[Secure-testing-commits] r19809 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu Jul 26 21:14:22 UTC 2012 

Author: joeyh
Date: 2012-07-26 21:14:22 +0000 (Thu, 26 Jul 2012)
New Revision: 19809

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-07-26 17:55:49 UTC (rev 19808)
+++ data/CVE/list	2012-07-26 21:14:22 UTC (rev 19809)
@@ -1,3 +1,31 @@
+CVE-2012-4061 (Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow ...)
+	TODO: check
+CVE-2012-4060 (Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow ...)
+	TODO: check
+CVE-2012-4059 (Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php ...)
+	TODO: check
+CVE-2012-4058 (Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 ...)
+	TODO: check
+CVE-2012-4057 (Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote ...)
+	TODO: check
+CVE-2012-4056 (SQL injection vulnerability in index2.php in Uiga Personal Portal ...)
+	TODO: check
+CVE-2012-4055 (SQL injection vulnerability in index2.php in Uiga Fan Club allows ...)
+	TODO: check
+CVE-2012-4054 (Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 ...)
+	TODO: check
+CVE-2012-4053 (Cross-site request forgery (CSRF) vulnerability in eZOE flash player ...)
+	TODO: check
+CVE-2012-4052
+	RESERVED
+CVE-2012-4051
+	RESERVED
+CVE-2007-6754 (The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for ...)
+	TODO: check
+CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in ...)
+	TODO: check
+CVE-2005-4895 (Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools ...)
+	TODO: check
 CVE-2012-XXXX [XSA-10: HVM guest user mode MMIO emulation DoS vulnerability]
 	TODO: check
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/26/4
@@ -210,6 +238,7 @@
 CVE-2012-3955
 	RESERVED
 CVE-2012-3954 (Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and ...)
+	{DSA-2516-1}
 	- isc-dhcp <unfixed>
 	NOTE: https://kb.isc.org/article/AA-00737
 CVE-2012-3953
@@ -753,80 +782,80 @@
 	RESERVED
 CVE-2012-3698
 	RESERVED
-CVE-2012-3697
-	RESERVED
-CVE-2012-3696
-	RESERVED
-CVE-2012-3695
-	RESERVED
-CVE-2012-3694
-	RESERVED
-CVE-2012-3693
-	RESERVED
+CVE-2012-3697 (WebKit in Apple Safari before 6.0 does not properly handle file: URLs, ...)
+	TODO: check
+CVE-2012-3696 (CRLF injection vulnerability in WebKit in Apple Safari before 6.0 ...)
+	TODO: check
+CVE-2012-3695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
+	TODO: check
+CVE-2012-3694 (WebKit in Apple Safari before 6.0 does not properly handle ...)
+	TODO: check
+CVE-2012-3693 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...)
+	TODO: check
 CVE-2012-3692
 	RESERVED
-CVE-2012-3691
-	RESERVED
-CVE-2012-3690
-	RESERVED
-CVE-2012-3689
-	RESERVED
+CVE-2012-3691 (WebKit in Apple Safari before 6.0 does not properly handle Cascading ...)
+	TODO: check
+CVE-2012-3690 (WebKit in Apple Safari before 6.0 does not properly handle ...)
+	TODO: check
+CVE-2012-3689 (WebKit in Apple Safari before 6.0 does not properly handle ...)
