Author: jmm Date: 2012-08-14 10:53:15 +0000 (Tue, 14 Aug 2012) New Revision: 19944 Modified: data/CVE/list Log: nvidia no-dsa triage older openssl issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-08-14 09:14:18 UTC (rev 19943) +++ data/CVE/list 2012-08-14 10:53:15 UTC (rev 19944) @@ -29,7 +29,7 @@ CVE-2012-4236 RESERVED CVE-2012-4235 (The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! ...) - TODO: check + NOT-FOR-US: Joomla addon CVE-2012-4234 RESERVED CVE-2012-4233 @@ -53,9 +53,9 @@ CVE-2012-4225 [Security issue in NVIDIA UNIX device files to map and program registers to redirect the VGA window] RESERVED - nvidia-graphics-drivers 304.32-1 (bug #684781) + [squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) NOTE: http://seclists.org/fulldisclosure/2012/Aug/4 NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3140 - NOTE: http://www.ubuntu.com/usn/usn-1523-1/ CVE-2012-4224 RESERVED CVE-2012-4223 @@ -384,7 +384,7 @@ CVE-2012-4072 RESERVED CVE-2012-4071 (Cross-site scripting (XSS) vulnerability in the comments module in the ...) - TODO: check + NOT-FOR-US: Joomla addon CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in Dir2web ...) TODO: check CVE-2012-4069 (Dir2web 3.0 stores sensitive information under the web root with ...) @@ -999,8 +999,8 @@ CVE-2012-3790 (Cross-site scripting (XSS) vulnerability in index.php in Adiscon ...) NOT-FOR-US: Adiscon LogAnalyzer CVE-2011-5095 (The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when ...) - - openssl <unfixed> (bug #684527) - NOTE: seems fixed in testing/unstable + - openssl 0.9.8a-1 (bug #684527) + NOTE: fips version not used in Debian CVE-2012-3789 (Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, ...) - bitcoin 0.5.0~rc1-1 CVE-2012-3788 @@ -1479,7 +1479,7 @@ CVE-2012-3555 (Opera before 11.65 does not ensure that keyboard sequences are ...) NOT-FOR-US: Opera CVE-2012-3554 (SQL injection vulnerability in the RSGallery2 (com_rsgallery2) ...) - TODO: check + NOT-FOR-US: Joomla addon CVE-2012-3552 RESERVED CVE-2012-3551 @@ -20916,7 +20916,8 @@ NOT-FOR-US: PaX hardening patch NOTE: http://seclists.org/oss-sec/2011/q1/579 CVE-2011-1473 (** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not ...) - - openssl <unfixed> (bug #672456) + NOTE: Generic protocol issue, no code fix. Workarounds exist, see bug #672456 + NOTE: and http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html CVE-2011-1472 (The Nokia E75 phone with firmware before 211.12.01 allows physically ...) NOT-FOR-US: Nokia E75 phone CVE-2009-5062 (IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX ...)