[Secure-testing-commits] r20421 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Oct 31 06:40:54 UTC 2012
Author: jmm
Date: 2012-10-31 06:40:54 +0000 (Wed, 31 Oct 2012)
New Revision: 20421
Modified:
data/CVE/list
Log:
jboss not-affected
new plib issue
NFUs
kfreebsd kernel issues no-dsa
one iceape issue already fixed
two mozilla issues do not affected the 10 ESR series
wordpress no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-10-30 21:14:25 UTC (rev 20420)
+++ data/CVE/list 2012-10-31 06:40:54 UTC (rev 20421)
@@ -533,15 +533,15 @@
CVE-2012-5455 (Cross-site scripting (XSS) vulnerability in the language search ...)
TODO: check
CVE-2012-5454 (user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not ...)
- TODO: check
+ NOT-FOR-US: ATutor AContent
CVE-2012-5453 (SQL injection vulnerability in user/index_inline_editor_submit.php in ...)
TODO: check
CVE-2012-5452 (Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2011-5212 (SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2011-5211 (Cross-site scripting (XSS) vulnerability in the poll module in Subrion ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2012-5451
RESERVED
CVE-2012-5450
@@ -705,12 +705,16 @@
RESERVED
- kfreebsd-8 <unfixed> (bug #690986)
- kfreebsd-9 <unfixed>
+ [squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
+ [squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
CVE-2012-5364
RESERVED
NOT-FOR-US: Microsoft Windows
CVE-2012-5363
RESERVED
- kfreebsd-8 <unfixed> (bug #690986)
+ [squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
+ [squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
- kfreebsd-9 <unfixed>
CVE-2012-5362
RESERVED
@@ -739,10 +743,9 @@
CVE-2012-5355 (welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to ...)
NOT-FOR-US: xdiagnose
CVE-2012-5354 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...)
- - iceweasel <unfixed>
- - icedove <unfixed>
- - iceape <unfixed>
- NOTE: Only fixed in Firefox 16, not ESR. Not sure whether this affects 10, although the title of the bugreport indicates so
+ - iceape <not-affected> (Only affects 16.x release from experimental)
+ - iceweasel <not-affected> (Only affects 16.x release from experimental)
+ - icedove <not-affected> (Only affects 16.x release from experimental)
CVE-2012-5383 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
- mysql-5.1 <not-affected> (Windows issue only)
- mysql-5.5 <not-affected> (Windows issue only)
@@ -867,7 +870,7 @@
CVE-2012-5303 (Monkey HTTP Daemon 0.9.3 might allow local users to overwrite ...)
- monkey <removed> (unimportant)
CVE-2012-5302 (The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not ...)
- TODO: check
+ NOT-FOR-US: TIBCO Formvine
CVE-2011-5208 (Multiple directory traversal vulnerabilities in the BackWPup plugin ...)
NOT-FOR-US: BackWPup
CVE-2010-5279 (article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers ...)
@@ -952,7 +955,7 @@
CVE-2012-5274
RESERVED
CVE-2012-5273 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave
CVE-2012-5272 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
NOT-FOR-US: Adobe Flash Player
CVE-2012-5271 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
@@ -1168,11 +1171,11 @@
CVE-2012-5170
RESERVED
CVE-2012-5169 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: ATutor AContent
CVE-2012-5168 (ATutor AContent before 1.2-1 allows remote attackers to modify ...)
- TODO: check
+ NOT-FOR-US: ATutor AContent
CVE-2012-5167 (Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 ...)
- TODO: check
+ NOT-FOR-US: ATutor AContent
CVE-2012-5166 (ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before ...)
{DSA-2560-1}
- bind9 1:9.8.1.dfsg.P1-4.3 (bug #690118)
@@ -1702,7 +1705,7 @@
CVE-2012-4934
RESERVED
CVE-2012-4933 (The rtrlet web application in the Web Console in Novell ZENworks Asset ...)
