[Secure-testing-commits] r20189 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Sep 18 16:48:29 UTC 2012
Author: jmm
Date: 2012-09-18 16:48:29 +0000 (Tue, 18 Sep 2012)
New Revision: 20189
Modified:
data/CVE/list
Log:
new monkey issues
offlineimap no-dsa
nagios3 fixed
packagekit fixed
qemu-kvm fixed
texlive no-dsa
pnp4nagios non-issue
elixir no-dsa
inkscape issue hardly security-relevant
one java issue only in j7
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-18 11:04:08 UTC (rev 20188)
+++ data/CVE/list 2012-09-18 16:48:29 UTC (rev 20189)
@@ -1,3 +1,7 @@
+CVE-2012-XXXX [monkey: Fails to drop supplemental groups when lowering privileges]
+ - monkey <unfixed> (bug #688007)
+CVE-2012-XXXX [monkey: CGI scripts executed without dropping RUID/RGID root]
+ - monkey <unfixed> (bug #688008)
CVE-2012-4930 (The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google ...)
- iceweasel <not-affected> (Firefox ESV not support SDPY)
TODO: check chromium
@@ -7,7 +11,7 @@
CVE-2012-4928 (Cross-site scripting (XSS) vulnerability in ow_updates/index.php in ...)
NOT-FOR-US: Oxwall 1.1.1
CVE-2012-4927 (SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before ...)
- TODO: check
+ NOT-FOR-US: Limesurvey
CVE-2012-4926 (approve.php in Img Pals Photo Host 1.0 does not authenticate requests, ...)
NOT-FOR-US: Img Pals Photo Host 1.0
CVE-2012-4925 (Multiple SQL injection vulnerabilities in approve.php in Img Pals ...)
@@ -106,7 +110,7 @@
CVE-2012-4894
RESERVED
CVE-2012-4893 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Webmin
CVE-2012-4892 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS ...)
NOT-FOR-US: FlatnuX CMS
CVE-2012-4891 (Cross-site scripting (XSS) vulnerability in fw/index2.do in ...)
@@ -1693,7 +1697,7 @@
CVE-2012-4361 (lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN ...)
NOT-FOR-US: HP Virtual SAN Appliance
CVE-2012-4360 (Cross-site scripting (XSS) vulnerability in the mod_pagespeed module ...)
- TODO: check
+ NOT-FOR-US: mod_pagespeed
CVE-2012-4359 (Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA ...)
NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4358 (Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA ...)
@@ -2471,7 +2475,7 @@
NOTE: https://forge.indepnet.net/projects/glpi/versions/771
NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1
CVE-2012-4001 (The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server ...)
- TODO: check
+ NOT-FOR-US: mod_pagespeed
CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var ...)
{DSA-2522-1}
- fckeditor 1:2.6.6-3 (bug #683418)
@@ -2913,7 +2917,7 @@
- bind9 1:9.8.1.dfsg.P1-4.2 (bug #683259)
NOTE: https://kb.isc.org/article/AA-00729
CVE-2012-XXXX [packagekit insecure temp file]
- - packagekit <unfixed> (bug #678189)
+ - packagekit 0.7.6-1 (bug #678189)
CVE-2012-3816 (WinRadius Server 2009 allows remote attackers to cause a denial of ...)
NOT-FOR-US: WinRadius
CVE-2012-3815 (Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA ...)
@@ -3241,141 +3245,141 @@
CVE-2012-3657 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3656 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3655 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3654 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3653 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3652 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3651 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3650 (WebKit in Apple Safari before 6.0 accesses uninitialized memory ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3649 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3648 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3647 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3646 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3645 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3644 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3643 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3642 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3641 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3640 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3639 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3638 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3637 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3636 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3635 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3634 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3633 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3632 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3631 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3630 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3629 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3628 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3627 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3626 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3625 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3624 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3623 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3622 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3621 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3620 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3619
RESERVED
CVE-2012-3618 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3617 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3616 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3615 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3614 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3613 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3612 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3611 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3610 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3609 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3608 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3607 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3606 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3605 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3604 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3603 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3602 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3601 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3600 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3599 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3598 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3597 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3596 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3595 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3594 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3593 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3592 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3591 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3590 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3589 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3588 (Directory traversal vulnerability in preview.php in the Plugin ...)
NOT-FOR-US: Wordpress plugin
CVE-2012-3587 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the ...)
