[Secure-testing-commits] r20841 - in data: CVE DSA
Moritz Muehlenhoff
jmm at alioth.debian.org
Mon Jan 7 09:23:01 UTC 2013
Author: jmm
Date: 2013-01-07 09:23:00 +0000 (Mon, 07 Jan 2013)
New Revision: 20841
Modified:
data/CVE/list
data/DSA/list
Log:
filed bugs for connman and qt
mount info leak no-dsa
additional moin CVE split off
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-01-06 22:47:50 UTC (rev 20840)
+++ data/CVE/list 2013-01-07 09:23:00 UTC (rev 20841)
@@ -167,7 +167,7 @@
CVE-2013-0722
RESERVED
CVE-2012-6495 (Multiple directory traversal vulnerabilities in the (1) twikidraw ...)
- TODO: check
+ - moin 1.9.5-3
CVE-2012-6494
RESERVED
CVE-2012-6493
@@ -281,7 +281,7 @@
CVE-2012-6460 (Opera before 11.67 and 12.x before 12.02 allows remote attackers to ...)
NOT-FOR-US: Opera
CVE-2012-6459 (ConnMan 1.3 on Tizen continues to list the bluetooth service after ...)
- - connman <undetermined>
+ - connman <unfixed> (bug #697580)
CVE-2012-6458
RESERVED
CVE-2012-6457
@@ -1648,6 +1648,7 @@
CVE-2013-0157 [mount discloses information about existence of folders]
RESERVED
- mount <unfixed> (bug #697464; low)
+ [squeeze] - mount <no-dsa> (Minor issue)
NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/06/1
CVE-2013-0156
RESERVED
@@ -2228,7 +2229,7 @@
RESERVED
CVE-2012-6093 [QSslSocket may report incorrect errors when certificate verification fails]
RESERVED
- - qt4-x11 <unfixed> (low)
+ - qt4-x11 <unfixed> (low; bug #697582)
NOTE: http://lists.qt-project.org/pipermail/announce/2013-January/000020.html
NOTE: https://codereview.qt-project.org/#change,42461
NOTE: Fixed in Qt 4.8.5, and the 4.7.6 and 4.6.5 patch releases.
@@ -3607,9 +3608,9 @@
RESERVED
- inkscape 0.48.3.1-1.2 (bug #696485)
CVE-2012-5655 (The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before ...)
- TODO: check
+ NOT-FOR-US: Context module for Drupal
CVE-2012-5654 (The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when ...)
- TODO: check
+ NOT-FOR-US: Nodewords: D6 Meta Tags module for Drupal
CVE-2012-5653 (The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 ...)
- drupal6 <unfixed> (bug #696343)
- drupal7 <unfixed> (bug #696342)
@@ -11053,10 +11054,8 @@
CVE-2012-2805
RESERVED
CVE-2012-2804 (Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 ...)
- - ffmpeg <undetermined> (bug #688849)
- - libav <undetermined> (bug #688847)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4a80ebe491609e04110a1dd540a0ca79d3be3d04
- NOTE: ffmpeg fix is not a fix, it's unclear what real issue it is supposed to fix
+ - ffmpeg <removed> (bug #688849)
+ - libav <unfixed> (bug #688847)
NOTE: scheduled for libav 0.8.5
CVE-2012-2803 (Double free vulnerability in the mpeg_decode_frame function in ...)
[squeeze] - ffmpeg <unfixed> (bug #688849)
@@ -11082,7 +11081,7 @@
- libav 6:0.8.4-1 (bug #688847)
NOTE: scheduled for libav 0.8.5
CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function in ...)
- - ffmpeg <undetermined> (bug #688849)
+ - ffmpeg <removed> (bug #688849)
- libav <unfixed> (bug #688847)
NOTE: patch proposed: http://patches.libav.org/patch/32642/
NOTE: scheduled for libav 0.8.5
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2013-01-06 22:47:50 UTC (rev 20840)
+++ data/DSA/list 2013-01-07 09:23:00 UTC (rev 20841)
@@ -24,7 +24,7 @@
{CVE-2012-3221}
[squeeze] - virtualbox-ose 3.2.10-dfsg-1+squeeze1
[29 Dec 2012] DSA-2593-1 moin - several
- {CVE-2012-6080 CVE-2012-6081 CVE-2012-6082}
+ {CVE-2012-6080 CVE-2012-6081 CVE-2012-6082 CVE-2012-6495}
[squeeze] - moin 1.9.3-1+squeeze4
[28 Dec 2012] DSA-2592-1 elinks - programming error
{CVE-2012-4545}
More information about the Secure-testing-commits
mailing list