[Secure-testing-commits] r20142 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Sep 12 16:21:14 UTC 2012 

Author: jmm
Date: 2012-09-12 16:21:13 +0000 (Wed, 12 Sep 2012)
New Revision: 20142

Modified:
   data/CVE/list
Log:
spip fixed
qemu fixed
ganglia fixed
ubuntu-sso-client removed
fix false positive rails entry
squashfs-tools no-dsa
ojs ITP
libparalell-forkmanager-perl no-dsa



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-09-12 16:20:35 UTC (rev 20141)
+++ data/CVE/list	2012-09-12 16:21:13 UTC (rev 20142)
@@ -301,7 +301,7 @@
 CVE-2010-5249 (Untrusted search path vulnerability in Sophos Free Encryption 2.40.1.1 ...)
 	NOT-FOR-US: Sophos Free Encryption
 CVE-2010-5248 (Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2010-5247 (Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 ...)
 	NOT-FOR-US: QtWeb Browser
 CVE-2010-5246 (Multiple untrusted search path vulnerabilities in Maxthon Browser ...)
@@ -355,7 +355,7 @@
 CVE-2012-4756 (Multiple untrusted search path vulnerabilities in CyberLink LabelPrint ...)
 	NOT-FOR-US: CyberLink LabelPrint
 CVE-2012-4755 (Untrusted search path vulnerability in SciTools Understand before 2.6 ...)
-	TODO: check
+	NOT-FOR-US: SciTools Unterstand
 CVE-2012-4754 (Multiple untrusted search path vulnerabilities in MindManager 2012 ...)
 	NOT-FOR-US: MindManager
 CVE-2011-5157 (Untrusted search path vulnerability in Attachmate Reflection before ...)
@@ -385,7 +385,7 @@
 CVE-2010-5220 (Untrusted search path vulnerability in MEO Encryption Software 2.02 ...)
 	NOT-FOR-US: MEO Encryption Software
 CVE-2010-5219 (Untrusted search path vulnerability in SmartFTP 4.0.1140.0 allows ...)
-	TODO: check
+	NOT-FOR-US: SmartFTP
 CVE-2010-5218 (Untrusted search path vulnerability in Dupehunter 9.0.0.3911 allows ...)
 	NOT-FOR-US: Dupehunter
 CVE-2010-5217 (Multiple untrusted search path vulnerabilities in TuneUp Utilities ...)
@@ -2235,9 +2235,11 @@
 CVE-2012-4025 (Integer overflow in the queue_init function in unsquashfs.c in ...)
 	- squashfs-tools <unfixed> (low; bug #683371)
 	[squeeze] - squashfs-tools <no-dsa> (Minor issue)
+	[wheezy] - squashfs-tools <no-dsa> (Minor issue)
 CVE-2012-4024 (Stack-based buffer overflow in the get_component function in ...)
 	- squashfs-tools <unfixed> (low; bug #683371)
 	[squeeze] - squashfs-tools <no-dsa> (Minor issue)
+	[wheezy] - squashfs-tools <no-dsa> (Minor issue)
 CVE-2012-4023
 	RESERVED
 CVE-2012-4022
@@ -3379,7 +3381,7 @@
 	- xen 4.1.3-2 (bug #686764)
 	[squeeze] - xen <not-affected> (Vulnerable code not present)
 	- xen-qemu-dm-4.0 <removed>
-	- qemu <unfixed>
+	- qemu 1.1.2+dfsg-1
 	- qemu-kvm 1.1.2+dfsg-1
 CVE-2012-3514 (OCaml Xml-Light Library before r234 computes hash values without ...)
 	- xml-light <unfixed> (bug #685584)
@@ -3528,13 +3530,13 @@
 	- gnome-keyring 3.4.1-5 (bug #683655)
 	[squeeze] - gnome-keyring <not-affected> (Only affects gnome-keyring 3.4.x)
 CVE-2012-3465 (Cross-site scripting (XSS) vulnerability in ...)
-	- rails <removed> (low)
+	- rails 2.3.14.1 (low)
 	- ruby-actionpack-3.2 3.2.6-4 (bug #684454)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/09/9
+	NOTE: Starting with 2.3.14.1 rails is a transition package
 CVE-2012-3464 (Cross-site scripting (XSS) vulnerability in ...)
-	- rails <removed> (low)
+	- rails 2.3.14.1 (low)
 	- ruby-actionpack-3.2 3.2.6-4 (bug #684454)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/09/10
+	NOTE: Starting with 2.3.14.1 rails is a transition package
 CVE-2012-3463 (Cross-site scripting (XSS) vulnerability in ...)
 	- rails <not-affected> (Only affects RoR 3.x)
