[Secure-testing-commits] r18494 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Feb 20 21:14:29 UTC 2012 

Author: joeyh
Date: 2012-02-20 21:14:28 +0000 (Mon, 20 Feb 2012)
New Revision: 18494

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-02-20 17:32:50 UTC (rev 18493)
+++ data/CVE/list	2012-02-20 21:14:28 UTC (rev 18494)
@@ -1,3 +1,25 @@
+CVE-2012-1200 (Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow ...)
+	TODO: check
+CVE-2012-1199 (Multiple PHP remote file inclusion vulnerabilities in Basic Analysis ...)
+	TODO: check
+CVE-2012-1198 (base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 ...)
+	TODO: check
+CVE-2012-1197 (Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build ...)
+	TODO: check
+CVE-2012-1196 (Directory traversal vulnerability in the VulCore web service ...)
+	TODO: check
+CVE-2012-1195 (Unrestricted file upload vulnerability in ...)
+	TODO: check
+CVE-2012-1194 (The resolver in the DNS Server service in Microsoft Windows Server ...)
+	TODO: check
+CVE-2012-1193 (The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites ...)
+	TODO: check
+CVE-2012-1192 (The resolver in Unbound before 1.4.11 overwrites cached server names ...)
+	TODO: check
+CVE-2012-1191 (The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites ...)
+	TODO: check
+CVE-2011-5081 (Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC ...)
+	TODO: check
 CVE-2012-XXXX [F*X XSS issues via various HTTP parameters in fup]
 	- fex <unfixed> (low; bug #660621)
 	NOTE: advisory has been posted on ossec, CVE ids will be assigned
@@ -2,2 +24,3 @@
 CVE-2012-1190 [phpMyAdmin PMASA-2012-1 XSS using a crafted database name]
+	RESERVED
 	- phpmyadmin 4:3.4.10.1-1 (unimportant)
@@ -338,7 +361,7 @@
 	NOT-FOR-US: Sybase
 CVE-2012-1034 (Multiple cross-site scripting (XSS) vulnerabilities in the admin ...)
 	NOT-FOR-US: EPiServer CMS
-CVE-2012-1033 (The resolver in ISC BIND 9 through 9.8.1-P1 does not properly ...)
+CVE-2012-1033 (The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server ...)
 	NOTE: DNS protocol flaw
 CVE-2012-1032
 	RESERVED
@@ -2450,8 +2473,7 @@
 	- zope2.11 <removed>
 	- zope2.9 <removed>
 	NOTE: http://openwall.com/lists/oss-security/2012/01/19/16
-CVE-2011-4923 [backuppc xss issue]
-	RESERVED
+CVE-2011-4923 (Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, ...)
 	- backuppc 3.2.1-2 (bug #646865)
 	[squeeze] - backuppc 3.1.0-9.1
 CVE-2011-4922 [libpurple info leak]
@@ -2865,8 +2887,7 @@
 	- linux-2.6 3.1.8-2 (bug #654876)
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
-CVE-2012-0206 [PowerDNS packet loop]
-	RESERVED
+CVE-2012-0206 (common_startup.cc in PowerDNS (aka pdns) Authoritative Server before ...)
 	{DSA-2385-1}
 	- pdns 3.0-1.1 (high)
 CVE-2012-0205
@@ -3846,8 +3867,7 @@
 	[squeeze] - libhtml-template-pro-perl 0.9502-1+squeeze1
 CVE-2011-4615 (Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before ...)
 	- zabbix 1:1.8.10-1 (bug #652664)
-CVE-2011-4614 [TYPO3-SA-2011-004]
-	RESERVED
+CVE-2011-4614 (PHP remote file inclusion vulnerability in ...)
 	- typo3-src 4.5.9+dfsg1-1 (bug #652365)
 	[squeeze] - typo3-src <not-affected> (Only affects 4.5 onwards)
 	[lenny] - typo3-src <not-affected> (Only affects 4.5 onwards)
@@ -4667,8 +4687,7 @@
 	NOT-FOR-US: websitebaker
 CVE-2011-4321 (The password reset functionality in Joomla! 1.5.x through 1.5.24 uses ...)
 	NOT-FOR-US: Joomla
-CVE-2011-4320 [ejabberd DoS in pubsub module]
-	RESERVED
+CVE-2011-4320 (The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and ...)
 	- ejabberd 2.1.9-1 (low)
 	[squeeze] - ejabberd <no-dsa> (Only triggerable with malformed config file)
 	NOTE: https://support.process-one.net/browse/EJAB-1498
@@ -5330,8 +5349,7 @@
 CVE-2011-4114 (The par_mktmpdir function in the PAR::Packer module before 1.012 for ...)
 	- libpar-packer-perl 1.012-1 (bug #650706)
 	[squeeze] - libpar-packer-perl 1.006-1+squeeze1
-CVE-2011-4113
-	RESERVED
+CVE-2011-4113 (SQL injection vulnerability in the Views module before 6.x-2.13 for ...)
 	- drupal6-mod-views 2.14-1
 CVE-2011-4112
 	RESERVED
@@ -5357,8 +5375,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=751112
 CVE-2011-4106
 	RESERVED
-CVE-2011-4105
-	RESERVED
+CVE-2011-4105 (LightDM before 1.0.6 allows local users to change ownership of ...)
 	- lightdm 1.0.6-2
 CVE-2011-4104
 	RESERVED
@@ -7724,8 +7741,7 @@
 	- ffmpeg <removed>
 	- ffmpeg-debian <end-of-life>
 	NOTE: http://www.ocert.org/advisories/ocert-2011-002.html
-CVE-2011-3361 [BackupPC XSS in Browse.pm]
-	RESERVED
+CVE-2011-3361 (Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC ...)
 	- backuppc 3.2.1-2 (bug #641450)
 	[squeeze] - backuppc 3.1.0-9.1
 	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=f1f1ef74-716d-4af8-b1bf-c1ba6d9a98a1%40SC1EXHC-02.global.atheros.com&forum_name=backuppc-devel
@@ -12263,9 +12279,11 @@
 	RESERVED
 CVE-2011-1778
 	RESERVED
+	{DSA-2413-1}
 	- libarchive 2.8.5-5 (bug #651844)
 CVE-2011-1777
 	RESERVED
+	{DSA-2413-1}
 	- libarchive 2.8.5-5 (bug #651844)
 CVE-2011-1776 (The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel ...)
 	{DSA-2264-1 DSA-2240-1}

More information about the Secure-testing-commits mailing list