[Secure-testing-commits] r22186 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Mon May 6 12:13:25 UTC 2013
Author: carnil
Date: 2013-05-06 12:13:25 +0000 (Mon, 06 May 2013)
New Revision: 22186
Modified:
data/CVE/list
Log:
CVE-2012-4067, not reproduced, but looking at affeced code change looks vulnerable, and upstream tracker says 3.1.0 affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-05-06 11:57:47 UTC (rev 22185)
+++ data/CVE/list 2013-05-06 12:13:25 UTC (rev 22186)
@@ -14430,10 +14430,11 @@
NOT-FOR-US: Dir2Web
CVE-2012-4068 (Heap-based buffer overflow in the SoapServer service in Citrix ...)
NOT-FOR-US: Citrix
-CVE-2012-4067
+CVE-2012-4067 [Walrus XML parsing allows document type declaration]
RESERVED
- eucalyptus <unfixed>
- TODO: check
+ NOTE: https://github.com/eucalyptus/eucalyptus/commit/e958e60
+ NOTE: https://eucalyptus.atlassian.net/browse/EUCA-5277
CVE-2012-4066 (The internal message protocol for Walrus in Eucalyptus 3.2.0 and ...)
- eucalyptus <unfixed> (bug #702388)
CVE-2012-4065 (Eucalyptus before 3.1.1 does not properly restrict the binding of ...)
More information about the Secure-testing-commits
mailing list