[Secure-testing-commits] r18518 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Feb 22 21:14:30 UTC 2012
Author: joeyh
Date: 2012-02-22 21:14:30 +0000 (Wed, 22 Feb 2012)
New Revision: 18518
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-02-22 20:09:09 UTC (rev 18517)
+++ data/CVE/list 2012-02-22 21:14:30 UTC (rev 18518)
@@ -1,3 +1,47 @@
+CVE-2012-1257
+ RESERVED
+CVE-2012-1256 (The single sign-on (SSO) implementation in EasyVista before ...)
+ TODO: check
+CVE-2012-1255
+ RESERVED
+CVE-2012-1254
+ RESERVED
+CVE-2012-1253
+ RESERVED
+CVE-2012-1252
+ RESERVED
+CVE-2012-1251
+ RESERVED
+CVE-2012-1250
+ RESERVED
+CVE-2012-1249
+ RESERVED
+CVE-2012-1248
+ RESERVED
+CVE-2012-1247
+ RESERVED
+CVE-2012-1246
+ RESERVED
+CVE-2012-1245
+ RESERVED
+CVE-2012-1244
+ RESERVED
+CVE-2012-1243
+ RESERVED
+CVE-2012-1242
+ RESERVED
+CVE-2012-1241
+ RESERVED
+CVE-2012-1240
+ RESERVED
+CVE-2012-1239
+ RESERVED
+CVE-2012-1238
+ RESERVED
+CVE-2012-1237
+ RESERVED
+CVE-2012-1236
+ RESERVED
CVE-2012-1235 (Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin ...)
NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-1234 (SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows ...)
@@ -911,12 +955,16 @@
[squeeze] - libvpx <not-affected> (Introduced in 0.9.7)
NOTE: http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html
CVE-2012-0822
+ RESERVED
NOT-FOR-US: Joomla!
CVE-2012-0821
+ RESERVED
NOT-FOR-US: Joomla!
CVE-2012-0820
+ RESERVED
NOT-FOR-US: Joomla!
CVE-2012-0819
+ RESERVED
NOT-FOR-US: Joomla!
CVE-2012-0818
RESERVED
@@ -2090,8 +2138,8 @@
RESERVED
CVE-2012-0316
RESERVED
-CVE-2012-0315
- RESERVED
+CVE-2012-0315 (Untrusted search path vulnerability in ALFTP before 5.31 allows local ...)
+ TODO: check
CVE-2012-0314 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
NOT-FOR-US: eAccess Pocket WiFi
CVE-2012-0313 (Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 ...)
@@ -2138,8 +2186,8 @@
RESERVED
CVE-2012-0292
RESERVED
-CVE-2012-0291
- RESERVED
+CVE-2012-0291 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite ...)
+ TODO: check
CVE-2012-0290 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite ...)
NOT-FOR-US: Symantec pcAnywhere
CVE-2012-0289
@@ -2534,6 +2582,7 @@
- redmine 1.0.5-1 (bug #608397)
NOTE: http://www.redmine.org/news/49
CVE-2011-4926
+ RESERVED
NOT-FOR-US: WordPress plugin Adminimize
CVE-2011-4925 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource ...)
- torque <not-affected> (The version in Debian doesn't yet have MUNGE support)
@@ -2585,18 +2634,25 @@
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4
CVE-2011-4912
+ RESERVED
NOT-FOR-US: Joomla
CVE-2011-4911
+ RESERVED
NOT-FOR-US: Joomla
CVE-2011-4910
+ RESERVED
NOT-FOR-US: Joomla
CVE-2011-4909
+ RESERVED
NOT-FOR-US: Joomla
CVE-2011-4908
+ RESERVED
NOT-FOR-US: Joomla
CVE-2011-4907
+ RESERVED
NOT-FOR-US: Joomla
CVE-2011-4906
+ RESERVED
NOT-FOR-US: Joomla
CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial ...)
- activemq 5.5.0+dfsg-5 (bug #655495)
@@ -2724,8 +2780,8 @@
RESERVED
CVE-2012-0224 (Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 ...)
NOT-FOR-US: 7-Technologies (7T) AQUIS
-CVE-2012-0223
- RESERVED
+CVE-2012-0223 (Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 ...)
+ TODO: check
CVE-2012-0222
RESERVED
CVE-2012-0221
@@ -3711,6 +3767,7 @@
CVE-2012-0026
REJECTED
CVE-2012-0025
+ RESERVED
NOT-FOR-US: libfpx
CVE-2012-0024 (MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values ...)
