From f268cb94d8da49251f612b0362d5b23d94f0adc0 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 15 Feb 2022 22:23:12 +0100 Subject: Update information for CVE-2012-4427/gnome-shell The problem is with GNOME Shell's NPAPI browser extension which is not shipped anymore since GNOME 3.32. We can mark thus the first version landing in unstable as fixed, which was 3.34.0-2. Thanks: Simon McVittie for the update. --- data/CVE/list.2012 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/CVE/list.2012 b/data/CVE/list.2012 index 159ea60d72..d986dec88d 100644 --- a/data/CVE/list.2012 +++ b/data/CVE/list.2012 @@ -5610,10 +5610,11 @@ CVE-2012-4428 (openslp: SLPIntersectStringList()' Function has a DoS vulnerabili [squeeze] - openslp-dfsg (Minor issue) [wheezy] - openslp-dfsg (Minor issue) CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...) - - gnome-shell (unimportant) + - gnome-shell 3.34.0-2 (unimportant) NOTE: I don't see much of a problem here, if you install from a repo, you need to trust it NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=684215 - NOTE: As far as I can see there is still a yes/no prompt for the user. I suggest unfixed unimportant. -- helmut + NOTE: Problem with GNOME Shell's NPAPI browser extension which is not shipped + NOTE: anymore since GNOME 3.32. CVE-2012-4426 (Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier mig ...) - mcrypt 2.6.8-1.1 [squeeze] - mcrypt (minor issue, it doesn't affect libmcrypt) -- cgit v1.2.3