[Secure-testing-commits] r20315 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Oct 9 21:33:41 UTC 2012


Author: jmm
Date: 2012-10-09 21:33:40 +0000 (Tue, 09 Oct 2012)
New Revision: 20315

Modified:
   data/CVE/list
Log:
qpid-cpp tpu upload
ocaml hash collisions no-dsa
libsoup CVE ID rather a midori bug
wireshark fixed
libproc-processtable-perl no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-10-09 21:14:23 UTC (rev 20314)
+++ data/CVE/list	2012-10-09 21:33:40 UTC (rev 20315)
@@ -229,15 +229,15 @@
 CVE-2012-5241
 	RESERVED
 CVE-2012-5240 (Buffer overflow in the dissect_tlv function in ...)
-	- wireshark <unfixed> (bug #689972)
+	- wireshark 1.8.2-2 (bug #689972)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
 CVE-2012-5239
 	REJECTED
 CVE-2012-5238 (epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x ...)
-	- wireshark <unfixed> (bug #689972)
+	- wireshark 1.8.2-2 (bug #689972)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
 CVE-2012-5237 (The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP ...)
-	- wireshark <unfixed> (bug #689972)
+	- wireshark 1.8.2-2 (bug #689972)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
 CVE-2012-5236
 	RESERVED
@@ -1008,9 +1008,9 @@
 CVE-2012-4897 (Untrusted search path vulnerability in the installer in VMware Movie ...)
 	TODO: check
 CVE-2012-4896 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote ...)
-	TODO: check
+	NOT-FOR-US: SumatraPDF
 CVE-2012-4895 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote ...)
-	TODO: check
+	NOT-FOR-US: SumatraPDF
 CVE-2012-4894 (Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows ...)
 	TODO: check
 CVE-2012-4893 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
@@ -3870,7 +3870,7 @@
 CVE-2012-3820
 	RESERVED
 CVE-2012-3819 (Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, ...)
-	TODO: check
+	NOT-FOR-US: dartwebserver.dll
 CVE-2012-3818 (The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the ...)
 	- revelation <unfixed> (bug #680059)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3818
@@ -4675,6 +4675,7 @@
 	NOT-FOR-US: Ushahidi
 CVE-2012-3467 (Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism ...)
 	- qpid-cpp 0.16-7 (bug #684456)
+	[wheezy] - qpid-cpp 0.16-6+deb7u1
 CVE-2012-3466 [gpg passphrases cached forever]
 	RESERVED
 	- gnome-keyring 3.4.1-5 (bug #683655)
@@ -5150,7 +5151,7 @@
 CVE-2012-3320
 	RESERVED
 CVE-2012-3319 (IBM Rational Business Developer 8.x before 8.0.1.4 allows remote ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational Business Developer
 CVE-2012-3318
 	RESERVED
 CVE-2012-3317
@@ -5160,7 +5161,7 @@
 CVE-2012-3315
 	RESERVED
 CVE-2012-3314 (IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli
 CVE-2012-3313 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
 	NOT-FOR-US: IBM Maximo Asset Management
 CVE-2012-3312 (The datasource definition editor in IBM InfoSphere Guardium 8.2 and ...)
@@ -5256,9 +5257,9 @@
 CVE-2012-3268
 	RESERVED
 CVE-2012-3267 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 ...)
-	TODO: check
+	NOT-FOR-US: HP NNMi
 CVE-2012-3266 (Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX ...)
-	TODO: check
+	NOT-FOR-US: HP IBRIX
 CVE-2012-3265
 	RESERVED
 CVE-2012-3264 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 ...)
@@ -5726,7 +5727,7 @@
 CVE-2012-3036
 	RESERVED
 CVE-2012-3035 (Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows ...)
-	TODO: check
+	NOT-FOR-US: Emerson DeltaV
 CVE-2012-3034 (WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC ...)
 	NOT-FOR-US: Siemens WinCC
 CVE-2012-3033
@@ -5798,7 +5799,7 @@
 CVE-2012-3000
 	RESERVED
 CVE-2012-2999 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
-	TODO: check
+	NOT-FOR-US: Cerberus FTP
 CVE-2012-2998 (SQL injection vulnerability in the ad hoc query module in Trend Micro ...)
 	NOT-FOR-US: Trend Micro Control Manager
 CVE-2012-2997
@@ -7994,8 +7995,7 @@
 	{DSA-2469-1}
 	- linux-2.6 3.2.19-1
 CVE-2012-2132 (libsoup 2.32.2 and earlier does not validate certificates or clear the ...)
-	- libsoup2.4 <unfixed> (low; bug #672880)
-	[squeeze] - libsoup2.4 <no-dsa> (Minor issue)
+	- midori <unfixed> (unimportant; bug #672880)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=758431
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=817692
 CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in ...)
@@ -11106,6 +11106,8 @@
 	NOTE: Commit http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD@eris.apache.org%3E seems to cause regressions
 CVE-2012-0839 (OCaml 3.12.1 and earlier computes hash values without restricting the ...)
 	- ocaml 4.00.0~beta2-1 (low; bug #659149)
+	[wheezy] - ocaml <no-dsa> (Minor issue)
+	[squeeze] - ocaml <no-dsa> (Minor issue)
 CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL ...)
 	- libstruts1.2-java <not-affected> (struts 2 issue)
 CVE-2012-0837 (Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to ...)
@@ -15099,6 +15101,7 @@
 	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=494cfacdb9ba3f0549e37f76b3a2f86a7aeeac3c
 CVE-2011-4363 (ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when ...)
 	- libproc-processtable-perl <unfixed> (low; bug #650500)
+	[wheezy] - libproc-processtable-perl <no-dsa> (Minor issue)
 	[squeeze] - libproc-processtable-perl <no-dsa> (Minor issue)
 	[lenny] - libproc-processtable-perl <no-dsa> (Minor issue)
 CVE-2011-4362 (Integer signedness error in the base64_decode function in the HTTP ...)




More information about the Secure-testing-commits mailing list