Author: jmm
Date: 2012-07-30 12:38:50 +0000 (Mon, 30 Jul 2012)
New Revision: 19822
Modified:
data/CVE/list
Log:
bind9 also not affected in sid
new php issue
php non-issue
NFUs
filed bug for zabbix
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-07-30 10:35:28 UTC (rev 19821)
+++ data/CVE/list 2012-07-30 12:38:50 UTC (rev 19822)
@@ -423,9 +423,8 @@
CVE-2012-3869
RESERVED
CVE-2012-3868 (Race condition in the ns_client structure management in ISC BIND
9.9.x ...)
- TODO: check
NOTE: https://kb.isc.org/article/AA-00730
- [squeeze] - bind9 <not-affected> (Vulnerable code not present)
+ - bind9 <not-affected> (Vulnerable code not present, only affects 9.9.x)
CVE-2012-3867
RESERVED
{DSA-2511-1}
@@ -1325,7 +1324,7 @@
- openttd <unfixed> (low; bug #683258)
CVE-2012-3435 [Zabbix SQL injection flaw]
RESERVED
- TODO: check
+ - zabbix <unfixed> (bug #683273)
NOTE: http://seclists.org/oss-sec/2012/q3/127
CVE-2012-3434 [WordPress plugin Count Per Day XSS (SSCHADV2012-015)]
RESERVED
@@ -1339,6 +1338,7 @@
NOTE: CVE assigment http://www.openwall.com/lists/oss-security/2012/07/27/1
CVE-2012-3431
RESERVED
+ NOT-FOR-US: Teeid
CVE-2012-3430 [kernel: recv{from,msg}() on an rds socket can leak kernel
memory]
RESERVED
- linux <unfixed>
@@ -1574,11 +1574,13 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835849
CVE-2012-3367
RESERVED
+ NOT-FOR-US: Red Hat Certificate System
CVE-2012-3366 (The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote
attackers ...)
{DSA-2503-1}
- bcfg2 1.2.2-2 (bug #679272)
CVE-2012-3365 (The SQLite functionality in PHP before 5.3.15 allows remote
attackers ...)
- TODO: check
+ - php5 <unfixed> (unimportant)
+ NOTE: open_basedir not supported
CVE-2012-3364
RESERVED
- linux 3.2.23-1
@@ -3048,7 +3050,7 @@
CVE-2012-2689
RESERVED
CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function in
the ...)
- TODO: check
+ - php5 <unfixed> (low; bug #683274)
CVE-2012-2687 [apache mod_negotiation XSS]
RESERVED
- apache2 2.2.22-8 (low)
@@ -3120,6 +3122,7 @@
- iptables <unfixed> (bug #675445)
CVE-2012-2662
RESERVED
+ NOT-FOR-US: Red Hat Certificate System
CVE-2012-2661 (The Active Record component in Ruby on Rails 3.0.x before
3.0.13, ...)
- rails <not-affected> (Doesn''t affects RoR in Squeeze)
- ruby-activerecord-3.2 3.2.6-1 (bug #675396; bug #675429)