[Secure-testing-commits] r19119 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed May 2 21:14:22 UTC 2012 

Author: joeyh
Date: 2012-05-02 21:14:22 +0000 (Wed, 02 May 2012)
New Revision: 19119

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-05-02 20:14:04 UTC (rev 19118)
+++ data/CVE/list	2012-05-02 21:14:22 UTC (rev 19119)
@@ -1,7 +1,17 @@
+CVE-2012-2450
+	RESERVED
+CVE-2012-2449
+	RESERVED
+CVE-2012-2448
+	RESERVED
+CVE-2012-2447
+	RESERVED
+CVE-2012-2446
+	RESERVED
 CVE-2012-2451 [libconfig-inifiles-perl insecure temporary file creation]
-    - libconfig-inifiles-perl <unfixed> (bug #671255; low)
-    NOTE: https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
-    NOTE: http://seclists.org/oss-sec/2012/q2/225
+	- libconfig-inifiles-perl <unfixed> (bug #671255; low)
+	NOTE: https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
+	NOTE: http://seclists.org/oss-sec/2012/q2/225
 CVE-2012-2445
 	RESERVED
 CVE-2012-2444
@@ -569,8 +579,8 @@
 	RESERVED
 CVE-2012-2218
 	RESERVED
-CVE-2012-2217
-	RESERVED
+CVE-2012-2217 (The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, ...)
+	TODO: check
 CVE-2012-2216
 	RESERVED
 CVE-2012-2095 [wicd command execution with root privileges]
@@ -689,8 +699,8 @@
 	RESERVED
 CVE-2012-2163
 	RESERVED
-CVE-2012-2162
-	RESERVED
+CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 ...)
+	TODO: check
 CVE-2012-2161
 	RESERVED
 CVE-2012-2160
@@ -828,6 +838,7 @@
 	- typo3-src <unfixed> (bug #669158)
 	NOTE: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/
 CVE-2012-2111 (The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) ...)
+	{DSA-2463-1}
 	- samba 2:3.6.5-1
 	NOTE: http://www.samba.org/samba/history/samba-3.6.5.html
 	NOTE: According to the release notes Samba 3.4.x to 3.6.4 are affected
@@ -3766,8 +3777,7 @@
 CVE-2012-0879
 	RESERVED
 	- linux-2.6 2.6.33-1
-CVE-2012-0878 [python-pastescript improper privilege dropping]
-	RESERVED
+CVE-2012-0878 (Paste Script 1.7.5 and earlier does not properly set group memberships ...)
 	- pastescript <unfixed> (low; bug #661061)
 	NOTE: https://groups.google.com/d/topic/paste-users/KqZRujMcJHE/discussion
 CVE-2012-0877
@@ -4764,7 +4774,7 @@
 CVE-2011-5058 (The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 ...)
 	NOT-FOR-US: 3S CoDeSys
 CVE-2012-0479 (Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, ...)
-	{DSA-2458-1 DSA-2457-1}
+	{DSA-2464-1 DSA-2458-1 DSA-2457-1}
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.4esr-1
@@ -4779,7 +4789,7 @@
 	- iceape 2.7.4-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0477 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
-	{DSA-2458-1 DSA-2457-1}
+	{DSA-2464-1 DSA-2458-1 DSA-2457-1}
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.4esr-1
@@ -4815,7 +4825,7 @@
 	- iceweasel <not-affected> (Windows-specific)
 	- iceape <not-affected> (Windows-specific)
 CVE-2012-0471 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x ...)
-	{DSA-2458-1 DSA-2457-1}
+	{DSA-2464-1 DSA-2458-1 DSA-2457-1}
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.4esr-1
@@ -4823,7 +4833,7 @@
 	- iceape 2.7.4-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0470 (Heap-based buffer overflow in the ...)
