[Secure-testing-commits] r19110 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue May 1 21:14:30 UTC 2012
Author: joeyh
Date: 2012-05-01 21:14:30 +0000 (Tue, 01 May 2012)
New Revision: 19110
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-05-01 19:26:56 UTC (rev 19109)
+++ data/CVE/list 2012-05-01 21:14:30 UTC (rev 19110)
@@ -1,9 +1,199 @@
-CVE-2012-2416 [http://downloads.asterisk.org/pub/security/AST-2012-006.html]
+CVE-2012-2445
+ RESERVED
+CVE-2012-2444
+ RESERVED
+CVE-2012-2443
+ RESERVED
+CVE-2012-2442
+ RESERVED
+CVE-2012-2441 (RuggedCom Rugged Operating System (ROS) before 3.3 has a factory ...)
+ TODO: check
+CVE-2012-2440 (The default configuration of the TP-Link 8840T router enables ...)
+ TODO: check
+CVE-2012-2439 (The default configuration of the NETGEAR ProSafe FVS318N firewall ...)
+ TODO: check
+CVE-2012-2438
+ RESERVED
+CVE-2012-2437
+ RESERVED
+CVE-2012-2436
+ RESERVED
+CVE-2012-2435
+ RESERVED
+CVE-2012-2434
+ RESERVED
+CVE-2012-2433
+ RESERVED
+CVE-2012-2432
+ RESERVED
+CVE-2012-2431
+ RESERVED
+CVE-2012-2430
+ RESERVED
+CVE-2012-2429
+ RESERVED
+CVE-2012-2428
+ RESERVED
+CVE-2012-2427
+ RESERVED
+CVE-2012-2426
+ RESERVED
+CVE-2012-2425 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...)
+ TODO: check
+CVE-2012-2424 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...)
+ TODO: check
+CVE-2012-2423 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...)
+ TODO: check
+CVE-2012-2422 (Intuit QuickBooks 2009 through 2012 might allow remote attackers to ...)
+ TODO: check
+CVE-2012-2421 (Absolute path traversal vulnerability in the intu-help-qb (aka Intuit ...)
+ TODO: check
+CVE-2012-2420 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...)
+ TODO: check
+CVE-2012-2419 (Memory leak in the intu-help-qb (aka Intuit Help System Async ...)
+ TODO: check
+CVE-2012-2418 (Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System ...)
+ TODO: check
+CVE-2012-2417
+ RESERVED
+CVE-2012-2413
+ RESERVED
+CVE-2012-2412
+ RESERVED
+CVE-2012-2411
+ RESERVED
+CVE-2012-2410
+ RESERVED
+CVE-2012-2409
+ RESERVED
+CVE-2012-2408
+ RESERVED
+CVE-2012-2407
+ RESERVED
+CVE-2012-2406
+ RESERVED
+CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement ...)
+ TODO: check
+CVE-2012-2404 (wp-comments-post.php in WordPress before 3.3.2 supports offsite ...)
+ TODO: check
+CVE-2012-2403 (wp-includes/formatting.php in WordPress before 3.3.2 attempts to ...)
+ TODO: check
+CVE-2012-2402 (wp-admin/plugins.php in WordPress before 3.3.2 allows remote ...)
+ TODO: check
+CVE-2012-2401 (Plupload before 1.5.4, as used in wp-includes/js/plupload/ in ...)
+ TODO: check
+CVE-2012-2400 (Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress ...)
+ TODO: check
+CVE-2012-2399 (Unspecified vulnerability in wp-includes/js/swfupload/swfupload.swf in ...)
