[Secure-testing-commits] r20717 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu Dec 27 21:14:41 UTC 2012 

Author: joeyh
Date: 2012-12-27 21:14:41 +0000 (Thu, 27 Dec 2012)
New Revision: 20717

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-12-27 18:10:32 UTC (rev 20716)
+++ data/CVE/list	2012-12-27 21:14:41 UTC (rev 20717)
@@ -118,10 +118,10 @@
 	RESERVED
 CVE-2013-0651
 	RESERVED
-CVE-2012-6432
-	RESERVED
-CVE-2012-6431
-	RESERVED
+CVE-2012-6432 (Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the ...)
+	TODO: check
+CVE-2012-6431 (Symfony 2.0.x before 2.0.20 does not process URL encoded data ...)
+	TODO: check
 CVE-2012-6430
 	RESERVED
 CVE-2012-6429
@@ -1464,8 +1464,8 @@
 	RESERVED
 CVE-2012-6315
 	RESERVED
-CVE-2012-6314
-	RESERVED
+CVE-2012-6314 (Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, ...)
+	TODO: check
 CVE-2012-6313 (simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2012-6312 (Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin ...)
@@ -1498,10 +1498,10 @@
 	NOT-FOR-US: Android browser
 CVE-2012-6300
 	RESERVED
-CVE-2012-6299
-	RESERVED
-CVE-2012-6298
-	RESERVED
+CVE-2012-6299 (Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, ...)
+	TODO: check
+CVE-2012-6298 (Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, ...)
+	TODO: check
 CVE-2012-6297
 	RESERVED
 CVE-2012-6296
@@ -1955,12 +1955,14 @@
 CVE-2012-6072
 	RESERVED
 CVE-2012-6071 [libnusoap-php: Curl insecure usage]
-    - nusoap 0.7.3-5 (low; bug #696707)
-    [squeeze] - nusoap <no-dsa> (Minor issue)
-    NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1
+	RESERVED
+	- nusoap 0.7.3-5 (low; bug #696707)
+	[squeeze] - nusoap <no-dsa> (Minor issue)
+	NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1
 CVE-2012-6070 [falconpl: Curl insecure usage]
-    - falconpl 0.9.6.9-git20120606-2 (bug #696681)
-    NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1
+	RESERVED
+	- falconpl 0.9.6.9-git20120606-2 (bug #696681)
+	NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1
 CVE-2011-5250
 	RESERVED
 CVE-2011-5249
@@ -2459,8 +2461,8 @@
 	RESERVED
 CVE-2012-5952
 	RESERVED
-CVE-2012-5951
-	RESERVED
+CVE-2012-5951 (Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, ...)
+	TODO: check
 CVE-2012-5950
 	RESERVED
 CVE-2012-5949
@@ -2643,8 +2645,8 @@
 	RESERVED
 CVE-2012-5869
 	RESERVED
-CVE-2012-5868
-	RESERVED
+CVE-2012-5868 (WordPress 3.4.2 does not invalidate a wordpress_sec session cookie ...)
+	TODO: check
 CVE-2012-5867
 	RESERVED
 CVE-2012-5866
@@ -3189,8 +3191,8 @@
 CVE-2012-5665 [Auth bypass in user_webdavauth and user_ldap]
 	RESERVED
 	- owncloud <unfixed> (bug #696574)
-CVE-2012-5664
-	RESERVED
+CVE-2012-5664 (SQL injection vulnerability in the Authlogic gem for Ruby on Rails ...)
+	TODO: check
 CVE-2012-5663
 	RESERVED
 CVE-2012-5662
@@ -3290,8 +3292,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=883719
 CVE-2012-5626
 	RESERVED
-CVE-2012-5625
-	RESERVED
+CVE-2012-5625 (OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when ...)
 	- nova <not-affected> (Only affects OpenStack Folsom, bug #695830)
 CVE-2012-5624 [qt QML XmlHttpRequest insecure redirection]
 	RESERVED
@@ -3397,22 +3398,22 @@
 	REJECTED
 CVE-2012-5592
 	REJECTED
-CVE-2012-5591
-	RESERVED
-CVE-2012-5590
-	RESERVED
-CVE-2012-5589
-	RESERVED
-CVE-2012-5588
-	RESERVED
-CVE-2012-5587
-	RESERVED
-CVE-2012-5586
-	RESERVED
-CVE-2012-5585
-	RESERVED
-CVE-2012-5584
-	RESERVED
+CVE-2012-5591 (Cross-site scripting (XSS) vulnerability in the Zero Point module ...)
