[Secure-testing-commits] r19264 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu May 17 21:15:10 UTC 2012 

Author: joeyh
Date: 2012-05-17 21:15:09 +0000 (Thu, 17 May 2012)
New Revision: 19264

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-05-17 09:14:35 UTC (rev 19263)
+++ data/CVE/list	2012-05-17 21:15:09 UTC (rev 19264)
@@ -1063,8 +1063,7 @@
 CVE-2012-2320
 	RESERVED
 	- connman <unfixed> (bug #672989)
-CVE-2012-2319
-	RESERVED
+CVE-2012-2319 (Multiple buffer overflows in the hfsplus filesystem implementation in ...)
 	- linux-2.6 3.2.17-1 (low)
 CVE-2012-2318 [Improper validation of incoming plaintext messages in MSN protocol plug-in]
 	RESERVED
@@ -1544,14 +1543,12 @@
 CVE-2012-2124
 	RESERVED
 	- squirrelmail <not-affected> (Incorrect RedHat security update)
-CVE-2012-2123
-	RESERVED
+CVE-2012-2123 (The cap_bprm_set_creds function in security/commoncap.c in the Linux ...)
 	{DSA-2469-1}
 	- linux-2.6 3.2.16-1
 CVE-2012-2122
 	RESERVED
-CVE-2012-2121
-	RESERVED
+CVE-2012-2121 (The KVM implementation in the Linux kernel before 3.3.4 does not ...)
 	- linux-2.6 3.2.17-1
 CVE-2012-2120
 	RESERVED
@@ -2781,8 +2778,7 @@
 	RESERVED
 CVE-2012-1602
 	RESERVED
-CVE-2012-1601
-	RESERVED
+CVE-2012-1601 (The KVM implementation in the Linux kernel before 3.3.6 allows host OS ...)
 	{DSA-2469-1}
 	- linux-2.6 3.2.17-1 (low)
 CVE-2012-1600 [XSS from 5.0.4 release]
@@ -3714,8 +3710,7 @@
 	{DSA-2434-1}
 	- nginx 1.1.17-1 (bug #664137)
 	NOTE: http://seclists.org/oss-sec/2012/q1/644
-CVE-2012-1179
-	RESERVED
+CVE-2012-1179 (The Linux kernel before 3.3.1, when KVM is used, allows guest OS users ...)
 	- linux-2.6 3.2.14-1
 CVE-2012-1178 (The msn_oim_report_to_user function in oim.c in the MSN protocol ...)
 	- pidgin 2.10.2-1 (low; bug #664030)
@@ -3837,8 +3832,7 @@
 	RESERVED
 	- expat 2.1.0~beta3-1 (low; bug #663579)
 	NOTE: resource leak
-CVE-2012-1146
-	RESERVED
+CVE-2012-1146 (The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in ...)
 	- linux-2.6 3.2.10-1 (low)
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2012-1145
@@ -3994,8 +3988,7 @@
 	- ruby-actionpack-2.3 <unfixed> (bug #668977)
 	- rails 2.3.14
 	NOTE: (code lives within ruby-actionpack in unstable)
-CVE-2012-1097
-	RESERVED
+CVE-2012-1097 (The regset (aka register set) feature in the Linux kernel before ...)
 	{DSA-2443-1}
 	- linux-2.6 3.2.10-1 (low)
 CVE-2012-1096
@@ -4021,8 +4014,7 @@
 	NOTE: http://seclists.org/oss-sec/2012/q1/494
 CVE-2012-1091
 	REJECTED
-CVE-2012-1090
-	RESERVED
+CVE-2012-1090 (The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before ...)
 	{DSA-2443-1}
 	- linux-2.6 3.2.10-1
 CVE-2012-1089 (Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 ...)
@@ -4517,8 +4509,7 @@
 	RESERVED
 CVE-2012-0880
 	RESERVED
-CVE-2012-0879
-	RESERVED
+CVE-2012-0879 (The I/O implementation for block devices in the Linux kernel before ...)
 	{DSA-2469-1}
 	- linux-2.6 2.6.33-1
 CVE-2012-0878 (Paste Script 1.7.5 and earlier does not properly set group memberships ...)
@@ -6979,8 +6970,7 @@
 	- gridengine 6.2u5-6
 	NOTE: http://www.securityfocus.com/bid/53123/info
 	NOTE: http://gridscheduler.sourceforge.net/security.html
-CVE-2012-0207
-	RESERVED
+CVE-2012-0207 (The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel ...)
 	- linux-2.6 3.1.8-2 (bug #654876)
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
@@ -7626,8 +7616,7 @@
 CVE-2012-0059
 	RESERVED
 	NOT-FOR-US: RHN Satellite
-CVE-2012-0058
-	RESERVED
+CVE-2012-0058 (The kiocb_batch_free function in fs/aio.c in the Linux kernel before ...)
 	- linux-2.6 3.2.2-1
 	[wheezy] - linux-2.6 <not-affected> (introduced in 3.2-rc1)
 	[squeeze] - linux-2.6 <not-affected> (introduced in 3.2-rc1)
