Author: nion
Date: 2012-07-22 13:04:48 +0000 (Sun, 22 Jul 2012)
New Revision: 19781
Modified:
data/CVE/list
Log:
a couple of more fixes that havent been recorded yet
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-07-22 13:00:19 UTC (rev 19780)
+++ data/CVE/list 2012-07-22 13:04:48 UTC (rev 19781)
@@ -4479,7 +4479,7 @@
- linux-2.6 3.2.16-1
CVE-2012-2122 (sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before
...)
{DSA-2496-1}
- - mysql-5.1 <unfixed> (bug #677018)
+ - mysql-5.1 <removed> (bug #677018)
- mysql-5.5 5.5.24+dfsg-1
NOTE:
https://www.secmaniac.com/blog/2012/06/11/massive-mysql-authentication-bypass-exploit/
NOTE: http://seclists.org/oss-sec/2012/q2/493
@@ -4512,7 +4512,7 @@
NOT-FOR-US: musl libc not in Debian
CVE-2012-2113
RESERVED
- - tiff <unfixed> (bug #678140)
+ - tiff 4.0.2-1 (bug #678140)
CVE-2012-2112
RESERVED
{DSA-2455-1}
@@ -5389,10 +5389,10 @@
TODO: check
CVE-2012-1757 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and
earlier ...)
- mysql-5.1 <not-affected> (Only affects 5.5)
- - mysql-5.5 <unfixed> (bug #682210)
+ - mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1756 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and
earlier ...)
- mysql-5.1 <not-affected> (Only affects 5.5)
- - mysql-5.5 <unfixed> (bug #682210)
+ - mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1755
RESERVED
CVE-2012-1754 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2
allows ...)
@@ -5435,10 +5435,10 @@
TODO: check
CVE-2012-1735 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and
earlier ...)
- mysql-5.1 <not-affected> (Only affects 5.5)
- - mysql-5.5 <unfixed> (bug #682210)
+ - mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1734 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and
earlier, ...)
- mysql-5.1 <removed> (bug #682212)
- - mysql-5.5 <unfixed> (bug #682210)
+ - mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1733 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
TODO: check
CVE-2012-1732 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2
allows ...)
@@ -5554,7 +5554,7 @@
- mysql-5.5 5.5.23-1
CVE-2012-1689 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and
earlier, ...)
- mysql-5.1 <removed> (bug #682212)
- - mysql-5.5 <unfixed> (bug #682210)
+ - mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1688 (Unspecified vulnerability in the MySQL Server component in
Oracle ...)
{DSA-2496-1}
- mysql-5.1 5.1.62-1 (bug #670636)
@@ -7652,7 +7652,7 @@
[squeeze] - apr <no-dsa> (exploitability in httpd extremely limited, not
known to be exploitable in svn)
NOTE: Commit
http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD
at eris.apache.org%3E seems to cause regressions
CVE-2012-0839 (OCaml 3.12.1 and earlier computes hash values without
restricting the ...)
- - ocaml <unfixed> (low; bug #659149)
+ - ocaml 4.00.0~beta2-1 (low; bug #659149)
CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL
...)
- libstruts1.2-java <not-affected> (struts 2 issue)
CVE-2012-0837
@@ -8345,7 +8345,7 @@
NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0540 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and
earlier ...)
- mysql-5.1 <removed> (bug #682212)
- - mysql-5.5 <unfixed> (bug #682210)
+ - mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-0539 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10
allows ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2012-0538 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
@@ -23939,7 +23939,7 @@
- lbreakout2 <unfixed> (unimportant; bug #608980)
NOTE: sgid games is dropped before buffer overflow
CVE-2011-XXXX [Crash with long GGI_DISPLAY environment variable]
- - libggi <unfixed> (bug #608981)
+ - libggi <removed> (bug #608981)
CVE-2011-0343 (Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on
...)
- syslog-ng 3.1.3-2 (bug #608491)
[lenny] - syslog-ng <not-affected> (2.0 not affected, also
Freebsd-specific, which is not supported in Lenny anyway)