thr3ads.net - Secure testing commits - [Secure-testing-commits] r19324

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2012-May-26 09:25 UTC
[Secure-testing-commits] r19324 - data/CVE

Author: jmm
Date: 2012-05-26 09:25:26 +0000 (Sat, 26 May 2012)
New Revision: 19324

Modified:
   data/CVE/list
Log:
sudo fixed
new libv8 issues
NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-05-26 07:53:56 UTC (rev 19323)
+++ data/CVE/list	2012-05-26 09:25:26 UTC (rev 19324)
@@ -11,17 +11,17 @@
 CVE-2012-2929
 	RESERVED
 CVE-2011-5091 (Multiple SQL injection vulnerabilities in GR Board (aka grboard)
...)
-	TODO: check
+	NOT-FOR-US: GR Board
 CVE-2011-5090 (GR Board (aka grboard) 1.8.6.5 Community Edition does not
require ...)
-	TODO: check
+	NOT-FOR-US: GR Board
 CVE-2012-2928 (The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before
4.2 for ...)
-	TODO: check
+	NOT-FOR-US: JIRA plugin
 CVE-2012-2927 (The TM Software Tempo plugin before 6.4.3.1, 6.5.x before
6.5.0.2, and ...)
 	TODO: check
 CVE-2012-2926 (Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0
before ...)
-	TODO: check
+	NOT-FOR-US: Atlassian JIRA
 CVE-2012-2925 (SQL injection vulnerability in engine.php in Simple PHP Agenda
2.2.8 ...)
-	TODO: check
+	NOT-FOR-US: Simple PHP Agenda
 CVE-2012-2924 (PHP remote file inclusion vulnerability in admin/setup.inc.php
in ...)
 	TODO: check
 CVE-2012-2923 (SQL injection vulnerability in news.php4 in Hypermethod
eLearning ...)
@@ -62,9 +62,9 @@
 CVE-2012-2906 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	TODO: check
 CVE-2012-2905 (Artiphp CMS 5.5.0 Neo (r422) stores database backups with
predictable ...)
-	TODO: check
+	NOT-FOR-US: Artiphp CMS
 CVE-2012-2904 (player.swf in LongTail JW Player 5.9 allows remote attackers to
...)
-	TODO: check
+	NOT-FOR-US: LongTail JW Player
 CVE-2012-2903 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
Address ...)
 	TODO: check
 CVE-2012-2902 (Unrestricted file upload vulnerability in ...)
@@ -744,7 +744,7 @@
 CVE-2012-2568
 	RESERVED
 CVE-2012-2567 (The Xelex MobileTrack application 2.3.7 and earlier for Android
uses ...)
-	TODO: check
+	NOT-FOR-US: Xelex MobileTrack application
 CVE-2012-2566
 	RESERVED
 CVE-2012-2565
@@ -754,9 +754,9 @@
 CVE-2012-2563
 	RESERVED
 CVE-2012-2562 (The Xelex MobileTrack application 2.3.7 and earlier for Android
does ...)
-	TODO: check
+	NOT-FOR-US: Xelex MobileTrack application
 CVE-2012-2561 (HP Business Service Management (BSM) 9.12 does not properly
restrict ...)
-	TODO: check
+	NOT-FOR-US: HP Business Service Management
 CVE-2012-2560
 	RESERVED
 CVE-2012-2559
@@ -1065,7 +1065,7 @@
 CVE-2012-2407
 	RESERVED
 CVE-2012-2406 (RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0
...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly
implement ...)
 	- gallery2 <undetermined>
 CVE-2012-2404 (wp-comments-post.php in WordPress before 3.3.2 supports offsite
...)
@@ -1425,7 +1425,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/1
 CVE-2012-2337 (sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5,
does ...)
 	{DSA-2478-1}
-	- sudo <unfixed> (bug #673766)
+	- sudo 1.8.3p2-1.1 (bug #673766)
 CVE-2012-2336 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3,
when ...)
 	- php5 5.4.3 (unimportant)
 	NOTE: Rather harmless bug
@@ -1485,7 +1485,6 @@
 CVE-2012-2318 [Improper validation of incoming plaintext messages in MSN
protocol plug-in]
 	RESERVED
 	- pidgin 2.10.4-1
-	[squeeze] - pidgin <unfixed>
 	TODO: check
 CVE-2012-2317 [php5 crypt() empty salt issue]
 	RESERVED
@@ -1734,7 +1733,6 @@
 CVE-2012-2214 [XMPP remote crash]
 	RESERVED
 	- pidgin 2.10.4-1
-	[squeeze] - pidgin <unfixed>
 	TODO: check
 	NOTE: http://www.pidgin.im/news/security/?id=62
 CVE-2012-2213 (** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the
...)
@@ -2277,7 +2275,7 @@
 CVE-2012-2011
 	RESERVED
 CVE-2012-2010 (The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the
Alpha ...)
-	TODO: check
+	NOT-FOR-US: OpenVMS
 CVE-2012-2009 (Unspecified vulnerability in HP Performance Insight for Networks
...)
 	NOT-FOR-US: HP Performance Insight
 CVE-2012-2008 (Cross-site scripting (XSS) vulnerability in HP Performance
Insight for ...)
@@ -13060,7 +13058,7 @@
 CVE-2011-3116
 	RESERVED
 CVE-2011-3115 (Google V8, as used in Google Chrome before 19.0.1084.52, allows
remote ...)
-	TODO: check
+	- libv8 <unfixed>
 CVE-2011-3114 (Multiple buffer overflows in the PDF functionality in Google
Chrome ...)
 	TODO: check
 CVE-2011-3113 (The PDF functionality in Google Chrome before 19.0.1084.52 does
not ...)
@@ -13068,7 +13066,7 @@
 CVE-2011-3112 (Use-after-free vulnerability in the PDF functionality in Google
Chrome ...)
 	TODO: check
 CVE-2011-3111 (Google V8, as used in Google Chrome before 19.0.1084.52, allows
remote ...)
-	TODO: check
+	- libv8 <unfixed>
 CVE-2011-3110 (The PDF functionality in Google Chrome before 19.0.1084.52
allows ...)
 	TODO: check
 CVE-2011-3109 (Google Chrome before 19.0.1084.52 on Linux does not properly
perform a ...)
@@ -13084,7 +13082,7 @@
 CVE-2011-3104 (Skia, as used in Google Chrome before 19.0.1084.52, allows
remote ...)
 	TODO: check
 CVE-2011-3103 (Google V8, as used in Google Chrome before 19.0.1084.52, does
not ...)
-	TODO: check
+	- libv8 <unfixed>
 CVE-2011-3102 (Off-by-one error in libxml2, as used in Google Chrome before
...)
 	{DSA-2479-1}
 	- libxml2 <unfixed>
Secure testing commits - May 2012 - r19324 - data/CVE

[Secure-testing-commits] r19324 - data/CVE
