[Secure-testing-commits] r20357 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Oct 16 09:54:53 UTC 2012 

Author: jmm
Date: 2012-10-16 09:54:53 +0000 (Tue, 16 Oct 2012)
New Revision: 20357

Modified:
   data/CVE/list
Log:
chrome issue also affects ffmpeg/libav
mark gnome-shell as unimportant as suggested by Helmut, thanks
ruby NUL issue likely 1.9 only, poked maintainers and filed bug
add NOTE why condor issues are unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-10-16 05:52:57 UTC (rev 20356)
+++ data/CVE/list	2012-10-16 09:54:53 UTC (rev 20357)
@@ -59,6 +59,7 @@
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
+	NOTE: Only fixed in Firefox 16, not ESR. Not sure whether this affects 10, although the title of the bugreport indicates so
 CVE-2012-5383 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
 	- mysql-5.1 <not-affected> (Windows issue only)
 	- mysql-5.5 <not-affected> (Windows issue only)
@@ -429,8 +430,10 @@
 	NOT-FOR-US: WinCDEmu
 CVE-2012-5197 (Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and ...)
 	- condor 7.8.2~dfsg.1-1+deb7u1 (unimportant)
+	NOTE: Not exploitable according to upstream
 CVE-2012-5196 (Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x ...)
 	- condor 7.8.2~dfsg.1-1+deb7u1 (unimportant)
+	NOTE: Not exploitable according to upstream
 CVE-2012-5195 [perl: segfaults when echoing a very long string]
 	RESERVED
 	- perl 5.14.2-14 (bug #689314)
@@ -2287,8 +2290,8 @@
 	RESERVED
 CVE-2012-4522 [ruby Unintentional file creation caused by inserting a illegal NUL character]
 	RESERVED
-	- ruby1.8 <unfixed>
-	- ruby1.9.1 <unfixed>
+	- ruby1.8 <undetermined>
+	- ruby1.9.1 <unfixed> (bug #690670)
 CVE-2012-4521 [rejected dupe assignment]
 	RESERVED
 CVE-2012-4520
@@ -2552,7 +2555,7 @@
 	RESERVED
 	- openslp-dfsg <unfixed> (bug #687597; low)
 CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...)
-	- gnome-shell <undetermined>
+	- gnome-shell <unfixed> (unimportant)
 	NOTE: I don't see much of a problem here, if you install from a repo, you need to trust it
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=684215
 	NOTE: As far as I can see there is still a yes/no prompt for the user. I suggest unfixed unimportant. -- helmut
@@ -6237,6 +6240,8 @@
 	- chromium-browser <unfixed>
 CVE-2012-2882 (FFmpeg, as used in Google Chrome before 22.0.1229.79, does not ...)
 	- chromium-browser <unfixed>
+	- libav <unfixed>
+	- ffmpeg <removed>
 	NOTE: https://chromiumcodereview.appspot.com/10829204
 CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle plug-ins, ...)
 	- chromium-browser <unfixed>

More information about the Secure-testing-commits mailing list