[Secure-testing-commits] r20399 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Oct 25 11:23:55 UTC 2012 

Author: jmm
Date: 2012-10-25 11:23:55 +0000 (Thu, 25 Oct 2012)
New Revision: 20399

Modified:
   data/CVE/list
Log:
more chromium fixed, one issue not-affected
binutils no-dsa (borderline to unimportant anyway)
jboss issue doesn't affect Debian
new linux issue
four libav issues only affect the wmalossless decoder introduced in libav 0.9 (exp)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-10-24 21:16:13 UTC (rev 20398)
+++ data/CVE/list	2012-10-25 11:23:55 UTC (rev 20399)
@@ -154,7 +154,7 @@
 CVE-2012-5384 (Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen ...)
 	- webcalendar <removed>
 CVE-2012-5376 (The Inter-process Communication (IPC) implementation in Google Chrome ...)
-	- chromium-browser <unfixed>
+	- chromium-browser 22.0.1229.94~r161065-1
 CVE-2012-5375
 	RESERVED
 CVE-2012-5374
@@ -1179,7 +1179,7 @@
 	NOTE: http://www.imperialviolet.org/2012/09/21/crime.html
 CVE-2012-4929 (The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google ...)
 	- iceweasel <not-affected> (Firefox ESV not use TLS/SSL compression)
-	- chromium-browser <unfixed>
+	- chromium-browser 22.0.1229.94~r161065-1
 	NOTE: Chromium fix: https://chromiumcodereview.appspot.com/10825183/
 	TODO: check openssl
 CVE-2012-4928 (Cross-site scripting (XSS) vulnerability in ow_updates/index.php in ...)
@@ -2444,6 +2444,7 @@
 	- linux-2.6 <removed>
 CVE-2012-4529
 	RESERVED
+	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
 CVE-2012-4528
 	RESERVED
 	- modsecurity-apache 2.6.6-5 (bug #691146)
@@ -2518,6 +2519,8 @@
 	RESERVED
 CVE-2012-4508
 	RESERVED
+	- linux <unfixed>
+	- linux-2.6 <removed>
 CVE-2012-4507 (The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 ...)
 	- claws-mail 3.8.1-2 (bug #690151)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862578
@@ -4964,6 +4967,8 @@
 	- linux-2.6 2.6.20-1
 CVE-2012-3509 (Multiple integer overflows in the (1) _objalloc_alloc function in ...)
 	- binutils <unfixed> (low; bug #688951)
+	[wheezy] - binutils <no-dsa> (Minor issue)
+	[squeeze] - binutils <no-dsa> (Minor issue)
 CVE-2012-4668 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 ...)
 	- roundcube 0.7.2-4 (bug #685475)
 	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
@@ -6451,7 +6456,7 @@
 CVE-2012-2897 (The kernel in Microsoft Windows 7, as used by Google Chrome before ...)
 	- chromium-browser <not-affected> (Windows-specific)
 CVE-2012-2896 (Integer overflow in the WebGL implementation in Google Chrome before ...)
-	- chromium-browser <unfixed>
+	- chromium-browser <not-affected> (MacOS X-specific)
 CVE-2012-2895 (The PDF functionality in Google Chrome before 22.0.1229.79 allows ...)
 	- chromium-browser <not-affected> (PDF viewer not included in Chromium)
 CVE-2012-2894 (Google Chrome before 22.0.1229.79 does not properly handle ...)
@@ -6712,8 +6717,8 @@
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2799 (Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
-	- libav <unfixed> (bug #688847)
+	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
+	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2798 (Unspecified vulnerability in the decode_dds1 function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
@@ -6724,8 +6729,8 @@
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2795 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
-	- libav <unfixed> (bug #688847)
+	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
+	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2794 (Unspecified vulnerability in the decode_mb_info function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
@@ -6733,8 +6738,8 @@
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2792 (Unspecified vulnerability in the decode_init function in ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
-	- libav <unfixed> (bug #688847)
+	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
+	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2791 (Multiple unspecified vulnerabilities in the (1) decode_band_hdr ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav <unfixed> (bug #688847)
@@ -6754,8 +6759,8 @@
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2785 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
-	- libav <unfixed> (bug #688847)
+	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
+	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2784 (Unspecified vulnerability in the decode_pic function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)

More information about the Secure-testing-commits mailing list