[Secure-testing-commits] r20574 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Nov 29 08:30:25 UTC 2012 

Author: jmm
Date: 2012-11-29 08:30:25 +0000 (Thu, 29 Nov 2012)
New Revision: 20574

Modified:
   data/CVE/list
Log:
jruby bugnum
cleanup REJECTED entries


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-11-29 08:25:24 UTC (rev 20573)
+++ data/CVE/list	2012-11-29 08:30:25 UTC (rev 20574)
@@ -202,16 +202,12 @@
 	TODO: check
 CVE-2011-5373
 	REJECTED
-	TODO: check
 CVE-2011-5372
 	REJECTED
-	TODO: check
 CVE-2011-5371
 	REJECTED
-	TODO: check
 CVE-2011-5370
 	REJECTED
-	TODO: check
 CVE-2012-6050 (The winbox service in MikroTik RouterOS 5.15 and earlier allows remote ...)
 	NOT-FOR-US: MikroTik RouterOS
 CVE-2012-6049 (Open Solution Quick.Cart 5.0 allows remote attackers to obtain ...)
@@ -1607,9 +1603,6 @@
 	- horizon <not-affected> (File is installed with 0700 perms in Debian)
 CVE-2012-5475 [YUI 2.x security issue regarding embedded SWF files]
 	REJECTED
-	- yui <unfixed> (bug #692434)
-	- yui3 <not-affected>
-	NOTE: http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/
 CVE-2012-5474
 	RESERVED
 	- horizon 2012.1.1-7
@@ -1817,8 +1810,7 @@
 	- ruby1.8 <not-affected> (Only affects 1.9.x)
 	- ruby1.9.1 1.9.3.194-4 (bug #693024)
 CVE-2012-5370 (JRuby computes hash values without properly restricting the ability to ...)
-	TODO: check
-	- jruby <unfixed>
+	- jruby <unfixed> (bug #694694)
 	[squeeze] - jruby <no-dsa> (Non-free not supported)
 CVE-2012-5369
 	RESERVED
@@ -1984,7 +1976,6 @@
 	NOT-FOR-US: Tribiq CMS
 CVE-2012-5311
 	REJECTED
-	NOT-FOR-US: VSFlex7.VSFlexGrid
 CVE-2012-5310 (SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 ...)
 	NOT-FOR-US: WP e-Commerce plugin
 CVE-2012-5309 (servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim ...)
@@ -5184,7 +5175,6 @@
 	NOT-FOR-US: Adobe Flash
 CVE-2012-4166
 	REJECTED
-	NOT-FOR-US: Adobe Flash
 CVE-2012-4165 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
 	NOT-FOR-US: Adobe Flash
 CVE-2012-4164 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
@@ -6098,7 +6088,6 @@
 	NOT-FOR-US: Drupal module
 CVE-2012-3801
 	REJECTED
-	NOT-FOR-US: Drupal module
 CVE-2012-3800 (Cross-site scripting (XSS) vulnerability in og.js in the Organic ...)
 	NOT-FOR-US: Drupal module
 CVE-2012-3799 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -7153,9 +7142,6 @@
 	[squeeze] - nginx <not-affected> (naxsi package was introduced in 1.1.18-1)
 CVE-2012-3379 [as31: insecure file creation in /tmp]
 	REJECTED
-	- as31 2.3.1-5 (low; bug #655496)
-	[squeeze] - as31 <no-dsa> (Minor issue)
-	[lenny] - as31 <no-dsa> (Minor issue)
 CVE-2012-3378 (The register_application function in atk-adaptor/bridge.c in GNOME ...)
 	- at-spi2-atk 2.5.3-1 (bug #678026)
 CVE-2012-3377 (Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG ...)
@@ -8892,7 +8878,6 @@
 	NOT-FOR-US: The NEC BIGLOBE Yome Collection
 CVE-2012-2639
 	REJECTED
-	NOTE: Duplicate with CVE-2011-4940 http://www.openwall.com/lists/oss-security/2012/06/26/3
 CVE-2012-2638 (Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT ...)
 	NOT-FOR-US: SmallPICT
 CVE-2012-2637 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 ...)
@@ -9543,7 +9528,6 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824411
 CVE-2012-2391
 	REJECTED
-	- haproxy 1.4.15-1 (bug #674447)
 CVE-2012-2390 (Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows ...)
 	- linux 3.2.19-1 (low)
 	- linux-2.6 <removed>
@@ -11626,7 +11610,6 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2012-1544
 	REJECTED
-	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2012-1543
 	RESERVED
 CVE-2012-1542
@@ -12680,9 +12663,6 @@
 	[squeeze] - xorg <no-dsa> (maintainer suggests no-dsa; confirm)
 CVE-2012-1092 [Kadu stored XSS]
 	REJECTED
-	- kadu 0.11.1-1
-	[squeeze] - kadu <not-affected> (Introduced in 0.9)
-	NOTE: http://seclists.org/oss-sec/2012/q1/494
 CVE-2012-1091
 	REJECTED
 CVE-2012-1090 (The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before ...)
@@ -17330,7 +17310,6 @@
 	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html
 CVE-2011-4359 [MyFaces - includeViewParameters re-evaluates param/model values as EL expressions]
 	REJECTED
-	NOT-FOR-US: Apache MyFaces
 CVE-2011-4358 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 ...)
 	{DSA-2359-1}
 	- mojarra 2.0.3-2 (bug #650430)
@@ -17447,7 +17426,6 @@
 	- linux-2.6 <not-affected> (RHEL5-specific backport error)
 CVE-2011-4323
 	REJECTED
-	NOTE: Dupe of CVE-2011-2726
 CVE-2011-4322
 	RESERVED
 	NOT-FOR-US: websitebaker
@@ -26788,8 +26766,6 @@
 	[squeeze] - linux-2.6 2.6.32-40
 CVE-2011-1161
 	REJECTED
-	- linux-2.6 3.0.0-5 (low)
-	[squeeze] - linux-2.6 2.6.32-40
 CVE-2011-1160 (The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel ...)
 	{DSA-2264-1 DSA-2240-1}
 	- linux-2.6 2.6.38-4 (low)
@@ -27150,7 +27126,6 @@
 	- moin 1.9.3-3
 CVE-2011-1057
 	REJECTED
-	NOT-FOR-US: Metasploit Framework
 CVE-2011-1056 (The installer for Metasploit Framework 3.5.1, when running on Windows, ...)
 	NOT-FOR-US: Metasploit Framework
 CVE-2011-1055 (SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS ...)

More information about the Secure-testing-commits mailing list