@@ -3744,7 +3748,8 @@
{DSA-2541-1}
- beaker 1.6.3-1.1 (bug #684890)
CVE-2012-3457 (PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for ...)
- - pnp4nagios <unfixed> (low; bug #683879)
+ - pnp4nagios <unfixed> (unimportant; bug #683879)
+ NOTE: The permissions of this file are under the control of the admin
CVE-2012-3456 (Heap-based buffer overflow in the read function in ...)
- calligra 1:2.4.3-2 (bug #684004)
- wv2 0.4.2.dfsg.1-9.1
@@ -4870,11 +4875,11 @@
CVE-2012-2984 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Websense
CVE-2012-2983 (file/edit_html.cgi in Webmin 1.590 and earlier does not perform an ...)
- TODO: check
+ NOT-FOR-US: Webmin
CVE-2012-2982 (file/show.cgi in Webmin 1.590 and earlier allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: Webmin
CVE-2012-2981 (Webmin 1.590 and earlier allows remote authenticated users to execute ...)
- TODO: check
+ NOT-FOR-US: Webmin
CVE-2012-2980 (The Samsung and HTC onTouchEvent method implementation for Android on ...)
NOT-FOR-US: Samsung and HTC Android
CVE-2012-2979 [VU#517036: NSD 3.2.13 emergency release]
@@ -5675,7 +5680,7 @@
CVE-2012-2652 (The bdrv_open function in Qemu 1.0 does not properly handle the ...)
{DSA-2545-1 DSA-2542-1}
- qemu 1.1.0+dfsg-1 (bug #678280)
- - qemu-kvm <unfixed>
+ - qemu-kvm 1.1.0+dfsg-1
CVE-2012-2651
RESERVED
CVE-2012-2650
@@ -6949,6 +6954,8 @@
[squeeze] - munin <not-affected> (Vulnerable code not present)
CVE-2012-2146 (Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique ...)
- elixir <unfixed> (low; bug #670919)
+ [squeeze] - elixir <no-dsa> (Minor issue)
+ [wheezy] - elixir <no-dsa> (Minor issue)
CVE-2012-2145 [qpid DoS]
RESERVED
- qpid-cpp 0.16-1 (bug #672124)
@@ -7034,6 +7041,7 @@
- linux-2.6 3.2.17-1
CVE-2012-2120 (latex2man in texlive-extra-utils 2011.20120322, and possibly other ...)
- texlive-extra <unfixed> (low; bug #668779)
+ [wheezy] - texlive-extra <no-dsa> (Minor issue)
[squeeze] - texlive-extra <no-dsa> (Minor issue)
CVE-2012-2119
RESERVED
@@ -8098,7 +8106,6 @@
NOT-FOR-US: Solaris
CVE-2012-1682 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- openjdk-7 7u3-2.1.2-1
- - openjdk-6 <unfixed>
CVE-2012-1681 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...)
NOT-FOR-US: Solaris
CVE-2012-1680
@@ -11648,8 +11655,6 @@
NOT-FOR-US: IBM Web Experience Factory
CVE-2011-5047 (Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in ...)
NOT-FOR-US: pfSense
-CVE-2012-XXXX [inkscape files unexpectedly read from /tmp]
- - inkscape <unfixed> (low; bug #654341)
CVE-2012-0287 (Cross-site scripting (XSS) vulnerability in wp-comments-post.php in ...)
- wordpress 3.3.1+dfsg-1
[squeeze] - wordpress <not-affected> (only 3.3.x vulnerable)
@@ -20777,8 +20782,9 @@
CVE-2011-2477 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in ...)
- icinga 1.4.1-1
[squeeze] - icinga <no-dsa> (Minor issue)
- - nagios3 <unfixed>
+ - nagios3 3.4.1-1
[squeeze] - nagios3 <no-dsa> (Minor issue)
+ NOTE: Nagios might be fixed earlier than 3.4.1, checked the Wheezy version
CVE-2011-2476 (Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery ...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2011-2208 (Integer signedness error in the osf_getdomainname function in ...)
@@ -27562,6 +27568,7 @@
CVE-2010-4533 [offlineimap uses SSLv2]
RESERVED
- offlineimap <unfixed> (low; bug #606962)
+ [wheezy] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
[squeeze] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
[lenny] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
CVE-2010-4532 [no SSL cert validation]
More information about the Secure-testing-commits
mailing list