Author: jmm
Date: 2012-06-07 07:33:22 +0000 (Thu, 07 Jun 2012)
New Revision: 19445
Modified:
data/CVE/list
Log:
new nova issue
nut fixed
one chromium issue not-affected
NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-06-06 21:14:35 UTC (rev 19444)
+++ data/CVE/list 2012-06-07 07:33:22 UTC (rev 19445)
@@ -334,7 +334,7 @@
RESERVED
CVE-2012-2944 (Buffer overflow in the addchar function in common/parseconf.c in
upsd ...)
{DSA-2484-1}
- - nut <unfixed>
+ - nut 2.6.4-1
NOTE:
https://alioth.debian.org/tracker/index.php?func=detail&aid=313636&group_id=30602&atid=411542
CVE-2012-2943 (CRLF injection vulnerability in cryptographp.inc.php in
Cryptographp ...)
NOT-FOR-US: Cryptographp
@@ -717,7 +717,7 @@
RESERVED
- libapache2-mod-auth-openid 0.7-0.1 (bug #674165)
CVE-2012-2759 (Cross-site scripting (XSS) vulnerability in login-with-ajax.php
in the ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2012-2758
RESERVED
CVE-2012-2757
@@ -731,7 +731,7 @@
CVE-2012-2753
RESERVED
CVE-2012-2752 (Untrusted search path vulnerability in VMware vMA 4.x and 5.x
before ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2012-2751
RESERVED
CVE-2012-2750
@@ -953,6 +953,7 @@
- postgresql-8.4 8.4.12-1
CVE-2012-2654
RESERVED
+ - nova <unfixed> (bug #676465)
CVE-2012-2653
RESERVED
{DSA-2481-1}
@@ -1414,13 +1415,13 @@
CVE-2012-2430
RESERVED
CVE-2012-2429 (The server in xArrow before 3.4.1 performs an invalid read
operation, ...)
- TODO: check
+ NOT-FOR-US: xArrow
CVE-2012-2428 (Integer overflow in the server in xArrow before 3.4.1 allows
remote ...)
- TODO: check
+ NOT-FOR-US: xArrow
CVE-2012-2427 (Heap-based buffer overflow in the server in xArrow before 3.4.1
allows ...)
- TODO: check
+ NOT-FOR-US: xArrow
CVE-2012-2426 (The server in xArrow before 3.4.1 does not properly allocate
memory, ...)
- TODO: check
+ NOT-FOR-US: xArrow
CVE-2012-2425 (The intu-help-qb (aka Intuit Help System Async Pluggable
Protocol) ...)
NOT-FOR-US: Intuit
CVE-2012-2424 (The intu-help-qb (aka Intuit Help System Async Pluggable
Protocol) ...)
@@ -6626,7 +6627,7 @@
CVE-2012-0410
RESERVED
CVE-2012-0409 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x
before ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2012-0408
RESERVED
CVE-2012-0407 (Integer overflow in the DPA_Utilities library in EMC Data
Protection ...)
@@ -9384,6 +9385,7 @@
RESERVED
CVE-2011-4409
RESERVED
+ NOT-FOR-US: Ubuntu One
CVE-2011-4408
RESERVED
CVE-2011-4407 [apt-add-repository does not perform ssl verification where it
*needs* to]
@@ -13463,7 +13465,7 @@
CVE-2011-3113 (The PDF functionality in Google Chrome before 19.0.1084.52 does
not ...)
- chromium-browser <unfixed>
CVE-2011-3112 (Use-after-free vulnerability in the PDF functionality in Google
Chrome ...)
- TODO: check
+ - chromium-browser <not-affected> (PDF functionality specific to Chrome)
CVE-2011-3111 (Google V8, as used in Google Chrome before 19.0.1084.52, allows
remote ...)
- libv8 <unfixed>
CVE-2011-3110 (The PDF functionality in Google Chrome before 19.0.1084.52
allows ...)
@@ -14040,7 +14042,6 @@
- rails 2.3.14
CVE-2011-2929 (The template selection functionality in ...)
- rails <not-affected> (Only affects RoR 3.0 and above)
- TODO: recheck when rails > 3.0 gets uploaded
CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux
...)
{DSA-2310-1 DSA-2303-1}
- linux-2.6 3.0.0-2
@@ -14375,7 +14376,6 @@
CVE-2011-2833 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6,
allows ...)
- chromium-browser <undetermined>
- webkit <undetermined>
- TODO: check iOS
CVE-2011-2832
RESERVED
CVE-2011-2831 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
@@ -15332,7 +15332,6 @@
- openjdk-6 6b21~pre1-1
- icedtea-web <unfixed>
NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
- TODO: check
CVE-2011-2512 [qemu-kvm: OOB memory access caused by negative vq notifies]
RESERVED
{DSA-2270-1}