[Secure-testing-commits] r20296 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Sat Oct 6 05:43:03 UTC 2012 

Author: geissert
Date: 2012-10-06 05:43:03 +0000 (Sat, 06 Oct 2012)
New Revision: 20296

Modified:
   data/CVE/list
Log:
cross-reference some issues with their bug reports


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-10-06 01:56:10 UTC (rev 20295)
+++ data/CVE/list	2012-10-06 05:43:03 UTC (rev 20296)
@@ -2453,10 +2453,10 @@
 	NOTE: http://struts.apache.org/2.x/docs/s2-010.html
 CVE-2012-4385 [letodms CSRF]
 	RESERVED
-	- letodms 3.3.7+dfsg-1
+	- letodms 3.3.7+dfsg-1 (bug #689664)
 CVE-2012-4384 [letodms XSS]
 	RESERVED
-	- letodms 3.3.7+dfsg-1
+	- letodms 3.3.7+dfsg-1 (bug #689664)
 CVE-2012-4383
 	RESERVED
 	NOT-FOR-US: Contao
@@ -4394,7 +4394,7 @@
 CVE-2012-3525 (s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a ...)
 	- jabberd2 <unfixed> (bug #685666)
 CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privileged ...)
-	- dbus 1.6.8-1
+	- dbus 1.6.8-1 (bug #689070)
 	- glib2.0 <unfixed>
 	[squeeze] - glib2.0 <not-affected> (Vulnerable code not present)
 	NOTE: fixed in 2.34.0-1 from experimental 
@@ -26897,7 +26897,7 @@
 	NOT-FOR-US: Oracle Solaris
 CVE-2011-0411 (The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x ...)
 	{DSA-2233-1}
-	- postfix 2.8.0-1
+	- postfix 2.8.0-1 (bug #617849)
 	NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded
 	NOTE: http://www.postfix.org/announcements/postfix-2.7.3.html
 	NOTE: http://www.postfix.org/CVE-2011-0411.html
@@ -104774,8 +104774,8 @@
 CVE-2006-0198 (Cross-site scripting (XSS) vulnerability in a certain module, possibly ...)
 	NOT-FOR-US: XOOPS
 CVE-2006-0197 (The XClientMessageEvent struct used in certain components of X.Org ...)
-	- libx11 <undetermined>
-	NOTE: Doesn't look like a security problem, see #349251
+	- libx11 <undetermined> (bug #349251)
+	NOTE: Doesn't look like a security problem, see bug report
 CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 ...)
 	NOT-FOR-US: slsnif
 CVE-2006-0195 (Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 ...)

More information about the Secure-testing-commits mailing list