[Secure-testing-commits] r19951 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Aug 14 21:14:19 UTC 2012 

Author: joeyh
Date: 2012-08-14 21:14:19 +0000 (Tue, 14 Aug 2012)
New Revision: 19951

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-08-14 19:58:23 UTC (rev 19950)
+++ data/CVE/list	2012-08-14 21:14:19 UTC (rev 19951)
@@ -1,3 +1,71 @@
+CVE-2012-4283 (Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin ...)
+	TODO: check
+CVE-2012-4282 (SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows ...)
+	TODO: check
+CVE-2012-4281 (Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow ...)
+	TODO: check
+CVE-2012-4280 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2012-4279 (Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow ...)
+	TODO: check
+CVE-2012-4278 (Multiple cross-site scripting (XSS) vulnerabilities in Free Realty ...)
+	TODO: check
+CVE-2012-4277 (Cross-site scripting (XSS) vulnerability in the ...)
+	TODO: check
+CVE-2012-4276 (Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 ...)
+	TODO: check
+CVE-2012-4275 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations ...)
+	TODO: check
+CVE-2012-4274 (Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 ...)
+	TODO: check
+CVE-2012-4273 (Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 ...)
+	TODO: check
+CVE-2012-4272 (Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click ...)
+	TODO: check
+CVE-2012-4271 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2012-4270 (Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows ...)
+	TODO: check
+CVE-2012-4269 (Unrestricted file upload vulnerability in eFront 3.6.11 allows remote ...)
+	TODO: check
+CVE-2012-4268 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2012-4267 (Cross-site scripting (XSS) vulnerability in user/register in Sockso ...)
+	TODO: check
+CVE-2012-4266 (Cross-site scripting (XSS) vulnerability in client_details.php in ...)
+	TODO: check
+CVE-2012-4265 (SQL injection vulnerability in category_edit.php in Proman Xpress ...)
+	TODO: check
+CVE-2012-4264 (Multiple cross-site scripting (XSS) vulnerabilities in the Better WP ...)
+	TODO: check
+CVE-2012-4263 (Cross-site scripting (XSS) vulnerability in inc/admin/content.php in ...)
+	TODO: check
+CVE-2012-4262 (Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow ...)
+	TODO: check
+CVE-2012-4261 (SQL injection vulnerability in modules/patient/mycare2x_pat_info.php ...)
+	TODO: check
+CVE-2012-4260 (Multiple SQL injection vulnerabilities in myCare2x allow remote ...)
+	TODO: check
+CVE-2012-4259 (Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone ...)
+	TODO: check
+CVE-2012-4258 (Multiple SQL injection vulnerabilities in MYRE Real Estate Software ...)
+	TODO: check
+CVE-2012-4257 (Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote ...)
+	TODO: check
+CVE-2012-4256 (The jNews (com_jnews) component 7.5.1 for Joomla! allows remote ...)
+	TODO: check
+CVE-2012-4255 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2012-4254 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2012-4253 (Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 ...)
+	TODO: check
+CVE-2012-4252 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2012-4251 (Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper ...)
+	TODO: check
+CVE-2012-4250 (Stack-based buffer overflow in the RequestScreenOptimization function ...)
+	TODO: check
 CVE-2012-XXXX [phpMyAdmin PMASA-2012-4 xss]
 	- phpmyadmin 4:3.4.11.1-1
 CVE-2012-XXXX
@@ -817,8 +885,8 @@
 	RESERVED
 CVE-2012-3870
 	RESERVED
-CVE-2012-3869
-	RESERVED
+CVE-2012-3869 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2012-3868 (Race condition in the ns_client structure management in ISC BIND 9.9.x ...)
 	NOTE: https://kb.isc.org/article/AA-00730
 	- bind9 <not-affected> (Vulnerable code not present, only affects 9.9.x)
@@ -1731,16 +1799,19 @@
 	NOTE: https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=844734
 CVE-2012-3444 (The get_image_dimensions function in the image-handling functionality ...)
+	{DSA-2529-1}
 	- python-django 1.4.1-1 (bug #683364)
 	NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
 CVE-2012-3443 (The django.forms.ImageField class in the form system in Django before ...)
+	{DSA-2529-1}
 	- python-django 1.4.1-1 (bug #683364)
 	NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
 CVE-2012-3442 (The (1) django.http.HttpResponseRedirect and (2) ...)
+	{DSA-2529-1}
 	- python-django 1.4.1-1 (bug #683364)
 	NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
@@ -1791,8 +1862,7 @@
 	RESERVED
 CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before ...)
 	- keystone 2012.1.1-1
-CVE-2012-3425 [libpng: Out-of heap-based buffer read by inflating certain PNG images]
-	RESERVED
+CVE-2012-3425 (The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before ...)
 	- libpng 1.2.49-1 (low; bug #668082)
 	[squeeze] - libpng <no-dsa> (Minor issue)
 CVE-2012-3424 (The decode_credentials method in ...)
