thr3ads.net - Secure testing commits - [Secure-testing-commits] r18904

If this information is useful, please help other people find it:
Share via:
Raphael Geissert
2012-Apr-10 03:34 UTC
[Secure-testing-commits] r18904 - data/CVE

Author: geissert
Date: 2012-04-10 03:34:57 +0000 (Tue, 10 Apr 2012)
New Revision: 18904

Modified:
   data/CVE/list
Log:
iproute, quagga, moodle, osc, rails, wpasupplicant, nm, pidgin, etc


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-04-10 03:31:59 UTC (rev 18903)
+++ data/CVE/list	2012-04-10 03:34:57 UTC (rev 18904)
@@ -1239,8 +1239,10 @@
 	- suckless-tools <unfixed> (unimportant; bug #667796)
 CVE-2012-1619
 	RESERVED
-CVE-2012-1618
+CVE-2012-1618 [jdbc pgsql SQL injection]
 	RESERVED
+	- libpgjava <unfixed>
+	TODO: check
 CVE-2012-1617
 	RESERVED
 CVE-2012-1616
@@ -1366,6 +1368,8 @@
 	- gnutls28 3.0.17-2 (high)
 CVE-2012-1572
 	RESERVED
+	- keystone <unfixed>
+	TODO: check
 CVE-2012-1571 [CDF crasher bugs in file, found by CERT/CC BFF tool]
 	RESERVED
 	{DSA-2422-1}
@@ -1378,6 +1382,7 @@
 	- libtasn1-3 2.12-1 (high)
 CVE-2012-1568
 	RESERVED
+	- linux-2.6 <not-affected> (execshield issue)
 CVE-2012-1567
 	RESERVED
 	NOT-FOR-US: LinuxMint
@@ -2024,6 +2029,8 @@
 	RESERVED
 CVE-2012-1257
 	RESERVED
+	- pidgin <unfixed>
+	TODO: check
 CVE-2012-1256 (The single sign-on (SSO) implementation in EasyVista before ...)
 	NOT-FOR-US: EasyVista
 CVE-2012-1255
@@ -2240,10 +2247,16 @@
 	RESERVED
 CVE-2012-1170
 	RESERVED
+	- moodle <unfixed>
+	TODO: check
 CVE-2012-1169
 	RESERVED
+	- moodle <unfixed>
+	TODO: check
 CVE-2012-1168
 	RESERVED
+	- moodle <unfixed>
+	TODO: check
 CVE-2012-1167
 	RESERVED
 CVE-2012-1166 [ldm (LTSP display manager)]
@@ -2267,20 +2280,35 @@
 	- libzip <unfixed> (bug #664990)
 CVE-2012-1161
 	RESERVED
+	- moodle <unfixed>
+	TODO: check
 CVE-2012-1160
 	RESERVED
+	- moodle <unfixed>
+	TODO: check
 CVE-2012-1159
 	RESERVED
+	- moodle <unfixed>
+	TODO: check
 CVE-2012-1158
 	RESERVED
+	- moodle <unfixed>
+	TODO: check
 CVE-2012-1157
 	RESERVED
+	- moodle <unfixed>
+	TODO: check
 CVE-2012-1156
 	RESERVED
+	- moodle <unfixed>
+	TODO: check
 CVE-2012-1155
 	RESERVED
+	- moodle <unfixed>
+	TODO: check
 CVE-2012-1154
 	RESERVED
+	NOT-FOR-US: mod_cluster
 CVE-2012-1153
 	RESERVED
 	NOT-FOR-US: AppRain CMS, not in Debian
@@ -2317,6 +2345,7 @@
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2012-1145
 	RESERVED
+	NOT-FOR-US: RHN Satellite
 CVE-2012-1144
 	RESERVED
 	{DSA-2428-1}
@@ -2475,9 +2504,12 @@
 	- systemd 43-1 (bug #662029)
 CVE-2012-1100
 	RESERVED
+	NOT-FOR-US: JBoss Operations Network
 CVE-2012-1099 (Cross-site scripting (XSS) vulnerability in ...)
+	- rails <unfixed>
 	TODO: check
 CVE-2012-1098 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x
before ...)
+	- rails <unfixed>
 	TODO: check
 CVE-2012-1097
 	RESERVED
