Author: mgilbert Date: 2012-04-17 18:36:27 +0000 (Tue, 17 Apr 2012) New Revision: 18985 Modified: data/CVE/list Log: process weekly external check Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-04-17 15:49:04 UTC (rev 18984) +++ data/CVE/list 2012-04-17 18:36:27 UTC (rev 18985) @@ -308,8 +308,9 @@ CVE-2012-2092 RESERVED NOT-FOR-US: cobbler -CVE-2012-2091 +CVE-2012-2091 [flightgear crafted rotor name buffer overflow] RESERVED + - flightgear <unfixed> CVE-2012-2090 RESERVED - simgear <unfixed> (low; bug #669024) @@ -1504,6 +1505,7 @@ RESERVED CVE-2012-1575 RESERVED + NOT-FOR-US: cumin CVE-2012-1574 (The Kerberos/MapReduce security functionality in Apache Hadoop ...) TODO: check CVE-2012-1573 (gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before ...) @@ -1671,7 +1673,8 @@ CVE-2012-1500 RESERVED CVE-2012-1499 (The JPEG 2000 codec in OpenJPEG before 1.5 does not properly allocate ...) - TODO: check + - openjpeg <not-affected> (vulnerable code introduced after 1.3) + TODO: recheck any version of openjpeg greater than 1.3 CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio ...) NOT-FOR-US: Webfolio CMS CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x before ...) @@ -2389,8 +2392,10 @@ CVE-2012-1172 [PHP 5.3.x Corrupted $_FILES indices lead to security concern] RESERVED - php5 5.4.0-1 (bug #663760) -CVE-2012-1171 +CVE-2012-1171 [safemode bypass after RSHUTDOWN] RESERVED + - php5 <unfixed> (unimportant) + NOTE: according to php''s security statement, safemode bypass issues are not treated as security-relevant CVE-2012-1170 RESERVED - moodle <not-affected> (Only affects 2.2) @@ -2599,6 +2604,8 @@ - ldap-account-manager 3.6-2 (bug #661904) CVE-2012-1113 RESERVED + - gallery2 <unfixed> + NOTE: see redhat link CVE-2012-1112 RESERVED NOT-FOR-US: OpenRealty CMS not in Debian @@ -3163,6 +3170,9 @@ - apache2 <not-affected> (LD_LIBRARY_PATH not set in debian package) CVE-2012-0882 RESERVED + - mysql-5.1 <unfixed> + NOTE: limited information about issue, only a video of exploit taking place + NOTE: see redhat link CVE-2012-0881 RESERVED CVE-2012-0880 @@ -3358,6 +3368,7 @@ NOT-FOR-US: Joomla! CVE-2012-0818 RESERVED + NOT-FOR-US: RESTEasy framework for JBoss CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote ...) - samba 2:3.6.3-1 (low) - samba4 <unfixed> @@ -3411,6 +3422,7 @@ - cvs 2:1.12.13+real-7 CVE-2012-0803 RESERVED + NOT-FOR-US: Apache CXF CVE-2012-0802 [spamdyke: incorrect use of the "snprintf()" and "vsnprintf()" func] RESERVED NOT-FOR-US: spamdyke