[Secure-testing-commits] r22758 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Jun 26 16:02:26 UTC 2013 

Author: jmm
Date: 2013-06-26 16:02:25 +0000 (Wed, 26 Jun 2013)
New Revision: 22758

Modified:
   data/CVE/list
Log:
no-dsa for squeeze: argyll, libzip NULL pointer deref, libspring-security-2.0-java, phpldapadmin
libzip not-affected for two issues in squeeze


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-06-26 14:01:12 UTC (rev 22757)
+++ data/CVE/list	2013-06-26 16:02:25 UTC (rev 22758)
@@ -2098,7 +2098,6 @@
 	- ffmpeg <removed>
 	[squeeze] - ffmpeg <not-affected> (codec not built)
 	- libav <unfixed>
-	TODO: check
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ad002e1a13a8df934bd6cb2c84175a4780ab8942
 CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg ...)
 	- ffmpeg <removed>
@@ -17498,6 +17497,7 @@
 CVE-2012-4405 (Multiple integer underflows in the icmLut_allocate function in ...)
 	{DSA-2595-1}
 	- argyll 1.4.0-7 (bug #687275)
+	[squeeze] - argyll <no-dsa> (Only standalone binary in squeeze, minor impact)
 	- ghostscript 9.05~dfsg-6.1 (bug #687274)
 CVE-2012-4404 (security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly ...)
 	{DSA-2538-1}
@@ -24643,6 +24643,7 @@
 	NOT-FOR-US: OSClass not in Debian
 CVE-2012-1616 (Use-after-free vulnerability in icclib before 2.13, as used by Argyll ...)
 	- argyll 1.4.0-1
+	[squeeze] - argyll <no-dsa> (Only standalone binary in squeeze, minor impact)
 	NOTE: Starting with 1.4.0 argyll includes icclib 2.13, but it's hard to identify the
 	NOTE: isolated security fix
 CVE-2012-1615 [sectool dbus priv escalation]
@@ -25655,8 +25656,10 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/4
 CVE-2012-1163 (Integer overflow in the _zip_readcdir function in zip_open.c in libzip ...)
 	- libzip 0.10.1-1 (bug #664990)
+	[squeeze] - libzip <not-affected> (Only affects 0.10.x)
 CVE-2012-1162 (Heap-based buffer overflow in the _zip_readcdir function in zip_open.c ...)
 	- libzip 0.10.1-1 (bug #664990)
+	[squeeze] - libzip <not-affected> (Only affects 0.10.x)
 CVE-2012-1161
 	RESERVED
 	- moodle <not-affected> (Only affects 2.1 to 2.2)
@@ -25802,11 +25805,13 @@
 CVE-2012-1115
 	RESERVED
 	- phpldapadmin 1.2.2-3 (low; bug #662050)
+	[squeeze] - phpldapadmin <no-dsa> (Minor issue)
 	- ldap-account-manager 3.6-2 (low; bug #661904)
 	[squeeze] - ldap-account-manager <no-dsa> (Minor issue)
 CVE-2012-1114
 	RESERVED
 	- phpldapadmin 1.2.2-3 (low; bug #662050)
+	[squeeze] - phpldapadmin <no-dsa> (Minor issue)
 	- ldap-account-manager 3.6-2 (low; bug #661904)
 	[squeeze] - ldap-account-manager <no-dsa> (Minor issue)
 CVE-2012-1113 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -26533,7 +26538,8 @@
 CVE-2012-0835 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x ...)
 	- joomla <itp> (bug #571794)
 CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in ...)
-	- phpldapadmin 1.2.2-1 (bug #658907)
+	- phpldapadmin 1.2.2-1 (low; bug #658907)
+	[squeeze] - phpldapadmin <no-dsa> (Minor issue)
 CVE-2012-0833 (The acllas__handle_group_entry function in ...)
 	- 389-ds-base <not-affected> (Fixed before initial upload)
 CVE-2012-0832
@@ -35207,6 +35213,7 @@
 	- libxfont 1:1.4.4-1
 CVE-2011-2894 (Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through ...)
 	- libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901)
+	[squeeze] - libspring-security-2.0-java <no-dsa> (Minor issue)
 CVE-2011-2893 (The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows ...)
 	NOT-FOR-US: IBM Lotus Symphony
 CVE-2011-2892 (Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a ...)
@@ -35723,8 +35730,10 @@
 	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
 CVE-2011-2732 (CRLF injection vulnerability in the logout functionality in VMware ...)
 	- libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901)
+	[squeeze] - libspring-security-2.0-java <no-dsa> (Minor issue)
 CVE-2011-2731 (Race condition in the RunAsManager mechanism in VMware SpringSource ...)
 	- libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901)
+	[squeeze] - libspring-security-2.0-java <no-dsa> (Minor issue)
 CVE-2011-2730 (VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, ...)
 	{DSA-2504-1}
 	- libspring-2.5-java <unfixed> (bug #677814)
@@ -39544,6 +39553,7 @@
 	RESERVED
 CVE-2011-1398 (The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and ...)
 	- php5 5.4.0~rc5-1 (low)
+	[squeeze] - php5 <no-dsa> (Minor issue)
 CVE-2011-1397 (Cross-site request forgery (CSRF) vulnerability in the Labor Reporting ...)
 	NOT-FOR-US: IBM Tivoli
 CVE-2011-1396 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
@@ -42352,7 +42362,8 @@
 	{DSA-2266-1}
 	- php5 5.3.6-1
 	NOTE: http://svn.php.net/viewvc?view=revision&revision=307867
-	- libzip 0.10-1
+	- libzip 0.10-1 (low)
+	[squeeze] - libzip <no-dsa> (Minor issue)
 	NOTE: http://hg.nih.at/libzip/?fd=13654bfdc88c;file=lib/zip_name_locate.c
 CVE-2011-0420 (The grapheme_extract function in the Internationalization extension ...)
 	{DSA-2266-1}

More information about the Secure-testing-commits mailing list