data/CVE/list	2012-11-28 16:03:30 UTC (rev 20571)
@@ -446,9 +446,10 @@
 CVE-2012-5852
 	RESERVED
 CVE-2012-5851 (html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google ...)
-	- chromium-browser <undetermined>
-	- webkit <undetermined>
+	- chromium-browser <unfixed> (unimportant)
+	- webkit <unfixed> (unimportant)
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=92692
+	NOTE: Incomplete mitigation feature, not a security vulnerability per se
 CVE-2012-5850
 	RESERVED
 CVE-2012-5849
@@ -1208,6 +1209,9 @@
 	[squeeze] - lighttpd <not-affected> (Introduced in 1.4.31)
 CVE-2012-5532
 	RESERVED
+	- linux <unfixed> (unimportant)
+	- linux-2.6 <not-affected> (userspace daemon not yet present)
+	NOTE: hyperv tools are not build in sid
 CVE-2012-5531
 	RESERVED
 CVE-2012-5530
@@ -2156,7 +2160,7 @@
 	- chromium-browser <unfixed>
 CVE-2012-5134
 	RESERVED
-	- libxml2 <unfixed> (bug #694521)
+	- libxml2 2.8.0+dfsg1-7 (bug #694521)
 CVE-2012-5133
 	RESERVED
 	- chromium-browser <unfixed>
@@ -14906,7 +14910,7 @@
 	[squeeze] - policykit-1 <not-affected> (vulnerable code introduced in 0.103)
 CVE-2011-4944 (Python 2.6 through 3.2 creates ~/.pypirc with world-readable ...)
 	- python2.7 2.7.3~rc2-2 (low; bug #650555)
-	- python2.6 <unfixed> (unimportant; bug #615118)
+	- python2.6 2.6.8-1 (unimportant; bug #615118)
 	[squeeze] - python2.6 <no-dsa> (Minor issue)
 	NOTE: Negligable impact
 CVE-2011-4943
@@ -27078,9 +27082,8 @@
 	{DSA-2240-1}
 	- linux-2.6 2.6.38-1
 CVE-2011-1015 (The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in ...)
-	- python2.6 <unfixed> (low; bug #614860)
+	- python2.6 2.6.8-1 (low; bug #614860)
 	[squeeze] - python2.6 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)
-	[wheezy] - python2.6 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)
 	- python2.5 <unfixed> (low)
 	[squeeze] - python2.5 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)
 	[lenny] - python2.5 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)

More information about the Secure-testing-commits mailing list