[Secure-testing-commits] r21249 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Feb 12 08:00:01 UTC 2013 

Author: jmm
Date: 2013-02-12 08:00:00 +0000 (Tue, 12 Feb 2013)
New Revision: 21249

Modified:
   data/CVE/list
Log:
another chromium fix
openssl fixed
mark the rails transition package as fixed
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-02-12 07:24:04 UTC (rev 21248)
+++ data/CVE/list	2013-02-12 08:00:00 UTC (rev 21249)
@@ -9,11 +9,11 @@
 CVE-2013-1640
 	RESERVED
 CVE-2013-1639 (Opera before 12.13 does not send CORS preflight requests in all ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2013-1638 (Opera before 12.13 allows remote attackers to execute arbitrary code ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2013-1637 (Opera before 12.13 allows remote attackers to execute arbitrary code ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2013-1636
 	RESERVED
 CVE-2013-1635
@@ -3372,7 +3372,7 @@
 CVE-2013-0277 [Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0]
 	RESERVED
 	- ruby-activerecord-2.3 <unfixed>
-	- rails <unfixed>
+	- rails 2.3.14.1
 	NOTE: According to advisory 3.1.0 and above are not affected, check?
 	NOTE: Starting with 2.3.14.1 rails is a transition package
 	TODO: check and report to BTS
@@ -3381,7 +3381,7 @@
 	- ruby-activerecord-3.2 <unfixed>
 	- ruby-activemodel-3.2 <unfixed>
 	- ruby-activerecord-2.3 <unfixed>
-	- rails <unfixed>
+	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
 	TODO: check and report to BTS 
 CVE-2013-0275 [ganglia: XSS]
@@ -3746,7 +3746,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=893450
 	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720
 CVE-2013-0169 (The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as ...)
-	- openssl <unfixed> (bug #699889)
+	- openssl 1.0.1e-1 (bug #699889)
 	- bouncycastle <unfixed> (bug #699885)
 	- mysql-5.1 <unfixed>
 	- mysql-5.5 <unfixed> (bug #699886)
@@ -3761,7 +3761,7 @@
 CVE-2013-0167
 	RESERVED
 CVE-2013-0166 (OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d ...)
-	- openssl <unfixed> (bug #699889)
+	- openssl 1.0.1e-1 (bug #699889)
 CVE-2013-0165
 	RESERVED
 CVE-2013-0164
@@ -7116,7 +7116,7 @@
 	- chromium-browser <not-affected> (Only affects Windows)
 CVE-2012-5153 (Google V8 before 3.14.5.3, as used in Google Chrome before ...)
 	- libv8 <unfixed>
-	- chromium-browser <unfixed>
+	- chromium-browser 24.0.1312.68-1
 CVE-2012-5152 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a ...)
 	- chromium-browser 24.0.1312.68-1
 	TODO: Might affect ffmpeg/libav
@@ -13648,7 +13648,7 @@
 	- apache2 2.2.22-8 (low)
 	[squeeze] - apache2 2.2.16-6+squeeze8
 CVE-2012-2686 (crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the ...)
-	- openssl <unfixed> (low; bug #699889)
+	- openssl 1.0.1e-1 (bug #699889)
 	[squeeze] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: DoS in specific protocol + cpu type combination
 CVE-2012-2685 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...)

More information about the Secure-testing-commits mailing list