[Secure-testing-commits] r19240 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Sun May 13 21:14:24 UTC 2012
Author: joeyh
Date: 2012-05-13 21:14:24 +0000 (Sun, 13 May 2012)
New Revision: 19240
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-05-13 20:28:27 UTC (rev 19239)
+++ data/CVE/list 2012-05-13 21:14:24 UTC (rev 19240)
@@ -4056,13 +4056,14 @@
RESERVED
CVE-2012-0947 [Heap-based Buffer Overflow in libavcodec]
RESERVED
+ {DSA-2471-1}
- libav 6:0.8.2-1
- ffmpeg <removed>
NOTE: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963
NOTE: http://www.openwall.com/lists/oss-security/2012/05/03/4
CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access ...)
- nvidia-graphics-drivers 295.40-1
- [squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1
+ [squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1
CVE-2012-0945
RESERVED
CVE-2012-0944
@@ -4306,6 +4307,7 @@
RESERVED
CVE-2012-0853
RESERVED
+ {DSA-2471-1}
- libav 4:0.8.1-1
- ffmpeg <removed>
CVE-2012-0852
@@ -4400,7 +4402,7 @@
CVE-2012-0824
RESERVED
- gnusound <removed> (low; bug #654270)
- [squeeze] - gnusound 0.7.5-3+squeeze1
+ [squeeze] - gnusound 0.7.5-3+squeeze1
CVE-2012-0823 (VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers ...)
- libvpx 1.0.0-1
[squeeze] - libvpx <not-affected> (Introduced in 0.9.7)
@@ -4432,7 +4434,7 @@
- rpm 4.9.1.3-1 (bug #667031)
CVE-2012-0814 (The auth_parse_options function in auth-options.c in sshd in OpenSSH ...)
- openssh 1:5.6p1-1 (low; bug #657445)
- [squeeze] - openssh-server 1:5.5p1-6+squeeze2
+ [squeeze] - openssh-server 1:5.5p1-6+squeeze2
CVE-2012-0813 [wicd cleartext passwords]
RESERVED
- wicd 1.7.1~b3-4 (unimportant; bug #652417)
@@ -6541,7 +6543,7 @@
- openarena 0.8.5-6 (medium; bug #665656)
- ioquake3 <not-affected> (fixed before upload)
- tremulous 1.1.0-8 (bug #665842)
- [squeeze] - tremulous 1.1.0-7~squeeze1
+ [squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2010-5076
RESERVED
- qt4-x11 4:4.6.3-1
@@ -7686,7 +7688,7 @@
CVE-2011-4617 (virtualenv.py in virtualenv before 1.5 allows local users to overwrite ...)
- python-virtualenv 1.6-1 (low; bug #652653)
[lenny] - python-virtualenv <no-dsa> (Minor issue)
- [squeeze] - python-virtualenv 1.4.9-3squeeze1
+ [squeeze] - python-virtualenv 1.4.9-3squeeze1
CVE-2011-4616 (Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro ...)
- libhtml-template-pro-perl 0.9507-1 (low; bug #652587)
[squeeze] - libhtml-template-pro-perl 0.9502-1+squeeze1
@@ -9264,7 +9266,7 @@
CVE-2011-4099
RESERVED
- libcap2 1:2.22-1 (low)
- [squeeze] - libcap2 1:2.19-3
+ [squeeze] - libcap2 1:2.19-3
CVE-2011-4098
RESERVED
CVE-2011-4097
@@ -9908,6 +9910,7 @@
RESERVED
CVE-2011-3947
RESERVED
+ {DSA-2471-1}
- libav 4:0.8.1-1
- ffmpeg <removed>
CVE-2011-3946
@@ -9926,6 +9929,7 @@
RESERVED
CVE-2011-3940
RESERVED
+ {DSA-2471-1}
- libav 4:0.8.1-1
- ffmpeg <removed>
CVE-2011-3939
@@ -9938,6 +9942,7 @@
- ffmpeg <removed>
CVE-2011-3936
RESERVED
+ {DSA-2471-1}
- libav 4:0.8.1-1
- ffmpeg <removed>
CVE-2011-3935
@@ -9954,6 +9959,7 @@
RESERVED
CVE-2011-3929
RESERVED
+ {DSA-2471-1}
- libav 4:0.8.1-1
- ffmpeg <removed>
CVE-2011-3928 (Use-after-free vulnerability in Google Chrome before 16.0.912.77 ...)
@@ -10072,6 +10078,7 @@
- webkit <not-affected> (Chrome issue)
[squeeze] - chromium-browser <not-affected>
CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google Chrome ...)
+ {DSA-2471-1}
- chromium-browser 15.0.874.121~r109964-1
- webkit <not-affected> (Chrome issue)
- ffmpeg <removed>
@@ -10081,6 +10088,7 @@
- webkit <not-affected> (Chrome issue)
[squeeze] - chromium-browser <not-affected>
CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement the MKV ...)
+ {DSA-2471-1}
- chromium-browser 15.0.874.121~r109964-1
- webkit <not-affected> (Chrome issue)
- libav 4:0.8~beta2-1 (bug #654534; bug #654572)
@@ -10090,6 +10098,7 @@
NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106599
NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106621
CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google Chrome ...)
+ {DSA-2471-1}
- chromium-browser 15.0.874.121~r109964-1
- webkit <not-affected> (Chrome issue)
[squeeze] - chromium-browser <not-affected>
@@ -10924,11 +10933,11 @@
CVE-2011-3598 (Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin ...)