@@ -2485,10 +2517,16 @@
 	- linux-2.6 3.2.10-1 (low)
 CVE-2012-1096
 	RESERVED
+	- wpasupplicant <unfixed>
+	- network-manager <unfixed>
+	TODO: check
 CVE-2012-1095
 	RESERVED
+	- osc <unfixed>
+	TODO: check
 CVE-2012-1094
 	RESERVED
+	NOT-FOR-US: mod_cluster
 CVE-2012-1093 [init script x11-common creates directories in insecure manner]
 	RESERVED
 	- xorg 1:7.6+12 (bug #661627)
@@ -2508,6 +2546,8 @@
 	NOT-FOR-US: Apache Wicket
 CVE-2012-1088
 	RESERVED
+	- iproute <unfixed>
+	TODO: check
 CVE-2012-1087 (Cross-site scripting (XSS) vulnerability in the Post data
records to ...)
 	NOT-FOR-US: bc_post2facebook extension for TYPO3
 CVE-2012-1086 (Cross-site scripting (XSS) vulnerability in the UrlTool
(aeurltool) ...)
@@ -3011,6 +3051,8 @@
 	NOT-FOR-US: OxWall
 CVE-2012-0871
 	RESERVED
+	- systemd <unfixed>
+	TODO: check
 CVE-2012-0870 (Heap-based buffer overflow in process.c in smbd in Samba 3.0, as
used ...)
 	- samba 2:3.4.0~pre1-1
 	[lenny] - samba <not-affected> (pre-release issue)
@@ -3126,6 +3168,7 @@
 	- phpldapadmin 1.2.2-1 (bug #658907)
 CVE-2012-0833
 	RESERVED
+	NOT-FOR-US: 389 LDAP server
 CVE-2012-0832
 	RESERVED
 CVE-2012-0831 (PHP before 5.3.10 does not properly perform a temporary change
to the ...)
@@ -5007,6 +5050,7 @@
 CVE-2012-0256 (Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x
before ...)
 	- trafficserver 3.0.4-1 
 CVE-2012-0255 (The BGP implementation in bgpd in Quagga before 0.99.20.1 does
not ...)
+	- quagga <unfixed>
 	TODO: check
 CVE-2012-0254
 	RESERVED
@@ -5957,6 +6001,7 @@
 	[squeeze] - tucan <no-dsa> (Minor issue)
 CVE-2012-0062
 	RESERVED
+	NOT-FOR-US: JBoss Operations Network
 CVE-2012-0061
 	RESERVED
 	- rpm 4.9.1.3-1 (bug #667031)
@@ -5965,6 +6010,7 @@
 	- rpm 4.9.1.3-1 (bug #667031)
 CVE-2012-0059
 	RESERVED
+	NOT-FOR-US: RHN Satellite
 CVE-2012-0058
 	RESERVED
 	- linux-2.6 3.2.2-1
@@ -6069,6 +6115,7 @@
 	[lenny] - znc <not-affected> (Only affects 0.200 and 0.202)
 CVE-2012-0032
 	RESERVED
+	NOT-FOR-US: JBoss Operations Network
 CVE-2012-0031 (scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might
allow ...)
 	{DSA-2405-1}
 	- apache2 2.2.22-1 (low)
@@ -9176,7 +9223,8 @@
 CVE-2011-3700 (Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to
obtain ...)
 	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
 CVE-2011-3699 (John Lim ADOdb Library for PHP 5.11 allows remote attackers to
obtain ...)
-	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
+	- libphp-adodb <unfixed> (unimportant)
+	NOTE: path is already known
 CVE-2011-3698 (AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive
...)
 	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
 CVE-2011-3697 (Achievo 1.4.5 allows remote attackers to obtain sensitive
information ...)
Secure testing commits - Apr 2012 - r18904 - data/CVE

[Secure-testing-commits] r18904 - data/CVE
