[Secure-testing-commits] r20370 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Thu Oct 18 22:11:53 UTC 2012
Author: geissert
Date: 2012-10-18 22:11:53 +0000 (Thu, 18 Oct 2012)
New Revision: 20370
Modified:
data/CVE/list
Log:
radsecproxy, and piwigo issues
add reference for vbox issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-10-18 18:50:59 UTC (rev 20369)
+++ data/CVE/list 2012-10-18 22:11:53 UTC (rev 20370)
@@ -2298,15 +2298,23 @@
RESERVED
CVE-2012-4527
RESERVED
-CVE-2012-4526
+CVE-2012-4526 [XSS in password.php, incomplete fix for CVE-2012-4525]
RESERVED
-CVE-2012-4525
+ - piwigo <not-affected> (incomplete fix not applied to Debian package)
+ [squeeze] - piwigo <not-affected> (vulnerable code not present)
+CVE-2012-4525 [XSS in password.php]
RESERVED
+ - piwigo <unfixed>
+ [squeeze] - piwigo <not-affected> (vulnerable code not present)
+ TODO: report
CVE-2012-4524 [xlockmore bypass]
RESERVED
- xlockmore <unfixed> (low)
CVE-2012-4523
RESERVED
+ - radsecproxy <unfixed>
+ NOTE: Maintainer is aware. Upstream fix introduces a minor regression
+ NOTE: http://git.nordu.net/?p=radsecproxy.git;a=commitdiff;h=db965c9bf7cf4acc0830d7b689d69d40b9ecef8c
CVE-2012-4522 [ruby Unintentional file creation caused by inserting a illegal NUL character]
RESERVED
- ruby1.8 <not-affected> (Only affects 1.9.x, see bug #690670)
@@ -5010,6 +5018,7 @@
RESERVED
CVE-2012-3427
RESERVED
+ - jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before ...)
- keystone 2012.1.1-1
CVE-2012-3425 (The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before ...)
@@ -5559,6 +5568,7 @@
CVE-2012-3221 (Unspecified vulnerability in the Oracle VM Virtual Box component in ...)
- virtualbox <unfixed> (bug #690777)
- virtualbox-ose <removed>
+ NOTE: http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8GuestCrash/
CVE-2012-3220
RESERVED
CVE-2012-3219
More information about the Secure-testing-commits
mailing list