[Secure-testing-commits] r19966 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Aug 17 21:14:23 UTC 2012 

Author: joeyh
Date: 2012-08-17 21:14:23 +0000 (Fri, 17 Aug 2012)
New Revision: 19966

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-08-17 20:48:01 UTC (rev 19965)
+++ data/CVE/list	2012-08-17 21:14:23 UTC (rev 19966)
@@ -1,3 +1,15 @@
+CVE-2012-4351
+	RESERVED
+CVE-2012-4350
+	RESERVED
+CVE-2012-4349
+	RESERVED
+CVE-2012-4348
+	RESERVED
+CVE-2012-4347
+	RESERVED
+CVE-2012-4346
+	RESERVED
 CVE-2012-4345 [phpMyAdmin PMASA-2012-4 xss]
 	RESERVED
 	- phpmyadmin 4:3.4.11.1-1
@@ -29,6 +41,7 @@
 CVE-2012-4332 (The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2012-4331 (Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x ...)
+	{DSA-2461-1}
 	- spip 2.1.13-1
 CVE-2012-4330 (The Samsung D6000 TV and possibly other products allows remote ...)
 	NOT-FOR-US: Samsung D6000 TV
@@ -2151,8 +2164,7 @@
 	- mono 2.10.8.1-5 (bug #681095)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=769799
 	NOTE: https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2
-CVE-2012-3381 [sblim-sfcb: insecure LD_LIBRARY_PATH usage]
-	RESERVED
+CVE-2012-3381 (sfcb in sblim-sfcb places a zero-length directory name in the ...)
 	NOT-FOR-US: sblim-sfcb
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=770234
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=838160
@@ -2356,8 +2368,8 @@
 	RESERVED
 CVE-2012-3309
 	RESERVED
-CVE-2012-3308
-	RESERVED
+CVE-2012-3308 (Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through ...)
+	TODO: check
 CVE-2012-3307
 	RESERVED
 CVE-2012-3306
@@ -2384,8 +2396,8 @@
 	RESERVED
 CVE-2012-3295
 	RESERVED
-CVE-2012-3294
-	RESERVED
+CVE-2012-3294 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Web ...)
+	TODO: check
 CVE-2012-3293
 	RESERVED
 CVE-2012-3292 (The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf ...)
@@ -3556,11 +3568,9 @@
 	- libapache-mod-security <removed> (bug #678529)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1
 	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/2
-CVE-2012-2750
-	RESERVED
+CVE-2012-2750 (Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown ...)
 	- mysql-5.5 5.5.24+dfsg-1
-CVE-2012-2749
-	RESERVED
+CVE-2012-2749 (MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote ...)
 	{DSA-2496-1}
 	- mysql-5.1 <removed>
 	- mysql-5.5 5.5.24+dfsg-1
@@ -4503,7 +4513,7 @@
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125 is CVE-2012-3825 and CVE-2012-3826
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824411
 CVE-2012-2391
-	RESERVED
+	REJECTED
 	- haproxy 1.4.15-1 (bug #674447)
 CVE-2012-2390 (Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows ...)
 	- linux-2.6 3.2.19-1 (low)
@@ -4974,8 +4984,8 @@
 	TODO: check
 CVE-2012-2207
 	RESERVED
-CVE-2012-2206
-	RESERVED
+CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Edition ...)
+	TODO: check
 CVE-2012-2205
 	RESERVED
 CVE-2012-2204
@@ -5258,8 +5268,7 @@
 	- munin 2.0~rc6-1 (bug #668778) 
 	[squeeze] - munin <not-affected> (Vulnerable code not present)
 	[lenny] - munin <not-affected> (Vulnerable code not present)
-CVE-2012-2102 [mysql DoS by authenticated user]
-	RESERVED
+CVE-2012-2102 (MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote ...)
 	{DSA-2496-1}
 	- mysql-5.1 5.1.62-1 (low; bug #670636)
 	- mysql-5.5 5.5.24+dfsg-1 (low)
@@ -5751,8 +5760,8 @@
 	- bitcoin <not-affected> (windows-only, qt gui not built)
 CVE-2012-1909 (The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, ...)
 	- bitcoin 0.6.0-1
-CVE-2012-1908
-	RESERVED
+CVE-2012-1908 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 ...)
+	TODO: check
 CVE-2012-1907 (The scanner engine in PrivaWall Antivirus 5.6 and earlier does not ...)
 	NOT-FOR-US: PrivaWall Antivirus
 CVE-2012-1906 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet ...)
@@ -6493,8 +6502,8 @@
 	RESERVED
 CVE-2012-1598
 	RESERVED
-CVE-2012-1597
-	RESERVED
+CVE-2012-1597 (Cross-site scripting (XSS) vulnerability in the textEncode function in ...)
+	TODO: check
 CVE-2012-1596 (The mp2t_process_fragmented_payload function in ...)
 	- wireshark 1.6.6-1 (unimportant; bug #666058)
 	NOTE: Not suitable for code injection
@@ -6524,8 +6533,7 @@
 CVE-2012-1587
 	RESERVED
 	NOTE: To be rejected
-CVE-2012-1585
-	RESERVED
+CVE-2012-1585 (OpenStack Compute (Nova) Essex before 2011.3 allows remote ...)
 	- nova 2012-1~rc3-1 (bug #666888)
 CVE-2012-1584
 	RESERVED
@@ -25904,8 +25912,8 @@
 	- namazu2 2.0.20-1.0 (low)
 CVE-2009-5027
 	RESERVED
-CVE-2009-5026
-	RESERVED
+CVE-2009-5026 (The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x ...)
+	TODO: check
 CVE-2009-5025 [PyForum XSS+CSRF]
 	RESERVED
 	NOT-FOR-US: PyForum

More information about the Secure-testing-commits mailing list