[Secure-testing-commits] r20717 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Dec 27 21:14:41 UTC 2012
Author: joeyh
Date: 2012-12-27 21:14:41 +0000 (Thu, 27 Dec 2012)
New Revision: 20717
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-12-27 18:10:32 UTC (rev 20716)
+++ data/CVE/list 2012-12-27 21:14:41 UTC (rev 20717)
@@ -118,10 +118,10 @@
RESERVED
CVE-2013-0651
RESERVED
-CVE-2012-6432
- RESERVED
-CVE-2012-6431
- RESERVED
+CVE-2012-6432 (Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the ...)
+ TODO: check
+CVE-2012-6431 (Symfony 2.0.x before 2.0.20 does not process URL encoded data ...)
+ TODO: check
CVE-2012-6430
RESERVED
CVE-2012-6429
@@ -1464,8 +1464,8 @@
RESERVED
CVE-2012-6315
RESERVED
-CVE-2012-6314
- RESERVED
+CVE-2012-6314 (Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, ...)
+ TODO: check
CVE-2012-6313 (simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 ...)
NOT-FOR-US: Wordpress plugin
CVE-2012-6312 (Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin ...)
@@ -1498,10 +1498,10 @@
NOT-FOR-US: Android browser
CVE-2012-6300
RESERVED
-CVE-2012-6299
- RESERVED
-CVE-2012-6298
- RESERVED
+CVE-2012-6299 (Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, ...)
+ TODO: check
+CVE-2012-6298 (Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, ...)
+ TODO: check
CVE-2012-6297
RESERVED
CVE-2012-6296
@@ -1955,12 +1955,14 @@
CVE-2012-6072
RESERVED
CVE-2012-6071 [libnusoap-php: Curl insecure usage]
- - nusoap 0.7.3-5 (low; bug #696707)
- [squeeze] - nusoap <no-dsa> (Minor issue)
- NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1
+ RESERVED
+ - nusoap 0.7.3-5 (low; bug #696707)
+ [squeeze] - nusoap <no-dsa> (Minor issue)
+ NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1
CVE-2012-6070 [falconpl: Curl insecure usage]
- - falconpl 0.9.6.9-git20120606-2 (bug #696681)
- NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1
+ RESERVED
+ - falconpl 0.9.6.9-git20120606-2 (bug #696681)
+ NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1
CVE-2011-5250
RESERVED
CVE-2011-5249
@@ -2459,8 +2461,8 @@
RESERVED
CVE-2012-5952
RESERVED
-CVE-2012-5951
- RESERVED
+CVE-2012-5951 (Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, ...)
+ TODO: check
CVE-2012-5950
RESERVED
CVE-2012-5949
@@ -2643,8 +2645,8 @@
RESERVED
CVE-2012-5869
RESERVED
-CVE-2012-5868
- RESERVED
+CVE-2012-5868 (WordPress 3.4.2 does not invalidate a wordpress_sec session cookie ...)
+ TODO: check
CVE-2012-5867
RESERVED
CVE-2012-5866
@@ -3189,8 +3191,8 @@
CVE-2012-5665 [Auth bypass in user_webdavauth and user_ldap]
RESERVED
- owncloud <unfixed> (bug #696574)
-CVE-2012-5664
- RESERVED
+CVE-2012-5664 (SQL injection vulnerability in the Authlogic gem for Ruby on Rails ...)
+ TODO: check
CVE-2012-5663
RESERVED
CVE-2012-5662
@@ -3290,8 +3292,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=883719
CVE-2012-5626
RESERVED
-CVE-2012-5625
- RESERVED
+CVE-2012-5625 (OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when ...)
- nova <not-affected> (Only affects OpenStack Folsom, bug #695830)
CVE-2012-5624 [qt QML XmlHttpRequest insecure redirection]
RESERVED
@@ -3397,22 +3398,22 @@
REJECTED
CVE-2012-5592
REJECTED
-CVE-2012-5591
- RESERVED
-CVE-2012-5590
- RESERVED
-CVE-2012-5589
- RESERVED
-CVE-2012-5588
- RESERVED
-CVE-2012-5587
- RESERVED
-CVE-2012-5586
- RESERVED
-CVE-2012-5585
- RESERVED
-CVE-2012-5584
- RESERVED
+CVE-2012-5591 (Cross-site scripting (XSS) vulnerability in the Zero Point module ...)
