[Secure-testing-commits] r20469 - data/CVE

Luciano Bello luciano at alioth.debian.org
Sat Nov 10 14:33:43 UTC 2012 

Author: luciano
Date: 2012-11-10 14:33:43 +0000 (Sat, 10 Nov 2012)
New Revision: 20469

Modified:
   data/CVE/list
Log:
Zope / Plone: Multiple vectors corrected within 20121106 fix

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-11-09 14:13:05 UTC (rev 20468)
+++ data/CVE/list	2012-11-10 14:33:43 UTC (rev 20469)
@@ -746,54 +746,102 @@
 	RESERVED
 CVE-2012-5509
 	RESERVED
-CVE-2012-5508
+CVE-2012-5508 [ Zope/Plone: PRNG isn't reseeded ]
 	RESERVED
-CVE-2012-5507
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/24
+CVE-2012-5507 [ Zope/Plone: Timing attack in password validation ]
 	RESERVED
-CVE-2012-5506
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/23
+CVE-2012-5506 [ Zope/Plone: DoS through RSS on private folder ]
 	RESERVED
-CVE-2012-5505
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/22
+CVE-2012-5505 [ Zope/Plone: Attempting to access a view with no name returns an internal data structure ]
 	RESERVED
-CVE-2012-5504
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/21
+CVE-2012-5504 [ Zope/Plone: Persistent XSS ]
 	RESERVED
-CVE-2012-5503
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/20
+CVE-2012-5503 [ Zope/Plone: Users connected through FTP can list hidden folder contents ]
 	RESERVED
-CVE-2012-5502
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/19
+CVE-2012-5502 [ Zope/Plone: Persistent XSS via filtering bypass ]
 	RESERVED
-CVE-2012-5501
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/18
+CVE-2012-5501 [ Zope/Plone: Crafted URL allows downloading of BLOBs that are not visible to the user ]
 	RESERVED
-CVE-2012-5500
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/17
+CVE-2012-5500 [ Zope/Plone: Anonymous users can batch change titles of content items ]
 	RESERVED
-CVE-2012-5499
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/16
+CVE-2012-5499 [ Zope/Plone: Partial denial of service through internal function ]
 	RESERVED
-CVE-2012-5498
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/15
+CVE-2012-5498 [ Zope/Plone: Partial denial of service through Collections functionality ]
 	RESERVED
-CVE-2012-5497
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/14
+CVE-2012-5497 [ Zope/Plone: Anonymous users can list user account names ]
 	RESERVED
-CVE-2012-5496
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/13
+CVE-2012-5496 [ Zope/Plone: DoS through unsanitised inputs into Kupu ]
 	RESERVED
-CVE-2012-5495
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/12
+CVE-2012-5495 [ Zope/Plone: Restricted Python injection ]
 	RESERVED
-CVE-2012-5494
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/11
+CVE-2012-5494 [ Zope/Plone: Reflexive XSS ]
 	RESERVED
-CVE-2012-5493
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/10
+CVE-2012-5493 [ Zope/Plone: Restricted Python sandbox escape ]
 	RESERVED
-CVE-2012-5492
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/09
+CVE-2012-5492 [ Zope/Plone: Partial permissions bypass ]
 	RESERVED
-CVE-2012-5491
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/08
+CVE-2012-5491 [ Zope/Plone: Form detail exposure ]
 	RESERVED
-CVE-2012-5490
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/07
+CVE-2012-5490 [ Zope/Plone: Reflexive XSS ]
 	RESERVED
-CVE-2012-5489
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/06
+CVE-2012-5489 [ Zope/Plone: Partial restricted Python sandbox escape ]
 	RESERVED
-CVE-2012-5488
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/05
+CVE-2012-5488 [ Zope/Plone: Restricted Python injection ]
 	RESERVED
-CVE-2012-5487
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/04
+CVE-2012-5487 [ Zope/Plone: Restricted Python sandbox escape ]
 	RESERVED
-CVE-2012-5486
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/03
+CVE-2012-5486 [ Zope/Plone: Reflexive HTTP header injection ]
 	RESERVED
-CVE-2012-5485
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/02
+CVE-2012-5485 [ Restricted Python injection ]
 	RESERVED
+	- zope2.12 <unfixed> (bug #692899)
+	NOTE: https://plone.org/products/plone/security/advisories/20121106/01
 CVE-2012-5484
 	RESERVED
 CVE-2012-5483

More information about the Secure-testing-commits mailing list