[Secure-testing-commits] r21772 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Mar 28 12:12:15 UTC 2013 

Author: jmm
Date: 2013-03-28 12:12:14 +0000 (Thu, 28 Mar 2013)
New Revision: 21772

Modified:
   data/CVE/list
Log:
bug filed for ekiga
NFUs
cleanup some old TODOs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-03-28 11:33:16 UTC (rev 21771)
+++ data/CVE/list	2013-03-28 12:12:14 UTC (rev 21772)
@@ -146,7 +146,7 @@
 CVE-2013-2641
 	RESERVED
 CVE-2013-2640 (ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress ...)
-	TODO: check
+	NOT-FOR-US: MailUp plugin for Wordpress
 CVE-2013-2639
 	RESERVED
 CVE-2013-2638
@@ -488,7 +488,7 @@
 CVE-2013-2502
 	RESERVED
 CVE-2013-2501 (Cross-site scripting (XSS) vulnerability in the Terillion Reviews ...)
-	TODO: check
+	NOT-FOR-US: Terillion Reviews plugin for Wordpress
 CVE-2013-2500
 	RESERVED
 CVE-2013-2499
@@ -1879,7 +1879,7 @@
 CVE-2013-1864 [Ekiga billion laughs flaw in ptlib]
 	RESERVED
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/15/6
-	TODO: check
+	- ekiga <unfixed> (bug #704133)
 CVE-2013-1863 (Samba 4.x before 4.0.4, when configured as an Active Directory domain ...)
 	- samba4 <not-affected> (Debian package only uses ntvfs, see #679678)
 	NOTE: http://www.samba.org/samba/history/samba-4.0.4.html
@@ -2126,14 +2126,14 @@
 	RESERVED
 CVE-2013-1790 [uninitialized memory read]
 	RESERVED
-	- poppler 0.18.4-6 (bug #702071)
+	- poppler 0.18.4-6 (low; bug #702071)
 CVE-2013-1789 [crash in broken documents]
 	RESERVED
-	- poppler <unfixed> (bug #702071)
+	- poppler <unfixed> (low; bug #702071)
 	TODO: seem to not apply (in unstable, check squeeze?)
 CVE-2013-1788 [invalid memory issues]
 	RESERVED
-	- poppler 0.18.4-6 (bug #702071)
+	- poppler 0.18.4-6 (low; bug #702071)
 CVE-2013-1787
 	RESERVED
 	NOT-FOR-US: Drupal addon
@@ -2577,9 +2577,9 @@
 CVE-2013-1610
 	RESERVED
 CVE-2013-1609 (Multiple unquoted Windows search path vulnerabilities in the (1) File ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2013-1608 (Directory traversal vulnerability in the Management Console on the ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2013-1607
 	RESERVED
 CVE-2013-1606
@@ -4636,7 +4636,7 @@
 CVE-2013-0732
 	RESERVED
 CVE-2013-0731 (ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress ...)
-	TODO: check
+	NOT-FOR-US: MailUp plugin for Wordpress
 CVE-2013-0730 (Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x ...)
 	NOT-FOR-US: Newscoop
 CVE-2013-0729
@@ -5200,7 +5200,7 @@
 CVE-2013-0526
 	RESERVED
 CVE-2013-0525 (Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes ...)
-	TODO: check
+	NOT-FOR-US: IBM Domino
 CVE-2013-0524
 	RESERVED
 CVE-2013-0523
@@ -6188,13 +6188,11 @@
 CVE-2013-0237 [wordpress: XSS in external library Plupload fixed in 3.5.1]
 	RESERVED
 	- wordpress 3.5.1+dfsg-1 (bug #698929)
-	TODO: check if squeeze is affected
 	NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
 	NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/25/7
 CVE-2013-0236 [wordpress: XSS fixed in 3.5.1]
 	RESERVED
 	- wordpress 3.5.1+dfsg-1 (bug #698927)
-	TODO: check if squeeze is affected
 	NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
 	NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/25/7
