[Secure-testing-commits] r19637 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Jul 2 21:14:18 UTC 2012 

Author: joeyh
Date: 2012-07-02 21:14:18 +0000 (Mon, 02 Jul 2012)
New Revision: 19637

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-07-02 20:05:47 UTC (rev 19636)
+++ data/CVE/list	2012-07-02 21:14:18 UTC (rev 19637)
@@ -1,3 +1,23 @@
+CVE-2012-3826 (Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x ...)
+	TODO: check
+CVE-2012-3825 (Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x ...)
+	TODO: check
+CVE-2012-3824
+	RESERVED
+CVE-2012-3823
+	RESERVED
+CVE-2012-3822
+	RESERVED
+CVE-2012-3821
+	RESERVED
+CVE-2012-3820
+	RESERVED
+CVE-2012-3819
+	RESERVED
+CVE-2012-3818 (The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the ...)
+	TODO: check
+CVE-2012-3817
+	RESERVED
 CVE-2012-XXXX [packagekit insecure temp file]
 	- packagekit <unfixed> (bug #678189)
 CVE-2012-3816 (WinRadius Server 2009 allows remote attackers to cause a denial of ...)
@@ -1208,8 +1228,8 @@
 	RESERVED
 CVE-2012-3233
 	RESERVED
-CVE-2012-3232
-	RESERVED
+CVE-2012-3232 (Cross-site scripting (XSS) vulnerability in search.php in web at all 2.0, ...)
+	TODO: check
 CVE-2012-3231 (Multiple cross-site request forgery (CSRF) vulnerabilities in web at all ...)
 	NOT-FOR-US: web at all
 CVE-2012-3230
@@ -1562,16 +1582,16 @@
 	RESERVED
 CVE-2012-3058 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
 	NOT-FOR-US: Cisco
-CVE-2012-3057
-	RESERVED
-CVE-2012-3056
-	RESERVED
-CVE-2012-3055
-	RESERVED
-CVE-2012-3054
-	RESERVED
-CVE-2012-3053
-	RESERVED
+CVE-2012-3057 (Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) ...)
+	TODO: check
+CVE-2012-3056 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...)
+	TODO: check
+CVE-2012-3055 (Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) ...)
+	TODO: check
+CVE-2012-3054 (Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) ...)
+	TODO: check
+CVE-2012-3053 (Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) ...)
+	TODO: check
 CVE-2012-3052
 	RESERVED
 CVE-2012-3051
@@ -2202,6 +2222,7 @@
 	NOT-FOR-US: VMware
 CVE-2012-2751
 	RESERVED
+	{DSA-2506-1}
 	- modsecurity-apache 2.6.6-1 (bug #678527)
 	- libapache-mod-security <removed> (bug #678529)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1
@@ -2313,7 +2334,7 @@
 CVE-2012-2710 (Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x ...)
 	NOT-FOR-US: Drupal module
 CVE-2012-2709
-	RESERVED
+	REJECTED
 	NOTE: http://www.openwall.com/lists/oss-security/2012/06/27/10
 CVE-2012-2708 (Cross-site scripting (XSS) vulnerability in the ...)
 	NOT-FOR-US: Drupal module
@@ -2335,8 +2356,7 @@
 	REJECTED
 CVE-2012-2699
 	REJECTED
-CVE-2012-2698 [mediawiki uselang XSS]
-	RESERVED
+CVE-2012-2698 (Cross-site scripting (XSS) vulnerability in the outputPage function in ...)
 	[squeeze] - mediawiki <not-affected> (bug #677895; only affects experimental version 1.9.0)
 	[wheezy] - mediawiki <not-affected> (bug #677895; only affects experimental version 1.9.0)
 	- mediawiki 1:1.19.1-1
@@ -2356,8 +2376,7 @@
 CVE-2012-2691 (The mc_issue_note_update function in the SOAP API in MantisBT before ...)
 	- mantis 1.2.11-1 (bug #676783)
 	[squeeze] - mantis <not-affected> (according to maintainer)
-CVE-2012-2690
-	RESERVED
+CVE-2012-2690 (virt-edit in libguestfs before 1.18.0 does not preserve the ...)
 	- libguestfs 1:1.18.0-1
 	NOTE: Upstream patch https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html
 	NOTE: https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html
@@ -2438,8 +2457,7 @@
 	RESERVED
 CVE-2012-2665
 	RESERVED
-CVE-2012-2664
-	RESERVED
+CVE-2012-2664 (The sosreport utility in the Red Hat sos package before 2.2-29 does ...)
 	NOT-FOR-US: sosreport (Red Hat tool)
 CVE-2012-2663
 	RESERVED
@@ -3135,21 +3153,18 @@
 	- taglib 1.7.2-1 (unimportant)
 CVE-2012-2395 (Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 ...)
 	- cobbler <itp> (bug #545583)
-CVE-2012-2394
-	RESERVED
+CVE-2012-2394 (Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and ...)
 	- wireshark 1.6.8-1 (unimportant)
 	NOTE: Not suitable for code injection
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824419
-CVE-2012-2393
-	RESERVED
+CVE-2012-2393 (epan/dissectors/packet-diameter.c in the DIAMETER dissector in ...)
 	- wireshark 1.6.8-1 (unimportant)
 	NOTE: Not suitable for code injection
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2012-09.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7133
