[Secure-testing-commits] r20594 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Dec 3 21:14:20 UTC 2012
Author: joeyh
Date: 2012-12-03 21:14:20 +0000 (Mon, 03 Dec 2012)
New Revision: 20594
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-12-03 08:12:55 UTC (rev 20593)
+++ data/CVE/list 2012-12-03 21:14:20 UTC (rev 20594)
@@ -1,3 +1,5 @@
+CVE-2012-6063 (Double free vulnerability in the sftp_mkdir function in sftp.c in ...)
+ TODO: check
CVE-2012-6062
RESERVED
CVE-2012-6061
@@ -1243,28 +1245,23 @@
RESERVED
CVE-2012-5616
RESERVED
-CVE-2012-5615 [MySQL Remote Preauth User Enumeration Zeroday]
- RESERVED
+CVE-2012-5615 (MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, ...)
- mysql-5.1 <unfixed> (bug #695001)
- mysql-5.5 <unfixed> (bug #695001)
NOTE: http://seclists.org/fulldisclosure/2012/Dec/9
-CVE-2012-5614 [MySQL Denial of Service Zeroday PoC]
- RESERVED
+CVE-2012-5614 (MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and ...)
- mysql-5.1 <unfixed> (bug #695001)
- mysql-5.5 <unfixed> (bug #695001)
NOTE: http://seclists.org/fulldisclosure/2012/Dec/7
-CVE-2012-5613 [MySQL (Linux) Database Privilege Elevation Zeroday]
- RESERVED
+CVE-2012-5613 (** DISPUTED ** ...)
- mysql-5.1 <unfixed> (bug #695001)
- mysql-5.5 <unfixed> (bug #695001)
NOTE: http://seclists.org/fulldisclosure/2012/Dec/6
-CVE-2012-5612 [MySQL (Linux) Heap Based Overrun PoC Zeroday]
- RESERVED
+CVE-2012-5612 (Heap-based buffer overflow in MySQL 5.5.19 and possibly other ...)
- mysql-5.1 <unfixed> (bug #695001)
- mysql-5.5 <unfixed> (bug #695001)
NOTE: http://seclists.org/fulldisclosure/2012/Dec/5
-CVE-2012-5611 [MySQL (Linux) Stack based buffer overrun PoC Zeroday]
- RESERVED
+CVE-2012-5611 (Stack-based buffer overflow in MySQL 5.5.19, 5.1.53, and possibly ...)
- mysql-5.1 <unfixed> (bug #695001)
- mysql-5.5 <unfixed> (bug #695001)
NOTE: http://seclists.org/fulldisclosure/2012/Dec/4
@@ -1373,7 +1370,7 @@
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=791086
NOTE: https://code.google.com/p/libproxy/source/detail?r=475
CVE-2012-5579
- RESERVED
+ REJECTED
CVE-2012-5578
RESERVED
CVE-2012-5577
@@ -1403,8 +1400,7 @@
RESERVED
CVE-2012-5569
RESERVED
-CVE-2012-5568
- RESERVED
+CVE-2012-5568 (Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...)
- tomcat6 <unfixed> (low)
[squeeze] - tomcat6 <no-dsa> (Minor issue)
[wheezy] - tomcat6 <no-dsa> (Minor issue)
@@ -3155,8 +3151,8 @@
RESERVED
CVE-2012-4835
RESERVED
-CVE-2012-4834
- RESERVED
+CVE-2012-4834 (Directory traversal vulnerability in LayerLoader.jsp in the theme ...)
+ TODO: check
CVE-2012-4833 (fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not ...)
NOT-FOR-US: AIX
CVE-2012-4832
@@ -4118,8 +4114,7 @@
- glance 2012.1.1-2 (bug #692641)
CVE-2012-4572
RESERVED
-CVE-2012-4571 [python-keyring: CryptedFileKeyring is insecure]
- RESERVED
+CVE-2012-4571 (Python Keyring 0.9.1 does not securely initialize the cipher when ...)
