[Secure-testing-commits] r19781 - data/CVE

Nico Golde Sun, 22 Jul 2012 06:05:02 -0700

Author: nion
Date: 2012-07-22 13:04:48 +0000 (Sun, 22 Jul 2012)
New Revision: 19781


Modified:
   data/CVE/list
Log:
a couple of more fixes that havent been recorded yet

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2012-07-22 13:00:19 UTC (rev 19780)
+++ data/CVE/list       2012-07-22 13:04:48 UTC (rev 19781)
@@ -4479,7 +4479,7 @@
        - linux-2.6 3.2.16-1
 CVE-2012-2122 (sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x 
before ...)
        {DSA-2496-1}
-       - mysql-5.1 <unfixed> (bug #677018)
+       - mysql-5.1 <removed> (bug #677018)
        - mysql-5.5 5.5.24+dfsg-1
        NOTE: 
https://www.secmaniac.com/blog/2012/06/11/massive-mysql-authentication-bypass-exploit/
        NOTE: http://seclists.org/oss-sec/2012/q2/493
@@ -4512,7 +4512,7 @@
        NOT-FOR-US: musl libc not in Debian
 CVE-2012-2113
        RESERVED
-       - tiff <unfixed> (bug #678140)
+       - tiff 4.0.2-1 (bug #678140)
 CVE-2012-2112
        RESERVED
        {DSA-2455-1}
@@ -5389,10 +5389,10 @@
        TODO: check
 CVE-2012-1757 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and 
earlier ...)
        - mysql-5.1 <not-affected> (Only affects 5.5)
-       - mysql-5.5 <unfixed> (bug #682210)
+       - mysql-5.5 5.5.24+dfsg-1 (bug #682210)
 CVE-2012-1756 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and 
earlier ...)
        - mysql-5.1 <not-affected> (Only affects 5.5)
-       - mysql-5.5 <unfixed> (bug #682210)
+       - mysql-5.5 5.5.24+dfsg-1 (bug #682210)
 CVE-2012-1755
        RESERVED
 CVE-2012-1754 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 
allows ...)
@@ -5435,10 +5435,10 @@
        TODO: check
 CVE-2012-1735 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and 
earlier ...)
        - mysql-5.1 <not-affected> (Only affects 5.5)
-       - mysql-5.5 <unfixed> (bug #682210)
+       - mysql-5.5 5.5.24+dfsg-1 (bug #682210)
 CVE-2012-1734 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and 
earlier, ...)
        - mysql-5.1 <removed> (bug #682212)
-       - mysql-5.5 <unfixed> (bug #682210)
+       - mysql-5.5 5.5.24+dfsg-1 (bug #682210)
 CVE-2012-1733 (Unspecified vulnerability in the PeopleSoft Enterprise 
PeopleTools ...)
        TODO: check
 CVE-2012-1732 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 
allows ...)
@@ -5554,7 +5554,7 @@
        - mysql-5.5 5.5.23-1
 CVE-2012-1689 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and 
earlier, ...)
        - mysql-5.1 <removed> (bug #682212)
-       - mysql-5.5 <unfixed> (bug #682210)
+       - mysql-5.5 5.5.24+dfsg-1 (bug #682210)
 CVE-2012-1688 (Unspecified vulnerability in the MySQL Server component in 
Oracle ...)
        {DSA-2496-1}
        - mysql-5.1 5.1.62-1 (bug #670636)
@@ -7652,7 +7652,7 @@
        [squeeze] - apr <no-dsa> (exploitability in httpd extremely limited, 
not known to be exploitable in svn)
        NOTE: Commit 
http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3c20120115003715.071d42388...@eris.apache.org%3E
 seems to cause regressions
 CVE-2012-0839 (OCaml 3.12.1 and earlier computes hash values without 
restricting the ...)
-       - ocaml <unfixed> (low; bug #659149)
+       - ocaml 4.00.0~beta2-1 (low; bug #659149)
 CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL 
...)
        - libstruts1.2-java <not-affected> (struts 2 issue)
 CVE-2012-0837
@@ -8345,7 +8345,7 @@
        NOT-FOR-US: Oracle Financial Services Software
 CVE-2012-0540 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and 
earlier ...)
        - mysql-5.1 <removed> (bug #682212)
-       - mysql-5.5 <unfixed> (bug #682210)
+       - mysql-5.5 5.5.24+dfsg-1 (bug #682210)
 CVE-2012-0539 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 
allows ...)
        NOT-FOR-US: Oracle Sun Solaris
 CVE-2012-0538 (Unspecified vulnerability in the PeopleSoft Enterprise 
PeopleTools ...)
@@ -23939,7 +23939,7 @@
        - lbreakout2 <unfixed> (unimportant; bug #608980)
        NOTE: sgid games is dropped before buffer overflow
 CVE-2011-XXXX [Crash with long GGI_DISPLAY environment variable]
-       - libggi <unfixed> (bug #608981)
+       - libggi <removed> (bug #608981)
 CVE-2011-0343 (Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running 
on ...)
        - syslog-ng 3.1.3-2 (bug #608491)
        [lenny] - syslog-ng <not-affected> (2.0 not affected, also 
Freebsd-specific, which is not supported in Lenny anyway)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r19781 - data/CVE

Reply via email to