Author: jmm Date: 2012-07-13 12:53:28 +0000 (Fri, 13 Jul 2012) New Revision: 19735 Modified: data/CVE/list Log: automake 1.7 fixed automake 1.4 not affected bitcoin fixed one libexif issue is in exif NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-07-13 10:31:17 UTC (rev 19734) +++ data/CVE/list 2012-07-13 12:53:28 UTC (rev 19735) @@ -1273,13 +1273,12 @@ RESERVED CVE-2012-3386 RESERVED - - automake <unfixed> - [squeeze] - automake <no-dsa> (Minor issue) + - automake <not-affected> (Vulnerable code not present) - automake1.10 1:1.10.3-3 [squeeze] - automake1.10 <no-dsa> (Minor issue) - automake1.11 1:1.11.6-1 (bug #681097) [squeeze] - automake1.11 <no-dsa> (Minor issue) - - automake1.7 <unfixed> + - automake1.7 1.7.9-10 [squeeze] - automake1.7 <no-dsa> (Minor issue) - automake1.9 1.9.6+nogfdl-4 [squeeze] - automake1.9 <no-dsa> (Minor issue) @@ -1403,7 +1402,6 @@ CVE-2012-3357 [viewvc log msg leak in SVN revision view with unreadable copy source] RESERVED - viewvc <unfixed> (bug #679069) - TODO: Check if 1.1.5-1.1 is affected NOTE: http://viewvc.tigris.org/issues/show_bug.cgi?id=353 NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755 NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756 @@ -1413,7 +1411,6 @@ CVE-2012-3356 [viewvc complete authz support for remote SVN views] RESERVED - viewvc <unfixed> (bug #679069) - TODO: Check if 1.1.5-1.1 is affected NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758 CVE-2012-3355 [rhythmbox insecure temporary directory used by loading template files] RESERVED @@ -1663,7 +1660,7 @@ CVE-2012-3239 RESERVED CVE-2012-3238 (Cross-site scripting (XSS) vulnerability in the Backup/Restore ...) - TODO: check + NOT-FOR-US: Astaro appliance CVE-2012-3237 RESERVED CVE-2012-3236 @@ -2205,7 +2202,7 @@ CVE-2012-2971 RESERVED CVE-2012-2970 (The Synel SY-780/A Time & Attendance terminal allows remote attackers ...) - TODO: check + NOT-FOR-US: Synel terminal CVE-2012-2969 RESERVED CVE-2012-2968 @@ -2476,9 +2473,8 @@ RESERVED CVE-2012-2845 RESERVED - - libexif <unfixed> (bug #681454) - TODO: check if Debian is affected - NOTE: Marcus Meissner said CVE-2012-2845 is actually for "exif", the commandline tool. Not the library libexif + - exif <unfixed> (low; bug #681454) + [squeeze] - exif <no-dsa> (Minor crasher) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2844 @@ -3370,9 +3366,7 @@ RESERVED CVE-2012-2459 RESERVED - - bitcoin <unfixed> - TODO: check - NOTE: should be fixed in 0.6.2 but need to identify the relevant commit + - bitcoin 0.6.2.1-1 NOTE: https://bitcointalk.org/index.php?topic=81749.0 CVE-2012-2458 RESERVED @@ -4684,7 +4678,7 @@ CVE-2012-2019 (Unspecified vulnerability in HP Operations Agent before 11.03.12 ...) NOT-FOR-US: HP Operations Agent CVE-2012-2018 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...) - TODO: check + NOT-FOR-US: HP Network Node Manager CVE-2012-2017 (Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, ...) NOT-FOR-US: HP Photosmart Wireless e-All-in-One CVE-2012-2016 (Unspecified vulnerability in HP System Management Homepage (SMH) ...) @@ -4967,13 +4961,13 @@ CVE-2012-1895 RESERVED CVE-2012-1894 (Microsoft Office for Mac 2011 uses world-writable permissions for the ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2012-1893 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2012-1892 RESERVED CVE-2012-1891 (Heap-based buffer overflow in Microsoft Data Access Components (MDAC) ...) - TODO: check + NOT-FOR-US: Microsoft Data Access Components CVE-2012-1890 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1889 (Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses ...) @@ -5015,7 +5009,7 @@ CVE-2012-1871 RESERVED CVE-2012-1870 (The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 ...) - TODO: check + NOT-FOR-US: Microsoft Windows XP CVE-2012-1869 RESERVED CVE-2012-1868 (Race condition in the thread-creation implementation in win32k.sys in ...) @@ -5029,15 +5023,15 @@ CVE-2012-1864 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1863 (Cross-site scripting (XSS) vulnerability in Microsoft Office ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2012-1862 (Open redirect vulnerability in Microsoft Office SharePoint Server 2007 ...) - TODO: check + NOT-FOR-US: Microsoft SharePoint CVE-2012-1861 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...) - TODO: check + NOT-FOR-US: Microsoft SharePoint CVE-2012-1860 (Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server ...) - TODO: check + NOT-FOR-US: Microsoft SharePoint CVE-2012-1859 (Cross-site scripting (XSS) vulnerability in scriptresx.ashx in ...) - TODO: check + NOT-FOR-US: Microsoft SharePoint CVE-2012-1858 (The toStaticHTML API (aka the SafeHTML component) in Microsoft ...) NOT-FOR-US: MicrosoftInternet Explorer, Communicator, Lync CVE-2012-1857 (Cross-site scripting (XSS) vulnerability in the Enterprise Portal ...) @@ -5047,7 +5041,7 @@ CVE-2012-1855 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-1854 (Untrusted search path vulnerability in VBE6.dll in Microsoft Office ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2012-1853 RESERVED CVE-2012-1852 @@ -5847,11 +5841,11 @@ CVE-2012-1525 RESERVED CVE-2012-1524 (Microsoft Internet Explorer 9 does not properly handle objects in ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1522 (Microsoft Internet Explorer 9 does not properly handle objects in ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1521 (Use-after-free vulnerability in the XML parser in Google Chrome before ...) - chromium-browser 18.0.1025.168~r134367-1 CVE-2012-1520 @@ -5915,7 +5909,7 @@ CVE-2012-1494 RESERVED CVE-2012-1493 (F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x ...) - TODO: check + NOT-FOR-US: F5 BIG-IP appliances CVE-2012-1492 RESERVED CVE-2012-1491 @@ -8702,7 +8696,7 @@ CVE-2012-0411 RESERVED CVE-2012-0410 (Directory traversal vulnerability in WebAccess in Novell GroupWise ...) - TODO: check + NOT-FOR-US: Groupwise CVE-2012-0409 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before ...) NOT-FOR-US: EMC CVE-2012-0408 @@ -8933,13 +8927,13 @@ CVE-2012-0304 (Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions ...) NOT-FOR-US: Symantec LiveUpdate Administrator CVE-2012-0303 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - TODO: check + NOT-FOR-US: Symantec Message Filter CVE-2012-0302 (Cross-site scripting (XSS) vulnerability in Brightmail Control Center ...) - TODO: check + NOT-FOR-US: Symantec Message Filter CVE-2012-0301 (Session fixation vulnerability in Brightmail Control Center in ...) - TODO: check + NOT-FOR-US: Symantec Message Filter CVE-2012-0300 (Brightmail Control Center in Symantec Message Filter 6.3 does not ...) - TODO: check + NOT-FOR-US: Symantec Message Filter CVE-2012-0299 (The file-management scripts in the management GUI in Symantec Web ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-0298 (The file-management scripts in the management GUI in Symantec Web ...) @@ -9979,7 +9973,7 @@ CVE-2012-0176 (Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 ...) NOT-FOR-US: Microsoft Silverlight CVE-2012-0175 (The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2012-0174 (Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2012-0173 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)