+	TODO: check
+CVE-2012-5590 (SQL injection vulnerability in the Webmail Plus module for Drupal ...)
+	TODO: check
+CVE-2012-5589 (The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 ...)
+	TODO: check
+CVE-2012-5588 (The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a ...)
+	TODO: check
+CVE-2012-5587 (Cross-site scripting (XSS) vulnerability in the Email Field module ...)
+	TODO: check
+CVE-2012-5586 (The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 ...)
+	TODO: check
+CVE-2012-5585 (Cross-site scripting (XSS) vulnerability in the Mixpanel module ...)
+	TODO: check
+CVE-2012-5584 (The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does ...)
+	TODO: check
 CVE-2012-5583 [phpcas curl usage]
 	RESERVED
 	- php-cas 1.3.1-2
@@ -3547,8 +3548,7 @@
 CVE-2012-5533 (The http_request_split_value function in request.c in lighttpd 1.4.32 ...)
 	- lighttpd 1.4.31-2
 	[squeeze] - lighttpd <not-affected> (Introduced in 1.4.31)
-CVE-2012-5532
-	RESERVED
+CVE-2012-5532 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as ...)
 	- linux <unfixed> (unimportant)
 	- linux-2.6 <not-affected> (userspace daemon not yet present)
 	NOTE: hyperv tools are not build in sid
@@ -3699,8 +3699,7 @@
 	NOTE: https://plone.org/products/plone/security/advisories/20121106/01
 CVE-2012-5484
 	RESERVED
-CVE-2012-5483
-	RESERVED
+CVE-2012-5483 (tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to ...)
 	- keystone <not-affected> (Debian packaging enforces correct permissions)
 CVE-2012-5482 (The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex ...)
 	- glance 2012.1.1-3 (bug #692641)
@@ -4393,16 +4392,16 @@
 	RESERVED
 CVE-2012-5184
 	RESERVED
-CVE-2012-5183
-	RESERVED
-CVE-2012-5182
-	RESERVED
+CVE-2012-5183 (The Loctouch application 3.4.6 and earlier for Android allows ...)
+	TODO: check
+CVE-2012-5182 (The Loctouch application 3.4.6 and earlier for Android does not ...)
+	TODO: check
 CVE-2012-5181 (Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 ...)
 	TODO: check
-CVE-2012-5180
-	RESERVED
-CVE-2012-5179
-	RESERVED
+CVE-2012-5180 (The Opera Mobile application before 12.1 and Opera Mini application ...)
+	TODO: check
+CVE-2012-5179 (The Boat Browser application before 4.2 and Boat Browser Mini ...)
+	TODO: check
 CVE-2012-5178 (Cross-site request forgery (CSRF) vulnerability in the Welcart plugin ...)
 	TODO: check
 CVE-2012-5177 (Cross-site scripting (XSS) vulnerability in the Welcart plugin before ...)
@@ -4438,8 +4437,8 @@
 	NOT-FOR-US: OSClass not in Debian
 CVE-2012-5162 (Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in ...)
 	NOT-FOR-US: OSClass not in Debian
-CVE-2012-5161
-	RESERVED
+CVE-2012-5161 (The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 ...)
+	TODO: check
 CVE-2012-5160
 	RESERVED
 CVE-2012-5158
@@ -5254,8 +5253,8 @@
 	RESERVED
 CVE-2012-4817 (The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS ...)
 	NOT-FOR-US: IBM AIX, VIOS
-CVE-2012-4816
-	RESERVED
+CVE-2012-4816 (IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows ...)
+	TODO: check
 CVE-2012-4815
 	RESERVED
 CVE-2012-4814
@@ -5896,8 +5895,8 @@
 	NOT-FOR-US: Cisco IOS
 CVE-2012-4617 (The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2012-4616
-	RESERVED
+CVE-2012-4616 (Directory traversal vulnerability in the Web UI in EMC Data Protection ...)