- maradns 1.4.09-1
@@ -3918,6 +3975,7 @@
{DSA-2330-1}
- simplesamlphp 1.8.1-1
CVE-2011-4624
+ RESERVED
NOT-FOR-US: WordPress flash-album-gallery
CVE-2011-4623
RESERVED
@@ -3933,6 +3991,7 @@
{DSA-2390-1}
- openssl 1.0.0f-1
CVE-2011-4618
+ RESERVED
NOT-FOR-US: WordPress advanced-text-widget
CVE-2011-4617 (virtualenv.py in virtualenv before 1.5 allows local users to overwrite ...)
- python-virtualenv 1.4.9-1 (low; bug #652653)
@@ -4014,6 +4073,7 @@
CVE-2011-4596 (Multiple directory traversal vulnerabilities in OpenStack Nova before ...)
- nova 2012.1~e1-4
CVE-2011-4595
+ RESERVED
NOT-FOR-US: WordPress pretty-link plugin
CVE-2011-4594
RESERVED
@@ -4700,6 +4760,7 @@
CVE-2011-4344 (Cross-site scripting (XSS) vulnerability in Jenkins Core in CloudBees ...)
- jenkins-winstone 0.9.10-jenkins-29+dfsg-1 (bug #649900)
CVE-2011-4343
+ RESERVED
NOT-FOR-US: Mojarra/MyFaces
CVE-2011-4342
RESERVED
@@ -4794,6 +4855,7 @@
CVE-2011-4311 (ResourceSpace before 4.2.2833 does not properly validate access keys, ...)
NOT-FOR-US: ResourceSpace
CVE-2011-4310
+ RESERVED
NOT-FOR-US: cmsmadesimple
CVE-2011-4309 [MSA-11-0041]
RESERVED
@@ -5232,6 +5294,7 @@
CVE-2011-4196
RESERVED
CVE-2011-4195
+ RESERVED
NOT-FOR-US: kiwi
CVE-2011-4194 (Buffer overflow in Novell iPrint Server in Novell Open Enterprise ...)
NOT-FOR-US: Novell iPrint
@@ -5450,6 +5513,7 @@
[lenny] - phpmyadmin <not-affected> (Vulerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=751112
CVE-2011-4106
+ RESERVED
NOT-FOR-US: wordpress plugin timthumb
CVE-2011-4105 (LightDM before 1.0.6 allows local users to change ownership of ...)
- lightdm 1.0.6-2
@@ -5491,8 +5555,10 @@
- squid3 3.1.16-1
[lenny] - squid3 <not-affected> (no IPv6 support)
CVE-2011-4095
+ RESERVED
NOT-FOR-US: Jara
CVE-2011-4094
+ RESERVED
NOT-FOR-US: Jara
CVE-2011-4093
RESERVED
@@ -6997,6 +7063,7 @@
RESERVED
- hardlink <not-affected> (Only the C version, ours are written in Python)
CVE-2011-3629
+ RESERVED
NOT-FOR-US: Joomla
CVE-2011-3628
RESERVED
@@ -7026,8 +7093,10 @@
- vlc 1.1.3-1
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=285370
CVE-2011-3622
+ RESERVED
NOT-FOR-US: phorum
CVE-2011-3621
+ RESERVED
NOT-FOR-US: fluxbb
CVE-2011-3620
RESERVED
@@ -7178,6 +7247,7 @@
[squeeze] - typo3-src <not-affected> (Only affects 4.5.x)
[lenny] - typo3-src <not-affected> (Only affects 4.5.x)
CVE-2011-3582
+ RESERVED
NOT-FOR-US: Advanced Electron Forums
CVE-2011-3581 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal ...)
{DSA-2353-1}
@@ -7772,6 +7842,7 @@
- apt <unfixed> (unimportant; bug #642480)
NOTE: Not exploitable in Debian, since no keyring URI is defined
CVE-2011-3373
+ RESERVED
NOT-FOR-US: Views Bulk Operations module for Drupal
CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before ...)
{DSA-2318-1}
@@ -7783,6 +7854,7 @@
CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: PunBB
CVE-2011-3370
+ RESERVED
NOT-FOR-US: status.net
CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe before ...)
- etherape 0.9.12-1 (low; bug #645324)
@@ -7852,6 +7924,7 @@
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in commit 3b463ae0)
[squeeze] - linux-2.6 2.6.32-36
CVE-2011-3352
+ RESERVED
NOT-FOR-US: Zikula
CVE-2011-3351
RESERVED
@@ -8301,6 +8374,7 @@
- pidgin 2.10.0-1 (unimportant)
NOTE: Only exploitable by a malicious MSN server to crash the client
CVE-2011-3183
+ RESERVED
NOT-FOR-US: Concrete CMS
CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of the ...)
