Author: jmm Date: 2012-08-22 06:32:41 +0000 (Wed, 22 Aug 2012) New Revision: 20006 Modified: data/CVE/list Log: geshi CVEfied inn issue should also be in inn2 ruby-sqlite issue doesn''t affect Debian new xml-light issue (bug filed) add bug to munin issue another munin issue CVEfied Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-08-22 05:53:50 UTC (rev 20005) +++ data/CVE/list 2012-08-22 06:32:41 UTC (rev 20006) @@ -22,14 +22,6 @@ NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4352 RESERVED -CVE-2012-XXXX [geshi XSS in contrib/langwiz.php] - - geshi <unfixed> (bug #685323) - [squeeze] - geshi <no-dsa> (shipped as example/.gz) - TODO: request CVE id -CVE-2012-XXXX [geshi information disclosure in contrib/cssgen.php] - - geshi <unfixed> (bug #685324) - [squeeze] - geshi <no-dsa> (shipped as example/.gz) - TODO: request CVE id CVE-2012-4351 RESERVED CVE-2012-4350 @@ -483,10 +475,6 @@ - redeclipse 1.2-3 (bug #684143) CVE-2012-XXXX [world-writeable directory] - gpe-tetris <unfixed> (bug #684178) -CVE-2012-XXXX [remote execution as www-data] - - munin <unfixed> - [squeeze] - munin <not-affected> (vulnerable code introduced in 2.x) - NOTE: http://www.munin-monitoring.org/ticket/1238 CVE-2012-XXXX [base name disclosure] - spip 2.1.17-1 (bug #683667) CVE-2012-XXXX [insecure default configuration / authentication bypass] @@ -1788,10 +1776,15 @@ CVE-2012-3523 [inn prone to STARTTLS plaintext command injection] RESERVED - inn <unfixed> (bug #685581) -CVE-2012-3522 + - inn2 <unfixed> +CVE-2012-3522 [geshi XSS in contrib/langwiz.php] RESERVED -CVE-2012-3521 + - geshi <unfixed> (bug #685323) + [squeeze] - geshi <no-dsa> (shipped as example/.gz) +CVE-2012-3521 [geshi information disclosure in contrib/cssgen.php] RESERVED + - geshi <unfixed> (bug #685324) + [squeeze] - geshi <no-dsa> (shipped as example/.gz) CVE-2012-3520 RESERVED CVE-2012-3519 @@ -1806,11 +1799,15 @@ RESERVED CVE-2012-3514 RESERVED -CVE-2012-3513 + - xml-light <unfixed> (bug #685584) +CVE-2012-3513 [remote execution as www-data] RESERVED + - munin <unfixed> (bug #684076) + [squeeze] - munin <not-affected> (vulnerable code introduced in 2.x) + NOTE: http://www.munin-monitoring.org/ticket/1238 CVE-2012-3512 [local privilege escalation munin to root] RESERVED - - munin <unfixed> + - munin <unfixed> (bug #684075) NOTE: http://www.munin-monitoring.org/ticket/1234 CVE-2012-3511 RESERVED @@ -22680,8 +22677,7 @@ - dhcpcd <not-affected> (old shell quoting code is not vulnerable) NOTE: Debian''s dhcpcd.sh is not vulnerable. CVE-2011-0995 (The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 ...) - - ruby-sqlite3 <unfixed> - TODO: check + - ruby-sqlite3 <not-affected> (SuSE-specific packaging flaw) CVE-2011-0994 (Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter ...) NOT-FOR-US: Novell File Reporter CVE-2011-0993