Author: jmm Date: 2012-08-01 14:28:44 +0000 (Wed, 01 Aug 2012) New Revision: 19848 Modified: data/CVE/list Log: libvirt issue doesn''t affect stable NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-08-01 08:03:46 UTC (rev 19847) +++ data/CVE/list 2012-08-01 14:28:44 UTC (rev 19848) @@ -94,10 +94,8 @@ NOT-FOR-US: Wangkongbao not in Debian CVE-2012-4030 RESERVED - TODO: check CVE-2012-4029 RESERVED - TODO: check CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential data, ...) NOT-FOR-US: Tridium Niagara AX Framework CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX Framework ...) @@ -266,7 +264,7 @@ CVE-2012-3952 RESERVED CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL ...) - TODO: check + NOT-FOR-US: Plixer Scrutinizer CVE-2012-3950 RESERVED CVE-2012-3949 @@ -392,15 +390,15 @@ CVE-2012-3889 (The in_mod plugin in Winamp before 5.63 allows remote attackers to ...) NOT-FOR-US: Winamp CVE-2012-3888 (The login implementation in AirDroid 1.0.4 beta allows remote ...) - TODO: check + NOT-FOR-US: AirDroid CVE-2012-3887 (AirDroid before 1.0.7 beta uses a cleartext base64 format for data ...) - TODO: check + NOT-FOR-US: AirDroid CVE-2012-3886 (AirDroid 1.0.4 beta uses the MD5 algorithm for values in the ...) - TODO: check + NOT-FOR-US: AirDroid CVE-2012-3885 (The default configuration of AirDroid 1.0.4 beta uses a four-character ...) - TODO: check + NOT-FOR-US: AirDroid CVE-2012-3884 (AirDroid 1.0.4 beta implements authentication through direct ...) - TODO: check + NOT-FOR-US: AirDroid CVE-2012-3883 RESERVED CVE-2012-3882 @@ -479,7 +477,7 @@ CVE-2012-3849 RESERVED CVE-2012-3848 (Multiple cross-site scripting (XSS) vulnerabilities in the web console ...) - TODO: check + NOT-FOR-US: Plixer Scrutinizer CVE-2012-3863 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and ...) - asterisk <unfixed> CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 ...) @@ -1314,6 +1312,7 @@ CVE-2012-3445 [libvirt: crash in virTypedParameterArrayClear] RESERVED - libvirt <unfixed> (bug #683483) + [squeeze] - libvirt <not-affected> (Vulnerable code not present) NOTE: https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=844734 CVE-2012-3444 [Denial-of-service via get_image_dimensions] @@ -7632,7 +7631,6 @@ - python2.7 <unfixed> - python3.1 <unfixed> - python3.2 <unfixed> - NOTE: the same hash DoS attack as other languages/bindings CVE-2012-0875 [systemtap invalid read leading to kernel DoS] RESERVED - systemtap 1.7-1 (low; bug #660929; bug #660886)