[Secure-testing-commits] r20370 - data/CVE

[Raphael Geissert]

Author: geissert
Date: 2012-10-18 22:11:53 +0000 (Thu, 18 Oct 2012)
New Revision: 20370

Modified:
   data/CVE/list
Log:
radsecproxy, and piwigo issues
add reference for vbox issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-10-18 18:50:59 UTC (rev 20369)
+++ data/CVE/list	2012-10-18 22:11:53 UTC (rev 20370)
@@ -2298,15 +2298,23 @@
 	RESERVED
 CVE-2012-4527
 	RESERVED
-CVE-2012-4526
+CVE-2012-4526 [XSS in password.php, incomplete fix for CVE-2012-4525]
 	RESERVED
-CVE-2012-4525
+	- piwigo <not-affected> (incomplete fix not applied to Debian package)
+	[squeeze] - piwigo <not-affected> (vulnerable code not present)
+CVE-2012-4525 [XSS in password.php]
 	RESERVED
+	- piwigo <unfixed>
+	[squeeze] - piwigo <not-affected> (vulnerable code not present)
+	TODO: report
 CVE-2012-4524 [xlockmore bypass]
 	RESERVED
 	- xlockmore <unfixed> (low)
 CVE-2012-4523
 	RESERVED
+	- radsecproxy <unfixed>
+	NOTE: Maintainer is aware. Upstream fix introduces a minor regression
+	NOTE: http://git.nordu.net/?p=radsecproxy.git;a=commitdiff;h=db965c9bf7cf4acc0830d7b689d69d40b9ecef8c
 CVE-2012-4522 [ruby Unintentional file creation caused by inserting a illegal NUL character]
 	RESERVED
 	- ruby1.8 <not-affected> (Only affects 1.9.x, see bug #690670)
@@ -5010,6 +5018,7 @@
 	RESERVED
 CVE-2012-3427
 	RESERVED
+	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
 CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before ...)
 	- keystone 2012.1.1-1
 CVE-2012-3425 (The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before ...)
@@ -5559,6 +5568,7 @@
 CVE-2012-3221 (Unspecified vulnerability in the Oracle VM Virtual Box component in ...)
 	- virtualbox <unfixed> (bug #690777)
 	- virtualbox-ose <removed>
+	NOTE: http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8GuestCrash/
 CVE-2012-3220
 	RESERVED
 CVE-2012-3219