+	TODO: check
 CVE-2012-3688
 	RESERVED
 CVE-2012-3687
 	RESERVED
-CVE-2012-3686
-	RESERVED
+CVE-2012-3686 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3685
 	RESERVED
 CVE-2012-3684
 	RESERVED
-CVE-2012-3683
-	RESERVED
-CVE-2012-3682
-	RESERVED
-CVE-2012-3681
-	RESERVED
-CVE-2012-3680
-	RESERVED
-CVE-2012-3679
-	RESERVED
-CVE-2012-3678
-	RESERVED
+CVE-2012-3683 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3682 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3681 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3680 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3679 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3678 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3677
 	RESERVED
 CVE-2012-3676
 	RESERVED
 CVE-2012-3675
 	RESERVED
-CVE-2012-3674
-	RESERVED
+CVE-2012-3674 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3673
 	RESERVED
 CVE-2012-3672
 	RESERVED
 CVE-2012-3671
 	RESERVED
-CVE-2012-3670
-	RESERVED
-CVE-2012-3669
-	RESERVED
-CVE-2012-3668
-	RESERVED
-CVE-2012-3667
-	RESERVED
-CVE-2012-3666
-	RESERVED
-CVE-2012-3665
-	RESERVED
-CVE-2012-3664
-	RESERVED
-CVE-2012-3663
-	RESERVED
+CVE-2012-3670 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3669 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3668 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3667 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3666 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3665 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3664 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3663 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3662
 	RESERVED
-CVE-2012-3661
-	RESERVED
+CVE-2012-3661 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3660
 	RESERVED
 CVE-2012-3659
@@ -835,70 +864,70 @@
 	RESERVED
 CVE-2012-3657
 	RESERVED
-CVE-2012-3656
-	RESERVED
-CVE-2012-3655
-	RESERVED
+CVE-2012-3656 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3655 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3654
 	RESERVED
-CVE-2012-3653
-	RESERVED
+CVE-2012-3653 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3652
 	RESERVED
 CVE-2012-3651
 	RESERVED
-CVE-2012-3650
-	RESERVED
+CVE-2012-3650 (WebKit in Apple Safari before 6.0 accesses uninitialized memory ...)
+	TODO: check
 CVE-2012-3649
 	RESERVED
 CVE-2012-3648
 	RESERVED
 CVE-2012-3647
 	RESERVED
-CVE-2012-3646
-	RESERVED
-CVE-2012-3645
-	RESERVED
-CVE-2012-3644
-	RESERVED
+CVE-2012-3646 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3645 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3644 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3643
 	RESERVED
-CVE-2012-3642
-	RESERVED
-CVE-2012-3641
-	RESERVED
-CVE-2012-3640
-	RESERVED
-CVE-2012-3639
-	RESERVED
-CVE-2012-3638
-	RESERVED
-CVE-2012-3637
-	RESERVED
-CVE-2012-3636
-	RESERVED
-CVE-2012-3635
-	RESERVED
-CVE-2012-3634
-	RESERVED
-CVE-2012-3633
-	RESERVED
+CVE-2012-3642 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3641 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3640 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3639 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3638 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3637 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3636 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3635 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3634 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3633 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3632
 	RESERVED
-CVE-2012-3631
-	RESERVED
-CVE-2012-3630
-	RESERVED
-CVE-2012-3629
-	RESERVED
-CVE-2012-3628
-	RESERVED
-CVE-2012-3627
-	RESERVED
-CVE-2012-3626
-	RESERVED
-CVE-2012-3625
-	RESERVED
+CVE-2012-3631 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3630 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3629 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3628 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3627 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3626 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3625 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3624
 	RESERVED
 CVE-2012-3623
@@ -907,70 +936,70 @@
 	RESERVED
 CVE-2012-3621
 	RESERVED
-CVE-2012-3620
-	RESERVED
+CVE-2012-3620 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3619
 	RESERVED
-CVE-2012-3618
-	RESERVED
+CVE-2012-3618 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3617
 	RESERVED
 CVE-2012-3616
 	RESERVED
-CVE-2012-3615
-	RESERVED
+CVE-2012-3615 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3614
 	RESERVED
 CVE-2012-3613
 	RESERVED
 CVE-2012-3612
 	RESERVED
-CVE-2012-3611
-	RESERVED
-CVE-2012-3610
-	RESERVED
-CVE-2012-3609
-	RESERVED
-CVE-2012-3608
-	RESERVED
+CVE-2012-3611 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3610 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3609 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3608 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3607
 	RESERVED
 CVE-2012-3606
 	RESERVED
-CVE-2012-3605
-	RESERVED
-CVE-2012-3604
-	RESERVED
-CVE-2012-3603
-	RESERVED
+CVE-2012-3605 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3604 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3603 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3602
 	RESERVED
 CVE-2012-3601
 	RESERVED
-CVE-2012-3600
-	RESERVED
-CVE-2012-3599
-	RESERVED
+CVE-2012-3600 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3599 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3598
 	RESERVED
-CVE-2012-3597
-	RESERVED
-CVE-2012-3596
-	RESERVED
-CVE-2012-3595
-	RESERVED
-CVE-2012-3594
-	RESERVED
-CVE-2012-3593
-	RESERVED
-CVE-2012-3592
-	RESERVED
-CVE-2012-3591
-	RESERVED
-CVE-2012-3590
-	RESERVED
-CVE-2012-3589
-	RESERVED
+CVE-2012-3597 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3596 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3595 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3594 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3593 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3592 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3591 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3590 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-3589 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-3588 (Directory traversal vulnerability in preview.php in the Plugin ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2012-3587 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the ...)
