[Git][security-tracker-team/security-tracker][master] Update information for CVE-2012-4427/gnome-shell

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 15 21:24:39 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a25aed1e by Salvatore Bonaccorso at 2022-02-15T22:23:12+01:00
Update information for CVE-2012-4427/gnome-shell

The problem is with GNOME Shell's NPAPI browser extension which is not
shipped anymore since GNOME 3.32. We can mark thus the first version
landing in unstable as fixed, which was 3.34.0-2.

Thanks: Simon McVittie for the update.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -431279,10 +431279,11 @@ CVE-2012-4428 (openslp: SLPIntersectStringList()' Function has a DoS vulnerabili
 	[squeeze] - openslp-dfsg <no-dsa> (Minor issue)
 	[wheezy] - openslp-dfsg <no-dsa> (Minor issue)
 CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...)
-	- gnome-shell <unfixed> (unimportant)
+	- gnome-shell 3.34.0-2 (unimportant)
 	NOTE: I don't see much of a problem here, if you install from a repo, you need to trust it
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=684215
-	NOTE: As far as I can see there is still a yes/no prompt for the user. I suggest unfixed unimportant. -- helmut
+	NOTE: Problem with GNOME Shell's NPAPI browser extension which is not shipped
+	NOTE: anymore since GNOME 3.32.
 CVE-2012-4426 (Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier mig ...)
 	- mcrypt 2.6.8-1.1
 	[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a25aed1e18e4b61cd3167b9d27b12bde48545361

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a25aed1e18e4b61cd3167b9d27b12bde48545361
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220215/9917127f/attachment.htm>

More information about the debian-security-tracker-commits mailing list