Author: jmm Date: 2012-06-01 08:45:59 +0000 (Fri, 01 Jun 2012) New Revision: 19402 Modified: data/CVE/list data/spu-candidates.txt Log: pastescript/gimp no-dsa unixodbc non issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-06-01 08:23:41 UTC (rev 19401) +++ data/CVE/list 2012-06-01 08:45:59 UTC (rev 19402) @@ -696,7 +696,8 @@ RESERVED CVE-2012-2763 RESERVED - - gimp 2.8.0-1 + - gimp 2.8.0-1 (low) + [squeeze] - gimp <no-dsa> (Only exploitable in rare setuos) NOTE: http://www.openwall.com/lists/oss-security/2012/05/31/1 NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfubof.c @@ -919,10 +920,12 @@ RESERVED CVE-2012-2658 RESERVED - - unixodbc <unfixed> (bug #675058) + - unixodbc <unfixed> (unimportant; bug #675058) + NOTE: Only triggerable by trusted input, not a security issue CVE-2012-2657 RESERVED - - unixodbc <unfixed> (bug #675058) + - unixodbc <unfixed> (unimportant; bug #675058) + NOTE: Only triggerable by trusted input, not a security issue CVE-2012-2656 RESERVED CVE-2012-2655 @@ -5307,6 +5310,7 @@ - linux-2.6 2.6.33-1 CVE-2012-0878 (Paste Script 1.7.5 and earlier does not properly set group memberships ...) - pastescript 1.7.5-2 (low; bug #661061) + [squeeze] - pastescript <no-dsa> (Minor issue) NOTE: https://groups.google.com/d/topic/paste-users/KqZRujMcJHE/discussion CVE-2012-0877 RESERVED Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2012-06-01 08:23:41 UTC (rev 19401) +++ data/spu-candidates.txt 2012-06-01 08:45:59 UTC (rev 19402) @@ -168,6 +168,12 @@ -- +gimp (CVE-2012-2763) +http://www.openwall.com/lists/oss-security/2012/05/31/1 +http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html + +-- + gnash (CVE-2011-4328) #649384 @@ -318,6 +324,13 @@ -- +pastescript (CVE-2012-0878) +#661061 +https://groups.google.com/d/topic/paste-users/KqZRujMcJHE/discussion + + +-- + perl (CVE-2011-2728) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2728 http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77