[Secure-testing-commits] r20153 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Sep 13 07:58:32 UTC 2012
Author: jmm
Date: 2012-09-13 07:58:32 +0000 (Thu, 13 Sep 2012)
New Revision: 20153
Modified:
data/CVE/list
Log:
ojs removed
keystone fixed
tor fixed
axis not for us
owncloud t-p-u fixes
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-13 05:00:26 UTC (rev 20152)
+++ data/CVE/list 2012-09-13 07:58:32 UTC (rev 20153)
@@ -1361,21 +1361,22 @@
RESERVED
CVE-2012-4422
RESERVED
+ - wordpress 3.4.2+dfsg-1
CVE-2012-4421
RESERVED
+ - wordpress 3.4.2+dfsg-1
CVE-2012-4420
RESERVED
CVE-2012-4419
RESERVED
- TODO: check
+ - tor 0.2.3.22-rc-1
NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/5
NOTE: https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
NOTE: https://gitweb.torproject.org/tor.git/commitdiff/973c18bf0e84d14d8006a9ae97fde7f7fb97e404
NOTE: https://gitweb.torproject.org/tor.git/commitdiff/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5
CVE-2012-4418 [Apache Axis2 XML Signature Wrapping Attack]
RESERVED
- TODO: check
- NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/1
+ NOT-FOR-US: We only provide Axis 1(Java) and the C-version of Axis
CVE-2012-4417
RESERVED
CVE-2012-4416
@@ -1389,7 +1390,7 @@
RESERVED
CVE-2012-4413 [openstack revoking a role does not affect existing tokens]
RESERVED
- - keystone <unfixed> (bug #687433)
+ - keystone 2012.1.1-6 (bug #687428)
NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/7
CVE-2012-4412 [strcoll int->buffer overflow]
RESERVED
@@ -1445,16 +1446,22 @@
- owncloud 4.0.3debian-1
CVE-2012-4394 (Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js ...)
- owncloud 4.0.5debian-1 (bug #686567)
+ [wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4393 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
- owncloud 4.0.7debian-1 (bug #686567)
+ [wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4392 (index.php in ownCloud 4.0.7 does not properly validate the oc_token ...)
- owncloud 4.0.7debian-1 (bug #686567)
+ [wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4391 (Cross-site request forgery (CSRF) vulnerability in ...)
- owncloud 4.0.7debian-1 (bug #686567)
+ [wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4390 ((1) apps/calendar/appinfo/remote.php and (2) ...)
- owncloud 4.0.7debian-1 (bug #686567)
+ [wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4389 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud ...)
- owncloud 4.0.7debian-1 (bug #686567)
+ [wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4388 (The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through ...)
- php5 5.4.1~rc1-1
[squeeze] - php5 <not-affected> (CVE-2011-1398 was never fixed in squeeze)
@@ -8442,14 +8449,11 @@
CVE-2012-1470
RESERVED
CVE-2012-1469 (Multiple cross-site scripting (XSS) vulnerabilities in Open Journal ...)
- - ojs <unfixed>
- TODO: check
+ - ojs <removed>
CVE-2012-1468 (Incomplete blacklist vulnerability in Open Journal Systems before ...)
- - ojs <unfixed>
- TODO: check
+ - ojs <removed>
CVE-2012-1467 (Multiple directory traversal vulnerabilities in the iBrowser plugin ...)
- - ojs <unfixed>
- TODO: check
+ - ojs <removed>
CVE-2012-1466 (The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 ...)
NOT-FOR-US: NetMechanica NetDecision
CVE-2012-1465 (Stack-based buffer overflow in the HTTP Server in NetMechanica ...)
More information about the Secure-testing-commits
mailing list