+	TODO: check
 CVE-2012-4615 (EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a ...)
 	NOT-FOR-US: EMC
 CVE-2012-4614 (The default configuration of EMC Smarts Network Configuration Manager ...)
@@ -10971,8 +10970,7 @@
 	NOTE: http://www.securityfocus.com/archive/1/522973/30/0/threaded
 	NOTE: http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html
 	NOTE: http://www.collabtive.o-dyn.de/blog/?p=426
-CVE-2012-2669 [hyper-v daemon fails to check origin of netlink messages]
-	RESERVED
+CVE-2012-2669 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as ...)
 	- linux 3.2.23-1
 	[squeeze] - linux-2.6 <not-affected> (userspace daemon not yet present)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=761200
@@ -12075,6 +12073,7 @@
 CVE-2012-2254
 	RESERVED
 CVE-2012-2253 (Cross-site scripting (XSS) vulnerability in group/members.php in ...)
+	{DSA-2591-1}
 	- mahara 1.5.1-3.1 (bug #695789)
 CVE-2012-2252 [incorrect filtering of --rsh option]
 	RESERVED
@@ -12097,20 +12096,24 @@
 	[squeeze] - isc-dhcp <not-affected> (CLIENT_PATH is not correctly defined)
 	NOTE: Debian-specific
 CVE-2012-2247 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 ...)
+	{DSA-2591-1}
 	- mahara 1.5.1-3
 	NOTE: https://mahara.org/interaction/forum/topic.php?id=4938
 	NOTE: https://bugs.launchpad.net/mahara/+bug/1061980
 CVE-2012-2246 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote ...)
+	{DSA-2591-1}
 	- mahara 1.5.1-3
 	NOTE: https://mahara.org/interaction/forum/topic.php?id=493
 	NOTE: https://bugs.launchpad.net/mahara/+bug/1057240
 CVE-2012-2245
 	RESERVED
 CVE-2012-2244 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote ...)
+	{DSA-2591-1}
 	- mahara 1.5.1-3
 	NOTE: https://mahara.org/interaction/forum/topic.php?id=4936
 	NOTE: https://bugs.launchpad.net/mahara/+bug/1057238
 CVE-2012-2243 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 ...)
+	{DSA-2591-1}
 	- mahara 1.5.1-3
 	NOTE: https://mahara.org/interaction/forum/topic.php?id=4937
 	NOTE: https://bugs.launchpad.net/mahara/+bug/1055232
@@ -12125,6 +12128,7 @@
 	{DSA-2549-1}
 	- devscripts 2.12.3
 CVE-2012-2239 (Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote ...)
+	{DSA-2591-1}
 	- mahara 1.5.1-3
 CVE-2012-2238
 	RESERVED
@@ -15147,21 +15151,19 @@
 	RESERVED
 CVE-2012-0963
 	RESERVED
-CVE-2012-0962
-	RESERVED
+CVE-2012-0962 (Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when ...)
 	- aptdaemon <unfixed> (low)
 	[squeeze] - aptdaemon <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.launchpad.net/software-center-agent/+bug/1052789
-CVE-2012-0961
-	RESERVED
+CVE-2012-0961 (Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, ...)
 	- apt 0.9.7.7 (bug #695832)
 	[squeeze] - apt <not-affected> (Logged as 0600 in Squeeze)
 CVE-2012-0960 (Unity integration extension (unity-firefox-extension) before 2.4.1 for ...)
 	NOT-FOR-US: Ubuntu Unity extension
 CVE-2012-0959 (Remote Login Service (RLS) 1.0.0 does not properly clear account ...)
 	NOT-FOR-US: Ubuntu remote login service
-CVE-2012-0958
-	RESERVED
+CVE-2012-0958 (content/unity-api.js in the unity-firefox-extension extension 2.4.1 ...)
+	TODO: check
 CVE-2012-0957 (The override_release function in kernel/sys.c in the Linux kernel ...)
 	- linux 3.2.32-1
 	- linux-2.6 <removed>

More information about the Secure-testing-commits mailing list