[Secure-testing-commits] r20350 - data/CVE
Helmut Grohne
helmut-guest at alioth.debian.org
Mon Oct 15 08:47:54 UTC 2012
Author: helmut-guest
Date: 2012-10-15 08:47:54 +0000 (Mon, 15 Oct 2012)
New Revision: 20350
Modified:
data/CVE/list
Log:
added NOTEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-10-15 07:28:20 UTC (rev 20349)
+++ data/CVE/list 2012-10-15 08:47:54 UTC (rev 20350)
@@ -2536,7 +2536,10 @@
RESERVED
- openslp-dfsg <unfixed> (bug #687597; low)
CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...)
+ - gnome-shell <undetermined>
NOTE: I don't see much of a problem here, if you install from a repo, you need to trust it
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=684215
+ NOTE: As far as I can see there is still a yes/no prompt for the user. I suggest unfixed unimportant. -- helmut
CVE-2012-4426
RESERVED
- mcrypt 2.6.8-1.1
@@ -6218,6 +6221,7 @@
- chromium-browser <unfixed>
CVE-2012-2882 (FFmpeg, as used in Google Chrome before 22.0.1229.79, does not ...)
- chromium-browser <unfixed>
+ NOTE: https://chromiumcodereview.appspot.com/10829204
CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle plug-ins, ...)
- chromium-browser <unfixed>
CVE-2012-2880 (Race condition in Google Chrome before 22.0.1229.79 allows remote ...)
More information about the Secure-testing-commits
mailing list