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824413
-CVE-2012-2392
-	RESERVED
+CVE-2012-2392 (Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote ...)
 	- wireshark 1.6.8-1 (unimportant)
 	NOTE: Not suitable for code injection
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805
@@ -3179,8 +3194,7 @@
 	RESERVED
 	{DSA-2492-1}
 	- php5 5.4.4~rc1-1
-CVE-2012-2385 [malicious escape sequences can cause denial of service for mosh-server]
-	RESERVED
+CVE-2012-2385 (The terminal dispatcher in mosh before 1.2.1 allows remote ...)
 	- mosh 1.2.1-1 (low; bug #673871)
 	[squeeze] - mosh 1.2.1-1 (low; bug #673871)
 	NOTE: https://github.com/keithw/mosh/issues/271
@@ -3983,8 +3997,7 @@
 	NOTE: https://lkml.org/lkml/2012/2/20/422
 CVE-2012-2099
 	RESERVED
-CVE-2012-2098
-	RESERVED
+CVE-2012-2098 (Algorithmic complexity vulnerability in the sorting algorithms in ...)
 	- libcommons-compress-java 1.4.1-1 (low; bug #674448)
 	[squeeze] - libcommons-compress-java <no-dsa> (Minor issue)
 CVE-2012-2097
@@ -4193,18 +4206,18 @@
 	RESERVED
 CVE-2012-2018
 	RESERVED
-CVE-2012-2017
-	RESERVED
-CVE-2012-2016
-	RESERVED
-CVE-2012-2015
-	RESERVED
-CVE-2012-2014
-	RESERVED
-CVE-2012-2013
-	RESERVED
-CVE-2012-2012
-	RESERVED
+CVE-2012-2017 (Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, ...)
+	TODO: check
+CVE-2012-2016 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
+	TODO: check
+CVE-2012-2015 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
+	TODO: check
+CVE-2012-2014 (HP System Management Homepage (SMH) before 7.1.1 does not properly ...)
+	TODO: check
+CVE-2012-2013 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
+	TODO: check
+CVE-2012-2012 (HP System Management Homepage (SMH) before 7.1.1 does not have an off ...)
+	TODO: check
 CVE-2012-2011 (Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin ...)
 	NOT-FOR-US: HP Web Jetadmin
 CVE-2012-2010 (The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha ...)
@@ -6137,8 +6150,7 @@
 	{DSA-2454-1}
 	- openssl 1.0.0h-1 (low; bug #663642)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/3
-CVE-2012-1164 [openldap (slapd): Assertion failure by processing search quer...]
-	RESERVED
+CVE-2012-1164 (slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a ...)
 	- openldap 2.4.31-1 (low; bug #663644)
 	[squeeze] - openldap <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/4
@@ -6273,28 +6285,22 @@
 CVE-2012-1124
 	RESERVED
 	NOT-FOR-US: phxEventManager not in Debian
-CVE-2012-1123
-	RESERVED
+CVE-2012-1123 (The mci_check_login function in api/soap/mc_api.php in the SOAP API in ...)
 	{DSA-2500-1}
 	- mantis 1.2.10-1 (bug #662858)
-CVE-2012-1122
-	RESERVED
+CVE-2012-1122 (bug_actiongroup.php in MantisBT before 1.2.9 does not properly check ...)
 	{DSA-2500-1}
 	- mantis 1.2.10-1 (low; bug #669927)
-CVE-2012-1121
-	RESERVED
+CVE-2012-1121 (MantisBT before 1.2.9 does not properly check permissions, which ...)
 	- mantis 1.2.10-1 (low; bug #669926)
 	[squeeze] - mantis <not-affected> (according to maintainer)
-CVE-2012-1120
-	RESERVED
+CVE-2012-1120 (The SOAP API in MantisBT before 1.2.9 does not properly enforce the ...)
 	{DSA-2500-1}
 	- mantis 1.2.10-1 (low; bug #669925)
-CVE-2012-1119
-	RESERVED
+CVE-2012-1119 (MantisBT before 1.2.9 does not audit when users copy or clone a bug ...)
 	{DSA-2500-1}
 	- mantis 1.2.10-1 (low; bug #669928)
-CVE-2012-1118
-	RESERVED
+CVE-2012-1118 (The access_has_bug_level function in core/access_api.php in MantisBT ...)
 	{DSA-2500-1}
 	- mantis 1.2.10-1 (low; bug #669924)
 CVE-2012-1117
@@ -7094,8 +7100,7 @@
 CVE-2012-0814 (The auth_parse_options function in auth-options.c in sshd in OpenSSH ...)
 	- openssh 1:5.6p1-1 (low; bug #657445)
 	[squeeze] - openssh-server 1:5.5p1-6+squeeze2
-CVE-2012-0813 [wicd cleartext passwords]
-	RESERVED
+CVE-2012-0813 (Wicd before 1.7.1 saves sensitive information in log files in ...)
 	- wicd 1.7.1~b3-4 (unimportant; bug #652417)
 	NOTE: Not a security issue per se, logfile only accessible by root:adm
 CVE-2012-0812 [PostfixAdmin 2.3.4 multiple XSS vulnerabilities]
@@ -9205,8 +9210,7 @@
 	- ioquake3 <not-affected> (fixed before upload)
 	- tremulous 1.1.0-8 (bug #665842)
 	[squeeze] - tremulous 1.1.0-7~squeeze1
-CVE-2010-5076
-	RESERVED
+CVE-2010-5076 (QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in ...)
 	- qt4-x11 4:4.6.3-1
 	NOTE: Might be fixed earlier, but Squeeze version has been validated to be fixed
 CVE-2009-5108

More information about the Secure-testing-commits mailing list