thr3ads.net - Secure testing commits - [Secure-testing-commits] r19166

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2012-May-08 06:59 UTC
[Secure-testing-commits] r19166 - data/CVE

Author: jmm
Date: 2012-05-08 06:59:59 +0000 (Tue, 08 May 2012)
New Revision: 19166

Modified:
   data/CVE/list
Log:
dirmngr and evolution unimportant
bug filed for nspluginwrapper (no-dsa as in contrib)
packagekit fixed, not in stable
glibc hardening bypass fixed
NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-05-08 06:01:54 UTC (rev 19165)
+++ data/CVE/list	2012-05-08 06:59:59 UTC (rev 19166)
@@ -410,49 +410,49 @@
 	NOTE: http://osvdb.org/show/osvdb/81633
 CVE-2012-2310 [Drupal SA-CONTRIB-2012-072 - cctags - XSS ]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2309 [Drupal SA-CONTRIB-2012-071 - Glossify - XSS ]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2308 [Drupal SA-CONTRIB-2012-070 - Taxonomy Grid : Catalog - XSS]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2307 [Drupal SA-CONTRIB-2012-069 - Addressbook - CSRF ]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2306 [Drupal SA-CONTRIB-2012-069 - Addressbook - SQL Injection]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2305 [Drupal SA-CONTRIB-2012-068 - Node Gallery - CSRF]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2304 [Drupal SA-CONTRIB-2012-067 - Linkit - Access bypass]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2303 [Drupal SA-CONTRIB-2012-066 - Spaces and Spaces OG - Access ...]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2302 [Drupal SA-CONTRIB-2012-065 - Sitedoc - Information disclosure]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2301 [Drupal SA-CONTRIB-2012-064 - Ubercart - Arbitrary PHP Execution]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2300 [Drupal SA-CONTRIB-2012-064 - Ubercart - XSS]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2299 [Drupal SA-CONTRIB-2012-064 - Ubercart - failure to encrypt data]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2298 [Drupal SA-CONTRIB-2012-063 - RealName - XSS]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2297 [Drupal SA-CONTRIB-2012-062 - Creative Commons - XSS]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2296 [Drupal SA-CONTRIB-2012-056 - Janrain Engage - Sensitive Data
...]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2295
 	RESERVED
 CVE-2012-2294
@@ -756,10 +756,10 @@
 	NOT-FOR-US: Plume CMS
 CVE-2012-2155 [Drupal SA-CONTRIB-2012-050 - CDN2 Video - CSRF]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2154 [Drupal SA-CONTRIB-2012-050 - CDN2 Video - XSS]
 	RESERVED
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2153
 	RESERVED
 CVE-2012-2152 [dhcpcd 3.2.3 remote stack overflow / denial of service]
@@ -3874,7 +3874,7 @@
 	NOT-FOR-US: CubeCart
 CVE-2012-0864 [FORTIFY_SOURCE format string protection bypass]
 	RESERVED
-	- eglibc <unfixed> (low; bug #660611)
+	- eglibc 2.13-31 (low; bug #660611)
 	[squeeze] - eglibc <no-dsa> (Hardening bypass, can be fixed in next
point update)
 CVE-2012-0863 (Mumble 1.2.3 and earlier uses world-readable permissions for
...)
 	{DSA-2411-1}
@@ -4139,6 +4139,7 @@
 	RESERVED
 CVE-2012-0779 (Adobe Flash Player before 10.3.183.19 and 11.x before
11.2.202.235 on ...)
 	TODO: check
+	NOT-FOR-US: Adobe Flash Player
 CVE-2012-0778
 	RESERVED
 CVE-2012-0777 (The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1
and ...)
@@ -11642,8 +11643,8 @@
 	NOT-FOR-US: Jcow
 CVE-2011-3201
 	RESERVED
-	- evolution <unfixed>
-	TODO: check
+	- evolution <unfixed> (unimportant)
+	NOTE: Any attacks still involve quite some social engineering
 CVE-2011-3200 (Stack-based buffer overflow in the parseLegacySyslogMsg function
in ...)
 	- rsyslog 5.8.5-1 (low)
 	[squeeze] - rsyslog <no-dsa> (Minor issue)
@@ -13790,8 +13791,7 @@
 	- xml-security-c 1.6.1-1 (low; bug #632973)
 CVE-2011-2515
 	RESERVED
-	- packagekit <unfixed>
-	TODO: check
+	- packagekit 0.6.17-1
 CVE-2011-2514
 	RESERVED
 	- openjdk-6 6b21~pre1-1
@@ -13905,8 +13905,8 @@
 	RESERVED
 CVE-2011-2486
 	RESERVED
-	- nspluginwrapper <unfixed>
-	TODO: check
+	- nspluginwrapper <unfixed> (bug #671846)
+	[squeeze] - nspluginwrapper <no-dsa> (Contrib not supported)
 CVE-2011-2485 [excessive memory use due improper checking of certain return
values in GIF image loader]
 	RESERVED
 	- gdk-pixbuf 2.23.3-3.1 (bug #631524)
@@ -14580,8 +14580,8 @@
 	- kvm <removed>
 CVE-2011-2207
 	RESERVED
-	- dirmngr <unfixed>
-	TODO: check
+	- dirmngr <unfixed> (unimportant; bug #627377)
+	NOTE: Negligable impact
 CVE-2011-2206 (XMLParser.pm in DJabberd before 0.85 allows remote authenticated
users ...)
 	NOT-FOR-US: Djabberd
 CVE-2011-2205 (Prosody before 0.8.1 does not properly detect recursion during
entity ...)
Secure testing commits - May 2012 - r19166 - data/CVE

[Secure-testing-commits] r19166 - data/CVE