+ TODO: check
+CVE-2012-5590 (SQL injection vulnerability in the Webmail Plus module for Drupal ...)
+ TODO: check
+CVE-2012-5589 (The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 ...)
+ TODO: check
+CVE-2012-5588 (The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a ...)
+ TODO: check
+CVE-2012-5587 (Cross-site scripting (XSS) vulnerability in the Email Field module ...)
+ TODO: check
+CVE-2012-5586 (The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 ...)
+ TODO: check
+CVE-2012-5585 (Cross-site scripting (XSS) vulnerability in the Mixpanel module ...)
+ TODO: check
+CVE-2012-5584 (The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does ...)
+ TODO: check
CVE-2012-5583 [phpcas curl usage]
RESERVED
- php-cas 1.3.1-2
@@ -3547,8 +3548,7 @@
CVE-2012-5533 (The http_request_split_value function in request.c in lighttpd 1.4.32 ...)
- lighttpd 1.4.31-2
[squeeze] - lighttpd <not-affected> (Introduced in 1.4.31)
-CVE-2012-5532
- RESERVED
+CVE-2012-5532 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as ...)
- linux <unfixed> (unimportant)
- linux-2.6 <not-affected> (userspace daemon not yet present)
NOTE: hyperv tools are not build in sid
@@ -3699,8 +3699,7 @@
NOTE: https://plone.org/products/plone/security/advisories/20121106/01
CVE-2012-5484
RESERVED
-CVE-2012-5483
- RESERVED
+CVE-2012-5483 (tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to ...)
- keystone <not-affected> (Debian packaging enforces correct permissions)
CVE-2012-5482 (The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex ...)
- glance 2012.1.1-3 (bug #692641)
@@ -4393,16 +4392,16 @@
RESERVED
CVE-2012-5184
RESERVED
-CVE-2012-5183
- RESERVED
-CVE-2012-5182
- RESERVED
+CVE-2012-5183 (The Loctouch application 3.4.6 and earlier for Android allows ...)
+ TODO: check
+CVE-2012-5182 (The Loctouch application 3.4.6 and earlier for Android does not ...)
+ TODO: check
CVE-2012-5181 (Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 ...)
TODO: check
-CVE-2012-5180
- RESERVED
-CVE-2012-5179
- RESERVED
+CVE-2012-5180 (The Opera Mobile application before 12.1 and Opera Mini application ...)
+ TODO: check
+CVE-2012-5179 (The Boat Browser application before 4.2 and Boat Browser Mini ...)
+ TODO: check
CVE-2012-5178 (Cross-site request forgery (CSRF) vulnerability in the Welcart plugin ...)
TODO: check
CVE-2012-5177 (Cross-site scripting (XSS) vulnerability in the Welcart plugin before ...)
@@ -4438,8 +4437,8 @@
NOT-FOR-US: OSClass not in Debian
CVE-2012-5162 (Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in ...)
NOT-FOR-US: OSClass not in Debian
-CVE-2012-5161
- RESERVED
+CVE-2012-5161 (The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 ...)
+ TODO: check
CVE-2012-5160
RESERVED
CVE-2012-5158
@@ -5254,8 +5253,8 @@
RESERVED
CVE-2012-4817 (The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS ...)
NOT-FOR-US: IBM AIX, VIOS
-CVE-2012-4816
- RESERVED
+CVE-2012-4816 (IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows ...)
+ TODO: check
CVE-2012-4815
RESERVED
CVE-2012-4814
@@ -5896,8 +5895,8 @@
NOT-FOR-US: Cisco IOS
CVE-2012-4617 (The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, ...)