- python-keyring 0.9.2-1 (bug #675379)
CVE-2012-4570 [sql injection]
RESERVED
@@ -4147,26 +4142,21 @@
CVE-2012-4563 (Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) ...)
- gwt <unfixed> (bug #691900)
[squeeze] - gwt <not-affected> (Vulnerable code not present)
-CVE-2012-4562
- RESERVED
+CVE-2012-4562 (Multiple integer overflows in libssh before 0.5.3 allow remote ...)
{DSA-2577-1}
- libssh 0.5.3-1
-CVE-2012-4561
- RESERVED
+CVE-2012-4561 (The (1) publickey_make_dss, (2) publickey_make_rsa, (3) ...)
{DSA-2577-1}
- libssh 0.5.3-1
-CVE-2012-4560
- RESERVED
+CVE-2012-4560 (Multiple buffer overflows in libssh before 0.5.3 allow remote ...)
- libssh 0.5.3-1
[squeeze] - libssh <not-affected> (Vulnerable code not present)
-CVE-2012-4559
- RESERVED
+CVE-2012-4559 (Multiple double free vulnerabilities in the (1) agent_sign_data ...)
{DSA-2577-1}
- libssh 0.5.3-1
CVE-2012-4558
RESERVED
-CVE-2012-4557
- RESERVED
+CVE-2012-4557 (The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through ...)
{DSA-2579-1}
- apache2 2.2.22-1
CVE-2012-4556
@@ -4185,8 +4175,7 @@
- plib <unfixed> (low; bug #694810)
[squeeze] - plib <no-dsa> (Minor issue)
[wheezy] - plib <no-dsa> (Minor issue)
-CVE-2012-4551
- RESERVED
+CVE-2012-4551 (Use-after-free vulnerability in libunity-webapps before 2.4.1 allows ...)
NOT-FOR-US: libunity-webapps
CVE-2012-4550
RESERVED
@@ -4374,30 +4363,30 @@
CVE-2012-4480
RESERVED
NOT-FOR-US: mom
-CVE-2012-4479
- RESERVED
-CVE-2012-4478
- RESERVED
-CVE-2012-4477
- RESERVED
-CVE-2012-4476
- RESERVED
-CVE-2012-4475
- RESERVED
-CVE-2012-4474
- RESERVED
-CVE-2012-4473
- RESERVED
-CVE-2012-4472
- RESERVED
-CVE-2012-4471
- RESERVED
-CVE-2012-4470
- RESERVED
-CVE-2012-4469
- RESERVED
-CVE-2012-4468
- RESERVED
+CVE-2012-4479 (SQL injection vulnerability in the Drag & Drop Gallery module 6.x for ...)
+ TODO: check
+CVE-2012-4478 (Cross-site request forgery (CSRF) vulnerability in the Drag & Drop ...)
+ TODO: check
+CVE-2012-4477 (Unspecified vulnerability in the Drag & Drop Gallery module 6.x for ...)
+ TODO: check
+CVE-2012-4476 (Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery ...)
+ TODO: check
+CVE-2012-4475 (The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and ...)
+ TODO: check
+CVE-2012-4474 (Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox ...)
+ TODO: check
+CVE-2012-4473 (The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal ...)
+ TODO: check
+CVE-2012-4472 (Unrestricted file upload vulnerability in upload.php in the Drag & ...)
+ TODO: check
+CVE-2012-4471 (The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does ...)
+ TODO: check
+CVE-2012-4470 (The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not ...)
+ TODO: check
+CVE-2012-4469 (Cross-site scripting (XSS) vulnerability in the Hashcash module ...)
+ TODO: check
+CVE-2012-4468 (Cross-site scripting (XSS) vulnerability in the Privatemsg module ...)
+ TODO: check
CVE-2012-4467 (The (1) do_siocgstamp and (2) do_siocgstampns functions in ...)
- linux-2.6 <not-affected> (Vulnerable code introduced in 3.3)
- linux <not-affected> (Vulnerable code introduced in 3.3)
More information about the Secure-testing-commits
mailing list