summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2022-02-15 22:23:12 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2022-02-15 22:23:12 +0100
commitcaa57779e11f9924e7e088c690f7126dcf0337a0 (patch)
tree94427e9de7b2fc2a301a06f89e3f364302e899c6
parent68ef0700afdc863a2bbd32d10d19cfd0e442a70f (diff)
Update information for CVE-2012-4427/gnome-shell
The problem is with GNOME Shell's NPAPI browser extension which is not shipped anymore since GNOME 3.32. We can mark thus the first version landing in unstable as fixed, which was 3.34.0-2. Thanks: Simon McVittie for the update.
-rw-r--r--data/CVE/2012.list5
1 files changed, 3 insertions, 2 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 159ea60d72..d986dec88d 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -5610,10 +5610,11 @@ CVE-2012-4428 (openslp: SLPIntersectStringList()' Function has a DoS vulnerabili
[squeeze] - openslp-dfsg <no-dsa> (Minor issue)
[wheezy] - openslp-dfsg <no-dsa> (Minor issue)
CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...)
- - gnome-shell <unfixed> (unimportant)
+ - gnome-shell 3.34.0-2 (unimportant)
NOTE: I don't see much of a problem here, if you install from a repo, you need to trust it
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=684215
- NOTE: As far as I can see there is still a yes/no prompt for the user. I suggest unfixed unimportant. -- helmut
+ NOTE: Problem with GNOME Shell's NPAPI browser extension which is not shipped
+ NOTE: anymore since GNOME 3.32.
CVE-2012-4426 (Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier mig ...)
- mcrypt 2.6.8-1.1
[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)

© 2014-2024 Faster IT GmbH | imprint | privacy policy