[Secure-testing-commits] r20278 - data/CVE

Tue Oct 2 12:57:47 UTC 2012

Author: jmm
Date: 2012-10-02 12:57:47 +0000 (Tue, 02 Oct 2012)
New Revision: 20278

Modified:
   data/CVE/list
Log:
filed bugs for libxslt and opencryptoki
amsn fixed
spice-gtk fixed
one ruby issue affects 1.9. after all
tor spu uploads superceded by DSA


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-10-01 21:14:22 UTC (rev 20277)
+++ data/CVE/list	2012-10-02 12:57:47 UTC (rev 20278)
@@ -1994,10 +1994,10 @@
 	- keystone 2012.1.1-9 (bug #689210)
 CVE-2012-4455
 	RESERVED
-	- opencryptoki <unfixed>
+	- opencryptoki <unfixed> (bug #689417)
 CVE-2012-4454
 	RESERVED
-	- opencryptoki <unfixed>
+	- opencryptoki <unfixed> (bug #689417)
 CVE-2012-4453 [dracut creates non-world readable initramfs images]
 	RESERVED
 	- dracut <unfixed> (bug #688956)
@@ -2092,8 +2092,7 @@
 	- mcrypt 2.6.8-1.1
 	[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)
 CVE-2012-4425 (libgio, when used in setuid or other privileged programs in spice-gtk ...)
-	- spice-gtk <unfixed>
-	TODO: check
+	- spice-gtk 0.12-5 (bug #689155)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18
 CVE-2012-4424 [alloca buffer overflow via strcoll]
 	RESERVED
@@ -4190,14 +4189,11 @@
 CVE-2012-3519 (routerlist.c in Tor before 0.2.2.38 uses a different amount of time ...)
 	{DSA-2548-1}
 	- tor 0.2.3.20-rc-1 (low)
-	[squeeze] - tor 0.2.2.38-1
 CVE-2012-3518 (The networkstatus_parse_vote_from_string function in routerparse.c in ...)
 	{DSA-2548-1}
 	- tor 0.2.3.20-rc-1 (low)
-	[squeeze] - tor 0.2.2.38-1
 CVE-2012-3517 (Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might ...)
 	- tor 0.2.3.20-rc-1 (low)
-	[squeeze] - tor 0.2.2.38-1
 CVE-2012-3516
 	RESERVED
 	- xen <not-affected> (Only affects >= 4.2)
@@ -5713,8 +5709,7 @@
 	- chromium-browser <unfixed>
 CVE-2012-2893 (Double free vulnerability in libxslt, as used in Google Chrome before ...)
 	- chromium-browser <unfixed>
-	- libxslt <unfixed>
-	TODO: check
+	- libxslt <unfixed> (bug #689422)
 CVE-2012-2892 (Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows ...)
 	- chromium-browser <unfixed>
 CVE-2012-2891 (The IPC implementation in Google Chrome before 22.0.1229.79 allows ...)
@@ -5759,12 +5754,10 @@
 	- chromium-browser 21.0.1180.89~r154005-1
 CVE-2012-2871 (libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before ...)
 	- chromium-browser 21.0.1180.89~r154005-1
-	- libxslt <unfixed>
-	TODO: check
+	- libxslt <unfixed> (bug #689422)
 CVE-2012-2870 (libxslt 1.1.26 and earlier, as used in Google Chrome before ...)
 	- chromium-browser 21.0.1180.89~r154005-1
-	- libxslt <unfixed>
-	TODO: check
+	- libxslt <unfixed> (bug #689422)
 CVE-2012-2869 (Google Chrome before 21.0.1180.89 does not properly load URLs, which ...)
 	- chromium-browser 21.0.1180.89~r154005-1
 CVE-2012-2868 (Race condition in Google Chrome before 21.0.1180.89 allows remote ...)
@@ -8429,7 +8422,7 @@
 CVE-2012-1834
 	RESERVED
 CVE-2012-1833 (VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does ...)
-	TODO: check
+	NOT-FOR-US: Grails
 CVE-2012-1832 (WellinTech KingView 6.53 allows remote attackers to execute arbitrary ...)
 	NOT-FOR-US: WellinTech KingView not in Debian
 CVE-2012-1831 (Heap-based buffer overflow in WellinTech KingView 6.53 allows remote ...)
@@ -9845,7 +9838,7 @@
 	[squeeze] - torcs <no-dsa> (Minor issue)
 	- speed-dreams <itp> (bug #599884)
 CVE-2012-1188 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before ...)
-	TODO: check
+	NOT-FOR-US: Fork CMS
 CVE-2012-1187
 	RESERVED
 	- bitlbee 3.0.4+bzr855-1 (low)
@@ -24993,8 +24986,8 @@
 	- ruby1.8 1.8.7.334-1 (bug #615517)
 	[lenny] - ruby1.8 <no-dsa> (Minor issue)
 	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
-	- ruby1.9 <not-affected>
-	- ruby1.9.1 <not-affected>
+	- ruby1.9 <removed>
+	- ruby1.9.1 <unfixed> (bug #689075)
 CVE-2011-1004 (The FileUtils.remove_entry_secure method in Ruby 1.8.6 through ...)
 	- ruby1.8 1.8.7.334-1 (bug #615518)
 	[lenny] - ruby1.8 <no-dsa> (Minor issue)
@@ -104761,7 +104754,7 @@
 	{DSA-947-1}
 	- clamav 0.88-1
 CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a ...)
-	- amsn <unfixed> (low; bug #557754)
+	- amsn 0.98.9-1 (low; bug #557754)
 	[squeeze] - amsn <no-dsa> (minor issue)
 	[etch] - amsn <no-dsa> (minor issue)
 	[lenny] - amsn <no-dsa> (minor issue)


