[Secure-testing-commits] r20189 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Sep 18 16:48:29 UTC 2012


Author: jmm
Date: 2012-09-18 16:48:29 +0000 (Tue, 18 Sep 2012)
New Revision: 20189

Modified:
   data/CVE/list
Log:
new monkey issues
offlineimap no-dsa
nagios3 fixed
packagekit fixed
qemu-kvm fixed
texlive no-dsa
pnp4nagios non-issue
elixir no-dsa
inkscape issue hardly security-relevant
one java issue only in j7
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-09-18 11:04:08 UTC (rev 20188)
+++ data/CVE/list	2012-09-18 16:48:29 UTC (rev 20189)
@@ -1,3 +1,7 @@
+CVE-2012-XXXX [monkey: Fails to drop supplemental groups when lowering privileges]
+	- monkey <unfixed> (bug #688007)
+CVE-2012-XXXX [monkey: CGI scripts executed without dropping RUID/RGID root]
+	- monkey <unfixed> (bug #688008)
 CVE-2012-4930 (The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google ...)
 	- iceweasel <not-affected> (Firefox ESV not support SDPY)
 	TODO: check chromium
@@ -7,7 +11,7 @@
 CVE-2012-4928 (Cross-site scripting (XSS) vulnerability in ow_updates/index.php in ...)
 	NOT-FOR-US: Oxwall 1.1.1
 CVE-2012-4927 (SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before ...)
-	TODO: check
+	NOT-FOR-US: Limesurvey
 CVE-2012-4926 (approve.php in Img Pals Photo Host 1.0 does not authenticate requests, ...)
 	NOT-FOR-US: Img Pals Photo Host 1.0
 CVE-2012-4925 (Multiple SQL injection vulnerabilities in approve.php in Img Pals ...)
@@ -106,7 +110,7 @@
 CVE-2012-4894
 	RESERVED
 CVE-2012-4893 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Webmin
 CVE-2012-4892 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS ...)
 	NOT-FOR-US: FlatnuX CMS
 CVE-2012-4891 (Cross-site scripting (XSS) vulnerability in fw/index2.do in ...)
@@ -1693,7 +1697,7 @@
 CVE-2012-4361 (lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN ...)
 	NOT-FOR-US: HP Virtual SAN Appliance
 CVE-2012-4360 (Cross-site scripting (XSS) vulnerability in the mod_pagespeed module ...)
-	TODO: check
+	NOT-FOR-US: mod_pagespeed
 CVE-2012-4359 (Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA ...)
 	NOT-FOR-US: Sielco Sistemi Winlog SCADA
 CVE-2012-4358 (Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA ...)
@@ -2471,7 +2475,7 @@
 	NOTE: https://forge.indepnet.net/projects/glpi/versions/771
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1
 CVE-2012-4001 (The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server ...)
-	TODO: check
+	NOT-FOR-US: mod_pagespeed
 CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var ...)
 	{DSA-2522-1}
 	- fckeditor 1:2.6.6-3 (bug #683418)
@@ -2913,7 +2917,7 @@
 	- bind9 1:9.8.1.dfsg.P1-4.2 (bug #683259)
 	NOTE: https://kb.isc.org/article/AA-00729
 CVE-2012-XXXX [packagekit insecure temp file]
-	- packagekit <unfixed> (bug #678189)
+	- packagekit 0.7.6-1 (bug #678189)
 CVE-2012-3816 (WinRadius Server 2009 allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: WinRadius
 CVE-2012-3815 (Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA ...)
@@ -3241,141 +3245,141 @@
 CVE-2012-3657 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
 	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3656 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3655 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3654 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3653 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3652 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3651 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3650 (WebKit in Apple Safari before 6.0 accesses uninitialized memory ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3649 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3648 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3647 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3646 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3645 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3644 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3643 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3642 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3641 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3640 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3639 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3638 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3637 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3636 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3635 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3634 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3633 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3632 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3631 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3630 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3629 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3628 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3627 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3626 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3625 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3624 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3623 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3622 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3621 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3620 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3619
 	RESERVED