@@ -1009,6 +1038,7 @@
 CVE-2011-5094 (** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with ...)
 	NOTE: Disputed NSS issue
 CVE-2012-3571 (ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows ...)
+	{DSA-2516-1}
 	- isc-dhcp <unfixed>
 	NOTE: https://kb.isc.org/article/AA-00712
 CVE-2012-3570 (Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is ...)
@@ -2259,8 +2289,8 @@
 	RESERVED
 CVE-2012-3016
 	RESERVED
-CVE-2012-3015
-	RESERVED
+CVE-2012-3015 (Untrusted search path vulnerability in Siemens SIMATIC STEP7 before ...)
+	TODO: check
 CVE-2012-3014
 	RESERVED
 CVE-2012-3013
@@ -2279,8 +2309,8 @@
 	NOT-FOR-US: Not in Debian
 CVE-2012-3006 (The Innominate mGuard Smart HW before HW-101130 and BD before ...)
 	NOT-FOR-US: Innominate mGuard Smart
-CVE-2012-3005
-	RESERVED
+CVE-2012-3005 (Untrusted search path vulnerability in Invensys Wonderware InTouch ...)
+	TODO: check
 CVE-2012-3004
 	RESERVED
 CVE-2012-3003 (Open redirect vulnerability in an unspecified web application in ...)
@@ -2813,8 +2843,7 @@
 	- serendipity <not-affected> (vulnerable code not present in 1.5.1, see bug #678139)
 CVE-2012-2761
 	RESERVED
-CVE-2012-2760
-	RESERVED
+CVE-2012-2760 (mod_auth_openid before 0.7 for Apache uses world-readable permissions ...)
 	- libapache2-mod-auth-openid 0.7-0.1 (bug #674165)
 CVE-2012-2759 (Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the ...)
 	NOT-FOR-US: Wordpress plugin
@@ -3021,21 +3050,16 @@
 	NOT-FOR-US: Red Hat Network configuration client
 CVE-2012-2678 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server ...)
 	- 389-ds <not-affected> (Fixed before initial upload)
-CVE-2012-2677
-	RESERVED
+CVE-2012-2677 (Integer overflow in the ordered_malloc function in boost/pool/pool.hpp ...)
 	- boost1.42 <removed>
 	- boost1.49 1.49.0-3.1 (bug #677197)
-CVE-2012-2676
-	RESERVED
+CVE-2012-2676 (Multiple integer overflows in the (1) malloc and (2) calloc functions ...)
 	NOT-FOR-US: Hoard memory allocator
-CVE-2012-2675
-	RESERVED
+CVE-2012-2675 (Multiple integer overflows in the (1) CallMalloc (malloc) and (2) ...)
 	NOT-FOR-US: nedmalloc
-CVE-2012-2674
-	RESERVED
+CVE-2012-2674 (Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and ...)
 	NOT-FOR-US: Android libc
-CVE-2012-2673
-	RESERVED
+CVE-2012-2673 (Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc ...)
 	- libgc 1:7.1-9 (bug #677195)
 CVE-2012-2672 (Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext ...)
 	- mojarra <not-affected> (Only affected in combination with EAP6/AS7 application servers, bug #677194)
@@ -3537,8 +3561,8 @@
 	RESERVED
 CVE-2012-2443
 	RESERVED
-CVE-2012-2442
-	RESERVED
+CVE-2012-2442 (Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and ...)
+	TODO: check
 CVE-2012-2441 (RuggedCom Rugged Operating System (ROS) before 3.3 has a factory ...)
 	NOT-FOR-US: RuggedCom Rugged Operating System
 CVE-2012-2440 (The default configuration of the TP-Link 8840T router enables ...)
