[Secure-testing-commits] r20081 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Sep 3 09:12:57 UTC 2012 

Author: jmm
Date: 2012-09-03 09:12:57 +0000 (Mon, 03 Sep 2012)
New Revision: 20081

Modified:
   data/CVE/list
Log:
asterisk fixed
devscripts fixed
openjdk6 fixed
there have been several CVE assignments for STARTTLS issues by now, drop the TODO


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-09-02 22:25:51 UTC (rev 20080)
+++ data/CVE/list	2012-09-03 09:12:57 UTC (rev 20081)
@@ -129,7 +129,7 @@
 	NOT-FOR-US: Adminimize plugin for Wordpress
 CVE-2012-4737
 	RESERVED
-	- asterisk <unfixed> (bug #680470)
+	- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
 CVE-2012-XXXX
 	- juju 0.5.1-2 (bug #685728)
 CVE-2012-4681 (Multiple vulnerabilities in the Java Runtime Environment (JRE) ...)
@@ -2131,7 +2131,7 @@
 CVE-2012-3848 (Multiple cross-site scripting (XSS) vulnerabilities in the web console ...)
 	NOT-FOR-US: Plixer Scrutinizer
 CVE-2012-3863 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and ...)
-	- asterisk <unfixed>
+	- asterisk 1:1.8.13.1~dfsg-1
 CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 ...)
 	NOT-FOR-US: Windows utility
 CVE-2012-3846 (Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin ...)
@@ -2220,7 +2220,7 @@
 CVE-2012-3813
 	RESERVED
 CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk Open ...)
-	- asterisk <unfixed> (bug #680470)
+	- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
 	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
 CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the ...)
 	NOT-FOR-US: Avaya IP Office Customer Call Reporter
@@ -2912,7 +2912,7 @@
 	- squidclamav <unfixed> (bug #685398)
 CVE-2012-3500 [annotate-output temp files handling]
 	RESERVED
-	- devscripts <unfixed>
+	- devscripts 2.12.2
 CVE-2012-3499
 	RESERVED
 CVE-2012-3498
@@ -6149,7 +6149,7 @@
 	RESERVED
 CVE-2012-2186
 	RESERVED
-	- asterisk <unfixed> (bug #680470)
+	- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
 CVE-2012-2185
 	RESERVED
 CVE-2012-2184
@@ -10144,7 +10144,7 @@
 	NOT-FOR-US: Oracle SPARC Enterprise M Series Servers XCP 1110
 CVE-2012-0547 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-7 <unfixed> (low)
-	- openjdk-6 <unfixed> (low)
+	- openjdk-6 6b24-1.11.4-1 (low)
 CVE-2012-0546 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
 	NOT-FOR-US: Oracle Financial Services Software
 CVE-2012-0545 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
@@ -25379,7 +25379,6 @@
 	NOT-FOR-US: Oracle Solaris
 CVE-2011-0411 (The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x ...)
 	{DSA-2233-1}
-	TODO: lots of various other packages potentially affected, need to check them, see http://www.kb.cert.org/vuls/id/555316
 	- postfix 2.8.0-1
 	NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded
 	NOTE: http://www.postfix.org/announcements/postfix-2.7.3.html

More information about the Secure-testing-commits mailing list