From caa57779e11f9924e7e088c690f7126dcf0337a0 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 15 Feb 2022 22:23:12 +0100 Subject: Update information for CVE-2012-4427/gnome-shell The problem is with GNOME Shell's NPAPI browser extension which is not shipped anymore since GNOME 3.32. We can mark thus the first version landing in unstable as fixed, which was 3.34.0-2. Thanks: Simon McVittie for the update. --- data/CVE/2012.list | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 159ea60d72..d986dec88d 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -5610,10 +5610,11 @@ CVE-2012-4428 (openslp: SLPIntersectStringList()' Function has a DoS vulnerabili [squeeze] - openslp-dfsg (Minor issue) [wheezy] - openslp-dfsg (Minor issue) CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...) - - gnome-shell (unimportant) + - gnome-shell 3.34.0-2 (unimportant) NOTE: I don't see much of a problem here, if you install from a repo, you need to trust it NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=684215 - NOTE: As far as I can see there is still a yes/no prompt for the user. I suggest unfixed unimportant. -- helmut + NOTE: Problem with GNOME Shell's NPAPI browser extension which is not shipped + NOTE: anymore since GNOME 3.32. CVE-2012-4426 (Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier mig ...) - mcrypt 2.6.8-1.1 [squeeze] - mcrypt (minor issue, it doesn't affect libmcrypt) -- cgit v1.2.3