@@ -7678,8 +7667,7 @@
 	{DSA-2443-1}
 	- linux-2.6 3.2.2-1
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2012-0044
-	RESERVED
+CVE-2012-0044 (Integer overflow in the drm_mode_dirtyfb_ioctl function in ...)
 	- linux-2.6 3.1.5-1
 	[squeeze] - linux-2.6 2.6.32-40
 CVE-2012-0043 (Buffer overflow in the reassemble_message function in ...)
@@ -7700,8 +7688,7 @@
 	NOTE: http://groups.google.com/group/simplesamlphp-announce/browse_thread/thread/cb96723ee3c6751e
 CVE-2012-0039 (** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function ...)
 	- glib2.0 <unfixed> (unimportant; bug #655044)
-CVE-2012-0038
-	RESERVED
+CVE-2012-0038 (Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c ...)
 	- linux-2.6 3.2.1-1
 	[squeeze] - linux-2.6 2.6.32-41
 CVE-2012-0037
@@ -7967,8 +7954,7 @@
 CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and ...)
 	{DSA-2389-1}
 	- linux-2.6 3.1.8-1
-CVE-2011-4621
-	RESERVED
+CVE-2011-4621 (The Linux kernel before 2.6.37 does not properly implement a certain ...)
 	- linux-2.6 2.6.37-1
 CVE-2011-4620 (Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB ...)
 	{DSA-2425-1}
@@ -8007,8 +7993,7 @@
 	- icecast2 <unfixed> (bug #652663)
 	[lenny] - icecast2 <no-dsa> (Minor issue)
 	[squeeze] - icecast2 <no-dsa> (Minor issue)
-CVE-2011-4611
-	RESERVED
+CVE-2011-4611 (Integer overflow in the perf_event_interrupt function in ...)
 	{DSA-2389-1}
 	- linux-2.6 3.0.0-1
 CVE-2011-4610
@@ -8066,8 +8051,7 @@
 CVE-2011-4595
 	RESERVED
 	NOT-FOR-US: WordPress pretty-link plugin
-CVE-2011-4594
-	RESERVED
+CVE-2011-4594 (The __sys_sendmsg function in net/socket.c in the Linux kernel before ...)
 	- linux-2.6 3.1-1
 	[squeeze] - linux-2.6 <not-affected> (Introduced and fixed during 3.1 dev cycle)
 	[lenny] - linux-2.6 <not-affected> (Introduced and fixed during 3.1 dev cycle)
@@ -8815,8 +8799,7 @@
 	RESERVED
 	- openssh <not-affected> (Only affects platforms w/o /dev/random)
 	NOTE: http://www.openssh.com/txt/portable-keysign-rand-helper.adv
-CVE-2011-4326
-	RESERVED
+CVE-2011-4326 (The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel ...)
 	- linux-2.6 2.6.39-1
 	[squeeze] - linux-2.6 2.6.32-40
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -9456,8 +9439,7 @@
 CVE-2011-4132 (The cleanup_journal_tail function in the Journaling Block Device (JBD) ...)
 	- linux-2.6 3.1.6-1
 	[squeeze] - linux-2.6 2.6.32-40
-CVE-2011-4131
-	RESERVED
+CVE-2011-4131 (The NFSv4 implementation in the Linux kernel before 3.2.2 does not ...)
 	- linux-2.6 3.2.9-1
 CVE-2011-4130 (Use-after-free vulnerability in the Response API in ProFTPD before ...)
 	{DSA-2346-2 DSA-2346-1}
@@ -9510,8 +9492,7 @@
 	[squeeze] - libpar-packer-perl 1.006-1+squeeze1
 CVE-2011-4113 (SQL injection vulnerability in the Views module before 6.x-2.13 for ...)
 	- drupal6-mod-views 2.14-1
-CVE-2011-4112
-	RESERVED
+CVE-2011-4112 (The net subsystem in the Linux kernel before 3.1 does not properly ...)
 	- linux-2.6 3.1-1 (unimportant)
 	NOTE: Turned out to be a non-issue, http://www.openwall.com/lists/oss-security/2011/11/24/3
 CVE-2011-4111
@@ -9567,8 +9548,7 @@
 	[squeeze] - libcap2 1:2.19-3
 CVE-2011-4098
 	RESERVED
-CVE-2011-4097
-	RESERVED
+CVE-2011-4097 (Integer overflow in the oom_badness function in mm/oom_kill.c in the ...)
 	- linux-2.6 3.0.0-6
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
@@ -11082,8 +11062,7 @@
 	RESERVED
 	- linux-2.6 3.0.0-1 
 	[squeeze] - linux-2.6 2.6.32-40
-CVE-2011-3637
-	RESERVED
+CVE-2011-3637 (The m_stop function in fs/proc/task_mmu.c in the Linux kernel before ...)
 	- linux-2.6 2.6.39-1
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)

More information about the Secure-testing-commits mailing list