[Secure-testing-commits] r21549 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Mar 7 21:28:28 UTC 2013
Author: jmm
Date: 2013-03-07 21:28:28 +0000 (Thu, 07 Mar 2013)
New Revision: 21549
Modified:
data/CVE/list
Log:
new nova issue (no-dsa)
new issues in qid-cpp
no-dsa: bouncycastle, nagios-nrpe, libwebp, redis
Red Hat NFU
mark some java issues as specific to Oracle Java
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-03-07 21:14:28 UTC (rev 21548)
+++ data/CVE/list 2013-03-07 21:28:28 UTC (rev 21549)
@@ -1852,6 +1852,7 @@
CVE-2013-1624 (The TLS implementation in the Bouncy Castle Java library before 1.48 ...)
- bouncycastle <unfixed> (low; bug #699885)
[squeeze] - bouncycastle <no-dsa> (Minor issue)
+ [wheezy] - bouncycastle <no-dsa> (Minor issue)
CVE-2013-1623 (The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not ...)
- mysql-5.1 <unfixed>
- mysql-5.5 <unfixed> (bug #699886)
@@ -2518,7 +2519,8 @@
RESERVED
CVE-2013-1362 [Allows passing of $() as command arguments and executing shell commands]
RESERVED
- - nagios-nrpe <unfixed> (bug #701227)
+ - nagios-nrpe <unfixed> (low; bug #701227)
+ [squeeze] - nagios-nrpe <no-dsa> (Minor issue)
CVE-2013-1361
RESERVED
CVE-2013-1360
@@ -4955,9 +4957,9 @@
CVE-2013-0410
RESERVED
CVE-2013-0409 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- - openjdk-6 <unfixed>
- - openjdk-7 <unfixed>
- NOTE: No fix listed for icedtea, is this component (JMX) included in Icedtea?
+ - openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
+ - openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
+ NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-0408
RESERVED
CVE-2013-0407 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
@@ -5163,6 +5165,8 @@
- jenkins <unfixed> (bug #700761)
CVE-2013-0326
RESERVED
+ - nova <unfixed> (low)
+ [wheezy] - nova <no-dsa> (Minor issue)
CVE-2013-0325
RESERVED
NOT-FOR-US: Drupal addon
@@ -5660,9 +5664,10 @@
NOTE: https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch
CVE-2013-0178 [redis 2.4: Insecure temporary flaw use for redis service's vm swap file]
RESERVED
- - redis <unfixed>
+ - redis 2:2.6.0-1 (low)
+ [squeeze] - redis <no-dsa> (Minor issue)
+ [wheezy] - redis <no-dsa> (Minor issue)
NOTE: RedHat bugreport mentions 2.4 is affected, but not 2.6
- TODO: check
CVE-2013-0177
RESERVED
NOT-FOR-US: OFBiz
@@ -5694,6 +5699,7 @@
{DSA-2622-1 DSA-2621-1}
- openssl 1.0.1e-1 (bug #699889)
- bouncycastle <unfixed> (low; bug #699885)
+ [wheezy] - bouncycastle <no-dsa> (Minor issue)
[squeeze] - bouncycastle <no-dsa> (Minor issue)
- mysql-5.1 <unfixed>
- mysql-5.5 <unfixed> (bug #699886)
@@ -6246,6 +6252,7 @@
RESERVED
CVE-2012-6136
RESERVED
+ NOT-FOR-US: tuned (RH-specific powersaving tool)
CVE-2012-6135
RESERVED
- ruby-passenger (low; bug #702219)
@@ -9125,7 +9132,9 @@
- libv8 <not-affected> (Doesn't affect 3.8.9, see bug #694808)
CVE-2012-5127 (Integer overflow in Google Chrome before 23.0.1271.64 allows remote ...)
- chromium-browser 24.0.1312.68-1
- - libwebp 0.2.1-1
+ - libwebp 0.2.1-1 (low)
+ [squeeze] - libwebp <no-dsa> (Minor issue)
+ [wheezy] - libwebp <no-dsa> (Minor issue)
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=442152
NOTE: Upstream announce: https://groups.google.com/a/webmproject.org/forum/?fromgroups=#!topic/webp-discuss/QTtgi8YfgkE
CVE-2012-5126 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 ...)
@@ -11098,10 +11107,13 @@
- linux 3.2.35-1
CVE-2012-4460
RESERVED
+ - qpid-cpp <unfixed>
CVE-2012-4459
RESERVED
+ - qpid-cpp <unfixed>
CVE-2012-4458
RESERVED
+ - qpid-cpp <unfixed>
CVE-2012-4457 (OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 ...)
- keystone 2012.1.1-9 (bug #689210)
CVE-2012-4456 (The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone ...)
@@ -14355,9 +14367,9 @@
CVE-2012-3214 (Unspecified vulnerability in the Oracle Outside In Technology ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3213 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- - openjdk-6 <unfixed>
- - openjdk-7 <unfixed>
- NOTE: No fix listed for icedtea, is this component (Scripting) included in Icedtea?
+ - openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
+ - openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
+ NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2012-3212 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3211 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
@@ -14519,8 +14531,9 @@
CVE-2012-3144 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3143 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- - openjdk-6 <unfixed> (bug #690774)
- - openjdk-7 <unfixed> (bug #690774)
+ - openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
+ - openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
+ NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2012-3142 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3141 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
@@ -18563,8 +18576,9 @@
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2012-1531 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- - openjdk-6 <unfixed> (bug #690774)
- - openjdk-7 <unfixed> (bug #690774)
+ - openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
+ - openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
+ NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2012-1530 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...)
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2012-1529 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 ...)
More information about the Secure-testing-commits
mailing list