[Secure-testing-commits] r19319 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu May 24 21:14:27 UTC 2012 

Author: joeyh
Date: 2012-05-24 21:14:27 +0000 (Thu, 24 May 2012)
New Revision: 19319

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-05-24 19:44:53 UTC (rev 19318)
+++ data/CVE/list	2012-05-24 21:14:27 UTC (rev 19319)
@@ -1,3 +1,15 @@
+CVE-2012-2932
+	RESERVED
+CVE-2012-2931
+	RESERVED
+CVE-2012-2930
+	RESERVED
+CVE-2012-2929
+	RESERVED
+CVE-2011-5091 (Multiple SQL injection vulnerabilities in GR Board (aka grboard) ...)
+	TODO: check
+CVE-2011-5090 (GR Board (aka grboard) 1.8.6.5 Community Edition does not require ...)
+	TODO: check
 CVE-2012-2928 (The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for ...)
 	TODO: check
 CVE-2012-2927 (The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and ...)
@@ -1281,8 +1293,7 @@
 CVE-2012-2375
 	RESERVED
 	- linux-2.6 <unfixed>
-CVE-2012-2374
-	RESERVED
+CVE-2012-2374 (CRLF injection vulnerability in the ...)
 	- python-tornado 2.1.0-3 (low; bug #673987)
 	[squeeze] - python-tornado <not-affected> (Vulnerable code not present)
 CVE-2012-2373
@@ -1295,8 +1306,7 @@
 CVE-2012-2370
 	RESERVED
 	- gdk-pixbuf 2.26.1-1 (low)
-CVE-2012-2369 [format string security flaw]
-	RESERVED
+CVE-2012-2369 (Format string vulnerability in the log_message_cb function in ...)
 	{DSA-2476-1}
 	- pidgin-otr 3.2.1-1 (medium; bug #673154)
 	NOTE: libotr not affected
@@ -2669,8 +2679,8 @@
 	NOTE: 5.4.2-1 'fixed' this, but fix is incomplete: CVE-2012-2311
 CVE-2012-1822
 	RESERVED
-CVE-2012-1821
-	RESERVED
+CVE-2012-1821 (The Network Threat Protection module in the Manager component in ...)
+	TODO: check
 CVE-2012-1820
 	RESERVED
 CVE-2012-1819 (Untrusted search path vulnerability in WellinTech KingView 6.53 allows ...)
@@ -4142,8 +4152,7 @@
 	{DSA-2447-1}
 	- tiff3 3.9.6-2
 	- tiff 4.0.1-2
-CVE-2012-1172 [PHP 5.3.x Corrupted $_FILES indices lead to security concern]
-	RESERVED
+CVE-2012-1172 (The file-upload implementation in rfc1867.c in PHP before 5.4.0 does ...)
 	{DSA-2465-1}
 	- php5 5.4.0-1 (bug #663760)
 CVE-2012-1171 [safemode bypass after RSHUTDOWN]
@@ -6461,10 +6470,10 @@
 	TODO: check
 CVE-2012-0296 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
 	TODO: check
-CVE-2012-0295
-	RESERVED
-CVE-2012-0294
-	RESERVED
+CVE-2012-0295 (The Manager service in the management console in Symantec Endpoint ...)
+	TODO: check
+CVE-2012-0294 (Directory traversal vulnerability in the Manager service in the ...)
+	TODO: check
 CVE-2012-0293 (Multiple SQL injection vulnerabilities in Symantec Altiris WISE ...)
 	NOT-FOR-US: Symantec Altiris WISE Package Studio
 CVE-2012-0292 (The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT ...)
@@ -6473,8 +6482,8 @@
 	NOT-FOR-US: pcAnywhere
 CVE-2012-0290 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite ...)
 	NOT-FOR-US: Symantec pcAnywhere
-CVE-2012-0289
-	RESERVED
+CVE-2012-0289 (Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x ...)
+	TODO: check
 CVE-2011-5052 (Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote ...)
 	NOT-FOR-US: CoCSoft Stream Down
 CVE-2011-5051 (Multiple unrestricted file upload vulnerabilities in the WP Symposium ...)
@@ -8817,12 +8826,15 @@
 	[squeeze] - jetty <no-dsa> (Minor issue)
 CVE-2011-4460
 	RESERVED
+	{DSA-2480-1}
 	- request-tracker4 4.0.5-3 
 CVE-2011-4459
 	RESERVED
+	{DSA-2480-1}
 	- request-tracker4 4.0.5-3 
 CVE-2011-4458
 	RESERVED
+	{DSA-2480-1}
 	- request-tracker4 4.0.5-3 
 CVE-2011-4457 (OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when ...)
 	NOT-FOR-US: OWASP HTML Sanitizer
@@ -16140,15 +16152,19 @@
 	RESERVED
 CVE-2011-2085
 	RESERVED
+	{DSA-2480-1}
 	- request-tracker4 4.0.5-3 
 CVE-2011-2084
 	RESERVED
+	{DSA-2480-1}
 	- request-tracker4 4.0.5-3 
 CVE-2011-2083
 	RESERVED
+	{DSA-2480-1}
 	- request-tracker4 4.0.5-3 
 CVE-2011-2082
 	RESERVED
+	{DSA-2480-1}
 	- request-tracker4 4.0.5-3 
 CVE-2011-2081 (MediaCAST 8 and earlier does not properly handle requests for ...)
 	NOT-FOR-US: MediaCAST

More information about the Secure-testing-commits mailing list