[Secure-testing-commits] r20554 - data/CVE

Mon, 26 Nov 2012 13:33:29 -0800 

Author: aw-guest
Date: 2012-11-26 21:33:17 +0000 (Mon, 26 Nov 2012)
New Revision: 20554

Modified:
   data/CVE/list
Log:
CVE-2012-2372, CVE-2002-2439, CVE-2012-4398 - severity low
CVE-2012-3375 - linux-2.6 not-affected
CVE-2012-2882, CVE-2012-5359, CVE-2012-5360, CVE-2012-5361 - bug reported


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2012-11-26 21:14:18 UTC (rev 20553)
+++ data/CVE/list       2012-11-26 21:33:17 UTC (rev 20554)
@@ -1571,17 +1571,17 @@
 CVE-2012-5361
        RESERVED
        - ffmpeg <removed>
-       - libav <unfixed>
+       - libav <unfixed> (bug #694483)
        NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
 CVE-2012-5360
        RESERVED
        - ffmpeg <removed>
-       - libav <unfixed>
+       - libav <unfixed> (bug #694483)
        NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
 CVE-2012-5359
        RESERVED
        - ffmpeg <removed>
-       - libav <unfixed>
+       - libav <unfixed> (bug #694483)
        NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
 CVE-2012-5358
        RESERVED
@@ -4270,7 +4270,7 @@
        NOTE: 
http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1
 CVE-2012-4398
        RESERVED
-       - linux <unfixed>
+       - linux <unfixed> (low)
        - linux-2.6 <removed>
 CVE-2012-4397 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 
before ...)
        - owncloud 4.0.1debian-1
@@ -6879,7 +6879,7 @@
        NOTE: http://seclists.org/bugtraq/2012/Jul/48
 CVE-2012-3375 (The epoll_ctl system call in fs/eventpoll.c in the Linux kernel 
before ...)
        - linux 3.2.23-1
-       - linux-2.6 <removed>
+       - linux-2.6 <not-affected> 
(http://anonscm.debian.org/viewvc/kernel-sec/retired/CVE-2012-3375?revision=2730&view=markup)
 CVE-2012-3374 (Buffer overflow in markup.c in the MXit protocol plugin in 
libpurple ...)
        {DSA-2509-1}
        - pidgin 2.10.6-1 (bug #680661)
@@ -7955,7 +7955,7 @@
        - chromium-browser 22.0.1229.94~r161065-1
 CVE-2012-2882 (FFmpeg, as used in Google Chrome before 22.0.1229.79, does not 
...)
        - chromium-browser 22.0.1229.94~r161065-1
-       - libav <unfixed>
+       - libav <unfixed> (bug #694483)
        - ffmpeg <removed>
        NOTE: https://chromiumcodereview.appspot.com/10829204
 CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle 
plug-ins, ...)
@@ -9308,7 +9308,7 @@
        - linux-2.6 3.2.19-1
 CVE-2012-2372
        RESERVED
-       - linux <unfixed>
+       - linux <unfixed> (low)
 CVE-2012-2371 (Cross-site scripting (XSS) vulnerability in index.php in the 
...)
        NOT-FOR-US: WP-FaceThumb plugin for WordPress
 CVE-2012-2370 (Multiple integer overflows in the read_bitmap_file_data 
function in ...)
@@ -10028,6 +10028,7 @@
        - nova 2012.1-2 (bug #670637)
 CVE-2012-2100 (The ext4_fill_flex_info function in fs/ext4/super.c in the 
Linux ...)
        - linux-2.6 3.2.2-1
+       [squeeze] - linux-2.6 2.6.32-41squeeze1
        NOTE: incomplete fix of CVE-2009-4307, introducing another issue:
        NOTE: https://lkml.org/lkml/2012/2/20/422
 CVE-2012-2099
@@ -14497,10 +14498,10 @@
        [squeeze] - gcc-4.1 <no-dsa> (Potentially affected apps need to be 
recompiled, if such issues are spotted in apps, these cases can be fixed on a 
case-by-case basis)
        - gcc-4.3 <removed>
        [squeeze] - gcc-4.3 <no-dsa> (Potentially affected apps need to be 
recompiled, if such issues are spotted in apps, these cases can be fixed on a 
case-by-case basis)
-       - gcc-4.4 <unfixed>
+       - gcc-4.4 <unfixed> (low)
        [squeeze] - gcc-4.4 <no-dsa> (Potentially affected apps need to be 
recompiled, if such issues are spotted in apps, these cases can be fixed on a 
case-by-case basis)
        [wheezy] - gcc-4.4 <no-dsa> (Potentially affected apps need to be 
recompiled, if such issues are spotted in apps, these cases can be fixed on a 
case-by-case basis)
-       - gcc-4.6 <unfixed>
+       - gcc-4.6 <unfixed> (low)
        [wheezy] - gcc-4.6 <no-dsa> (Potentially affected apps need to be 
recompiled, if such issues are spotted in apps, these cases can be fixed on a 
case-by-case basis)
        NOTE: Are there apps known to be exploitable through this?
        NOTE: Any application using unguarded memory allocation would be 
susceptible to DoS anyway?


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to