[Secure-testing-commits] r20155 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Sep 13 16:30:25 UTC 2012
Author: jmm
Date: 2012-09-13 16:30:24 +0000 (Thu, 13 Sep 2012)
New Revision: 20155
Modified:
data/CVE/list
Log:
new dbus issue
filed bugs for openjdk7 and eglibc
nvidia root exploit also affectd legacy driver
n-m no-dsa
munin fixed
wheezy no-dsa: ruby, php5, ncpfs
libdbus issue needs more studying..
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-13 08:12:19 UTC (rev 20154)
+++ data/CVE/list 2012-09-13 16:30:24 UTC (rev 20155)
@@ -1367,7 +1367,7 @@
- wordpress 3.4.2+dfsg-1
CVE-2012-4420
RESERVED
- - openjdk-7 <unfixed>
+ - openjdk-7 <unfixed> (bug #687486)
- openjdk-6 <not-affected> (Only affects Java 7)
CVE-2012-4419
RESERVED
@@ -1399,7 +1399,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/7
CVE-2012-4412 [strcoll int->buffer overflow]
RESERVED
- - eglibc <unfixed>
+ - eglibc <unfixed> (bug #687530)
CVE-2012-4411
RESERVED
{DSA-2543-1}
@@ -1852,7 +1852,9 @@
CVE-2012-4225 [Security issue in NVIDIA UNIX device files to map and program registers to redirect the VGA window]
RESERVED
- nvidia-graphics-drivers 304.37-1 (bug #684781)
+ - nvidia-graphics-drivers-legacy-173xx 173.14.35-3
[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [squeeze] - nvidia-graphics-drivers-legacy-173xx <no-dsa> (Non-free not supported)
NOTE: http://seclists.org/fulldisclosure/2012/Aug/4
NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3140
CVE-2012-4224
@@ -2033,7 +2035,7 @@
CVE-2012-XXXX [base name disclosure]
- spip 2.1.17-1 (bug #683667)
CVE-2012-XXXX [insecure default configuration / authentication bypass]
- - munin <unfixed> (bug #682869)
+ - munin 2.0.5-1 (bug #682869)
CVE-2012-4141
RESERVED
CVE-2012-4140
@@ -3395,7 +3397,7 @@
- jabberd2 <unfixed> (bug #685666)
CVE-2012-3524 [libdbus getenv]
RESERVED
- TODO: check
+ TODO: Needs more checking, probably this should be fixed in the affected apps like spice?
NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=697105
NOTE: http://stealth.openwall.net/null/dzug.c
@@ -9342,7 +9344,9 @@
- linux-2.6 3.2.10-1 (low)
CVE-2012-1096
RESERVED
- - network-manager <unfixed> (bug #684259)
+ - network-manager <unfixed> (low; bug #684259)
+ [wheezy] - network-manager <no-dsa> (Minor issue)
+ [squeeze] - network-manager <no-dsa> (Minor issue)
CVE-2012-1095
RESERVED
- osc <unfixed> (unimportant)
@@ -16405,10 +16409,12 @@
- ruby1.8 <unfixed> (low; bug #646020)
[lenny] - ruby1.8 <no-dsa> (Minor issue)
[squeeze] - ruby1.8 <no-dsa> (Minor issue)
+ [wheezy] - ruby1.8 <no-dsa> (Minor issue)
- ruby1.9 <removed> (low; bug #646020)
[lenny] - ruby1.9 <no-dsa> (Minor issue)
- ruby1.9.1 <unfixed> (low; bug #646020)
[squeeze] - ruby1.9.1 <no-dsa> (Minor issue)
+ [wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
CVE-2011-3623 [media-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers]
RESERVED
- vlc 1.1.3-1
@@ -22084,9 +22090,11 @@
CVE-2011-1680 (ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ ...)
- ncpfs <unfixed> (low; bug #660545)
[squeeze] - ncpfs <no-dsa> (Minor issue)
+ [wheezy] - ncpfs <no-dsa> (Minor issue)
CVE-2011-1679 (ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the ...)
- ncpfs <unfixed> (low; bug #660545)
[squeeze] - ncpfs <no-dsa> (Minor issue)
+ [wheezy] - ncpfs <no-dsa> (Minor issue)
CVE-2011-1678 (smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to ...)
- samba 2:3.4.7~dfsg-2 (low)
- cifs-utils 2:5.1-1 (low)
@@ -26284,6 +26292,8 @@
CVE-2010-4657 [xmlTextWriterWriteAttribute heap disclosure]
RESERVED
- php5 <unfixed> (low)
+ [wheezy] - php5 <no-dsa> (Minor issue)
+ [squeeze] - php5 <no-dsa> (Minor issue)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=631551
NOTE: This was initially reported to be a bug in libxml2, but it later showed that PHP
NOTE: is using the libxml2 API in an incorrect manner
More information about the Secure-testing-commits
mailing list