[Secure-testing-commits] r19623 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu Jun 28 21:14:29 UTC 2012 

Author: joeyh
Date: 2012-06-28 21:14:29 +0000 (Thu, 28 Jun 2012)
New Revision: 19623

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-06-28 21:03:45 UTC (rev 19622)
+++ data/CVE/list	2012-06-28 21:14:29 UTC (rev 19623)
@@ -1,5 +1,33 @@
-CVE-2012-3802 [SA-CONTRIB-2012-079 Post Affiliate Pro unspecified read of commisions]
+CVE-2012-3816 (WinRadius Server 2009 allows remote attackers to cause a denial of ...)
 	TODO: check
+CVE-2012-3815 (Buffer overflow in RunTime.exe in Sielco Sistemi Winlog 2.07.14 and ...)
+	TODO: check
+CVE-2012-3814 (Unrestricted file upload vulnerability in font-upload.php in the Font ...)
+	TODO: check
+CVE-2012-3813
+	RESERVED
+CVE-2012-3812
+	RESERVED
+CVE-2012-3811
+	RESERVED
+CVE-2012-3810
+	RESERVED
+CVE-2012-3809
+	RESERVED
+CVE-2012-3808
+	RESERVED
+CVE-2012-3807
+	RESERVED
+CVE-2012-3806
+	RESERVED
+CVE-2012-3805
+	RESERVED
+CVE-2012-3804
+	RESERVED
+CVE-2012-3803
+	RESERVED
+CVE-2012-3802 (Unspecified vulnerability in the Post Affiliate Pro (PAP) module for ...)
+	TODO: check
 	NOTE: http://www.openwall.com/lists/oss-security/2012/06/27/10
 CVE-2012-3801 (The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not ...)
 	TODO: check
@@ -877,6 +905,7 @@
 	RESERVED
 CVE-2012-3366
 	RESERVED
+	{DSA-2503-1}
 	- bcfg2 <unfixed> (bug #679272)
 CVE-2012-3365
 	RESERVED
@@ -1172,8 +1201,8 @@
 	RESERVED
 CVE-2012-3232
 	RESERVED
-CVE-2012-3231
-	RESERVED
+CVE-2012-3231 (Multiple cross-site request forgery (CSRF) vulnerabilities in web at all ...)
+	TODO: check
 CVE-2012-3230
 	RESERVED
 CVE-2012-3229
@@ -2189,12 +2218,10 @@
 	RESERVED
 CVE-2012-2744
 	RESERVED
-CVE-2012-2743 [Doesn't iterate the passphrase through SHA algorithm to ... ]
-	RESERVED
+CVE-2012-2743 (Revelation 0.4.13-2 and earlier does not iterate through SHA hashing ...)
 	- revelation 0.4.11-10 (bug #633088)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
-CVE-2012-2742 [Limits effective password length to 32 characters]
-	RESERVED
+CVE-2012-2742 (Revelation 0.4.13-2 and earlier uses only the first 32 characters of a ...)
 	- revelation 0.4.11-10 (bug #633088)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
 CVE-2012-2741 [phplist before 2.10.18 XSS]
@@ -2260,8 +2287,8 @@
 	TODO: check
 CVE-2012-2718 (SQL injection vulnerability in the Counter module for Drupal allows ...)
 	NOT-FOR-US: Drupal module
-CVE-2012-2717
-	RESERVED
+CVE-2012-2717 (Multiple cross-site scripting (XSS) vulnerabilities in the Mobile ...)
+	TODO: check
 CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment ...)
 	NOT-FOR-US: Drupal module
 CVE-2012-2715 (Cross-site scripting (XSS) vulnerability in the themes_links function ...)
@@ -2277,7 +2304,7 @@
 CVE-2012-2710 (Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x ...)
 	TODO: check
 CVE-2012-2709
-	REJECTED
+	RESERVED
 	NOTE: http://www.openwall.com/lists/oss-security/2012/06/27/10
 CVE-2012-2708 (Cross-site scripting (XSS) vulnerability in the ...)
 	TODO: check
@@ -2861,8 +2888,7 @@
 	RESERVED
 CVE-2012-2446
 	RESERVED
-CVE-2012-2451 [libconfig-inifiles-perl insecure temporary file creation]
-	RESERVED
+CVE-2012-2451 (The Config::IniFiles module before 2.71 for Perl creates temporary ...)
 	- libconfig-inifiles-perl 2.72-1 (bug #671255; low)
 	[squeeze] - libconfig-inifiles-perl <no-dsa> (Will be fixed in spu upload)
 	NOTE: https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
@@ -3134,8 +3160,7 @@
 CVE-2012-2389 (hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 ...)
 	- hostapd <not-affected> (Debian package provides no default config file)
 	- wpa <not-affected> (Debian package provides no default config file)
-CVE-2012-2388
-	RESERVED
+CVE-2012-2388 (The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote ...)
 	{DSA-2483-1}
 	- strongswan 4.5.2-1.4
 CVE-2012-2387
@@ -4214,8 +4239,7 @@
 	RESERVED
 CVE-2012-1990 (Multiple cross-site scripting (XSS) vulnerabilities in Schneider ...)
 	NOT-FOR-US: Schneider Electric Kerweb
-CVE-2012-1989
-	RESERVED
+CVE-2012-1989 (telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) ...)
 	- puppet 2.7.13-1
 	[squeeze] - puppet <not-affected> (Only affects 2.7.x)
 CVE-2012-1988 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet ...)
@@ -8745,12 +8769,10 @@
 	RESERVED
 	- silverstripe <itp> (bug #528461)
 	NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2011-4957
-	RESERVED
+CVE-2011-4957 (The make_clickable function in wp-includes/formatting.php in WordPress ...)
 	{DSA-2470-1}
 	- wordpress 3.2.1+dfsg-1
-CVE-2011-4956
-	RESERVED
+CVE-2011-4956 (Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 ...)
 	{DSA-2470-1}
 	- wordpress 3.2.1+dfsg-1
 CVE-2011-4955
@@ -9274,7 +9296,7 @@
 	RESERVED
 	{DSA-2501-1}
 	- xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
-CVE-2012-0217 (The User Mode Scheduler in the kernel in Microsoft Windows Server 2008 ...)
+CVE-2012-0217 (The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, ...)
 	{DSA-2501-1}
 	- xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
 	- kfreebsd-8 8.3-4 (bug #677297)
@@ -16251,6 +16273,7 @@
 	- libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901)
 CVE-2011-2730
 	RESERVED
+	{DSA-2504-1}
 	- libspring-2.5-java <unfixed> (bug #677814)
 CVE-2011-2729 (native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 ...)
 	- commons-daemon 1.0.7-1

More information about the Secure-testing-commits mailing list