Author: jmm Date: 2012-06-04 10:51:03 +0000 (Mon, 04 Jun 2012) New Revision: 19425 Modified: data/CVE/list data/spu-candidates.txt Log: krb5 no-dsa fixup rails entry Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-06-04 07:34:06 UTC (rev 19424) +++ data/CVE/list 2012-06-04 10:51:03 UTC (rev 19425) @@ -901,6 +901,7 @@ RESERVED CVE-2012-2664 RESERVED + NOT-FOR-US: sosreport (Red Hat tool) CVE-2012-2663 RESERVED - iptables <unfixed> (bug #675445) @@ -908,15 +909,12 @@ RESERVED CVE-2012-2661 RESERVED - [squeeze] - ruby-activerecord <not-affected> + - rails <not-affected> (Doesn''t affects RoR in Squeeze) - ruby-activerecord-3.2 <unfixed> (bug #675396) - NOTE: Versions Affected: 3.0.0 and ALL later versions. Not affected: 2.3.14. Fixed Versions: 3.2.4, 3.1.5, 3.0.13 NOTE: http://seclists.org/oss-sec/2012/q2/448 CVE-2012-2660 RESERVED - [squeeze] - ruby-activerecord <not-affected> - ruby-activerecord-3.2 <unfixed> (bug #675429) - NOTE: Versions affected: all, fixed in versions 3.2.4, 3.1.5, 3.0.13 NOTE: http://seclists.org/oss-sec/2012/q2/449 CVE-2012-2659 RESERVED @@ -4994,7 +4992,8 @@ RESERVED CVE-2012-1013 RESERVED - - krb5 <unfixed> + - krb5 <unfixed> (low) + [squeeze] - krb5 <no-dsa> (Minor issue) NOTE: DoS only triggered by clients with admin permissions CVE-2012-1012 RESERVED @@ -5866,9 +5865,8 @@ CVE-2012-0677 RESERVED CVE-2012-0676 (WebKit in Apple Safari before 5.1.7 does not properly track state ...) - - webkit <undetermined> + - webkit <unfixed> NOTE: http://packetstormsecurity.sebug.net/files/download/112596/APPLE-SA-2012-05-09-2.txt - TODO: Check. Seems to be a general webkit issue instantiated for Apple. CVE-2012-0675 (Time Machine in Apple Mac OS X before 10.7.4 does not require ...) NOT-FOR-US: Time Machine CVE-2012-0674 (Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the ...) @@ -5876,9 +5874,8 @@ CVE-2012-0673 RESERVED CVE-2012-0672 (WebKit in Apple iOS before 5.1.1 allows remote attackers to execute ...) - - webkit <undetermined> + - webkit <unfixed> NOTE: http://dl.packetstormsecurity.net/1205-advisories/APPLE-SA-2012-05-09-2.txt - TODO: Check. Seems to be a general webkit issue instantiated for Apple. CVE-2012-0671 (Apple QuickTime before 7.7.2 allows remote attackers to execute ...) NOT-FOR-US: Apple QuickTime CVE-2012-0670 (Integer overflow in Apple QuickTime before 7.7.2 allows remote ...) @@ -10564,7 +10561,7 @@ CVE-2011-4032 RESERVED CVE-2011-4031 (Integer underflow in the asfrtp_parse_packet function in ...) - - libav <undetermined> (bug #675767) + - libav <unfixed> (bug #675767) CVE-2011-4030 (The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and ...) - plone3 <not-affected> (Only affects Plone 4.x) CVE-2011-4029 Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2012-06-04 07:34:06 UTC (rev 19424) +++ data/spu-candidates.txt 2012-06-04 10:51:03 UTC (rev 19425) @@ -215,6 +215,9 @@ krb5 (CVE-2011-4151) #646367 +krb5 (CVE-2012-1013) +https://github.com/krb5/krb5/commit/c5be6209311d4a8f10fda37d0d3f876c1b33b77b +http://krbdev.mit.edu/rt/Ticket/Display.html?id=7152 --