+ TODO: check
+CVE-2010-5136
+ RESERVED
+CVE-2010-5135
+ RESERVED
+CVE-2010-5134
+ RESERVED
+CVE-2010-5133
+ RESERVED
+CVE-2010-5132
+ RESERVED
+CVE-2010-5131
+ RESERVED
+CVE-2010-5130
+ RESERVED
+CVE-2010-5129
+ RESERVED
+CVE-2010-5128
+ RESERVED
+CVE-2010-5127
+ RESERVED
+CVE-2010-5126
+ RESERVED
+CVE-2010-5125
+ RESERVED
+CVE-2010-5124
+ RESERVED
+CVE-2010-5123
+ RESERVED
+CVE-2010-5122
+ RESERVED
+CVE-2010-5121
+ RESERVED
+CVE-2010-5120
+ RESERVED
+CVE-2010-5119
+ RESERVED
+CVE-2010-5118
+ RESERVED
+CVE-2010-5117
+ RESERVED
+CVE-2010-5116
+ RESERVED
+CVE-2010-5115
+ RESERVED
+CVE-2010-5114
+ RESERVED
+CVE-2010-5113
+ RESERVED
+CVE-2010-5112
+ RESERVED
+CVE-2010-5111
+ RESERVED
+CVE-2010-5110
+ RESERVED
+CVE-2010-5109
+ RESERVED
+CVE-2010-5108
+ RESERVED
+CVE-2010-5107
+ RESERVED
+CVE-2010-5106
+ RESERVED
+CVE-2010-5105
+ RESERVED
+CVE-2010-5104
+ RESERVED
+CVE-2010-5103
+ RESERVED
+CVE-2010-5102
+ RESERVED
+CVE-2010-5101
+ RESERVED
+CVE-2010-5100
+ RESERVED
+CVE-2010-5099
+ RESERVED
+CVE-2010-5098
+ RESERVED
+CVE-2010-5097
+ RESERVED
+CVE-2010-5096
+ RESERVED
+CVE-2010-5095
+ RESERVED
+CVE-2010-5094
+ RESERVED
+CVE-2010-5093
+ RESERVED
+CVE-2010-5092
+ RESERVED
+CVE-2010-5091
+ RESERVED
+CVE-2010-5090
+ RESERVED
+CVE-2010-5089
+ RESERVED
+CVE-2010-5088
+ RESERVED
+CVE-2010-5087
+ RESERVED
+CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x ...)
- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
[squeeze] - asterisk <not-affected> (Vulnerable code not present)
-CVE-2012-2415
+CVE-2012-2415 (Heap-based buffer overflow in chan_skinny.c in the Skinny channel ...)
+ {DSA-2460-1}
- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
-CVE-2012-2414
+CVE-2012-2414 (main/manager.c in the Manager Interface in Asterisk Open Source ...)
+ {DSA-2460-1}
- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
CVE-2012-2398 (Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ...)
NOT-FOR-US: ownCloud
@@ -341,8 +531,8 @@
NOT-FOR-US: PHP Gift Registry
CVE-2012-2235
RESERVED
-CVE-2012-2234
- RESERVED
+CVE-2012-2234 (Cross-site scripting (XSS) vulnerability in sources/users.queries.php ...)
+ TODO: check
CVE-2012-2233
RESERVED
CVE-2012-2232
@@ -387,10 +577,10 @@
NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2012-2214
RESERVED
-CVE-2012-2213
- RESERVED
-CVE-2012-2212
- RESERVED
+CVE-2012-2213 (** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the ...)
+ TODO: check
+CVE-2012-2212 (** DISPUTED ** McAfee Web Gateway 7.0 allows remote attackers to ...)
+ TODO: check
CVE-2012-2211
RESERVED
CVE-2012-XXXX [libpng electric fence crash]
@@ -539,9 +729,9 @@
CVE-2012-2142
RESERVED
CVE-2012-2141 [Array index error, leading to out-of heap-based buffer read (snmpd crash)]
+ RESERVED
- net-snmp <unfixed>
NOTE: Red Hat patch: https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff
- RESERVED
CVE-2012-2140
RESERVED
CVE-2012-2139
@@ -553,6 +743,7 @@
CVE-2012-2136
RESERVED
CVE-2012-2135 [Python UTF-16 decoder crasher]
+ RESERVED
- python3.1 <unfixed> (bug #670389)
- python3.2 <unfixed> (bug #670389)
- python3.3 <unfixed>
@@ -565,8 +756,8 @@
RESERVED
TODO: check
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=758431
-CVE-2012-2131 [ASN1 BIO incomplete fix]
- RESERVED
+CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in ...)
+ {DSA-2454-2}
- openssl <not-affected> (only affected patch against 0.9.8)
NOTE: http://marc.info/?l=openssl-dev&m=133525318514423&w=2
CVE-2012-2130
@@ -629,8 +820,7 @@
{DSA-2455-1}
- typo3-src <unfixed> (bug #669158)
NOTE: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/
-CVE-2012-2111 [Incorrect permission checks when granting/removing privileges]
- RESERVED
+CVE-2012-2111 (The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) ...)
