Author: jmm
Date: 2012-04-12 07:12:18 +0000 (Thu, 12 Apr 2012)
New Revision: 18927
Modified:
data/CVE/list
Log:
wicd fixed
imagemagick fixed
samba fixed
samba pidl issue also in samba4 (experimental only and fixed)
mantis fixed
libxml2 fixed
Adobe Reader NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-04-12 05:33:08 UTC (rev 18926)
+++ data/CVE/list 2012-04-12 07:12:18 UTC (rev 18927)
@@ -20,7 +20,7 @@
RESERVED
CVE-2012-2095 [wicd command execution with root privileges]
RESERVED
- - wicd <unfixed> (low; bug #668397)
+ - wicd 1.7.2-1 (low; bug #668397)
[squeeze] - wicd <no-dsa> (Minor issue)
CVE-2012-2215 (Directory traversal vulnerability in the Preboot Service in
Novell ...)
NOT-FOR-US: Novell ZENworks Configuration Management
@@ -924,7 +924,7 @@
RESERVED
CVE-2012-1798
RESERVED
- - imagemagick <unfixed> (bug #667635)
+ - imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-1797 (IBM DB2 9.5 uses world-writable permissions for nodes.reg, which
has ...)
NOT-FOR-US: IBM DB2
CVE-2012-1796 (Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA),
as ...)
@@ -1364,7 +1364,7 @@
- joomla <itp> (bug #571794)
CVE-2012-1610
RESERVED
- - imagemagick <unfixed> (bug #667635)
+ - imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-1609
RESERVED
CVE-2012-1608
@@ -2298,7 +2298,8 @@
- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before
...)
- - samba <unfixed> (bug #668309)
+ - samba 2:3.6.4-1 (bug #668309)
+ - samba4 4.0.0~alpha19+dfsg1-1 (bug #668309)
CVE-2012-1181 (fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache
HTTP ...)
{DSA-2436-1}
- libapache2-mod-fcgid 1:2.3.6-1.1 (bug #615814)
@@ -2516,22 +2517,22 @@
NOT-FOR-US: phxEventManager not in Debian
CVE-2012-1123
RESERVED
- - mantis <unfixed> (bug #662858)
+ - mantis 1.2.10-1 (bug #662858)
CVE-2012-1122
RESERVED
- - mantis <unfixed> (low; bug #662858)
+ - mantis 1.2.10-1 (low; bug #662858)
CVE-2012-1121
RESERVED
- - mantis <unfixed> (low; bug #662858)
+ - mantis 1.2.10-1 (low; bug #662858)
CVE-2012-1120
RESERVED
- - mantis <unfixed> (low; bug #662858)
+ - mantis 1.2.10-1 (low; bug #662858)
CVE-2012-1119
RESERVED
- - mantis <unfixed> (low; bug #662858)
+ - mantis 1.2.10-1 (low; bug #662858)
CVE-2012-1118
RESERVED
- - mantis <unfixed> (low; bug #662858)
+ - mantis 1.2.10-1 (low; bug #662858)
CVE-2012-1117
RESERVED
NOT-FOR-US: Joomla!
@@ -3231,7 +3232,7 @@
CVE-2012-0841
RESERVED
{DSA-2417-1}
- - libxml2 <unfixed> (bug #660846)
+ - libxml2 2.7.8.dfsg-8 (bug #660846)
CVE-2012-0840 (tables/apr_hash.c in the Apache Portable Runtime (APR) library
through ...)
- apr 1.4.6-1 (low; bug #655435)
[squeeze] - apr <no-dsa> (exploitability in httpd extremely limited, not
known to be exploitable in svn)
@@ -3428,13 +3429,13 @@
CVE-2012-0778
RESERVED
CVE-2012-0777 (The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1
and ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-0776 (The installer in Adobe Reader 9.x before 9.5.1 and 10.x before
10.1.3 ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-0775 (The JavaScript implementation in Adobe Reader and Acrobat 9.x
before ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-0774 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1
and 10.x ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-0773 (The NetStream class in Adobe Flash Player before 10.3.183.18 and
11.x ...)
NOT-FOR-US: Adobe Flash Player
CVE-2012-0772 (An unspecified ActiveX control in Adobe Flash Player before ...)
@@ -5125,10 +5126,10 @@
RESERVED
CVE-2012-0260
RESERVED
- - imagemagick <unfixed> (bug #667635)
+ - imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-0259
RESERVED
- - imagemagick <unfixed> (bug #667635)
+ - imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-0258 (Heap-based buffer overflow in the WWCabFile ActiveX component in
the ...)
NOT-FOR-US: Invensys Wonderware Application Server
CVE-2012-0257 (Heap-based buffer overflow in the WWCabFile ActiveX component in
the ...)