[Secure-testing-commits] r20135 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Sep 11 15:14:28 UTC 2012
Author: jmm
Date: 2012-09-11 15:14:27 +0000 (Tue, 11 Sep 2012)
New Revision: 20135
Modified:
data/CVE/list
Log:
drop sbuild entry, not a direct security issue, rather a lack of security feature
drop more webkit entries
x11-apps fixed
samba4 fixed
drop tiff entry, regular bug
simgear/flightgear unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-11 14:24:09 UTC (rev 20134)
+++ data/CVE/list 2012-09-11 15:14:27 UTC (rev 20135)
@@ -6618,9 +6618,6 @@
CVE-2012-XXXX [libpng electric fence crash]
- libpng 1.2.49-1 (low; bug #668082)
NOTE: CVE id requested
-CVE-2012-XXXX [tiff electric fence crashes]
- - tiff <unfixed> (low; bug #668087)
- NOTE: CVE id requested
CVE-2012-2210 (The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a ...)
NOT-FOR-US: Sony Bravia
CVE-2012-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...)
@@ -6929,13 +6926,12 @@
RESERVED
- cobbler <itp> (bug #545583)
CVE-2012-2091 (Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear ...)
- - flightgear <unfixed>
- [squeeze] - flightgear <no-dsa> (Minor issue)
+ - flightgear <unfixed> (unimportant)
+ NOTE: Negligable security impact, very obscure attack vector
CVE-2012-2090 (Multiple format string vulnerabilities in FlightGear 2.6 and earlier ...)
- - simgear <unfixed> (low; bug #669024)
- [squeeze] - simgear <no-dsa> (Minor issue)
- - flightgear <unfixed> (low; bug #669025)
- [squeeze] - flightgear <no-dsa> (Minor issue)
+ - simgear <unfixed> (unimportant; bug #669024)
+ - flightgear <unfixed> (unimportant; bug #669025)
+ NOTE: Negligable security impact, very obscure attack vector
CVE-2012-2089 (Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module ...)
- nginx 1.1.19-1
[squeeze] - nginx <not-affected> (Vulnerable code not present)
@@ -8780,8 +8776,6 @@
NOT-FOR-US: SAP NetWeaver
CVE-2012-1289 (Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 ...)
NOT-FOR-US: SAP NetWeaver
-CVE-2012-XXXX [sbuild privilege escalation]
- - sbuild <unfixed> (bug #661037)
CVE-2012-1293 [F*X XSS via from/to parameters in fup]
RESERVED
{DSA-2414-1}
@@ -10016,7 +10010,7 @@
NOT-FOR-US: RESTEasy framework for JBoss
CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote ...)
- samba 2:3.6.3-1 (low)
- - samba4 <unfixed>
+ - samba4 4.0.0~alpha18.dfsg1-1
[squeeze] - samba <not-affected> (Only affects 3.6.x)
[lenny] - samba <not-affected> (Only affects 3.6.x)
CVE-2012-0816
@@ -10315,7 +10309,6 @@
CVE-2010-5082 (Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in ...)
NOT-FOR-US: Windows Server
CVE-2010-XXXX [webkit info disclosure/segfault]
- - webkit <unfixed> (low; bug #579136)
- chromium-browser <not-affected>
CVE-2012-0697 (HP StorageWorks P2000 G3 MSA array systems have a default account, ...)
NOT-FOR-US: HP StorageWorks
@@ -27257,8 +27250,6 @@
NOTE: http://www.waraxe.us/advisory-77.html
NOTE: CVE ID requested
CVE-2010-XXXX [webkit info leak]
- - webkit <unfixed> (low)
- [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <undetermined> (low)
NOTE: http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html
CVE-2010-4558 (phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and ...)
@@ -110635,7 +110626,8 @@
- xfree86 <removed> (bug #321447; low)
[woody] - xfree86 <no-dsa> (Hardly exploitable)
[sarge] - xfree86 <no-dsa> (Hardly exploitable)
- - x11-apps <unfixed> (bug #321447; low)
+ - x11-apps 7.7~1 (bug #321447; low)
+ [squeeze] - x11-apps <no-dsa> (Minor issue)
CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
- ghostscript 8.61.dfsg.1~svn8187-1 (bug #291452; unimportant)
NOTE: Not included in the binary package
More information about the Secure-testing-commits
mailing list