- samba <unfixed>
NOTE: http://www.samba.org/samba/history/samba-3.6.5.html
NOTE: According to the release notes Samba 3.4.x to 3.6.4 are affected
@@ -1346,8 +1536,8 @@
NOT-FOR-US: Koyo ECOM
CVE-2012-1804
RESERVED
-CVE-2012-1803
- RESERVED
+CVE-2012-1803 (RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a ...)
+ TODO: check
CVE-2012-1802 (Buffer overflow in the embedded web server on the Siemens Scalance X ...)
NOT-FOR-US: Siemens Scalance X
CVE-2012-1801 (Multiple stack-based buffer overflows in (1) COM and (2) ActiveX ...)
@@ -1358,6 +1548,7 @@
NOT-FOR-US: Siemens Scalance S
CVE-2012-1798
RESERVED
+ {DSA-2462-1}
- imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-1797 (IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has ...)
NOT-FOR-US: IBM DB2
@@ -1812,6 +2003,7 @@
- joomla <itp> (bug #571794)
CVE-2012-1610
RESERVED
+ {DSA-2462-1}
- imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-1609
RESERVED
@@ -1903,8 +2095,7 @@
- dietlibc 0.33~cvs20120325-1 (unimportant)
CVE-2012-1576
RESERVED
-CVE-2012-1575
- RESERVED
+CVE-2012-1575 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before ...)
NOT-FOR-US: cumin
CVE-2012-1574 (The Kerberos/MapReduce security functionality in Apache Hadoop ...)
NOT-FOR-US: Apache Hadoop
@@ -2028,8 +2219,8 @@
RESERVED
CVE-2012-1522
RESERVED
-CVE-2012-1521
- RESERVED
+CVE-2012-1521 (Use-after-free vulnerability in the XML parser in Google Chrome before ...)
+ TODO: check
CVE-2012-1520
RESERVED
CVE-2012-1519
@@ -2603,14 +2794,14 @@
RESERVED
CVE-2012-1246
RESERVED
-CVE-2012-1245
- RESERVED
-CVE-2012-1244
- RESERVED
-CVE-2012-1243
- RESERVED
-CVE-2012-1242
- RESERVED
+CVE-2012-1245 (Cross-site scripting (XSS) vulnerability in the cleanup_urls function ...)
+ TODO: check
+CVE-2012-1244 (The NTT DOCOMO sp mode mail application 5400 and earlier for Android ...)
+ TODO: check
+CVE-2012-1243 (The TwitRocker2 application before 1.0.23 for Android does not ...)
+ TODO: check
+CVE-2012-1242 (Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, ...)
+ TODO: check
CVE-2012-1241 (GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 ...)
NOT-FOR-US: ActiveScriptRuby
CVE-2012-1240 (Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo ...)
@@ -2740,9 +2931,11 @@
[squeeze] - bitlbee <no-dsa> (Minor issue)
CVE-2012-1186
RESERVED
+ {DSA-2462-1}
- imagemagick 8:6.6.9.7-7 (bug #665007)
CVE-2012-1185
RESERVED
+ {DSA-2462-1}
- imagemagick 8:6.6.9.7-7 (bug #665007)
CVE-2012-1184 [Asterisk: Stack Buffer Overflow in HTTP Manager]
RESERVED
@@ -2750,6 +2943,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
CVE-2012-1183 [Asterisk: Remote Crash Vulnerability in Milliwatt Application]
RESERVED
+ {DSA-2460-1}
- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before ...)
@@ -2891,80 +3085,61 @@
CVE-2012-1145
RESERVED
NOT-FOR-US: RHN Satellite
-CVE-2012-1144
- RESERVED
+CVE-2012-1144 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
{DSA-2428-1}
- freetype 2.4.9-1 (bug #662864)
-CVE-2012-1143
- RESERVED
+CVE-2012-1143 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
- freetype 2.4.9-1 (unimportant; bug #662864)
NOTE: Crash only
-CVE-2012-1142
- RESERVED
+CVE-2012-1142 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
{DSA-2428-1}
- freetype 2.4.9-1 (bug #662864)
-CVE-2012-1141
- RESERVED
+CVE-2012-1141 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
- freetype 2.4.9-1 (unimportant; bug #662864)
NOTE: Crash only
-CVE-2012-1140
- RESERVED
+CVE-2012-1140 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
- freetype 2.4.9-1 (unimportant; bug #662864)
NOTE: Crash only
-CVE-2012-1139
- RESERVED
+CVE-2012-1139 (Array index error in FreeType before 2.4.9, as used in Mozilla Firefox ...)
