[Secure-testing-commits] r20807 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri Jan 4 15:01:09 UTC 2013
Author: jmm
Date: 2013-01-04 15:01:09 +0000 (Fri, 04 Jan 2013)
New Revision: 20807
Modified:
data/CVE/list
Log:
gpg issue also affects gnupg2
filed bug for rpm
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-01-04 14:50:52 UTC (rev 20806)
+++ data/CVE/list 2013-01-04 15:01:09 UTC (rev 20807)
@@ -2241,10 +2241,8 @@
TODO: check stable, testing and unstable
CVE-2012-6088 [Signature checking function returned success on (possibly malicious) rpm packages]
RESERVED
- - rpm <unfixed>
- [squeeze] - rpm <not-affected>
- NOTE: According to the information only rpm >= 4.10.0 affected
- TODO: check
+ - rpm <unfixed> (bug #697375)
+ [squeeze] - rpm <not-affected> (Introduced in rpm 4.10.0)
CVE-2012-6087 [moodle insecure curl usage]
RESERVED
- moodle <unfixed>
@@ -2256,6 +2254,7 @@
CVE-2012-6085 [gnupg key import memory corruption]
RESERVED
- gnupg 1.4.12-7 (bug #697108)
+ - gnupg2 2.0.19-2 (bug #697251)
CVE-2012-6084 (modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis ...)
- charybdis <unfixed> (bug #697092)
- ircd-ratbox <unfixed> (bug #697093)
More information about the Secure-testing-commits
mailing list