- phppgadmin 5.0.3-1 (low; bug #644290)
[squeeze] - phppgadmin 4.2.3-1.1squeeze1
- [lenny] - phppgadmin 4.2.2-1lenny1
+ [lenny] - phppgadmin 4.2.2-1lenny1
CVE-2011-3597 (Eval injection in the Digest module before 1.17 for Perl allows ...)
- libdigest-perl 1.17-1 (low; bug #644108)
[squeeze] - libdigest-perl 1.16-1+squeeze1
- [lenny] - libdigest-perl 1.15-2+lenny1
+ [lenny] - libdigest-perl 1.15-2+lenny1
- perl 5.12.4-6 (low; bug #644108)
[squeeze] - perl 5.10.1-17squeeze3
[lenny] - perl <no-dsa> (Minor issue)
@@ -10986,7 +10995,7 @@
RESERVED
- typo3-src 4.5.6+dfsg1-1 (low; bug #641683)
[squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze2
- [lenny] - typo3-src 4.2.5-1+lenny9
+ [lenny] - typo3-src 4.2.5-1+lenny9
CVE-2011-3583 [TYPO3-SA-2011-002]
RESERVED
- typo3-src 4.5.6+dfsg1-1 (low; bug #641682)
@@ -12587,7 +12596,7 @@
[squeeze] - openarena <no-dsa> (Minor issue, will be fixed in point update)
- ioquake3 1.36+svn1946-4
- tremulous 1.1.0-6 (bug #660836)
- [squeeze] - tremulous 1.1.0-7~squeeze1
+ [squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2011-3011 (BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle ...)
NOT-FOR-US: CA ARCserve D2D
CVE-2011-3010 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki before ...)
@@ -13536,7 +13545,7 @@
[squeeze] - openarena 0.8.5-5+squeeze1
- ioquake3 1.36+svn1946-4
- tremulous 1.1.0-6 (bug #660836)
- [squeeze] - tremulous 1.1.0-7~squeeze1
+ [squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2011-2763 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and ...)
NOT-FOR-US: LifeSize Room appliance
CVE-2011-2762 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) ...)
@@ -13637,7 +13646,7 @@
RESERVED
- kdeutils 4:4.6.5-4 (low; bug #635541)
[lenny] - kdeutils <no-dsa> (Minor issue)
- [squeeze] - kdeutils 4:4.4.5-1+squeeze1
+ [squeeze] - kdeutils 4:4.4.5-1+squeeze1
CVE-2011-2724 (The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs ...)
- samba 2:3.4.7~dfsg-2 (low)
- cifs-utils 2:5.1-1 (low)
@@ -16278,7 +16287,7 @@
CVE-2011-1784 (The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and ...)
- keepalived 1:1.2.2-2 (low; bug #626281)
[lenny] - keepalived <no-dsa> (Minor issue)
- [squeeze] - keepalived 1:1.1.20-1+squeeze1
+ [squeeze] - keepalived 1:1.1.20-1+squeeze1
CVE-2011-1783 (The mod_dav_svn module for the Apache HTTP Server, as distributed in ...)
{DSA-2251-1}
- subversion 1.6.17dfsg-1
@@ -90719,11 +90728,11 @@
CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus ...)
- ioquake3 1.36+svn1788j-1
- tremulous 1.1.0-6 (bug #660834)
- [squeeze] - tremulous 1.1.0-7~squeeze1
+ [squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and the ...)
- ioquake3 1.36+svn1788j-1
- tremulous 1.1.0-6 (bug #660832)
- [squeeze] - tremulous 1.1.0-7~squeeze1
+ [squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in MF ...)
NOT-FOR-US: MF Piadas
CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php in ...)
@@ -91702,7 +91711,7 @@
NOT-FOR-US: PHP Pro Publish
CVE-2006-2875 (Stack-based buffer overflow in the CL_ParseDownload function of Quake ...)
- tremulous 1.1.0-6 (bug #660827)
- [squeeze] - tremulous 1.1.0-7~squeeze1
+ [squeeze] - tremulous 1.1.0-7~squeeze1
- ioquake3 1.36+svn1788j-1
CVE-2006-2874 (Unspecified vulnerability in OSADS Alliance Database before 1.4 has ...)
NOT-FOR-US: OSADS
@@ -93222,7 +93231,7 @@
- awstats 6.5-2 (bug #365909; bug #365910; medium)
CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) ...)
- tremulous 1.1.0-6 (bug #660827)
- [squeeze] - tremulous 1.1.0-7~squeeze1
+ [squeeze] - tremulous 1.1.0-7~squeeze1
- ioquake3 1.36+svn1788j-1
CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is ...)
NOT-FOR-US: Simple Poll
@@ -93582,7 +93591,7 @@
CVE-2006-2082 (Directory traversal vulnerability in Quake 3 engine, as used in ...)
- ioquake3 1.36+svn1788j-1
- tremulous 1.1.0-6 (bug #660831)
- [squeeze] - tremulous 1.1.0-7~squeeze1
+ [squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2006-2081 (Oracle Database Server 10g Release 2 allows local users to execute ...)
NOT-FOR-US: Oracle
CVE-2006-2080 (SQL injection vulnerability in portfolio_photo_popup.php in Verosky ...)
More information about the Secure-testing-commits
mailing list