- freetype 2.4.9-1 (unimportant; bug #662864)
NOTE: Crash only
-CVE-2012-1138
- RESERVED
+CVE-2012-1138 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
- freetype 2.4.9-1 (unimportant; bug #662864)
NOTE: Crash only
-CVE-2012-1137
- RESERVED
+CVE-2012-1137 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
- freetype 2.4.9-1 (unimportant; bug #662864)
NOTE: Crash only
-CVE-2012-1136
- RESERVED
+CVE-2012-1136 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
{DSA-2428-1}
- freetype 2.4.9-1 (bug #662864)
-CVE-2012-1135
- RESERVED
+CVE-2012-1135 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
- freetype 2.4.9-1 (unimportant; bug #662864)
NOTE: Crash only
-CVE-2012-1134
- RESERVED
+CVE-2012-1134 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
{DSA-2428-1}
- freetype 2.4.9-1 (bug #662864)
-CVE-2012-1133
- RESERVED
+CVE-2012-1133 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
{DSA-2428-1}
- freetype 2.4.9-1 (bug #662864)
-CVE-2012-1132
- RESERVED
+CVE-2012-1132 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
- freetype 2.4.9-1 (unimportant; bug #662864)
NOTE: Crash only
-CVE-2012-1131
- RESERVED
+CVE-2012-1131 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
- freetype 2.4.9-1 (unimportant; bug #662864)
NOTE: Crash only
-CVE-2012-1130
- RESERVED
+CVE-2012-1130 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
- freetype 2.4.9-1 (unimportant; bug #662864)
NOTE: Crash only
-CVE-2012-1129
- RESERVED
+CVE-2012-1129 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
- freetype 2.4.9-1 (unimportant; bug #662864)
NOTE: Crash only
-CVE-2012-1128
- RESERVED
+CVE-2012-1128 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
- freetype 2.4.9-1 (unimportant; bug #662864)
NOTE: Crash only
-CVE-2012-1127
- RESERVED
+CVE-2012-1127 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
- freetype 2.4.9-1 (unimportant; bug #662864)
NOTE: Crash only
-CVE-2012-1126
- RESERVED
+CVE-2012-1126 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
- freetype 2.4.9-1 (unimportant; bug #662864)
NOTE: Crash only
CVE-2012-1125
@@ -3005,8 +3180,7 @@
RESERVED
- phpldapadmin 1.2.2-3 (bug #662050)
- ldap-account-manager 3.6-2 (bug #661904)
-CVE-2012-1113
- RESERVED
+CVE-2012-1113 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- gallery2 <unfixed>
NOTE: see redhat link
CVE-2012-1112
@@ -3415,8 +3589,7 @@
RESERVED
CVE-2012-0947
RESERVED
-CVE-2012-0946
- RESERVED
+CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access ...)
- nvidia-graphics-drivers 295.40-1
[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
CVE-2012-0945
@@ -3492,6 +3665,7 @@
RESERVED
CVE-2012-0920
RESERVED
+ {DSA-2456-1}
- dropbear 2012.55-1 (low; bug #661150)
NOTE: this is limited to authenticated users with enforced command restrictions
CVE-2012-0919 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations ...)
@@ -3635,8 +3809,7 @@
RESERVED
- eglibc <unfixed> (low; bug #660611)
[squeeze] - eglibc <no-dsa> (Hardening bypass, can be fixed in next point update)
-CVE-2012-0863 [mumble info disclosure]
- RESERVED
+CVE-2012-0863 (Mumble 1.2.3 and earlier uses world-readable permissions for ...)
{DSA-2411-1}
- mumble 1.2.3-3 (bug #659039)
CVE-2012-0862
@@ -3969,14 +4142,14 @@
RESERVED
CVE-2012-0744
RESERVED
-CVE-2012-0743
- RESERVED
+CVE-2012-0743 (IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote ...)
+ TODO: check
CVE-2012-0742 (IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and ...)
NOT-FOR-US: IBM Tivoli Event Pump
CVE-2012-0741
RESERVED
-CVE-2012-0740
- RESERVED
+CVE-2012-0740 (Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM ...)
