diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-15 22:23:12 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-15 22:23:12 +0100 |
| commit | f268cb94d8da49251f612b0362d5b23d94f0adc0 (patch) | |
| tree | 7bf5a6b4833fea7c1ac4b188513be0288e6579be | |
| parent | 9b238c9d3e67fbb3f47ad300ab5b2c72b83fc3ef (diff) | |
Update information for CVE-2012-4427/gnome-shell
The problem is with GNOME Shell's NPAPI browser extension which is not
shipped anymore since GNOME 3.32. We can mark thus the first version
landing in unstable as fixed, which was 3.34.0-2.
Thanks: Simon McVittie for the update.
| -rw-r--r-- | data/CVE/list.2012 | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/data/CVE/list.2012 b/data/CVE/list.2012 index 159ea60d72..d986dec88d 100644 --- a/data/CVE/list.2012 +++ b/data/CVE/list.2012 @@ -5610,10 +5610,11 @@ CVE-2012-4428 (openslp: SLPIntersectStringList()' Function has a DoS vulnerabili [squeeze] - openslp-dfsg <no-dsa> (Minor issue) [wheezy] - openslp-dfsg <no-dsa> (Minor issue) CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...) - - gnome-shell <unfixed> (unimportant) + - gnome-shell 3.34.0-2 (unimportant) NOTE: I don't see much of a problem here, if you install from a repo, you need to trust it NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=684215 - NOTE: As far as I can see there is still a yes/no prompt for the user. I suggest unfixed unimportant. -- helmut + NOTE: Problem with GNOME Shell's NPAPI browser extension which is not shipped + NOTE: anymore since GNOME 3.32. CVE-2012-4426 (Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier mig ...) - mcrypt 2.6.8-1.1 [squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt) |