@@ -1810,8 +1880,7 @@
 	RESERVED
 CVE-2012-3418
 	RESERVED
-CVE-2012-3417 [quota: odd use of tcp_wrappers in rquota]
-	RESERVED
+CVE-2012-3417 (The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota ...)
 	- quota 4.00~pre1-1
 	NOTE: this is at least fixed in 4.00, I could not trace this back to an exact version
 CVE-2012-3416
@@ -1882,8 +1951,7 @@
 	RESERVED
 CVE-2012-3402
 	RESERVED
-CVE-2012-3401 [tiff2pdf heap-based buffer overflow due to improper initialization of T2P context struct pointer]
-	RESERVED
+CVE-2012-3401 (The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in ...)
 	- tiff 4.0.2-2 (bug #682115)
 	- tiff3 3.9.6-7 (bug #682195)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=837577
@@ -2013,8 +2081,7 @@
 	NOTE: http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=812551
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835849
-CVE-2012-3367
-	RESERVED
+CVE-2012-3367 (Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate ...)
 	NOT-FOR-US: Red Hat Certificate System
 CVE-2012-3366 (The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers ...)
 	{DSA-2503-1}
@@ -3238,8 +3305,7 @@
 	{DSA-2521-1}
 	- libxml2 2.8.0+dfsg1-5 (bug #679280)
 	NOTE: http://git.chromium.org/gitweb/?p=chromium/src.git;a=patch;h=f183580d61c054f7f6bb35cfe29e1b342390fbebcd
-CVE-2012-2806 [libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images]
-	RESERVED
+CVE-2012-2806 (Heap-based buffer overflow in the get_sos function in jdmarker.c in ...)
 	- libjpeg-turbo <itp> (bug #612341)
 CVE-2012-2805
 	RESERVED
@@ -3599,8 +3665,7 @@
 CVE-2012-2663
 	RESERVED
 	- iptables <unfixed> (unimportant; bug #675445)
-CVE-2012-2662
-	RESERVED
+CVE-2012-2662 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat ...)
 	NOT-FOR-US: Red Hat Certificate System
 CVE-2012-2661 (The Active Record component in Ruby on Rails 3.0.x before 3.0.13, ...)
 	- rails <not-affected> (Doesn't affects RoR in Squeeze)
@@ -4233,8 +4298,7 @@
 	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
 CVE-2010-5097 (Cross-site scripting (XSS) vulnerability in the click enlarge ...)
 	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
-CVE-2010-5096 [MyBB multiple SQL injection vulnerabilities]
-	RESERVED
+CVE-2010-5096 (** DISPUTED ** ...)
 	NOT-FOR-US: MyBB
 CVE-2010-5095 [SilverStripe escaping exploit]
 	RESERVED
@@ -4368,17 +4432,16 @@
 CVE-2012-2372
 	RESERVED
 	- linux <unfixed>
-CVE-2012-2371
-	RESERVED
-CVE-2012-2370
-	RESERVED
+CVE-2012-2371 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
+	TODO: check
+CVE-2012-2370 (Multiple integer overflows in the read_bitmap_file_data function in ...)
 	- gdk-pixbuf 2.26.1-1 (low)
 CVE-2012-2369 (Format string vulnerability in the log_message_cb function in ...)
 	{DSA-2476-1}
 	- pidgin-otr 3.2.1-1 (medium; bug #673154)
 	NOTE: libotr not affected
-CVE-2012-2368
-	RESERVED
+CVE-2012-2368 (Bytemark Symbiosis before Revision 1322 does not properly validate ...)
+	TODO: check
 CVE-2012-2367 (Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, ...)
 	- moodle 2.2.3.dfsg-1 (low; bug #674163)
 CVE-2012-2366 (mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before ...)
@@ -4486,20 +4549,17 @@
 	- openssl 1.0.1c-1 (bug #672452)
 	NOTE: http://seclists.org/oss-sec/2012/q2/299
 	NOTE: http://www.openssl.org/news/secadv_20120510.txt
-CVE-2012-2332 [SQL injection in serendipity before 1.7.1]
-	RESERVED
+CVE-2012-2332 (SQL injection vulnerability in serendipity/serendipity_admin.php in ...)
 	- serendipity <unfixed> (bug #671937; medium)
 	NOTE: http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt
 	NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
 	NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276
-CVE-2012-2331 [XSS in serendipity before 1.7.1]
-	RESERVED
+CVE-2012-2331 (Cross-site scripting (XSS) vulnerability in ...)
 	- serendipity <unfixed> (bug #671937; medium)
 	NOTE: http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt
 	NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
 	NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276
-CVE-2012-2330 [node.js <0.6.17/0.7.8 HTTP server information disclosure]
-	RESERVED
+CVE-2012-2330 (The Update method in src/node_http_parser.cc in Node.js before 0.6.17 ...)
