[Secure-testing-commits] r29072 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Fri Sep 26 08:21:10 UTC 2014
Author: hertzog
Date: 2014-09-26 08:21:10 +0000 (Fri, 26 Sep 2014)
New Revision: 29072
Modified:
data/CVE/list
Log:
Mark CVE-2012-3541 as <no-dsa> for wheezy & squeeze
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-26 07:54:52 UTC (rev 29071)
+++ data/CVE/list 2014-09-26 08:21:10 UTC (rev 29072)
@@ -45331,9 +45331,13 @@
- keystone 2012.1.1-5
CVE-2012-3541 [rpcbind: -h fails to control access to rpcbind]
RESERVED
- - rpcbind <unfixed>
+ - rpcbind <unfixed> (low)
+ [wheezy] - rpcbind <no-dsa> (Minor issue)
+ [squeeze] - rpcbind <no-dsa> (Minor issue)
- nfs-utils 1:1.2.5-1 (bug #457095)
NOTE: Upstream git repository of rpcbind: http://git.infradead.org/users/steved/rpcbind.git
+ NOTE: Based on discussion with upstream there's likely no security hole
+ NOTE: besides the information disclosure.
CVE-2012-3540 (Open redirect vulnerability in views/auth_forms.py in OpenStack ...)
- horizon 2012.1.1-4 (bug #686050)
CVE-2012-3539
More information about the Secure-testing-commits
mailing list