NOT-FOR-US: Cisco IOS
-CVE-2012-4616
- RESERVED
+CVE-2012-4616 (Directory traversal vulnerability in the Web UI in EMC Data Protection ...)
+ TODO: check
CVE-2012-4615 (EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a ...)
NOT-FOR-US: EMC
CVE-2012-4614 (The default configuration of EMC Smarts Network Configuration Manager ...)
@@ -10971,8 +10970,7 @@
NOTE: http://www.securityfocus.com/archive/1/522973/30/0/threaded
NOTE: http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html
NOTE: http://www.collabtive.o-dyn.de/blog/?p=426
-CVE-2012-2669 [hyper-v daemon fails to check origin of netlink messages]
- RESERVED
+CVE-2012-2669 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as ...)
- linux 3.2.23-1
[squeeze] - linux-2.6 <not-affected> (userspace daemon not yet present)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=761200
@@ -12075,6 +12073,7 @@
CVE-2012-2254
RESERVED
CVE-2012-2253 (Cross-site scripting (XSS) vulnerability in group/members.php in ...)
+ {DSA-2591-1}
- mahara 1.5.1-3.1 (bug #695789)
CVE-2012-2252 [incorrect filtering of --rsh option]
RESERVED
@@ -12097,20 +12096,24 @@
[squeeze] - isc-dhcp <not-affected> (CLIENT_PATH is not correctly defined)
NOTE: Debian-specific
CVE-2012-2247 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 ...)
+ {DSA-2591-1}
- mahara 1.5.1-3
NOTE: https://mahara.org/interaction/forum/topic.php?id=4938
NOTE: https://bugs.launchpad.net/mahara/+bug/1061980
CVE-2012-2246 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote ...)
+ {DSA-2591-1}
- mahara 1.5.1-3
NOTE: https://mahara.org/interaction/forum/topic.php?id=493
NOTE: https://bugs.launchpad.net/mahara/+bug/1057240
CVE-2012-2245
RESERVED
CVE-2012-2244 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote ...)
+ {DSA-2591-1}
- mahara 1.5.1-3
NOTE: https://mahara.org/interaction/forum/topic.php?id=4936
NOTE: https://bugs.launchpad.net/mahara/+bug/1057238
CVE-2012-2243 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 ...)
+ {DSA-2591-1}
- mahara 1.5.1-3
NOTE: https://mahara.org/interaction/forum/topic.php?id=4937
NOTE: https://bugs.launchpad.net/mahara/+bug/1055232
@@ -12125,6 +12128,7 @@
{DSA-2549-1}
- devscripts 2.12.3
CVE-2012-2239 (Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote ...)
+ {DSA-2591-1}
- mahara 1.5.1-3
CVE-2012-2238
RESERVED
@@ -15147,21 +15151,19 @@
RESERVED
CVE-2012-0963
RESERVED
-CVE-2012-0962
- RESERVED
+CVE-2012-0962 (Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when ...)
- aptdaemon <unfixed> (low)
[squeeze] - aptdaemon <not-affected> (Vulnerable code not present)
NOTE: https://bugs.launchpad.net/software-center-agent/+bug/1052789
-CVE-2012-0961
- RESERVED
+CVE-2012-0961 (Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, ...)
- apt 0.9.7.7 (bug #695832)
[squeeze] - apt <not-affected> (Logged as 0600 in Squeeze)
CVE-2012-0960 (Unity integration extension (unity-firefox-extension) before 2.4.1 for ...)
NOT-FOR-US: Ubuntu Unity extension
CVE-2012-0959 (Remote Login Service (RLS) 1.0.0 does not properly clear account ...)
NOT-FOR-US: Ubuntu remote login service
-CVE-2012-0958
- RESERVED
+CVE-2012-0958 (content/unity-api.js in the unity-firefox-extension extension 2.4.1 ...)
+ TODO: check
CVE-2012-0957 (The override_release function in kernel/sys.c in the Linux kernel ...)
- linux 3.2.32-1
- linux-2.6 <removed>
More information about the Secure-testing-commits
mailing list