[Secure-testing-commits] r21463 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Feb 28 20:22:00 UTC 2013
Author: jmm
Date: 2013-02-28 20:22:00 +0000 (Thu, 28 Feb 2013)
New Revision: 21463
Modified:
data/CVE/list
Log:
one mediawiki issue is actually in an extension
no-dsa: bouncycastle, wv2, nginx, atftp
squashfs-tools fixed
vbox dscan issue doesn't affect stable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-02-28 20:17:16 UTC (rev 21462)
+++ data/CVE/list 2013-02-28 20:22:00 UTC (rev 21463)
@@ -1371,7 +1371,8 @@
CVE-2013-1625
RESERVED
CVE-2013-1624 (The TLS implementation in the Bouncy Castle Java library before 1.48 ...)
- - bouncycastle <unfixed> (bug #699885)
+ - bouncycastle <unfixed> (low; bug #699885)
+ [squeeze] - bouncycastle <no-dsa> (Minor issue)
CVE-2013-1623 (The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not ...)
- mysql-5.1 <unfixed>
- mysql-5.5 <unfixed> (bug #699886)
@@ -4453,7 +4454,7 @@
RESERVED
CVE-2013-0420 (Unspecified vulnerability in the VirtualBox component in Oracle ...)
- virtualbox 4.1.18-dfsg-2 (bug #698292)
- - virtualbox-ose <removed>
+ - virtualbox-ose <not-affected> (Vulnerable code not present)
CVE-2013-0419 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
@@ -5219,7 +5220,8 @@
CVE-2013-0169 (The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as ...)
{DSA-2622-1 DSA-2621-1}
- openssl 1.0.1e-1 (bug #699889)
- - bouncycastle <unfixed> (bug #699885)
+ - bouncycastle <unfixed> (low; bug #699885)
+ [squeeze] - bouncycastle <no-dsa> (Minor issue)
- mysql-5.1 <unfixed>
- mysql-5.5 <unfixed> (bug #699886)
- polarssl 1.1.4-2 (bug #699887)
@@ -8016,7 +8018,7 @@
RESERVED
CVE-2012-5395
RESERVED
- - mediawiki 1:1.19.3-1 (bug #694998)
+ NOT-FOR-US: Mediawiki extension CentralAuth
CVE-2012-5394
RESERVED
CVE-2012-5393
@@ -11808,11 +11810,11 @@
CVE-2012-4026 (The Johnson Controls Pegasys P2000 server with software before 3.11 ...)
NOT-FOR-US: The Johnson Controls Pegasys P2000
CVE-2012-4025 (Integer overflow in the queue_init function in unsquashfs.c in ...)
- - squashfs-tools <unfixed> (low; bug #683371)
+ - squashfs-tools 1:4.2+20121212-1 (low; bug #683371)
[squeeze] - squashfs-tools <no-dsa> (Minor issue)
[wheezy] - squashfs-tools <no-dsa> (Minor issue)
CVE-2012-4024 (Stack-based buffer overflow in the get_component function in ...)
- - squashfs-tools <unfixed> (low; bug #683371)
+ - squashfs-tools 1:4.2+20121212-1 (low; bug #683371)
[squeeze] - squashfs-tools <no-dsa> (Minor issue)
[wheezy] - squashfs-tools <no-dsa> (Minor issue)
CVE-2012-4023 (CRLF injection vulnerability in Pebble before 2.6.4 allows remote ...)
@@ -13208,7 +13210,8 @@
NOTE: The permissions of this file are under the control of the admin
CVE-2012-3456 (Heap-based buffer overflow in the read function in ...)
- calligra 1:2.4.3-2 (bug #684004)
- - wv2 0.4.2.dfsg.1-9.1
+ - wv2 0.4.2.dfsg.1-9.1 (low)
+ [squeeze] - wv2 <no-dsa> (Minor issue)
CVE-2012-3455 (Heap-based buffer overflow in the read function in ...)
- koffice <removed>
CVE-2012-3454 (eXtplorer 2.1.0b6 uses world writable permissions for the ...)
@@ -14896,7 +14899,8 @@
CVE-2012-2780
RESERVED
CVE-2012-2779 (Unspecified vulnerability in the decode_frame function in ...)
- [squeeze] - ffmpeg <not-affected> (bug #688849)
+ - ffmpeg <removed>
+ [squeeze] - ffmpeg <not-affected> (Vulnerable code not present, bug #688849)
- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2778
RESERVED
@@ -14906,10 +14910,12 @@
- libav 6:0.8.4-1 (bug #688847)
- ffmpeg <removed>
CVE-2012-2776 (Unspecified vulnerability in the decode_cell_data function in ...)
- [squeeze] - ffmpeg <not-affected> (bug #688849)
+ - ffmpeg <removed>
+ [squeeze] - ffmpeg <not-affected> (Vulnerable code not present, bug #688849)
- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2775 (Unspecified vulnerability in the read_var_block_data function in ...)
- [squeeze] - ffmpeg <not-affected> (bug #688849)
+ - ffmpeg <removed>
+ [squeeze] - ffmpeg <not-affected> (Vulnerable code not present, bug #688849)
- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2774 (The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg ...)
- ffmpeg <not-affected> (there is no crash, just a couple uninitialized reads, harmless according to Janne)
@@ -14919,7 +14925,8 @@
CVE-2012-2773
RESERVED
CVE-2012-2772 (Unspecified vulnerability in the ff_rv34_decode_frame function in ...)
- [squeeze] - ffmpeg <not-affected> (bug #688849)
+ - ffmpeg <removed>
+ [squeeze] - ffmpeg <not-affected> (Vulnerable code not present, bug #688849)
- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2771
RESERVED
@@ -21489,7 +21496,8 @@
TODO: check if squeeze affected
CVE-2011-4968 [nginx http proxy module does not verify peer identity of https origin server]
RESERVED
- - nginx <unfixed> (bug #697940)
+ - nginx <unfixed> (low; bug #697940)
+ [squeeze] - nginx <no-dsa> (Minor issue)
NOTE: http://trac.nginx.org/nginx/ticket/13
CVE-2011-4967
RESERVED
@@ -26025,7 +26033,8 @@
CVE-2010-4840 (Multiple buffer overflows in the Syslog server in ManageEngine ...)
NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2011-XXXX [atftp DoS]
- - atftp 0.7.dfsg-11
+ - atftp 0.7.dfsg-11 (low)
+ [squeeze] - atftp <no-dsa> (Minor issue)
[lenny] - atftp <not-affected> (Introduced with ipv6 patch)
CVE-2011-3644
RESERVED
@@ -30969,7 +30978,8 @@
[squeeze] - tor <no-dsa> (Only affects the central Tor directory servers)
[lenny] - tor <no-dsa> (Only affects the central Tor directory servers)
CVE-2011-1923 (The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL ...)
- - polarssl 0.14.3-1 (bug #616114)
+ - polarssl 0.14.3-1 (low; bug #616114)
+ [squeeze] - polarssl <no-dsa> (Minor issue)
CVE-2011-1922 (daemon/worker.c in Unbound 1.x before 1.4.10, when debugging ...)
- unbound 1.4.10-1 (unimportant)
[lenny] - unbound 1.4.6-1~lenny2 (unimportant)
More information about the Secure-testing-commits
mailing list