diff options
author | Arne Wichmann <aw@anhrefn.saar.de> | 2012-11-26 21:33:17 +0000 |
---|---|---|
committer | Arne Wichmann <aw@anhrefn.saar.de> | 2012-11-26 21:33:17 +0000 |
commit | c6a2302e2b480cfb530f458023b3b8d9ac2c871b (patch) | |
tree | a34e99f114b8c28f35914aa5ce94fd883c386994 /data | |
parent | 15ad1ddb0860a9c20a2e1da6b4c12f199ae36225 (diff) |
CVE-2012-2372, CVE-2002-2439, CVE-2012-4398 - severity low
CVE-2012-3375 - linux-2.6 not-affected
CVE-2012-2882, CVE-2012-5359, CVE-2012-5360, CVE-2012-5361 - bug reported
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@20554 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2002.list | 4 | ||||
-rw-r--r-- | data/CVE/2012.list | 15 |
2 files changed, 10 insertions, 9 deletions
diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 6f309db88c..d15819df71 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -12,10 +12,10 @@ CVE-2002-2439 [squeeze] - gcc-4.1 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - gcc-4.3 <removed> [squeeze] - gcc-4.3 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - - gcc-4.4 <unfixed> + - gcc-4.4 <unfixed> (low) [squeeze] - gcc-4.4 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) [wheezy] - gcc-4.4 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - - gcc-4.6 <unfixed> + - gcc-4.6 <unfixed> (low) [wheezy] - gcc-4.6 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) NOTE: Are there apps known to be exploitable through this? NOTE: Any application using unguarded memory allocation would be susceptible to DoS anyway? diff --git a/data/CVE/2012.list b/data/CVE/2012.list index f78fc5f3bb..764e19f4c0 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -1498,17 +1498,17 @@ CVE-2012-5362 CVE-2012-5361 RESERVED - ffmpeg <removed> - - libav <unfixed> + - libav <unfixed> (bug #694483) NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017 CVE-2012-5360 RESERVED - ffmpeg <removed> - - libav <unfixed> + - libav <unfixed> (bug #694483) NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017 CVE-2012-5359 RESERVED - ffmpeg <removed> - - libav <unfixed> + - libav <unfixed> (bug #694483) NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017 CVE-2012-5358 RESERVED @@ -3677,7 +3677,7 @@ CVE-2012-4399 (The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2. NOTE: http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1 CVE-2012-4398 RESERVED - - linux <unfixed> + - linux <unfixed> (low) - linux-2.6 <removed> CVE-2012-4397 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...) - owncloud 4.0.1debian-1 @@ -6251,7 +6251,7 @@ CVE-2012-3376 (DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTo NOTE: http://seclists.org/bugtraq/2012/Jul/48 CVE-2012-3375 (The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before ...) - linux 3.2.23-1 - - linux-2.6 <removed> + - linux-2.6 <not-affected> (http://anonscm.debian.org/viewvc/kernel-sec/retired/CVE-2012-3375?revision=2730&view=markup) CVE-2012-3374 (Buffer overflow in markup.c in the MXit protocol plugin in libpurple ...) {DSA-2509-1} - pidgin 2.10.6-1 (bug #680661) @@ -7309,7 +7309,7 @@ CVE-2012-2883 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2882 (FFmpeg, as used in Google Chrome before 22.0.1229.79, does not ...) - chromium-browser 22.0.1229.94~r161065-1 - - libav <unfixed> + - libav <unfixed> (bug #694483) - ffmpeg <removed> NOTE: https://chromiumcodereview.appspot.com/10829204 CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle plug-ins, ...) @@ -8550,7 +8550,7 @@ CVE-2012-2373 (The Linux kernel before 3.4.5 on the x86 platform, when Physical - linux-2.6 3.2.19-1 CVE-2012-2372 RESERVED - - linux <unfixed> + - linux <unfixed> (low) CVE-2012-2371 (Cross-site scripting (XSS) vulnerability in index.php in the ...) NOT-FOR-US: WP-FaceThumb plugin for WordPress CVE-2012-2370 (Multiple integer overflows in the read_bitmap_file_data function in ...) @@ -9262,6 +9262,7 @@ CVE-2012-2101 (Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limi - nova 2012.1-2 (bug #670637) CVE-2012-2100 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux ...) - linux-2.6 3.2.2-1 + [squeeze] - linux-2.6 2.6.32-41squeeze1 NOTE: incomplete fix of CVE-2009-4307, introducing another issue: NOTE: https://lkml.org/lkml/2012/2/20/422 CVE-2012-2099 |