[Secure-testing-commits] r21663 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Mar 18 17:47:58 UTC 2013 

Author: jmm
Date: 2013-03-18 17:47:58 +0000 (Mon, 18 Mar 2013)
New Revision: 21663

Modified:
   data/CVE/list
Log:
no-dsa: revelation, privoxy, rampart, logrotate, ldap-account-manager, net-snmp
mcrypt issue only in cmdline parsing, marking as unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-03-18 17:47:12 UTC (rev 21662)
+++ data/CVE/list	2013-03-18 17:47:58 UTC (rev 21663)
@@ -176,7 +176,8 @@
 CVE-2013-2504
 	RESERVED
 CVE-2013-2503 (Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and ...)
-	- privoxy <unfixed> (bug #702896)
+	- privoxy <unfixed> (low; bug #702896)
+	[squeeze] - privoxy <no-dsa> (Minor issue)
 	NOTE: http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/
 	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup
 CVE-2013-2502
@@ -11302,8 +11303,9 @@
 	- modsecurity-apache 2.6.6-5 (bug #691146)
 	- libapache-mod-security <removed>
 CVE-2012-4527 (Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows ...)
-	- mcrypt 2.6.8-1.3 (bug #690924)
+	- mcrypt 2.6.8-1.3 (unimportant; bug #690924)
 	NOTE: patch proposed by submitter at RH bugzilla is incorrect
+	NOTE: Only occurs in cmdline parsing, no priv escalation. Only a security issue in constructed setups
 CVE-2012-4526 [XSS in password.php, incomplete fix for CVE-2012-4525]
 	RESERVED
 	- piwigo <not-affected> (incomplete fix not applied to Debian package)
@@ -15865,10 +15867,12 @@
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 2.6.32-36
 CVE-2012-2743 (Revelation 0.4.13-2 and earlier does not iterate through SHA hashing ...)
-	- revelation 0.4.11-10 (bug #633088)
+	- revelation 0.4.11-10 (low; bug #633088)
+	[squeeze] - revelation <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
 CVE-2012-2742 (Revelation 0.4.13-2 and earlier uses only the first 32 characters of a ...)
 	- revelation 0.4.11-10 (bug #633088)
+	[squeeze] - revelation <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
 CVE-2012-2741 (Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ ...)
 	NOT-FOR-US: phplist
@@ -17431,7 +17435,8 @@
 CVE-2012-2142
 	RESERVED
 CVE-2012-2141 (Array index error in the handle_nsExtendOutput2Table function in ...)
-	- net-snmp 5.4.3~dfsg-2.5 (bug #672492)
+	- net-snmp 5.4.3~dfsg-2.5 (low; bug #672492)
+	[squeeze] - net-snmp <no-dsa> (Minor issue)
 	NOTE:  Red Hat patch: https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff
 CVE-2012-2140 (The Mail gem before 2.4.3 for Ruby allows remote attackers to execute ...)
 	- ruby-mail 2.4.4-1
@@ -19900,12 +19905,14 @@
 	- joomla <itp> (bug #571794)
 CVE-2012-1115
 	RESERVED
-	- phpldapadmin 1.2.2-3 (bug #662050)
-	- ldap-account-manager 3.6-2 (bug #661904)
+	- phpldapadmin 1.2.2-3 (low; bug #662050)
+	- ldap-account-manager 3.6-2 (low; bug #661904)
+	[squeeze] - ldap-account-manager <no-dsa> (Minor issue)
 CVE-2012-1114
 	RESERVED
-	- phpldapadmin 1.2.2-3 (bug #662050)
-	- ldap-account-manager 3.6-2 (bug #661904)
+	- phpldapadmin 1.2.2-3 (low; bug #662050)
+	- ldap-account-manager 3.6-2 (low; bug #661904)
+	[squeeze] - ldap-account-manager <no-dsa> (Minor issue)
 CVE-2012-1113 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	- gallery2 2.3.2.dfsg-1 (low)
 	[squeeze] - gallery2 <no-dsa> (Minor issue)
@@ -30790,7 +30797,8 @@
 CVE-2011-2333
 	RESERVED
 CVE-2011-2329 (The rampart_timestamp_token_validate function in ...)
-	- rampart 1.3.0-3 (bug #631221)
+	- rampart 1.3.0-3 (low; bug #631221)
+	[squeeze] - rampart <no-dsa> (Minor issue)
 CVE-2011-2327 (Unspecified vulnerability in the Oracle Communications Unified ...)
 	NOT-FOR-US: Oracle Sun Products Suite
 CVE-2011-2326 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
@@ -33481,7 +33489,7 @@
 CVE-2011-1399
 	RESERVED
 CVE-2011-1398 (The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and ...)
-	- php5 5.4.0~rc5-1
+	- php5 5.4.0~rc5-1 (low)
 CVE-2011-1397 (Cross-site request forgery (CSRF) vulnerability in the Labor Reporting ...)
 	NOT-FOR-US: IBM Tivoli
 CVE-2011-1396 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
@@ -34118,8 +34126,10 @@
 	NOTE: https://code.google.com/p/feedparser/issues/detail?id=91
 CVE-2011-1155 (The writeState function in logrotate.c in logrotate 3.7.9 and earlier ...)
 	- logrotate 3.8.0-1
+	[squeeze] - logrotate <no-dsa> (Minor issue)
 CVE-2011-1154 (The shred_file function in logrotate.c in logrotate 3.7.9 and earlier ...)
 	- logrotate 3.8.0-1
+	[squeeze] - logrotate <no-dsa> (Minor issue)
 CVE-2011-1153 (Multiple format string vulnerabilities in phar_object.c in the phar ...)
 	{DSA-2266-1}
 	- php5 5.3.6-1 (unimportant)
@@ -34325,7 +34335,8 @@
 CVE-2011-1099 (Multiple directory traversal vulnerabilities in FocalMedia.Net Quick ...)
 	NOT-FOR-US: FocalMedia.Net Quick Polls
 CVE-2011-1098 (Race condition in the createOutputFile function in logrotate.c in ...)
-	- logrotate 3.8.0-1
+	- logrotate 3.8.0-1 (low)
+	[squeeze] - logrotate <no-dsa> (Minor issue)
 CVE-2011-1097 (rsync 3.x before 3.0.8, when certain recursion, deletion, and ...)
 	- rsync 3.0.8 (low; bug #621866)
 	[squeeze] - rsync <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list