-	{DSA-2458-1 DSA-2457-1}
+	{DSA-2464-1 DSA-2458-1 DSA-2457-1}
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.4esr-1
@@ -4842,7 +4852,7 @@
 	- iceweasel <not-affected> (Only affects Firefox 11 and above)
 	- iceape <not-affected> (Only affects Firefox 11 and above)
 CVE-2012-0467 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	{DSA-2458-1 DSA-2457-1}
+	{DSA-2464-1 DSA-2458-1 DSA-2457-1}
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.4esr-1
@@ -5166,10 +5176,10 @@
 	NOT-FOR-US: Cisco SRP devices
 CVE-2012-0363 (The web interface on Cisco SRP 520 series devices with firmware before ...)
 	NOT-FOR-US: Cisco SRP devices
-CVE-2012-0362
-	RESERVED
-CVE-2012-0361
-	RESERVED
+CVE-2012-0362 (The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE ...)
+	TODO: check
+CVE-2012-0361 (The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 ...)
+	TODO: check
 CVE-2012-0360
 	RESERVED
 CVE-2012-0359 (The Cisco Cius with software before 9.2(1) SR2 allows remote attackers ...)
@@ -5212,20 +5222,20 @@
 	RESERVED
 CVE-2012-0340 (Cross-site scripting (XSS) vulnerability in the management interface ...)
 	NOT-FOR-US: Cisco IronPort Encryption Appliance
-CVE-2012-0339
-	RESERVED
-CVE-2012-0338
-	RESERVED
-CVE-2012-0337
-	RESERVED
+CVE-2012-0339 (Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also ...)
+	TODO: check
+CVE-2012-0338 (Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also ...)
+	TODO: check
+CVE-2012-0337 (SQL injection vulnerability in the web component in Cisco Unified ...)
+	TODO: check
 CVE-2012-0336
 	RESERVED
-CVE-2012-0335
-	RESERVED
+CVE-2012-0335 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
+	TODO: check
 CVE-2012-0334
 	RESERVED
-CVE-2012-0333
-	RESERVED
+CVE-2012-0333 (Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and ...)
+	TODO: check
 CVE-2012-0332
 	RESERVED
 CVE-2012-0331 (Cisco TelePresence Video Communication Server with software before ...)
@@ -5415,8 +5425,8 @@
 	RESERVED
 CVE-2012-0280
 	RESERVED
-CVE-2012-0279
-	RESERVED
+CVE-2012-0279 (Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: ...)
+	TODO: check
 CVE-2012-0278 (Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for ...)
 	NOT-FOR-US: IrfanView
 CVE-2012-0277
@@ -9223,16 +9233,16 @@
 	RESERVED
 CVE-2011-4017
 	RESERVED
-CVE-2011-4016
-	RESERVED
-CVE-2011-4015
-	RESERVED
-CVE-2011-4014
-	RESERVED
+CVE-2011-4016 (The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when ...)
+	TODO: check
+CVE-2011-4015 (Cisco IOS 15.2S allows remote attackers to cause a denial of service ...)
+	TODO: check
+CVE-2011-4014 (The TAC Case Attachment tool in Cisco Wireless Control System (WCS) ...)
+	TODO: check
 CVE-2011-4013
 	RESERVED
-CVE-2011-4012
-	RESERVED
+CVE-2011-4012 (Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) ...)
+	TODO: check
 CVE-2011-4011
 	RESERVED
 CVE-2011-4010
@@ -9241,10 +9251,10 @@
 	RESERVED
 CVE-2011-4008
 	RESERVED
-CVE-2011-4007
-	RESERVED
-CVE-2011-4006
-	RESERVED
+CVE-2011-4007 (Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set ...)
+	TODO: check
+CVE-2011-4006 (The ESMTP inspection feature on Cisco Adaptive Security Appliances ...)
+	TODO: check
 CVE-2011-4005 (Cross-site request forgery (CSRF) vulnerability in the Services Ready ...)
