[Secure-testing-commits] r20263 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Mon Oct 1 07:18:45 UTC 2012
Author: jmm
Date: 2012-10-01 07:18:45 +0000 (Mon, 01 Oct 2012)
New Revision: 20263
Modified:
data/CVE/list
Log:
filed bug for binutils
ojs removed
all packages in embedded-code-copies use the packaged smarty
add entries for tiff/tiff3
one php5 issue no-dsa
new wordpress issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-10-01 06:01:00 UTC (rev 20262)
+++ data/CVE/list 2012-10-01 07:18:45 UTC (rev 20263)
@@ -383,7 +383,7 @@
CVE-2011-5197 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: Public Knowledge Project Open Harvester Systems
CVE-2011-5196 (Cross-site request forgery (CSRF) vulnerability in ...)
- - ojs <unfixed>
+ - ojs <removed>
CVE-2011-5195 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: Public Knowledge Project Open Conference Systems
CVE-2011-5194 (Cross-site scripting (XSS) vulnerability in ...)
@@ -2009,9 +2009,11 @@
RESERVED
CVE-2012-4448
RESERVED
+ - wordpress <unfixed> (bug #689031)
CVE-2012-4447 [libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression]
RESERVED
- tiff <unfixed> (bug #688944)
+ - tiff3 <unfixed> (bug #688944)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=860198
CVE-2012-4446
RESERVED
@@ -2485,7 +2487,6 @@
CVE-2012-4277 (Cross-site scripting (XSS) vulnerability in the ...)
- smarty3 3.1.10-1
- smarty <removed> (low)
- TODO: check embedded copies
CVE-2012-4276 (Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 ...)
NOT-FOR-US: Hitachi IT Operations Director
CVE-2012-4275 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations ...)
@@ -4228,9 +4229,7 @@
- linux 2.6.20-1
- linux-2.6 2.6.20-1
CVE-2012-3509 (Multiple integer overflows in the (1) _objalloc_alloc function in ...)
- - binutils <unfixed>
- NOTE: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411
- TODO: track down the affected packages
+ - binutils <unfixed> (low; bug #688951)
CVE-2012-4668 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 ...)
- roundcube 0.7.2-4 (bug #685475)
[squeeze] - roundcube <not-affected> (Vulnerable code not present)
@@ -7744,6 +7743,7 @@
CVE-2012-2113 (Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow ...)
{DSA-2552-1}
- tiff 4.0.2-1 (bug #678140)
+ - tiff3 <unfixed>
CVE-2012-2112 (Cross-site scripting (XSS) vulnerability in the Exception Handler in ...)
{DSA-2455-1}
- typo3-src 4.5.15+dfsg1-1 (bug #669158)
@@ -10942,6 +10942,7 @@
- smokeping 2.6.7-1 (bug #659899)
CVE-2012-0789 (Memory leak in the timezone functionality in PHP before 5.3.9 allows ...)
- php5 5.3.9-1 (low)
+ [squeeze] - php5 <no-dsa> (Too introsive to backport)
CVE-2012-0788 (The PDORow implementation in PHP before 5.3.9 does not properly ...)
{DSA-2408-1}
- php5 5.3.9-1
@@ -20122,7 +20123,6 @@
- drupal7 7.2-1 (bug #633385)
- drupal6 6.22-1
[squeeze] - drupal6 6.18-1squeeze1
- TODO: Check status of "Reflected cross site scripting vulnerability in error handler" in Squeeze
CVE-2011-2686 (Ruby before 1.8.7-p352 does not reset the random seed upon forking, ...)
- ruby1.8 1.8.7.352-1 (low; bug #635878)
CVE-2011-2685 (Stack-based buffer overflow in the Lotus Word Pro import filter in ...)
@@ -24909,7 +24909,6 @@
RESERVED
- smarty3 3.0.8-1
- smarty <removed>
- TODO: check embedded copies
CVE-2011-1027 (Off-by-one error in the convert_query_hexchar function in html.c in ...)
NOT-FOR-US: cgit
CVE-2011-1026 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache ...)
More information about the Secure-testing-commits
mailing list