+ TODO: check
CVE-2012-0739
RESERVED
CVE-2012-0738
@@ -4003,8 +4176,8 @@
RESERVED
CVE-2012-0727
RESERVED
-CVE-2012-0726
- RESERVED
+CVE-2012-0726 (The default configuration of TLS in IBM Tivoli Directory Server (TDS) ...)
+ TODO: check
CVE-2012-0725 (Adobe Flash Player before 11.2.202.229 in Google Chrome before ...)
TODO: check
CVE-2012-0724 (Adobe Flash Player before 11.2.202.229 in Google Chrome before ...)
@@ -4039,8 +4212,8 @@
NOT-FOR-US: IBM DB2
CVE-2012-0709 (IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not ...)
NOT-FOR-US: IBM DB2
-CVE-2012-0708
- RESERVED
+CVE-2012-0708 (Heap-based buffer overflow in the Ole API in the CQOle ActiveX control ...)
+ TODO: check
CVE-2012-0707 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi ...)
NOT-FOR-US: IBM WebSphere
CVE-2012-0706
@@ -4099,7 +4272,7 @@
- webkit <undetermined>
CVE-2012-0694
RESERVED
-CVE-2012-0693 (submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote ...)
+CVE-2012-0693 (** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS) 5.03 ...)
NOT-FOR-US: WHMCompleteSolution
CVE-2012-0692
RESERVED
@@ -4583,24 +4756,23 @@
NOT-FOR-US: Final Draft
CVE-2011-5058 (The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 ...)
NOT-FOR-US: 3S CoDeSys
-CVE-2012-0479
- RESERVED
+CVE-2012-0479 (Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, ...)
+ {DSA-2458-1 DSA-2457-1}
- icedove <unfixed>
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
- iceape 2.7.4-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0478
- RESERVED
+CVE-2012-0478 (The texImage2D implementation in the WebGL subsystem in Mozilla ...)
- icedove <unfixed>
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
- iceape 2.7.4-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0477
- RESERVED
+CVE-2012-0477 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
+ {DSA-2458-1 DSA-2457-1}
- icedove <unfixed>
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
@@ -4609,8 +4781,7 @@
[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0476
RESERVED
-CVE-2012-0475
- RESERVED
+CVE-2012-0475 (Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and ...)
- icedove <unfixed> (low)
[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
- iceweasel 12.0-1 (low)
@@ -4618,70 +4789,63 @@
- iceape <unfixed> (low)
[squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9
-CVE-2012-0474
- RESERVED
+CVE-2012-0474 (Cross-site scripting (XSS) vulnerability in the docshell ...)
- icedove <unfixed>
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
- iceape 2.7.4-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0473
- RESERVED
+CVE-2012-0473 (The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x ...)
- icedove <unfixed>
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
- iceape 2.7.4-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0472
- RESERVED
+CVE-2012-0472 (The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, ...)
- icedove <not-affected> (Windows-specific)
- iceweasel <not-affected> (Windows-specific)
- iceape <not-affected> (Windows-specific)
-CVE-2012-0471
- RESERVED
+CVE-2012-0471 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x ...)
+ {DSA-2458-1 DSA-2457-1}
- icedove <unfixed>
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
- iceape 2.7.4-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0470
- RESERVED
+CVE-2012-0470 (Heap-based buffer overflow in the ...)
+ {DSA-2458-1 DSA-2457-1}
- icedove <unfixed>
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
- iceape 2.7.4-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0469
- RESERVED
+CVE-2012-0469 (Use-after-free vulnerability in the ...)
- icedove <unfixed>
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
- iceape 2.7.4-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0468
- RESERVED
+CVE-2012-0468 (The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird ...)
- icedove <not-affected> (Only affects Firefox 11 and above)
- iceweasel <not-affected> (Only affects Firefox 11 and above)
- iceape <not-affected> (Only affects Firefox 11 and above)
-CVE-2012-0467
- RESERVED
+CVE-2012-0467 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
+ {DSA-2458-1 DSA-2457-1}
- icedove <unfixed>
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
- iceape 2.7.4-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0466
- RESERVED
+CVE-2012-0466 (template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <no-dsa> (Minor issue)
-CVE-2012-0465
- RESERVED
+CVE-2012-0465 (Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <no-dsa> (Minor issue)
CVE-2012-0464 (Use-after-free vulnerability in the browser engine in Mozilla Firefox ...)
