[Secure-testing-commits] r20573 - data/CVE

Thu Nov 29 08:25:24 UTC 2012

Author: jmm
Date: 2012-11-29 08:25:24 +0000 (Thu, 29 Nov 2012)
New Revision: 20573

Modified:
   data/CVE/list
Log:
gimp fixed
fwknop fixed in wheezy
phpcas / opendnssec CVEfied
filed bug for tiff
new jruby issue


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-11-28 21:14:22 UTC (rev 20572)
+++ data/CVE/list	2012-11-29 08:25:24 UTC (rev 20573)
@@ -470,12 +470,6 @@
 	RESERVED
 CVE-2011-5245 (The readFrom function in providers.jaxb.JAXBXmlTypeProvider in ...)
 	NOT-FOR-US: RESTEasy framework for JBoss
-CVE-2012-XXXX [phpcas curl usage]
-	- php-case <unfixed>
-	NOTE: https://github.com/Jasig/phpCAS/pull/58
-CVE-2012-XXXX [opendnssec curl usage]
-	- opendnssec <not-affected> (eppclient not built in Debian package)
-	NOTE: http://lists.opendnssec.org/pipermail/opendnssec-user/2012-November/002296.html
 CVE-2012-5935
 	RESERVED
 CVE-2012-5934
@@ -1292,13 +1286,17 @@
 	RESERVED
 CVE-2012-5584
 	RESERVED
-CVE-2012-5583
+CVE-2012-5583 [phpcas curl usage]
 	RESERVED
-CVE-2012-5582
+	- php-cas <unfixed>
+	NOTE: https://github.com/Jasig/phpCAS/pull/58
+CVE-2012-5582 [opendnssec curl usage]
 	RESERVED
+	- opendnssec <not-affected> (eppclient not built in Debian package)
+	NOTE: http://lists.opendnssec.org/pipermail/opendnssec-user/2012-November/002296.html
 CVE-2012-5581 [libtiff: Stack based buffer overflow when handling DOTRANGE tags]
 	RESERVED
-	TODO: check if Debian is affected
+	- tiff <unfixed> (bug #694693)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/11/28/1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=867235
 CVE-2012-5580 [libproxy: format string issue]
@@ -1314,7 +1312,7 @@
 	RESERVED
 CVE-2012-5576 [gimp: memory corruption vulnerability]
 	RESERVED
-	- gimp <unfixed> (bug #693977)
+	- gimp 2.8.2-2 (bug #693977)
 	NOTE: Upstream fix http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=687392
 	NOTE: http://www.openwall.com/lists/oss-security/2012/11/21/2
@@ -1820,6 +1818,8 @@
 	- ruby1.9.1 1.9.3.194-4 (bug #693024)
 CVE-2012-5370 (JRuby computes hash values without properly restricting the ability to ...)
 	TODO: check
+	- jruby <unfixed>
+	[squeeze] - jruby <no-dsa> (Non-free not supported)
 CVE-2012-5369
 	RESERVED
 CVE-2012-5368 (phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained ...)
@@ -4424,17 +4424,20 @@
 CVE-2012-4436 (Buffer overflow in the run_last_args function in client/fwknop.c in ...)
 	- fwknop 2.0.3-1 (bug #688151)
 	[squeeze] - fwknop <not-affected> (Vulnerable code not present)
+	[wheezy] - fwknop 2.0.0rc2-2+deb7u1
 	NOTE: http://seclists.org/oss-sec/2012/q3/509
 	NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=a60f05ad44e824f6230b22f8976399340cb535dc
 CVE-2012-4435 (fwknop before 2.0.3 does not properly validate IP addresses, which ...)
 	- fwknop 2.0.3-1 (bug #688151)
 	[squeeze] - fwknop <not-affected> (Vulnerable code not present)
+	[wheezy] - fwknop 2.0.0rc2-2+deb7u1
 	NOTE: http://seclists.org/oss-sec/2012/q3/509
 	NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=f4c16bc47fc24a96b63105556b62d61c1ba7d799
 CVE-2012-4434 [fwknop 2.0.3: multiple DoS / code execution flaw]
 	RESERVED
 	- fwknop 2.0.3-1 (bug #688151)
 	[squeeze] - fwknop <not-affected> (Vulnerable code not present)
+	[wheezy] - fwknop 2.0.0rc2-2+deb7u1
 	NOTE: http://seclists.org/oss-sec/2012/q3/509
 	NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=d46ba1c027a11e45821ba897a4928819bccc8f22
 CVE-2012-4433 (Multiple integer overflows in operations/external/ppm-load.c in GEGL ...)


