[Secure-testing-commits] r20803 - data/CVE

Fri Jan 4 10:17:21 UTC 2013

Author: jmm
Date: 2013-01-04 10:17:21 +0000 (Fri, 04 Jan 2013)
New Revision: 20803

Modified:
   data/CVE/list
Log:
additional rails package for sid/wheezy: ruby-activerecord-3.2
no-dsa: openoffice, gajim
one kernel issue not in squeeze
NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2013-01-03 23:04:46 UTC (rev 20802)
+++ data/CVE/list	2013-01-04 10:17:21 UTC (rev 20803)
@@ -249,31 +249,31 @@
 CVE-2013-0701
 	RESERVED
 CVE-2012-6472 (Opera before 12.12 on UNIX uses weak permissions for the profile ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2012-6471 (Opera before 12.12 allows remote attackers to spoof the address field ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2012-6470 (Opera before 12.12 does not properly allocate memory for GIF images, ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2012-6469 (Opera before 12.11 allows remote attackers to determine the existence ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2012-6468 (Heap-based buffer overflow in Opera before 12.11 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2012-6467 (Opera before 12.10 follows Internet shortcuts that are referenced by a ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2012-6466 (Opera before 12.10 does not properly handle incorrect size data in a ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2012-6465 (Opera before 12.10 allows remote attackers to execute arbitrary code ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2012-6464 (Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2012-6463 (Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2012-6462 (Opera before 12.10 does not properly implement the Cross-Origin ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2012-6461 (The X.509 certificate-validation functionality in the https ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2012-6460 (Opera before 11.67 and 12.x before 12.02 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2012-6459 (ConnMan 1.3 on Tizen continues to list the bluetooth service after ...)
 	TODO: check
 CVE-2012-6458
@@ -957,7 +957,7 @@
 CVE-2012-6372
 	RESERVED
 CVE-2012-6371 (The WPA2 implementation on the Belkin N900 F9K1104v1 router ...)
-	TODO: check
+	NOT-FOR-US: Belkin router
 CVE-2012-6370
 	RESERVED
 CVE-2012-6369 (Cross-site scripting (XSS) vulnerability in the Troubleshooting ...)
@@ -3556,6 +3556,7 @@
 CVE-2012-5665 (ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly ...)
 	- owncloud <unfixed> (bug #696574)
 CVE-2012-5664 (SQL injection vulnerability in the Authlogic gem for Ruby on Rails ...)
+	- ruby-activerecord-3.2 3.2.6-3
 	- ruby-activerecord-2.3 2.3.14-3
 	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
@@ -3631,7 +3632,9 @@
 CVE-2012-5639
 	RESERVED
 	- libreoffice <unfixed> (low)
+	[wheezy] - libreoffice <no-dsa> (Minor issue)
 	- openoffice.org 1:3.3.0-1 (low)
+	[squeeze] - openoffice.org <no-dsa> (Minor issue)
 	NOTE: Since 3.3.0 openoffice.org is a transitional source package
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=58295
 CVE-2012-5638 (The setup_logging function in log.h in SANLock uses world-writable ...)
@@ -3950,7 +3953,9 @@
 	- xen <not-affected> (Only affects Xen 4.2 and xen-unstable)
 CVE-2012-5524
 	RESERVED
-	- gajim <unfixed> (bug #693282)
+	- gajim <unfixed> (low; bug #693282)
+	[wheezy] - gajim <no-dsa> (Minor issue)
+	[squeeze] - gajim <no-dsa> (Minor issue)
 CVE-2012-5523 (core/email_api.php in MantisBT before 1.2.12 does not properly manage ...)
 	- mantis 1.2.11-1.2 (bug #693283)
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=14704
@@ -3971,6 +3976,7 @@
 CVE-2012-5517 (The online_pages function in mm/memory_hotplug.c in the Linux kernel ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
+	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2012-5516
 	RESERVED
 	NOT-FOR-US: Red Hat Enterprise Virtualisation Manager