- TODO: check
+ NOT-FOR-US: Novell ZENworks
CVE-2012-4932
RESERVED
CVE-2012-4931
@@ -1929,7 +1932,7 @@
CVE-2012-4846
RESERVED
CVE-2012-4845 (The FTP client in AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2012-4844
RESERVED
CVE-2012-4843
@@ -2073,11 +2076,11 @@
CVE-2012-4774
RESERVED
CVE-2012-4773 (Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2012-4772 (SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2012-4771 (Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2012-4770
RESERVED
CVE-2012-4769
@@ -2952,11 +2955,13 @@
NOTE: http://drupal.org/node/1815912
CVE-2012-4552
RESERVED
+ - plib <unfixed>
CVE-2012-4551
RESERVED
NOT-FOR-US: libunity-webapps
CVE-2012-4550
RESERVED
+ - jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-4549
RESERVED
CVE-2012-4548
@@ -3224,7 +3229,9 @@
CVE-2012-4449
RESERVED
CVE-2012-4448 (Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php ...)
- - wordpress <unfixed> (bug #689031)
+ - wordpress <unfixed> (low; bug #689031)
+ [squeeze] - wordpress <no-dsa> (Minor issue)
+ [wheezy] - wordpress <no-dsa> (Minor issue)
CVE-2012-4447 (Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 ...)
{DSA-2561-1}
- tiff 4.0.2-4 (bug #688944)
@@ -3940,7 +3947,7 @@
CVE-2012-4183 (Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures ...)
- iceweasel 10.0.8esr-1
- icedove 10.0.9-1
- - iceape <unfixed>
+ - iceape 2.7.9-1
CVE-2012-4182 (Use-after-free vulnerability in the nsTextEditRules::WillInsert ...)
{DSA-2569-1 DSA-2565-1}
- iceweasel 10.0.8esr-1
@@ -3968,15 +3975,15 @@
CVE-2012-4177 (The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote ...)
NOT-FOR-US: Ubisoft Uplay PC
CVE-2012-4176 (Array index error in Adobe Shockwave Player before 11.6.8.638 allows ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave
CVE-2012-4175 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave
CVE-2012-4174 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave
CVE-2012-4173 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave
CVE-2012-4172 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave
CVE-2012-4171 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
NOT-FOR-US: Adobe Flash Player
CVE-2012-4170 (Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows ...)
@@ -4426,10 +4433,9 @@
- icedove <not-affected> (Only affects Firefox >= 10)
- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3984 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...)
- - iceweasel <unfixed>
- - icedove <unfixed>
- - iceape <unfixed>
- NOTE: Only fixed in Firefox 16, not ESR. Not sure whether this affects 10, although the title of the bugreport indicates so
+ - iceweasel <not-affected> (Only affects Firefox >= 10)
+ - icedove <not-affected> (Only affects Firefox >= 10)
+ - iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3983 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox >= 10)
- icedove <not-affected> (Only affects Firefox >= 10)
@@ -4596,17 +4602,17 @@
CVE-2012-3942
RESERVED
CVE-2012-3941 (Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) ...)
- TODO: check
+ NOT-FOR-US: Cisco WebEx
CVE-2012-3940 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 ...)
- TODO: check
+ NOT-FOR-US: Cisco WebEx
CVE-2012-3939 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 ...)
- TODO: check
+ NOT-FOR-US: Cisco WebEx
CVE-2012-3938 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 ...)
- TODO: check
+ NOT-FOR-US: Cisco WebEx
CVE-2012-3937 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 ...)
- TODO: check
+ NOT-FOR-US: Cisco WebEx
CVE-2012-3936 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 ...)
- TODO: check
+ NOT-FOR-US: Cisco WebEx
CVE-2012-3935 (Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible ...)
NOT-FOR-US: Cisco Unified Presence, Jabber Extensible Communications Platform
CVE-2012-3934
More information about the Secure-testing-commits
mailing list