 	- nodejs 0.6.17~dfsg1-1
 	NOTE: http://blog.nodejs.org/2012/05/07/http-server-security-vulnerability-please-upgrade-to-0-6-17/
 	NOTE: https://github.com/joyent/node/commit/c9a231d
@@ -4510,23 +4570,20 @@
 CVE-2012-2328
 	RESERVED
 	NOT-FOR-US: sblim
-CVE-2012-2327
-	RESERVED
+CVE-2012-2327 (MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to ...)
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
 	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
-CVE-2012-2326
-	RESERVED
+CVE-2012-2326 (Cross-site scripting (XSS) vulnerability in the Admin Control Panel ...)
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
 	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
-CVE-2012-2325
-	RESERVED
+CVE-2012-2325 (SQL injection vulnerability in the User Inline Moderation feature in ...)
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
 	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
-CVE-2012-2324
-	RESERVED
+CVE-2012-2324 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...)
+	TODO: check
 CVE-2012-2323
 	RESERVED
 CVE-2012-2322 (Integer overflow in the dhcpv6_get_option function in gdhcp/client.c ...)
@@ -4640,8 +4697,8 @@
 	NOT-FOR-US: EMC Documentum Information Rights Management
 CVE-2012-2275
 	RESERVED
-CVE-2012-2274
-	RESERVED
+CVE-2012-2274 (Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in ...)
+	TODO: check
 CVE-2012-2273 (Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 ...)
 	NOT-FOR-US: Comodo Internet Security
 CVE-2012-2272
@@ -5417,7 +5474,7 @@
 CVE-2012-1968 (Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses ...)
 	- bugzilla <not-affected> (Only affects 4.1 to 4.3)
 CVE-2012-1967 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, ...)
-	{DSA-2514-1 DSA-2513-1}
+	{DSA-2528-1 DSA-2514-1 DSA-2513-1}
 	- iceweasel 10.0.6esr-1
 	- icedove 10.0.6-1
 	- iceape 2.7.6-1
@@ -5466,7 +5523,7 @@
 	- icedove 10.0.6-1
 	- iceape 2.7.6-1
 CVE-2012-1954 (Use-after-free vulnerability in the nsDocument::AdoptNode function in ...)
-	{DSA-2514-1 DSA-2513-1}
+	{DSA-2528-1 DSA-2514-1 DSA-2513-1}
 	- iceweasel 10.0.6esr-1
 	- icedove 10.0.6-1
 	- iceape 2.7.6-1
@@ -5483,12 +5540,12 @@
 	- icedove 10.0.6-1
 	- iceape 2.7.6-1
 CVE-2012-1950 (The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 ...)
-	{DSA-2514-1}
+	{DSA-2528-1 DSA-2514-1}
 	- iceweasel 10.0.6esr-1
 CVE-2012-1949 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel <not-affected> (Only affects Firefox 13)
 CVE-2012-1948 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	{DSA-2514-1 DSA-2513-1}
+	{DSA-2528-1 DSA-2514-1 DSA-2513-1}
 	- iceweasel 10.0.6esr-1
 	- icedove 10.0.6-1
 	- iceape 2.7.6-1
@@ -20628,8 +20685,7 @@
 	RESERVED
 CVE-2009-5067
 	RESERVED
-CVE-2009-5066 [twiddle.sh accepting credentials as command-line arguments...]
-	RESERVED
+CVE-2009-5066 (twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials ...)
 	- jbossas4 <not-affected> (twiddle.sh is included in the source package, but not in any of the binary packages)
 CVE-2009-5065 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...)
 	- feedparser 5.0.1-1 (low; bug #617998)
@@ -23761,11 +23817,9 @@
 CVE-2011-0525
 	RESERVED
 	NOT-FOR-US: Batavi
-CVE-2011-0524
-	RESERVED
+CVE-2011-0524 (Multiple buffer overflows in the NMEA parser (nmea-gen.c) in gypsy 0.8 ...)
 	- gypsy <itp> (bug #491723)
-CVE-2011-0523
-	RESERVED
+CVE-2011-0523 (gypsy 0.8 does not properly restrict the files that can be read while ...)
 	- gypsy <itp> (bug #491723)
 CVE-2011-0521 (The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in ...)
 	{DSA-2153-1}
@@ -57491,7 +57545,7 @@
 CVE-2008-4553 (qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local ...)
 	{DSA-1657-1}
 	- qemu 0.9.1-6 (low; bug #496394)
-CVE-2008-4552 (nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the ...)
+CVE-2008-4552 (The good_client function in nfs-utils 1.0.9, and possibly other ...)
 	- nfs-utils 1:1.1.3-1
 	[lenny] - nfs-utils 1:1.1.2-6lenny1
 	[etch] - nfs-utils <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list