- php5 5.3.7-1 (unimportant)
@@ -8310,6 +8384,7 @@
- phpmyadmin 4:3.4.4-1
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-3180
+ RESERVED
NOT-FOR-US: Suse kiwi
CVE-2011-3179 (The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and ...)
NOT-FOR-US: Novell Messenger
@@ -9055,12 +9130,16 @@
CVE-2011-2937 (Cross-site scripting (XSS) vulnerability in the UI messages ...)
- roundcube 0.5.4+dfsg-1 (bug #641996)
CVE-2011-2936
+ RESERVED
NOT-FOR-US: Elgg
CVE-2011-2935
+ RESERVED
NOT-FOR-US: Elgg
CVE-2011-2934
+ RESERVED
NOT-FOR-US: WebsiteBaker
CVE-2011-2933
+ RESERVED
NOT-FOR-US: WebsiteBaker
CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in ...)
- rails 2.3.14
@@ -9144,6 +9223,7 @@
- torque 2.4.15+dfsg-1
[squeeze] - torque <no-dsa> (Not fixable, would need an update to a release with MUNGE support, clusters typically run in locked down environments)
CVE-2011-2906
+ RESERVED
NOT-FOR-US: ** REJECT **
CVE-2011-2905
RESERVED
@@ -9737,6 +9817,7 @@
CVE-2011-2728
RESERVED
CVE-2011-2727
+ RESERVED
NOT-FOR-US: Tribiq CMS
CVE-2011-2726 [SA-CORE-2011-003]
RESERVED
@@ -9809,6 +9890,7 @@
RESERVED
- linux-2.6 <not-affected> (xtensa arch not used in Debian)
CVE-2011-2706
+ RESERVED
NOT-FOR-US: sNews
CVE-2011-2705 (The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby ...)
- ruby1.8 1.8.7.352-1 (low; bug #635878)
@@ -10379,6 +10461,7 @@
[lenny] - nfs-utils <not-affected> (Introduced in 1.2.3)
[squeeze] - nfs-utils <not-affected> (Introduced in 1.2.3)
CVE-2011-2499
+ RESERVED
NOT-FOR-US: Mambo CMS
CVE-2011-2498
RESERVED
@@ -11573,6 +11656,7 @@
CVE-2011-2055
RESERVED
CVE-2011-2054
+ RESERVED
NOT-FOR-US: ** REJECT ** CVE-2011-2054 misused as CVE-2011-2524
CVE-2011-2053
RESERVED
@@ -12823,6 +12907,7 @@
RESERVED
NOT-FOR-US: OpenVAS Manager
CVE-2011-1596
+ RESERVED
NOT-FOR-US: ** REJECT ** (regular bug in gnome-screensaver-dialog)
CVE-2011-1595 (Directory traversal vulnerability in the disk_create function in ...)
- rdesktop 1.7.0-1 (low; bug #623552)
@@ -13236,6 +13321,7 @@
CVE-2011-1475 (The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not ...)
- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1474
+ RESERVED
NOT-FOR-US: PaX patched kernels
CVE-2011-1473
RESERVED
@@ -14215,8 +14301,10 @@
CVE-2011-1152
REJECTED
CVE-2011-1151
+ RESERVED
NOT-FOR-US: Joomla!
CVE-2011-1150
+ RESERVED
NOT-FOR-US: bbPress
CVE-2011-1149 (Android before 2.3 does not properly restrict access to the system ...)
NOT-FOR-US: Android
@@ -14433,6 +14521,7 @@
CVE-2011-1097 (rsync 3.x before 3.0.8, when certain recursion, deletion, and ...)
- rsync 3.0.8 (low; bug #621866)
CVE-2011-1096
+ RESERVED
NOT-FOR-US: alleged flaw in W3C XML Encryption standard. Nothing specific to fix
CVE-2011-1095 (locale/programs/locale.c in locale in the GNU C Library (aka glibc or ...)
- glibc <removed>
@@ -14476,10 +14565,13 @@
NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php
NOTE: obscure exploit scenario
CVE-2011-1086
+ RESERVED
NOT-FOR-US: openfiler
CVE-2011-1085
+ RESERVED
NOT-FOR-US: smoothwall
CVE-2011-1084
+ RESERVED
NOT-FOR-US: smoothwall
CVE-2011-1083 (The epoll implementation in the Linux kernel 2.6.37.2 and earlier does ...)
- linux-2.6 <unfixed> (low)
@@ -14525,6 +14617,7 @@
[squeeze] - v86d 0.1.9-1+squeeze1
[lenny] - v86d 0.1.5.2-1+lenny1
CVE-2011-1069
+ RESERVED
NOT-FOR-US: PHPShop
CVE-2011-1068 (Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before ...)
NOT-FOR-US: Microsoft Windows Azure SDK
More information about the Secure-testing-commits
mailing list