[Secure-testing-commits] r20285 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Oct 4 06:50:18 UTC 2012 

Author: jmm
Date: 2012-10-04 06:50:18 +0000 (Thu, 04 Oct 2012)
New Revision: 20285

Modified:
   data/CVE/list
Log:
xmlrpc-c fixed in NMU
new issue in cgit (RPFd)
new kernel issue doesn't affect supported branches
ruby regression got their own CVE IDs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-10-04 06:32:38 UTC (rev 20284)
+++ data/CVE/list	2012-10-04 06:50:18 UTC (rev 20285)
@@ -2055,12 +2055,19 @@
 	RESERVED
 CVE-2012-4467
 	RESERVED
+	- linux-2.6 <not-affected> (Vulnerable code introduced in 3.3)
+	- linux <not-affected> (Vulnerable code introduced in 3.3)
 CVE-2012-4466
 	RESERVED
+	- ruby1.9.1 <unfixed> (low; bug #689075)
+	[squeeze] - ruby1.9.1 <no-dsa> (Minor issue)
 CVE-2012-4465
 	RESERVED
+	- cgit <itp> (bug #515793)
 CVE-2012-4464
 	RESERVED
+	- ruby1.9.1 <unfixed> (low; bug #689075)
+	[squeeze] - ruby1.9.1 <not-affected> (Introduced in 1.9.3)
 CVE-2012-4463 [Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files]
 	RESERVED
 	- mc <unfixed>
@@ -4330,6 +4337,7 @@
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985
 CVE-2012-3504
 	RESERVED
+	NOT-FOR-US: genkey script from Red Hat, not present in Debian 
 CVE-2012-3503 (The installation script in Katello 1.0 and earlier does not properly ...)
 	NOT-FOR-US: Katello
 CVE-2012-3502 (The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp ...)
@@ -10058,7 +10066,7 @@
 	NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice
 CVE-2012-1148 (Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat ...)
 	{DSA-2525-1}
-	- xmlrpc-c <unfixed> (low; bug #687672)
+	- xmlrpc-c 1.16.33-3.2 (low; bug #687672)
 	[squeeze] - xmlrpc-c <no-dsa> (Minor issue)
 	- expat 2.1.0~beta3-1 (bug #663579)
 CVE-2012-1147 (readfilemap.c in expat before 2.1.0 allows context-dependent attackers ...)
@@ -10744,7 +10752,7 @@
 CVE-2012-0876 (The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values ...)
 	{DSA-2525-1}
 	- expat 2.1.0~beta3-1 (bug #663579)
-	- xmlrpc-c <unfixed> (low; bug #687672)
+	- xmlrpc-c 1.16.33-3.2 (low; bug #687672)
 	[squeeze] - xmlrpc-c <no-dsa> (Minor issue)
 	- python2.6 <not-affected> (configured with --with-system-expat since 2.6.6-4)
 CVE-2012-0875 [systemtap invalid read leading to kernel DoS]
@@ -25066,8 +25074,8 @@
 	- ruby1.8 1.8.7.334-1 (bug #615517)
 	[lenny] - ruby1.8 <no-dsa> (Minor issue)
 	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
-	- ruby1.9 <removed>
-	- ruby1.9.1 <unfixed> (bug #689075)
+	- ruby1.9 <not-affected>
+	- ruby1.9.1 <not-affected>
 CVE-2011-1004 (The FileUtils.remove_entry_secure method in Ruby 1.8.6 through ...)
 	- ruby1.8 1.8.7.334-1 (bug #615518)
 	[lenny] - ruby1.8 <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list