 CVE-2012-3618 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3617 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3616 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3615 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3614 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3613 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3612 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3611 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3610 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3609 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3608 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3607 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3606 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3605 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3604 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3603 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3602 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3601 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3600 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3599 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3598 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3597 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3596 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3595 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3594 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3593 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3592 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3591 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3590 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3589 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
-	- webkit <undetermined>
+	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2012-3588 (Directory traversal vulnerability in preview.php in the Plugin ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2012-3587 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the ...)
@@ -3744,7 +3748,8 @@
 	{DSA-2541-1}
 	- beaker 1.6.3-1.1 (bug #684890)
 CVE-2012-3457 (PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for ...)
-	- pnp4nagios <unfixed> (low; bug #683879)
+	- pnp4nagios <unfixed> (unimportant; bug #683879)
+	NOTE: The permissions of this file are under the control of the admin
 CVE-2012-3456 (Heap-based buffer overflow in the read function in ...)
 	- calligra 1:2.4.3-2 (bug #684004)
 	- wv2 0.4.2.dfsg.1-9.1
@@ -4870,11 +4875,11 @@
 CVE-2012-2984 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: Websense
 CVE-2012-2983 (file/edit_html.cgi in Webmin 1.590 and earlier does not perform an ...)
-	TODO: check
+	NOT-FOR-US: Webmin
 CVE-2012-2982 (file/show.cgi in Webmin 1.590 and earlier allows remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: Webmin
 CVE-2012-2981 (Webmin 1.590 and earlier allows remote authenticated users to execute ...)
-	TODO: check
+	NOT-FOR-US: Webmin
 CVE-2012-2980 (The Samsung and HTC onTouchEvent method implementation for Android on ...)
 	NOT-FOR-US: Samsung and HTC Android
 CVE-2012-2979 [VU#517036: NSD 3.2.13 emergency release]
@@ -5675,7 +5680,7 @@
 CVE-2012-2652 (The bdrv_open function in Qemu 1.0 does not properly handle the ...)
 	{DSA-2545-1 DSA-2542-1}
 	- qemu 1.1.0+dfsg-1 (bug #678280)
-	- qemu-kvm <unfixed>
+	- qemu-kvm 1.1.0+dfsg-1
 CVE-2012-2651
 	RESERVED
 CVE-2012-2650
@@ -6949,6 +6954,8 @@
 	[squeeze] - munin <not-affected> (Vulnerable code not present)
 CVE-2012-2146 (Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique ...)
 	- elixir <unfixed> (low; bug #670919)
+	[squeeze] - elixir <no-dsa> (Minor issue)
+	[wheezy] - elixir <no-dsa> (Minor issue)
 CVE-2012-2145 [qpid DoS]
 	RESERVED
 	- qpid-cpp 0.16-1 (bug #672124)
@@ -7034,6 +7041,7 @@
 	- linux-2.6 3.2.17-1
 CVE-2012-2120 (latex2man in texlive-extra-utils 2011.20120322, and possibly other ...)
 	- texlive-extra <unfixed> (low; bug #668779)
+	[wheezy] - texlive-extra <no-dsa> (Minor issue)
 	[squeeze] - texlive-extra <no-dsa> (Minor issue)
 CVE-2012-2119
 	RESERVED
@@ -8098,7 +8106,6 @@
 	NOT-FOR-US: Solaris
 CVE-2012-1682 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-7 7u3-2.1.2-1
-	- openjdk-6 <unfixed>
 CVE-2012-1681 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...)
 	NOT-FOR-US: Solaris
 CVE-2012-1680
@@ -11648,8 +11655,6 @@
 	NOT-FOR-US: IBM Web Experience Factory
 CVE-2011-5047 (Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in ...)
 	NOT-FOR-US: pfSense
-CVE-2012-XXXX [inkscape files unexpectedly read from /tmp]
-	- inkscape <unfixed> (low; bug #654341)
 CVE-2012-0287 (Cross-site scripting (XSS) vulnerability in wp-comments-post.php in ...)
 	- wordpress 3.3.1+dfsg-1
 	[squeeze] - wordpress <not-affected> (only 3.3.x vulnerable) 
@@ -20777,8 +20782,9 @@
 CVE-2011-2477 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in ...)
 	- icinga 1.4.1-1
 	[squeeze] - icinga <no-dsa> (Minor issue)
-	- nagios3 <unfixed>
+	- nagios3 3.4.1-1
 	[squeeze] - nagios3 <no-dsa> (Minor issue)
+	NOTE: Nagios might be fixed earlier than 3.4.1, checked the Wheezy version
 CVE-2011-2476 (Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery ...)
 	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2011-2208 (Integer signedness error in the osf_getdomainname function in ...)
@@ -27562,6 +27568,7 @@
 CVE-2010-4533 [offlineimap uses SSLv2]
 	RESERVED
 	- offlineimap <unfixed> (low; bug #606962)
+	[wheezy] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
 	[squeeze] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
 	[lenny] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
 CVE-2010-4532 [no SSL cert validation]




More information about the Secure-testing-commits mailing list