[Secure-testing-commits] r20690 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Dec 21 21:14:38 UTC 2012 

Author: joeyh
Date: 2012-12-21 21:14:38 +0000 (Fri, 21 Dec 2012)
New Revision: 20690

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-12-21 13:02:44 UTC (rev 20689)
+++ data/CVE/list	2012-12-21 21:14:38 UTC (rev 20690)
@@ -2429,8 +2429,8 @@
 	NOT-FOR-US: ManageEngine AssetExplorer 5.6
 CVE-2012-5955 (Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM ...)
 	NOT-FOR-US: WebSphere
-CVE-2012-5954
-	RESERVED
+CVE-2012-5954 (Unspecified vulnerability in IBM Tivoli Storage Manager for Space ...)
+	TODO: check
 CVE-2012-5953
 	RESERVED
 CVE-2012-5952
@@ -3551,8 +3551,7 @@
 CVE-2012-5518
 	RESERVED
 	NOT-FOR-US: ovirt / vsdm
-CVE-2012-5517
-	RESERVED
+CVE-2012-5517 (The online_pages function in mm/memory_hotplug.c in the Linux kernel ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 CVE-2012-5516
@@ -5118,8 +5117,8 @@
 	RESERVED
 CVE-2012-4860
 	RESERVED
-CVE-2012-4859
-	RESERVED
+CVE-2012-4859 (Unspecified vulnerability in IBM Tivoli Storage Manager for Space ...)
+	TODO: check
 CVE-2012-4858
 	RESERVED
 CVE-2012-4857 (Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 ...)
@@ -6149,8 +6148,7 @@
 CVE-2012-4566 (The DTLS support in radsecproxy before 1.6.2 does not properly verify ...)
 	{DSA-2573-1}
 	- radsecproxy 1.6.2-1
-CVE-2012-4565
-	RESERVED
+CVE-2012-4565 (The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux ...)
 	- linux 3.2.35-1
 	- linux-2.6 <removed>
 CVE-2012-4564 (ppm2tiff does not check the return value of the TIFFScanlineSize ...)
@@ -6320,8 +6318,7 @@
 	- cups-pk-helper 0.2.3-1
 CVE-2012-4509
 	RESERVED
-CVE-2012-4508 [kernel: ext4: AIO vs fallocate stale data exposure]
-	RESERVED
+CVE-2012-4508 (Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 ...)
 	- linux 3.2.35-1
 	- linux-2.6 <removed>
 CVE-2012-4507 (The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 ...)
@@ -6479,8 +6476,7 @@
 	{DSA-2557-1}
 	- hostapd <removed>
 	- wpa 1.0-3 (bug #689990)
-CVE-2012-4444
-	RESERVED
+CVE-2012-4444 (The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux ...)
 	- linux 2.6.36-1~experimental.1
 	- linux-2.6 <removed>
 CVE-2012-4443 (Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of ...)
@@ -8918,8 +8914,7 @@
 	NOT-FOR-US: Tunnelblick
 CVE-2012-3483 (Race condition in the runScript function in Tunnelblick 3.3beta20 and ...)
 	NOT-FOR-US: Tunnelblick
-CVE-2012-3482 [fetchmail segfault in NTLM protocol exchange]
-	RESERVED
+CVE-2012-3482 (Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in ...)
 	- fetchmail 6.3.22-1 (low)
 	[wheezy] - fetchmail <no-dsa> (Minor issue)
 	[squeeze] - fetchmail <no-dsa> (Minor issue)
@@ -9830,8 +9825,8 @@
 	NOT-FOR-US: Oracle Fusion
 CVE-2012-3134 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
 	NOT-FOR-US: Oracle Database Server
-CVE-2012-3133
-	RESERVED
+CVE-2012-3133 (Buffer overflow in the DataDirect ODBC driver, as used in Oracle ...)
+	TODO: check
 CVE-2012-3132 (SQL injection vulnerability in Oracle Database Server 10.2.0.3, ...)
 	NOT-FOR-US: Oracle Database
 CVE-2012-3131 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows ...)
@@ -10096,8 +10091,8 @@
 	NOT-FOR-US: RealFlex RealWin
 CVE-2012-3003 (Open redirect vulnerability in an unspecified web application in ...)
 	NOT-FOR-US: WinCC
-CVE-2012-3002
-	RESERVED
+CVE-2012-3002 (The web interface on (1) Foscam and (2) Wansview IP cameras allows ...)
+	TODO: check
 CVE-2012-3001 (Mutiny Standard before 4.5-1.12 allows remote attackers to execute ...)
