Author: jmm Date: 2012-02-10 16:42:01 +0000 (Fri, 10 Feb 2012) New Revision: 18415 Modified: data/CVE/list Log: new imagemagick issues new surf issue (will request removal) new glpi issue (unimportant) NFUs cve-2012-1033 is a generic DNS misdesign kcheckpass issue harmless Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-02-10 07:02:47 UTC (rev 18414) +++ data/CVE/list 2012-02-10 16:42:01 UTC (rev 18415) @@ -1,3 +1,5 @@ +CVE-2012-XXXX [surf info leak] + - surf <unfixed> (bug #659296) CVE-2012-1038 RESERVED CVE-2012-1037 @@ -2,12 +4,14 @@ RESERVED + - glpi <unfixed> (unimportant) + NOTE: Only supported behind an authenticated HTTP zone CVE-2012-1036 RESERVED CVE-2012-1035 (AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for ...) - TODO: check + NOT-FOR-US: AdaCore Ada Web Services CVE-2011-5078 (The web administration interface in the server in Sybase M-Business ...) - TODO: check + NOT-FOR-US: Sybase CVE-2012-1034 (Multiple cross-site scripting (XSS) vulnerabilities in the admin ...) NOT-FOR-US: EPiServer CMS CVE-2012-1033 (The resolver in ISC BIND 9 through 9.8.1-P1 does not properly ...) - TODO: check + NOTE: DNS protocol flaw CVE-2012-1032 @@ -229,19 +233,19 @@ CVE-2012-0929 (Multiple buffer overflows in Schneider Electric Modicon Quantum PLC ...) NOT-FOR-US: Schneider Electric Modicon Quantum PLC CVE-2012-0928 (The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2012-0927 (Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2012-0926 (The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2012-0925 (Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2012-0924 (RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2012-0923 (The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2012-0922 (rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2011-5075 (translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5074 (Multiple cross-site request forgery (CSRF) vulnerabilities in Support ...) @@ -1451,7 +1455,7 @@ CVE-2012-0397 RESERVED CVE-2012-0396 (EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly ...) - TODO: check + NOT-FOR-US: EMC CVE-2012-0395 (Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before ...) NOT-FOR-US: EMC CVE-2012-0394 (** DISPUTED ** The DebuggingInterceptor component in Apache Struts ...) @@ -1469,8 +1473,9 @@ CVE-2011-5055 (MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without ...) - maradns <unfixed> CVE-2011-5054 (kcheckpass passes a user-supplied argument to the pam_start function, ...) - - kdebase-workspace <undetermined> - NOTE: the kcheckpass utility is not present in sid + - kdebase-workspace <unfixed> (unimportant) + NOTE: the kcheckpass utility is not present in sid (still present in src package, will check with KDE maints) + NOTE: Not exploitable without OpenPAM CVE-2011-5053 (The Wi-Fi Protected Setup (WPS) protocol, when the "external ...) NOT-FOR-US: This vulnerability affects a protocol, not a product. More information can be found at http://www.kb.cert.org/vuls/id/723755. All products listed there are not part of Debian. CVE-2011-XXXX [glib hashtable dos issues: ocert-2011-003] @@ -2209,8 +2214,10 @@ RESERVED CVE-2012-0248 RESERVED + - imagemagick <unfixed> (low; bug #659339) CVE-2012-0247 RESERVED + - imagemagick <unfixed> (bug #659339) CVE-2012-0246 RESERVED CVE-2012-0245