[Secure-testing-commits] r18317 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Jan 27 21:14:55 UTC 2012 

Author: joeyh
Date: 2012-01-27 21:14:55 +0000 (Fri, 27 Jan 2012)
New Revision: 18317

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-27 19:55:36 UTC (rev 18316)
+++ data/CVE/list	2012-01-27 21:14:55 UTC (rev 18317)
@@ -1,3 +1,7 @@
+CVE-2012-0921
+	RESERVED
+CVE-2012-0920
+	RESERVED
 CVE-2012-0919 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations ...)
 	NOT-FOR-US: Hitachi IT Operations Director
 CVE-2012-0918 (Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net ...)
@@ -234,12 +238,10 @@
 	RESERVED
 	- as31 2.3.1-5 (bug #655496)
 	[squeeze] - as31 <no-dsa> (The maintainer consider it a minor issue. Check comments in the bug report)
-CVE-2012-0807 [Suhosin extension "transparent cookie encryption buffer overflow"]
-	RESERVED
+CVE-2012-0807 (Stack-based buffer overflow in the suhosin_encrypt_single_cookie ...)
 	- php-suhosin 0.9.33-1 (bug #657190)
 	NOTE: https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa
-CVE-2012-0806 [bip: buffer overflow]
-	RESERVED
+CVE-2012-0806 (Buffer overflow in Bip 0.8.8 and earlier might allow remote ...)
 	{DSA-2393-1}
 	- bip 0.8.8-2 (bug #657217)
 	[lenny] - bip <not-affected> (Maintainer reports vulnerable code not present)
@@ -1123,8 +1125,8 @@
 	RESERVED
 CVE-2012-0396
 	RESERVED
-CVE-2012-0395
-	RESERVED
+CVE-2012-0395 (Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before ...)
+	TODO: check
 CVE-2012-0394 (** DISPUTED ** The DebuggingInterceptor component in Apache Struts ...)
 	- libstruts1.2-java <undetermined>
 CVE-2012-0393 (The ParameterInterceptor component in Apache Struts before 2.3.1.1 ...)
@@ -1303,10 +1305,10 @@
 	RESERVED
 CVE-2012-0313 (Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 ...)
 	NOT-FOR-US: glucose
-CVE-2012-0312
-	RESERVED
-CVE-2012-0311
-	RESERVED
+CVE-2012-0312 (Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before ...)
+	TODO: check
+CVE-2012-0311 (Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before ...)
+	TODO: check
 CVE-2012-0310 (CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, ...)
 	NOT-FOR-US: Cogent DataHub
 CVE-2012-0309 (Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and ...)
@@ -2736,15 +2738,18 @@
 	NOT-FOR-US: batavi not in Debian
 CVE-2012-0068 [heap-buffer underflow when parsing LANalyzer packet]
 	RESERVED
+	{DSA-2395-1}
 	- wireshark 1.6.5-1
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670
 CVE-2012-0067 [DoS due to integer overflow in IPTrace capture format]
 	RESERVED
+	{DSA-2395-1}
 	- wireshark 1.6.5-1 (unimportant)
 	NOTE: Not suitable for code injection
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668
 CVE-2012-0066 [DoS via large buffer allocation request]
 	RESERVED
+	{DSA-2395-1}
 	- wireshark 1.6.5-1 (unimportant)
 	NOTE: Not suitable for code injection
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666
@@ -2833,10 +2838,12 @@
 	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
 CVE-2012-0042 [wireshark unspecified NULL derefs]
 	RESERVED
+	{DSA-2395-1}
 	- wireshark 1.6.5-1 (unimportant)
 	NOTE: Not suitable for code injection
 CVE-2012-0041 [typecast DoS]
 	RESERVED
+	{DSA-2395-1}
 	- wireshark 1.6.5-1 (unimportant)
 	NOTE: Not suitable for code injection
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663
@@ -2871,6 +2878,7 @@
 	- nova <unfixed>
 CVE-2012-0029
 	RESERVED
+	{DSA-2396-1}
 	- qemu-kvm 1.0+dfsg-5
 CVE-2012-0028
 	RESERVED
@@ -3810,8 +3818,7 @@
 	RESERVED
 	- gdb <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=703238
-CVE-2011-4354 [OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys]
-	RESERVED
+CVE-2011-4354 (crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as ...)
 	{DSA-2390-1}
 	- openssl 0.9.8o-4squeeze3 (bug #650621)
 CVE-2011-4353 [VP5/VP6 DoS]
@@ -4507,8 +4514,8 @@
 	RESERVED
 CVE-2011-4144
 	RESERVED
-CVE-2011-4143
-	RESERVED
+CVE-2011-4143 (EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote ...)
+	TODO: check
 CVE-2011-4142 (The Web Search feature in EMC SourceOne Email Management 6.5 before ...)
 	NOT-FOR-US: EMC SourceOne Email Management
 CVE-2011-4141 (Untrusted search path vulnerability in EMC RSA SecurID Software Token ...)
@@ -6737,6 +6744,7 @@
 	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-16.html
 CVE-2011-3483 (Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial ...)
+	{DSA-2395-1}
 	- wireshark 1.6.2-1
 	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-14.html
@@ -10916,13 +10924,11 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=708876
 CVE-2011-1942
 	RESERVED
-CVE-2011-1941 [phpMyAdmin PMASA-2011-4 insecure redirect]
-	RESERVED
+CVE-2011-1941 (Open redirect vulnerability in the redirector feature in phpMyAdmin ...)
 	- phpmyadmin 4:3.4.1-1
 	[lenny] - phpmyadmin <not-affected> (3.4.x only)
 	[squeeze] - phpmyadmin <not-affected> (3.4.x only)
-CVE-2011-1940 [phpMyAdmin PMASA-2011-3 xss on tracking]
-	RESERVED
+CVE-2011-1940 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
 	{DSA-2391-1}
 	- phpmyadmin 4:3.4.1-1
 	[lenny] - phpmyadmin <not-affected> (3.3.x+ only)

More information about the Secure-testing-commits mailing list