 	- ruby-actionpack-3.2 3.2.6-4 (bug #684454)
@@ -3577,7 +3579,7 @@
 CVE-2012-3449 (Open vSwitch 1.4.2 uses world writable permissions for (1) ...)
 	- openvswitch 1.4.2+git20120612-8 (bug #683665)
 CVE-2012-3448 (Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote ...)
-	- ganglia <unfixed> (bug #683584)
+	- ganglia 3.3.8-1 (bug #683584)
 CVE-2012-3447 (virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 ...)
 	- nova 2012.1.1-6 (bug #684256)
 CVE-2012-3446 [MITM in TLS/SSL certificates verification]
@@ -8410,11 +8412,11 @@
 CVE-2012-1470
 	RESERVED
 CVE-2012-1469 (Multiple cross-site scripting (XSS) vulnerabilities in Open Journal ...)
-	TODO: check
+	- ojs <itp> (bug #670443)
 CVE-2012-1468 (Incomplete blacklist vulnerability in Open Journal Systems before ...)
-	TODO: check
+	- ojs <itp> (bug #670443)
 CVE-2012-1467 (Multiple directory traversal vulnerabilities in the iBrowser plugin ...)
-	TODO: check
+	- ojs <itp> (bug #670443)
 CVE-2012-1466 (The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 ...)
 	NOT-FOR-US: NetMechanica NetDecision
 CVE-2012-1465 (Stack-based buffer overflow in the HTTP Server in NetMechanica ...)
@@ -11733,15 +11735,15 @@
 	RESERVED
 	- cobbler <itp> (bug #545583)
 CVE-2011-4951 (Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware ...)
-	TODO: check
+	NOT-FOR-US: EGroupware
 CVE-2011-4950 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: EGroupware
 CVE-2011-4949 (SQL injection vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: EGroupware
 CVE-2011-4948 (Directory traversal vulnerability in admin/remote.php in EGroupware ...)
-	TODO: check
+	NOT-FOR-US: EGroupware
 CVE-2011-4947 (Cross-site request forgery (CSRF) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2011-4946 (SQL injection vulnerability in e107_admin/users_extended.php in e107 ...)
 	NOT-FOR-US: e107
 CVE-2011-4945
@@ -13727,7 +13729,7 @@
 CVE-2011-4453 (The PageListSort function in scripts/pagelist.php in PmWiki 2.x before ...)
 	- pmwiki <itp> (bug #330117)
 CVE-2011-4452 (Cross-site request forgery (CSRF) vulnerability in the AdminUsers ...)
-	TODO: check
+	NOT-FOR-US: WikkaWiki
 CVE-2011-4451 (** DISPUTED ** libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when ...)
 	NOT-FOR-US: WikkaWiki
 CVE-2011-4450 (Directory traversal vulnerability in handlers/files.xml/files.xml.php ...)
@@ -13858,7 +13860,7 @@
 CVE-2011-4409 (The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 ...)
 	NOT-FOR-US: Ubuntu One
 CVE-2011-4408 (The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and ...)
-	- ubuntu-sso-client <unfixed> (bug #680492)
+	- ubuntu-sso-client <removed> (bug #680492)
 CVE-2011-4407 [apt-add-repository does not perform ssl verification where it *needs* to]
 	RESERVED
 	- software-properties 0.76.7debian2+nmu2
@@ -14741,6 +14743,7 @@
 CVE-2011-4115
 	RESERVED
 	- libparallel-forkmanager-perl <unfixed> (low; bug #610384)
+	[wheezy] - libparallel-forkmanager-perl <no-dsa> (Minor issue)
 	[squeeze] - libparallel-forkmanager-perl <no-dsa> (Minor issue)
 CVE-2011-4114 (The par_mktmpdir function in the PAR::Packer module before 1.012 for ...)
 	- libpar-packer-perl 1.012-1 (bug #650706)
@@ -21558,7 +21561,7 @@
 CVE-2009-5074 (Unspecified vulnerability in the MojoX::Dispatcher::Static ...)
 	- libmojolicious-perl <not-affected> (Fixed before initial upload)
 CVE-2011-XXXX [spip DoS]
-	- spip <unfixed>
+	- spip 2.1.11-0.1
 	[squeeze] - spip 2.1.1-3squeeze1
 CVE-2011-1827 (Multiple unspecified vulnerabilities in Check Point SSL Network ...)
 	NOT-FOR-US: Check Point

More information about the Secure-testing-commits mailing list