[Secure-testing-commits] r20865 - in data: CVE DSA

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Jan 9 16:14:42 UTC 2013 

Author: jmm
Date: 2013-01-09 16:14:41 +0000 (Wed, 09 Jan 2013)
New Revision: 20865

Modified:
   data/CVE/list
   data/DSA/list
Log:
rails issue from previous was split into two CVE IDs
fix moin entry
ircd-ratbox fixed
opencryptoki no-dsa
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-01-09 08:46:28 UTC (rev 20864)
+++ data/CVE/list	2013-01-09 16:14:41 UTC (rev 20865)
@@ -49,9 +49,17 @@
 CVE-2013-0803
 	RESERVED
 CVE-2012-6497 (The Authlogic gem for Ruby on Rails, when used with certain versions ...)
-	TODO: check
+	{DSA-2597-1}
+	- ruby-activerecord-3.2 3.2.6-3
+	- ruby-activerecord-2.3 2.3.14-3
+	- rails 2.3.14.1
+	NOTE: Starting with 2.3.14.1 rails is a transition package
 CVE-2012-6496 (SQL injection vulnerability in the Active Record component in Ruby on ...)
-	TODO: check
+	{DSA-2597-1}
+	- ruby-activerecord-3.2 3.2.6-3
+	- ruby-activerecord-2.3 2.3.14-3
+	- rails 2.3.14.1
+	NOTE: Starting with 2.3.14.1 rails is a transition package
 CVE-2013-0802
 	RESERVED
 CVE-2013-0801
@@ -304,6 +312,7 @@
 CVE-2012-6495 (Multiple directory traversal vulnerabilities in the (1) twikidraw ...)
 	{DSA-2593-1}
 	- moin 1.9.5-3
+	[wheezy] - moin 1.9.4-8+deb7u1
 CVE-2012-6494
 	RESERVED
 CVE-2012-6493
@@ -1169,7 +1178,7 @@
 CVE-2012-6349
 	RESERVED
 CVE-2012-6348 (Centrify Deployment Manager 2.1.0.283, as distributed in Centrify ...)
-	TODO: check
+	NOT-FOR-US: Centrify
 CVE-2012-6347
 	RESERVED
 CVE-2012-6346
@@ -1807,6 +1816,7 @@
 	- linux-2.6 <removed>
 CVE-2013-0159
 	RESERVED
+	NOT-FOR-US: Fedora build script
 CVE-2013-0158 [possible remote code execution]
 	RESERVED
 	- jenkins <unfixed> (bug #697617)
@@ -2454,7 +2464,7 @@
 	- gnupg2 2.0.19-2 (bug #697251)
 CVE-2012-6084 (modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis ...)
 	- charybdis 3.3.0-7.1 (bug #697092)
-	- ircd-ratbox <unfixed> (bug #697093)
+	- ircd-ratbox 3.0.7.dfsg-3 (bug #697093)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/1
 	NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/2
 CVE-2012-6083
@@ -2502,7 +2512,6 @@
 	- qemu-kvm <unfixed> (bug #696051)
 	- xen <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/1
-	TODO: Check
 CVE-2012-6074 [cross-site scripting vulnerability]
 	RESERVED
 	- jenkins <unfixed> (bug #696816)
@@ -3761,11 +3770,6 @@
 	[wheezy] - owncloud 4.0.4debian2-3.2
 CVE-2012-5664
 	REJECTED
-	{DSA-2597-1}
-	- ruby-activerecord-3.2 3.2.6-3
-	- ruby-activerecord-2.3 2.3.14-3
-	- rails 2.3.14.1
-	NOTE: Starting with 2.3.14.1 rails is a transition package
 CVE-2012-5663
 	RESERVED
 	NOT-FOR-US: Isearch
@@ -4139,6 +4143,7 @@
 	NOTE: hyperv tools are not build in sid
 CVE-2012-5531
 	RESERVED
+	NOT-FOR-US: GateIn Portal
 CVE-2012-5530 (The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot ...)
 	- pcp <unfixed>
 CVE-2012-5529 (TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, ...)
@@ -7074,9 +7079,13 @@
 CVE-2012-4456 (The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone ...)
 	- keystone 2012.1.1-9 (bug #689210)
 CVE-2012-4455 (openCryptoki 2.4.1 allows local users to create or set world-writable ...)
-	- opencryptoki <unfixed> (bug #689417)
+	- opencryptoki <unfixed> (low; bug #689417)
+	[squeeze] - opencryptoki <no-dsa> (Minor issue)
+	[wheezy] - opencryptoki <no-dsa> (Minor issue)
 CVE-2012-4454 (openCryptoki before 2.4.1, when using spinlocks, allows local users to ...)
-	- opencryptoki <unfixed> (bug #689417)
+	- opencryptoki <unfixed> (low; bug #689417)
+	[squeeze] - opencryptoki <no-dsa> (Minor issue)
+	[wheezy] - opencryptoki <no-dsa> (Minor issue)
 CVE-2012-4453 (dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 ...)
 	- dracut 020-1.1 (low; bug #688956)
 	[squeeze] - dracut <no-dsa> (Minor issue)
@@ -9979,6 +9988,7 @@
 	- nova 2012.1.1-2 (bug #680110)
 CVE-2012-3359
 	RESERVED
+	NOT-FOR-US: Red Hat Conga
 CVE-2012-3358 (Multiple heap-based buffer overflows in the j2k_read_sot function in ...)
 	- openjpeg 1.3+dfsg-4.4 (bug #681075)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/1

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2013-01-09 08:46:28 UTC (rev 20864)
+++ data/DSA/list	2013-01-09 16:14:41 UTC (rev 20865)
@@ -15,7 +15,7 @@
 	{CVE-2011-1428 CVE-2012-5534}
 	[squeeze] - weechat 0.3.2-1+squeeze1
 [04 Jan 2013] DSA-2597-1 rails - input validation error
-	{CVE-2012-5664}
+	{CVE-2012-6496 CVE-2012-6497}
 	[squeeze] - rails 2.3.5-1.2+squeeze4
 [30 Dec 2012] DSA-2596-1 mediawiki-extensions - cross-site scripting in RSSReader extension
 	{CVE-2012-6453}

More information about the Secure-testing-commits mailing list