[Secure-testing-commits] r19707 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Jul 10 21:14:35 UTC 2012 

Author: joeyh
Date: 2012-07-10 21:14:35 +0000 (Tue, 10 Jul 2012)
New Revision: 19707

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-07-10 16:08:48 UTC (rev 19706)
+++ data/CVE/list	2012-07-10 21:14:35 UTC (rev 19707)
@@ -1,3 +1,5 @@
+CVE-2012-3883
+	RESERVED
 CVE-2012-3882
 	RESERVED
 CVE-2012-3881
@@ -42,8 +44,8 @@
 	RESERVED
 CVE-2012-3860
 	RESERVED
-CVE-2012-3859
-	RESERVED
+CVE-2012-3859 (Unspecified vulnerability in the WebAdmin Portal in Netsweeper has ...)
+	TODO: check
 CVE-2012-3858
 	RESERVED
 CVE-2012-3857
@@ -66,7 +68,7 @@
 	RESERVED
 CVE-2012-3848
 	RESERVED
-CVE-2012-3863 (Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, ...)
+CVE-2012-3863 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and ...)
 	- asterisk <unfixed>
 CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 ...)
 	NOT-FOR-US: Windows utility
@@ -153,8 +155,7 @@
 	NOT-FOR-US: Wordpress plugin
 CVE-2012-3813
 	RESERVED
-CVE-2012-3812 [AST-2012-011: Remote crash vulnerability in voice mail application]
-	RESERVED
+CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk Open ...)
 	- asterisk <unfixed> (bug #680470)
 CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the ...)
 	NOT-FOR-US: Not in Debian
@@ -1390,8 +1391,8 @@
 	RESERVED
 CVE-2012-3239
 	RESERVED
-CVE-2012-3238
-	RESERVED
+CVE-2012-3238 (Cross-site scripting (XSS) vulnerability in the Backup/Restore ...)
+	TODO: check
 CVE-2012-3237
 	RESERVED
 CVE-2012-3236
@@ -1932,8 +1933,8 @@
 	RESERVED
 CVE-2012-2971
 	RESERVED
-CVE-2012-2970
-	RESERVED
+CVE-2012-2970 (The Synel SY-780/A Time & Attendance terminal allows remote attackers ...)
+	TODO: check
 CVE-2012-2969
 	RESERVED
 CVE-2012-2968
@@ -3088,10 +3089,10 @@
 	NOT-FOR-US: VMware
 CVE-2012-2448 (VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote ...)
 	NOT-FOR-US: VMware
-CVE-2012-2447
-	RESERVED
-CVE-2012-2446
-	RESERVED
+CVE-2012-2447 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2012-2446 (Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in ...)
+	TODO: check
 CVE-2012-2451 (The Config::IniFiles module before 2.71 for Perl creates temporary ...)
 	- libconfig-inifiles-perl 2.72-1 (bug #671255; low)
 	[squeeze] - libconfig-inifiles-perl <no-dsa> (Will be fixed in spu upload)
@@ -4020,8 +4021,7 @@
 CVE-2012-2139
 	RESERVED
 	- ruby-mail 2.4.4-1
-CVE-2012-2138 [Apache Sling denial of service vulnerability]
-	RESERVED
+CVE-2012-2138 (The @CopyFrom operation in the POST servlet in the ...)
 	NOT-FOR-US: Apache Sling
 	NOTE: http://lists.grok.org.uk/pipermail/full-disclosure/2012-July/087554.html
 CVE-2012-2137
@@ -5608,8 +5608,8 @@
 	- libxml-atom-perl 0.39-1 (medium)
 CVE-2012-1494
 	RESERVED
-CVE-2012-1493
-	RESERVED
+CVE-2012-1493 (F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x ...)
+	TODO: check
 CVE-2012-1492
 	RESERVED
 CVE-2012-1491

More information about the Secure-testing-commits mailing list