@@ -4037,31 +4061,24 @@
 	NOTE: This CVE ID is for the initial incomplete fix for CVE-2012-1823
 	NOTE: http://www.kb.cert.org/vuls/id/520827
 	NOTE: http://osvdb.org/show/osvdb/81633
-CVE-2012-2310 [Drupal SA-CONTRIB-2012-072 - cctags - XSS ]
-	RESERVED
+CVE-2012-2310 (Cross-site scripting (XSS) vulnerability in the cctags module for ...)
 	NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2309 [Drupal SA-CONTRIB-2012-071 - Glossify - XSS ]
-	RESERVED
+CVE-2012-2309 (Cross-site scripting (XSS) vulnerability in the Glossify Internal ...)
 	NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2308 [Drupal SA-CONTRIB-2012-070 - Taxonomy Grid : Catalog - XSS]
-	RESERVED
+CVE-2012-2308 (Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : ...)
 	NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2307 [Drupal SA-CONTRIB-2012-069 - Addressbook - CSRF ]
-	RESERVED
+CVE-2012-2307 (Cross-site request forgery (CSRF) vulnerability in the Addressbook ...)
 	NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2306 [Drupal SA-CONTRIB-2012-069 - Addressbook - SQL Injection]
-	RESERVED
+CVE-2012-2306 (SQL injection vulnerability in the Addressbook module for Drupal ...)
 	NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2305 [Drupal SA-CONTRIB-2012-068 - Node Gallery - CSRF]
-	RESERVED
+CVE-2012-2305 (Cross-site request forgery (CSRF) vulnerability in the Node Gallery ...)
 	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2304 [Drupal SA-CONTRIB-2012-067 - Linkit - Access bypass]
 	RESERVED
 	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2303 (The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce ...)
 	NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2302 [Drupal SA-CONTRIB-2012-065 - Sitedoc - Information disclosure]
-	RESERVED
+CVE-2012-2302 (Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 ...)
 	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2301 [Drupal SA-CONTRIB-2012-064 - Ubercart - Arbitrary PHP Execution]
 	RESERVED
@@ -4078,8 +4095,7 @@
 CVE-2012-2297 [Drupal SA-CONTRIB-2012-062 - Creative Commons - XSS]
 	RESERVED
 	NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2296 [Drupal SA-CONTRIB-2012-056 - Janrain Engage - Sensitive Data ...]
-	RESERVED
+CVE-2012-2296 (The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x ...)
 	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2295
 	RESERVED
@@ -4389,8 +4405,7 @@
 	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2153
 	RESERVED
-CVE-2012-2152 [dhcpcd 3.2.3 remote stack overflow / denial of service]
-	RESERVED
+CVE-2012-2152 (Stack-based buffer overflow in the get_packet method in socket.c in ...)
 	{DSA-2498-1}
 	- dhcpcd 1:3.2.3-11 (bug #671265)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/05/02/4
@@ -6000,8 +6015,8 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2012-1521 (Use-after-free vulnerability in the XML parser in Google Chrome before ...)
 	- chromium-browser 18.0.1025.168~r134367-1
-CVE-2012-1520
-	RESERVED
+CVE-2012-1520 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-1519
 	RESERVED
 CVE-2012-1518 (VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, ...)
@@ -8066,18 +8081,18 @@
 	NOT-FOR-US: XnView
 CVE-2012-0684 (Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote ...)
 	NOT-FOR-US: XnView
-CVE-2012-0683
-	RESERVED
-CVE-2012-0682
-	RESERVED
+CVE-2012-0683 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
+CVE-2012-0682 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
+	TODO: check
 CVE-2012-0681
 	RESERVED
-CVE-2012-0680
-	RESERVED
-CVE-2012-0679
-	RESERVED
-CVE-2012-0678
-	RESERVED
+CVE-2012-0680 (Apple Safari before 6.0 does not properly handle the autocomplete ...)
+	TODO: check
+CVE-2012-0679 (Apple Safari before 6.0 allows remote attackers to read arbitrary ...)
+	TODO: check
+CVE-2012-0678 (Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 ...)
+	TODO: check
 CVE-2012-0677 (Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote ...)
 	NOT-FOR-US: Apple iTunes
 CVE-2012-0676 (WebKit in Apple Safari before 5.1.7 does not properly track state ...)

More information about the Secure-testing-commits mailing list