 	NOT-FOR-US: Mutiny Standard
 CVE-2012-3000
@@ -13357,14 +13352,14 @@
 	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
 CVE-2012-1715 (Unspecified vulnerability in the Oracle Application Object Library ...)
 	NOT-FOR-US: Oracle E-Business Suite
-CVE-2012-1714
-	RESERVED
+CVE-2012-1714 (Unspecified vulnerability in a TList 6 ActiveX control in Oracle ...)
+	TODO: check
 CVE-2012-1713 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	{DSA-2507-1}
 	- openjdk-6 6b24-1.11.3-1 (bug #677487)
 	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
-CVE-2012-1712
-	RESERVED
+CVE-2012-1712 (Directory traversal vulnerability in the Liferay component in Oracle ...)
+	TODO: check
 CVE-2012-1711 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	{DSA-2507-1}
 	- openjdk-6 6b24-1.11.3-1 (bug #677487)
@@ -13393,8 +13388,7 @@
 	RESERVED
 CVE-2012-1700
 	RESERVED
-CVE-2012-1699 [xfs DoS and information leak]
-	RESERVED
+CVE-2012-1699 (The ProcSetEventMask function in difs/events.c in the xfs font server ...)
 	- xfs 1:1.0.1-1
 CVE-2012-1698 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
 	NOT-FOR-US: Solaris
@@ -15111,8 +15105,7 @@
 	NOT-FOR-US: Ubuntu remote login service
 CVE-2012-0958
 	RESERVED
-CVE-2012-0957 [kernel: uts: stack memory leak in UNAME26]
-	RESERVED
+CVE-2012-0957 (The override_release function in kernel/sys.c in the Linux kernel ...)
 	- linux 3.2.32-1
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 3.0)
@@ -15297,8 +15290,7 @@
 	NOTE: "If a Linux distribution picks up the fix for CVE-2012-0884 then they will want to pick up change 22161 at the same time" -- http://www.openwall.com/lists/oss-security/2012/03/23/12
 CVE-2012-0883 (envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 ...)
 	- apache2 <not-affected> (LD_LIBRARY_PATH not set in debian package)
-CVE-2012-0882
-	RESERVED
+CVE-2012-0882 (Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other ...)
 	- mysql-5.1 <undetermined> (bug #675872)
 	NOTE: limited information about issue, only a video of exploit taking place
 	NOTE: This is likely fixed in current releases (5.1.62 updated yassl), marking as <undetermined> for now
@@ -15433,8 +15425,7 @@
 CVE-2012-0842 [surf info leak]
 	RESERVED
 	- surf 0.4.1-6 (bug #659296)
-CVE-2012-0841
-	RESERVED
+CVE-2012-0841 (libxml2 before 2.8.0 computes hash values without restricting the ...)
 	{DSA-2417-1}
 	- libxml2 2.7.8.dfsg-8 (bug #660846)
 CVE-2012-0840 (tables/apr_hash.c in the Apache Portable Runtime (APR) library through ...)
@@ -24488,8 +24479,7 @@
 	- commons-daemon 1.0.7-1
 	[squeeze] - commons-daemon <not-affected> (Support for libcap was only added in 1.0.6)
 	NOTE: According to http://tomcat.apache.org/security-7.html jsvc needs to be build againt libcap to be exploitable
-CVE-2011-2728
-	RESERVED
+CVE-2011-2728 (The bsd_glob function in the File::Glob module for Perl before 5.14.2 ...)
 	- perl <unfixed> (unimportant)
 	NOTE: requires the attacker to manipulate glob flags
 CVE-2011-2727
@@ -38606,8 +38596,8 @@
 	NOT-FOR-US: Oracle Database Server
 CVE-2010-2388 (Unspecified vulnerability in the Oracle Applications Manager component ...)
 	NOT-FOR-US: Oracle E-Business Suite
-CVE-2010-2387
-	RESERVED
+CVE-2010-2387 (vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x ...)
+	TODO: check
 CVE-2010-2386 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...)
 	NOT-FOR-US: Solaris
 CVE-2010-2385 (Unspecified vulnerability in Oracle Sun Java System Web Proxy Server ...)

More information about the Secure-testing-commits mailing list