 CVE-2013-0235 [wordpress: server-side request forgery and remote port scanning using pingbacks]
@@ -6227,13 +6225,13 @@
 	[squeeze] - linux-2.6 2.6.32-48
 	NOTE: was actually fixed in 2.6.32-46squeeze1 but upload was done and no DSA was released for that version. 
 CVE-2013-0227 (Cross-site scripting (XSS) vulnerability in the Search API Sorts ...)
-	TODO: check
+	NOT-FOR-US: Drupal addon
 CVE-2013-0226 (The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal ...)
-	TODO: check
+	NOT-FOR-US: Drupal addon
 CVE-2013-0225 (Cross-site scripting (XSS) vulnerability in the User Relationships ...)
-	TODO: check
+	NOT-FOR-US: Drupal addon
 CVE-2013-0224 (The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the ...)
-	TODO: check
+	NOT-FOR-US: Drupal addon
 CVE-2013-0223
 	RESERVED
 	- coreutils <not-affected> (Affected patch not added to Debian package)
@@ -6537,13 +6535,13 @@
 CVE-2013-0127
 	RESERVED
 CVE-2013-0126 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Verizon router
 CVE-2013-0125
 	RESERVED
 CVE-2013-0124 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: ASKIA
 CVE-2013-0123 (Multiple SQL injection vulnerabilities in the administration interface ...)
-	TODO: check
+	NOT-FOR-US: ASKIA
 CVE-2013-0122
 	RESERVED
 CVE-2013-0121
@@ -7775,7 +7773,7 @@
 CVE-2012-5944
 	RESERVED
 CVE-2012-5943 (Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before ...)
-	TODO: check
+	NOT-FOR-US: IBM iNotes
 CVE-2012-5942 (Cross-site scripting (XSS) vulnerability in the Data Management Portal ...)
 	NOT-FOR-US: IBM Tivoli TADDM
 CVE-2012-5941 (Cross-site scripting (XSS) vulnerability in the WebAdmin application ...)
@@ -8481,7 +8479,6 @@
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
 	NOTE: patch http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189
 	NOTE: http://www.openwall.com/lists/oss-security/2012/12/22/1
-	TODO: check if stable is affected (the segfault is reproducible; command execution possible?)
 CVE-2012-5666 (Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js ...)
 	- owncloud 4.0.8debian-1.3 (bug #696574)
 	[wheezy] - owncloud 4.0.4debian2-3.2
@@ -22714,7 +22711,6 @@
 	- jquery 1.6.4-1 (bug #699482)
 	NOTE: http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/
 	NOTE: https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9
-	TODO: check if squeeze affected
 CVE-2011-4968 [nginx http proxy module does not verify peer identity of https origin server]
 	RESERVED
 	- nginx <unfixed> (low; bug #697940)
@@ -32910,13 +32906,11 @@
 	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported)
 	[lenny] - open-vm-tools <no-dsa> (Contrib not supported)
 CVE-2011-1680 (ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ ...)
-	- ncpfs <unfixed> (low; bug #660545)
+	- ncpfs 2.2.6-9 (low; bug #660545)
 	[squeeze] - ncpfs <no-dsa> (Minor issue)
-	[wheezy] - ncpfs <no-dsa> (Minor issue)
 CVE-2011-1679 (ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the ...)
-	- ncpfs <unfixed> (low; bug #660545)
+	- ncpfs 2.2.6-9 (low; bug #660545)
 	[squeeze] - ncpfs <no-dsa> (Minor issue)
-	[wheezy] - ncpfs <no-dsa> (Minor issue)
 CVE-2011-1678 (smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to ...)
 	- samba 2:3.4.7~dfsg-2 (low)
 	- cifs-utils 2:5.1-1 (low)

More information about the Secure-testing-commits mailing list