 	NOT-FOR-US: Cisco SRP
 CVE-2011-4004 (Buffer overflow in the ATAS32 processing functionality in the Cisco ...)
@@ -11293,8 +11303,8 @@
 	NOT-FOR-US: WebEx
 CVE-2011-3318 (Cisco Video Surveillance 2421 and 2500 series cameras with software ...)
 	NOT-FOR-US: Cisco
-CVE-2011-3317
-	RESERVED
+CVE-2011-3317 (Multiple cross-site scripting (XSS) vulnerabilities in the Solution ...)
+	TODO: check
 CVE-2011-3316
 	RESERVED
 CVE-2011-3315 (Directory traversal vulnerability in Cisco Unified Communications ...)
@@ -11309,8 +11319,8 @@
 	RESERVED
 CVE-2011-3310 (The Home Page component in Cisco CiscoWorks Common Services before 4.1 ...)
 	NOT-FOR-US: Cisco CiscoWorks
-CVE-2011-3309
-	RESERVED
+CVE-2011-3309 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
+	TODO: check
 CVE-2011-3308
 	RESERVED
 CVE-2011-3307
@@ -11337,32 +11347,32 @@
 	NOT-FOR-US: Cisco
 CVE-2011-3296 (Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 ...)
 	NOT-FOR-US: Cisco
-CVE-2011-3295
-	RESERVED
+CVE-2011-3295 (The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as ...)
+	TODO: check
 CVE-2011-3294 (Cross-site scripting (XSS) vulnerability in the login page in the ...)
 	NOT-FOR-US: Cisco TelePresence
-CVE-2011-3293
-	RESERVED
+CVE-2011-3293 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
 CVE-2011-3292
 	RESERVED
 CVE-2011-3291
 	RESERVED
 CVE-2011-3290 (Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default ...)
 	NOT-FOR-US: Cisco
-CVE-2011-3289
-	RESERVED
+CVE-2011-3289 (Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate ...)
+	TODO: check
 CVE-2011-3288 (Cisco Unified Presence before 8.5(4) does not properly detect ...)
 	NOT-FOR-US: Cisco
 CVE-2011-3287 (Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x ...)
 	NOT-FOR-US: Cisco
 CVE-2011-3286
 	RESERVED
-CVE-2011-3285
-	RESERVED
+CVE-2011-3285 (CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive ...)
+	TODO: check
 CVE-2011-3284
 	RESERVED
-CVE-2011-3283
-	RESERVED
+CVE-2011-3283 (Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a ...)
+	TODO: check
 CVE-2011-3282 (Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, ...)
 	NOT-FOR-US: Cisco
 CVE-2011-3281 (Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain ...)
@@ -13554,14 +13564,14 @@
 	- vlc 1.1.11-1 (bug #633675)
 CVE-2011-2587 (Heap-based buffer overflow in the DemuxAudioSipr function in real.c in ...)
 	- vlc 1.1.11-1 (bug #633674)
-CVE-2011-2586
-	RESERVED
+CVE-2011-2586 (The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote ...)
+	TODO: check
 CVE-2011-2585 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows ...)
 	NOT-FOR-US: Cisco Show and Share
 CVE-2011-2584 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows ...)
 	NOT-FOR-US: Cisco Show and Share
-CVE-2011-2583
-	RESERVED
+CVE-2011-2583 (Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows ...)
+	TODO: check
 CVE-2011-2582
 	RESERVED
 CVE-2011-2581 (The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before ...)
@@ -13570,8 +13580,8 @@
 	RESERVED
 CVE-2011-2579
 	RESERVED
-CVE-2011-2578
-	RESERVED
+CVE-2011-2578 (Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to ...)
+	TODO: check
 CVE-2011-2577 (Unspecified vulnerability in Cisco TelePresence C Series Endpoints, ...)
 	NOT-FOR-US: Cisco TelePresence
 CVE-2011-2576

More information about the Secure-testing-commits mailing list