[Secure-testing-commits] r18494 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Feb 20 21:14:29 UTC 2012
Author: joeyh
Date: 2012-02-20 21:14:28 +0000 (Mon, 20 Feb 2012)
New Revision: 18494
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-02-20 17:32:50 UTC (rev 18493)
+++ data/CVE/list 2012-02-20 21:14:28 UTC (rev 18494)
@@ -1,3 +1,25 @@
+CVE-2012-1200 (Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow ...)
+ TODO: check
+CVE-2012-1199 (Multiple PHP remote file inclusion vulnerabilities in Basic Analysis ...)
+ TODO: check
+CVE-2012-1198 (base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 ...)
+ TODO: check
+CVE-2012-1197 (Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build ...)
+ TODO: check
+CVE-2012-1196 (Directory traversal vulnerability in the VulCore web service ...)
+ TODO: check
+CVE-2012-1195 (Unrestricted file upload vulnerability in ...)
+ TODO: check
+CVE-2012-1194 (The resolver in the DNS Server service in Microsoft Windows Server ...)
+ TODO: check
+CVE-2012-1193 (The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites ...)
+ TODO: check
+CVE-2012-1192 (The resolver in Unbound before 1.4.11 overwrites cached server names ...)
+ TODO: check
+CVE-2012-1191 (The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites ...)
+ TODO: check
+CVE-2011-5081 (Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC ...)
+ TODO: check
CVE-2012-XXXX [F*X XSS issues via various HTTP parameters in fup]
- fex <unfixed> (low; bug #660621)
NOTE: advisory has been posted on ossec, CVE ids will be assigned
@@ -2,2 +24,3 @@
CVE-2012-1190 [phpMyAdmin PMASA-2012-1 XSS using a crafted database name]
+ RESERVED
- phpmyadmin 4:3.4.10.1-1 (unimportant)
@@ -338,7 +361,7 @@
NOT-FOR-US: Sybase
CVE-2012-1034 (Multiple cross-site scripting (XSS) vulnerabilities in the admin ...)
NOT-FOR-US: EPiServer CMS
-CVE-2012-1033 (The resolver in ISC BIND 9 through 9.8.1-P1 does not properly ...)
+CVE-2012-1033 (The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server ...)
NOTE: DNS protocol flaw
CVE-2012-1032
RESERVED
@@ -2450,8 +2473,7 @@
- zope2.11 <removed>
- zope2.9 <removed>
NOTE: http://openwall.com/lists/oss-security/2012/01/19/16
-CVE-2011-4923 [backuppc xss issue]
- RESERVED
+CVE-2011-4923 (Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, ...)
- backuppc 3.2.1-2 (bug #646865)
[squeeze] - backuppc 3.1.0-9.1
CVE-2011-4922 [libpurple info leak]
@@ -2865,8 +2887,7 @@
- linux-2.6 3.1.8-2 (bug #654876)
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
-CVE-2012-0206 [PowerDNS packet loop]
- RESERVED
+CVE-2012-0206 (common_startup.cc in PowerDNS (aka pdns) Authoritative Server before ...)
{DSA-2385-1}
- pdns 3.0-1.1 (high)
CVE-2012-0205
@@ -3846,8 +3867,7 @@
[squeeze] - libhtml-template-pro-perl 0.9502-1+squeeze1
CVE-2011-4615 (Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before ...)
- zabbix 1:1.8.10-1 (bug #652664)
-CVE-2011-4614 [TYPO3-SA-2011-004]
- RESERVED
+CVE-2011-4614 (PHP remote file inclusion vulnerability in ...)
- typo3-src 4.5.9+dfsg1-1 (bug #652365)
[squeeze] - typo3-src <not-affected> (Only affects 4.5 onwards)
[lenny] - typo3-src <not-affected> (Only affects 4.5 onwards)
@@ -4667,8 +4687,7 @@
NOT-FOR-US: websitebaker
CVE-2011-4321 (The password reset functionality in Joomla! 1.5.x through 1.5.24 uses ...)
NOT-FOR-US: Joomla
-CVE-2011-4320 [ejabberd DoS in pubsub module]
- RESERVED
+CVE-2011-4320 (The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and ...)
- ejabberd 2.1.9-1 (low)
[squeeze] - ejabberd <no-dsa> (Only triggerable with malformed config file)
NOTE: https://support.process-one.net/browse/EJAB-1498
@@ -5330,8 +5349,7 @@
CVE-2011-4114 (The par_mktmpdir function in the PAR::Packer module before 1.012 for ...)
- libpar-packer-perl 1.012-1 (bug #650706)
[squeeze] - libpar-packer-perl 1.006-1+squeeze1
-CVE-2011-4113
- RESERVED
+CVE-2011-4113 (SQL injection vulnerability in the Views module before 6.x-2.13 for ...)
- drupal6-mod-views 2.14-1
CVE-2011-4112
RESERVED
@@ -5357,8 +5375,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=751112
CVE-2011-4106
RESERVED
-CVE-2011-4105
- RESERVED
+CVE-2011-4105 (LightDM before 1.0.6 allows local users to change ownership of ...)
- lightdm 1.0.6-2
CVE-2011-4104
RESERVED
@@ -7724,8 +7741,7 @@
- ffmpeg <removed>
- ffmpeg-debian <end-of-life>
NOTE: http://www.ocert.org/advisories/ocert-2011-002.html
-CVE-2011-3361 [BackupPC XSS in Browse.pm]
- RESERVED
+CVE-2011-3361 (Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC ...)
- backuppc 3.2.1-2 (bug #641450)
[squeeze] - backuppc 3.1.0-9.1
NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=f1f1ef74-716d-4af8-b1bf-c1ba6d9a98a1%40SC1EXHC-02.global.atheros.com&forum_name=backuppc-devel
@@ -12263,9 +12279,11 @@
RESERVED
CVE-2011-1778
RESERVED
+ {DSA-2413-1}
- libarchive 2.8.5-5 (bug #651844)
CVE-2011-1777
RESERVED
+ {DSA-2413-1}
- libarchive 2.8.5-5 (bug #651844)
CVE-2011-1776 (The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel ...)
{DSA-2264-1 DSA-2240-1}
More information about the Secure-testing-commits
mailing list