[Secure-testing-commits] r19700 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Jul 9 21:14:57 UTC 2012


Author: joeyh
Date: 2012-07-09 21:14:56 +0000 (Mon, 09 Jul 2012)
New Revision: 19700

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-07-09 20:49:32 UTC (rev 19699)
+++ data/CVE/list	2012-07-09 21:14:56 UTC (rev 19700)
@@ -1,4 +1,72 @@
-CVE-2012-3863 [asterisk: Possible resource leak on uncompleted re-invite transactions]
+CVE-2012-3882
+	RESERVED
+CVE-2012-3881
+	RESERVED
+CVE-2012-3880
+	RESERVED
+CVE-2012-3879
+	RESERVED
+CVE-2012-3878
+	RESERVED
+CVE-2012-3877
+	RESERVED
+CVE-2012-3876
+	RESERVED
+CVE-2012-3875
+	RESERVED
+CVE-2012-3874
+	RESERVED
+CVE-2012-3873
+	RESERVED
+CVE-2012-3872
+	RESERVED
+CVE-2012-3871
+	RESERVED
+CVE-2012-3870
+	RESERVED
+CVE-2012-3869
+	RESERVED
+CVE-2012-3868
+	RESERVED
+CVE-2012-3867
+	RESERVED
+CVE-2012-3866
+	RESERVED
+CVE-2012-3865
+	RESERVED
+CVE-2012-3864
+	RESERVED
+CVE-2012-3862
+	RESERVED
+CVE-2012-3861
+	RESERVED
+CVE-2012-3860
+	RESERVED
+CVE-2012-3859
+	RESERVED
+CVE-2012-3858
+	RESERVED
+CVE-2012-3857
+	RESERVED
+CVE-2012-3856
+	RESERVED
+CVE-2012-3855
+	RESERVED
+CVE-2012-3854
+	RESERVED
+CVE-2012-3853
+	RESERVED
+CVE-2012-3852
+	RESERVED
+CVE-2012-3851
+	RESERVED
+CVE-2012-3850
+	RESERVED
+CVE-2012-3849
+	RESERVED
+CVE-2012-3848
+	RESERVED
+CVE-2012-3863 (Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, ...)
 	- asterisk <unfixed>
 CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 ...)
 	NOT-FOR-US: Windows utility
@@ -543,8 +611,8 @@
 	NOTE: net-update is disabled by default on Debian
 CVE-2012-3586
 	RESERVED
-CVE-2012-3585
-	RESERVED
+CVE-2012-3585 (Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) ...)
+	TODO: check
 CVE-2012-3584
 	RESERVED
 CVE-2012-3583
@@ -996,8 +1064,7 @@
 	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <removed>
-CVE-2012-3374 [Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5]
-	RESERVED
+CVE-2012-3374 (Buffer overflow in markup.c in the MXit protocol plugin in libpurple ...)
 	{DSA-2509-1}
 	- pidgin 2.10.6-1 (bug #680661)
 	[squeeze] - pidgin 2.7.3-1+squeeze3
@@ -1005,8 +1072,7 @@
 	NOTE: http://hg.pidgin.im/pidgin/main/rev/ded93865ef42
 CVE-2012-3373
 	RESERVED
-CVE-2012-3372 [traffic interception vulnerability in Cyberoam DPI devices]
-	RESERVED
+CVE-2012-3372 (** DISPUTED ** The default configuration of Cyberoam UTM appliances ...)
 	NOT-FOR-US: Cyberoam DPI devices
 	NOTE: https://blog.torproject.org/blog/security-vulnerability-found-cyberoam-dpi-devices-cve-2012-3372
 	NOTE: http://seclists.org/bugtraq/2012/Jul/20
@@ -2608,19 +2674,16 @@
 	RESERVED
 CVE-2012-2645
 	RESERVED
-CVE-2012-2644
-	RESERVED
+CVE-2012-2644 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 ...)
 	NOT-FOR-US: Movable Type MT4i plugin
-CVE-2012-2643
-	RESERVED
+CVE-2012-2643 (Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before ...)
 	NOT-FOR-US: KENT-WEB YY-BOARD
-CVE-2012-2642
-	RESERVED
