[Secure-testing-commits] r20258 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Sat Sep 29 20:38:28 UTC 2012
Author: geissert
Date: 2012-09-29 20:38:28 +0000 (Sat, 29 Sep 2012)
New Revision: 20258
Modified:
data/CVE/list
Log:
CVE-2012-{3524,4425} mark affected packages based on RH's errata
eglibc strcoll+alloca issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-29 20:01:27 UTC (rev 20257)
+++ data/CVE/list 2012-09-29 20:38:28 UTC (rev 20258)
@@ -2092,10 +2092,12 @@
- mcrypt 2.6.8-1.1
[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)
CVE-2012-4425 (libgio, when used in setuid or other privileged programs in spice-gtk ...)
+ - spice-gtk <unfixed>
TODO: check
NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18
-CVE-2012-4424
+CVE-2012-4424 [alloca buffer overflow via strcoll]
RESERVED
+ - eglibc <unfixed>
CVE-2012-4423 [libvirt DoS]
RESERVED
- libvirt 0.9.12-5 (bug #687598)
@@ -4164,6 +4166,8 @@
CVE-2012-3525 (s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a ...)
- jabberd2 <unfixed> (bug #685666)
CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privileged ...)
+ - dbus <unfixed>
+ - glib2.0 <unfixed>
TODO: Needs more checking, probably this should be fixed in the affected apps like spice?
NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=697105
More information about the Secure-testing-commits
mailing list