@@ -4701,7 +4865,7 @@
- iceape 2.7.3-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0461 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- {DSA-2437-1 DSA-2433-1}
+ {DSA-2458-1 DSA-2437-1 DSA-2433-1}
- icedove <unfixed>
- iceweasel 10.0.3esr-1
- iceape 2.7.3-1
@@ -4720,7 +4884,7 @@
- iceape 2.7.3-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0458 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x ...)
- {DSA-2437-1 DSA-2433-1}
+ {DSA-2458-1 DSA-2437-1 DSA-2433-1}
- icedove <unfixed>
- iceweasel 10.0.3esr-1
- iceape 2.7.3-1
@@ -4732,12 +4896,12 @@
- iceape 2.7.3-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0456 (The SVG Filters implementation in Mozilla Firefox before 3.6.28 and ...)
- {DSA-2437-1 DSA-2433-1}
+ {DSA-2458-1 DSA-2437-1 DSA-2433-1}
- icedove <unfixed>
- iceweasel 10.0.3esr-1
- iceape 2.7.3-1
CVE-2012-0455 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x ...)
- {DSA-2437-1 DSA-2433-1}
+ {DSA-2458-1 DSA-2437-1 DSA-2433-1}
- icedove <unfixed>
- iceweasel 10.0.3esr-1
- iceape 2.7.3-1
@@ -5267,8 +5431,8 @@
- csound 1:5.16.6~dfsg-1 (bug #661197)
NOTE: http://secunia.com/secunia_research/2012-3/
NOTE: http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=7d617a9551fb6c552ba16874b71266fcd90f3a6f
-CVE-2012-0269
- RESERVED
+CVE-2012-0269 (Buffer overflow in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 ...)
+ TODO: check
CVE-2012-0268 (Integer overflow in the CYImage::LoadJPG method in YImage.dll in ...)
NOT-FOR-US: Yahoo! Messenger
CVE-2012-0267 (The StopModule method in the NTR ActiveX control before 2.0.4.8 allows ...)
@@ -5693,9 +5857,11 @@
RESERVED
CVE-2012-0260
RESERVED
+ {DSA-2462-1}
- imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-0259
RESERVED
+ {DSA-2462-1}
- imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-0258 (Heap-based buffer overflow in the WWCabFile ActiveX component in the ...)
NOT-FOR-US: Invensys Wonderware Application Server
@@ -5704,6 +5870,7 @@
CVE-2012-0256 (Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before ...)
- trafficserver 3.0.4-1
CVE-2012-0255 (The BGP implementation in bgpd in Quagga before 0.99.20.1 does not ...)
+ {DSA-2459-1}
- quagga 0.99.20.1-1
CVE-2012-0254
RESERVED
@@ -5714,8 +5881,10 @@
CVE-2012-0251
RESERVED
CVE-2012-0250 (Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before ...)
+ {DSA-2459-1}
- quagga 0.99.20.1-1
CVE-2012-0249 (Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c ...)
+ {DSA-2459-1}
- quagga 0.99.20.1-1
CVE-2012-0248
RESERVED
@@ -5988,8 +6157,7 @@
RESERVED
CVE-2012-0217
RESERVED
-CVE-2012-0216 [apache2 insecure default config]
- RESERVED
+CVE-2012-0216 (The default configuration of the apache2 package in Debian GNU/Linux ...)
{DSA-2452-1}
- apache2 2.2.22-4 (low)
CVE-2012-0215 [tryton-server privilege escalation through Many2Many editing]
@@ -11757,14 +11925,14 @@
RESERVED
CVE-2011-3082
RESERVED
-CVE-2011-3081
- RESERVED
-CVE-2011-3080
- RESERVED
-CVE-2011-3079
- RESERVED
-CVE-2011-3078
- RESERVED
+CVE-2011-3081 (Use-after-free vulnerability in Google Chrome before 18.0.1025.168 ...)
+ TODO: check
+CVE-2011-3080 (Race condition in the Inter-process Communication (IPC) implementation ...)
+ TODO: check
+CVE-2011-3079 (The Inter-process Communication (IPC) implementation in Google Chrome ...)
+ TODO: check
+CVE-2011-3078 (Use-after-free vulnerability in Google Chrome before 18.0.1025.168 ...)
+ TODO: check
CVE-2011-3077 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 ...)
- chromium-browser 18.0.1025.151~r130497-1
CVE-2011-3076 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 ...)
More information about the Secure-testing-commits
mailing list