+CVE-2012-2642 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 ...)
 	NOT-FOR-US: Movable Type MT4i plugin
-CVE-2012-2641
-	RESERVED
-CVE-2012-2640
-	RESERVED
+CVE-2012-2641 (Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 ...)
+	TODO: check
+CVE-2012-2640 (The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for ...)
+	TODO: check
 CVE-2012-2639
 	REJECTED
 	NOTE: Duplicate with CVE-2011-4940 http://www.openwall.com/lists/oss-security/2012/06/26/3
@@ -3292,8 +3355,7 @@
 CVE-2012-2387
 	RESERVED
 	- devotee <itp> (bug #470995)
-CVE-2012-2386 [phar integer overfow]
-	RESERVED
+CVE-2012-2386 (Integer overflow in the phar_parse_tarfile function in tar.c in the ...)
 	{DSA-2492-1}
 	- php5 5.4.4~rc1-1
 CVE-2012-2385 (The terminal dispatcher in mosh before 1.2.1 allows remote ...)
@@ -3618,8 +3680,7 @@
 	RESERVED
 CVE-2012-2282
 	RESERVED
-CVE-2012-2281
-	RESERVED
+CVE-2012-2281 (EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access ...)
 	NOT-FOR-US: RSA Access Manager
 	NOTE: http://seclists.org/bugtraq/2012/Jul/36
 CVE-2012-2280
@@ -3929,8 +3990,7 @@
 	- qpid-cpp 0.16-1 (bug #672124)
 CVE-2012-2144 (Session fixation vulnerability in OpenStack Dashboard (Horizon) ...)
 	- horizon 2012.1-4 (bug #671604)
-CVE-2012-2143
-	RESERVED
+CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before ...)
 	{DSA-2491-1}
 	- postgresql-9.1 9.1.4-1
 	- postgresql-8.4 8.4.12-1
@@ -4305,8 +4365,8 @@
 	RESERVED
 CVE-2012-2019
 	RESERVED
-CVE-2012-2018
-	RESERVED
+CVE-2012-2018 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...)
+	TODO: check
 CVE-2012-2017 (Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, ...)
 	NOT-FOR-US: HP Photosmart Wireless e-All-in-One
 CVE-2012-2016 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
@@ -8323,8 +8383,8 @@
 	RESERVED
 CVE-2012-0411
 	RESERVED
-CVE-2012-0410
-	RESERVED
+CVE-2012-0410 (Directory traversal vulnerability in WebAccess in Novell GroupWise ...)
+	TODO: check
 CVE-2012-0409 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before ...)
 	NOT-FOR-US: EMC
 CVE-2012-0408
@@ -8554,14 +8614,14 @@
 	RESERVED
 CVE-2012-0304 (Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions ...)
 	NOT-FOR-US: Symantec LiveUpdate Administrator
-CVE-2012-0303
-	RESERVED
-CVE-2012-0302
-	RESERVED
-CVE-2012-0301
-	RESERVED
-CVE-2012-0300
-	RESERVED
+CVE-2012-0303 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2012-0302 (Cross-site scripting (XSS) vulnerability in Brightmail Control Center ...)
+	TODO: check
+CVE-2012-0301 (Session fixation vulnerability in Brightmail Control Center in ...)
+	TODO: check
+CVE-2012-0300 (Brightmail Control Center in Symantec Message Filter 6.3 does not ...)
+	TODO: check
 CVE-2012-0299 (The file-management scripts in the management GUI in Symantec Web ...)
 	NOT-FOR-US: Symantec Web Gateway
 CVE-2012-0298 (The file-management scripts in the management GUI in Symantec Web ...)




More information about the Secure-testing-commits mailing list