[Secure-testing-commits] r20360 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Oct 17 07:22:47 UTC 2012 

Author: jmm
Date: 2012-10-17 07:22:47 +0000 (Wed, 17 Oct 2012)
New Revision: 20360

Modified:
   data/CVE/list
Log:
mc, vino no-dsa
librdmacm fixed, squeeze not affected
new otrs2 issue, fixed in sid


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-10-17 04:59:35 UTC (rev 20359)
+++ data/CVE/list	2012-10-17 07:22:47 UTC (rev 20360)
@@ -1599,6 +1599,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
 CVE-2012-4751
 	RESERVED
+	- otrs2 3.1.7+dfsg1-6
 CVE-2012-4750
 	RESERVED
 CVE-2012-4749
@@ -2307,7 +2308,8 @@
 	NOT-FOR-US: ibacm
 CVE-2012-4516
 	RESERVED
-	- librdmacm <unfixed> (bug #690672)
+	- librdmacm 1.0.16-1 (bug #690672)
+	[squeeze] - librdmacm <not-affected> (Introduced in 1.0.12)
 CVE-2012-4515
 	RESERVED
 	- kdebase <removed> (unimportant)
@@ -2445,8 +2447,9 @@
 	- ruby1.9.1 1.9.3.194-2 (low; bug #689075)
 	[squeeze] - ruby1.9.1 <not-affected> (Introduced in 1.9.3)
 CVE-2012-4463 (Midnight Commander (mc) 4.8.5 does not properly handle the (1) ...)
-	- mc <unfixed> (bug #689571)
-	NOTE: https://www.midnight-commander.org/ticket/2913
+	- mc <unfixed> (low; bug #689571)
+	[wheezy] - mc <no-dsa> (Minor issue)
+	[squeeze] - mc <no-dsa> (Minor issue)
 CVE-2012-4462
 	RESERVED
 	- condor <not-affected> (This bug only affects the Aviary contrib module, which isn't built in the Debian condor package, #690556)
@@ -2552,6 +2555,8 @@
 	NOTE: http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905
 CVE-2012-4429 (Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read ...)
 	- vino <unfixed> (bug #687596; low)
+	[squeeze] - vino <no-dsa> (Minor issue)
+	[wheezy] - vino <no-dsa> (Minor issue)
 CVE-2012-4428
 	RESERVED
 	- openslp-dfsg <unfixed> (bug #687597; low)
@@ -13358,7 +13363,7 @@
 CVE-2012-0228 (Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not ...)
 	NOT-FOR-US: Invensys Wonderware Information Server
 CVE-2012-0227 (Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ...)
-	TODO: check
+	NOT-FOR-US: Open Automation Software OPC Systems.NET
 CVE-2012-0226 (SQL injection vulnerability in Invensys Wonderware Information Server ...)
 	NOT-FOR-US: Invensys Wonderware Information Server
 CVE-2012-0225 (Cross-site scripting (XSS) vulnerability in Invensys Wonderware ...)

More information about the Secure-testing-commits mailing list