Author: jmm Date: 2012-05-11 14:23:15 +0000 (Fri, 11 May 2012) New Revision: 19220 Modified: data/CVE/list Log: drop openjpeg TODO, version in experimental is recent enough two CVE IDs for php security fix fallout filed bug for net-snmp Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-05-11 10:20:36 UTC (rev 19219) +++ data/CVE/list 2012-05-11 14:23:15 UTC (rev 19220) @@ -488,8 +488,11 @@ RESERVED CVE-2012-2336 RESERVED + - php5 5.4.3 (unimportant) + NOTE: Rather harmless bug CVE-2012-2335 RESERVED + NOT-FOR-US: Incomplete wrapper provided by PHP as workaround for CVE-2012-1823/CVE-2012-2311 CVE-2012-2334 RESERVED CVE-2012-2333 [OpenSSL invalid TLS/DTLS record attack] @@ -958,7 +961,7 @@ RESERVED CVE-2012-2141 [Array index error, leading to out-of heap-based buffer read (snmpd crash)] RESERVED - - net-snmp <unfixed> + - net-snmp <unfixed> (bug #672492) NOTE: Red Hat patch: https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff CVE-2012-2140 RESERVED @@ -2499,7 +2502,6 @@ RESERVED CVE-2012-1499 (The JPEG 2000 codec in OpenJPEG before 1.5 does not properly allocate ...) - openjpeg <not-affected> (vulnerable code introduced after 1.3) - TODO: recheck any version of openjpeg greater than 1.3 CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio ...) NOT-FOR-US: Webfolio CMS CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x before ...)