[Secure-testing-commits] r20246 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2012-09-27 07:44:16 +0000 (Thu, 27 Sep 2012)
New Revision: 20246

Modified:
   data/CVE/list
Log:
chromium/CRIME/SDPY fixed
condor fixed
filed bugs for 389, zendframework and tiff



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-09-27 05:46:54 UTC (rev 20245)
+++ data/CVE/list	2012-09-27 07:44:16 UTC (rev 20246)
@@ -401,9 +401,9 @@
 CVE-2011-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Social Book ...)
 	NOT-FOR-US: Social Book Facebook Clone 2010
 CVE-2011-5189 (Cross-site scripting (XSS) vulnerability in the Webform Validation ...)
-	TODO: check
+	NOT-FOR-US: Drupal addon
 CVE-2011-5187 (Cross-site scripting (XSS) vulnerability in the Support Ticketing ...)
-	TODO: check
+	NOT-FOR-US: Drupal addon
 CVE-2011-5186 (Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop ...)
 	NOT-FOR-US: jbShop plugin for e107
 CVE-2011-5185 (Cross-site scripting (XSS) vulnerability in video_comments.php in ...)
@@ -500,7 +500,8 @@
 	RESERVED
 CVE-2012-4930 (The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google ...)
 	- iceweasel <not-affected> (Firefox ESV not support SDPY)
-	TODO: check chromium
+	- chromium-browser 21.0.1180.57~r148591-1
+	NOTE: http://www.imperialviolet.org/2012/09/21/crime.html
 CVE-2012-4929 (The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google ...)
 	- iceweasel <not-affected> (Firefox ESV not use TLS/SSL compression)
 	- chromium-browser <unfixed>
@@ -1920,12 +1921,10 @@
 	RESERVED
 CVE-2012-4451 [php-ZendFramework: XSS vectors in multiple Zend Framework components ZF2012-03]
 	RESERVED
-	TODO: check
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/26/7
+	- zendframework <unfixed> (bug #688946)
 CVE-2012-4450 [389-ds-base ACL rules bypass]
 	RESERVED
-	- 389-ds-base <unfixed>
-	NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/09/26/3
+	- 389-ds-base <unfixed> (bug #688942)
 	NOTE: Upstream ticket https://fedorahosted.org/389/ticket/340
 	NOTE: Upstream patch http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09
 CVE-2012-4449
@@ -1934,7 +1933,7 @@
 	RESERVED
 CVE-2012-4447 [libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression]
 	RESERVED
-	TODO: check
+	- tiff <unfixed> (bug #688944)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=860198
 CVE-2012-4446
 	RESERVED
@@ -4203,16 +4202,16 @@
 	- xen 4.1.3-2 (bug #686764)
 CVE-2012-3493
 	RESERVED
-	- condor <unfixed> (bug #688210)
+	- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
 CVE-2012-3492
 	RESERVED
-	- condor <unfixed> (bug #688210)
+	- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
 CVE-2012-3491
 	RESERVED
-	- condor <unfixed> (bug #688210)
+	- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
 CVE-2012-3490
 	RESERVED
-	- condor <unfixed> (bug #688210)
+	- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
 CVE-2012-3489
 	RESERVED
 	{DSA-2534-1}