[Secure-testing-commits] r20482 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Nov 13 21:14:27 UTC 2012


Author: joeyh
Date: 2012-11-13 21:14:27 +0000 (Tue, 13 Nov 2012)
New Revision: 20482

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-11-13 14:44:31 UTC (rev 20481)
+++ data/CVE/list	2012-11-13 21:14:27 UTC (rev 20482)
@@ -1,4 +1,25 @@
+CVE-2012-5859
+	RESERVED
+CVE-2012-5858
+	RESERVED
+CVE-2012-5857
+	RESERVED
+CVE-2012-5856
+	RESERVED
+CVE-2012-5855
+	RESERVED
+CVE-2012-5853
+	RESERVED
+CVE-2012-5852
+	RESERVED
+CVE-2012-5851
+	RESERVED
+CVE-2012-5850
+	RESERVED
+CVE-2012-5849
+	RESERVED
 CVE-2012-5854
+	RESERVED
 	- weechat 0.3.9.1-1 (bug #693026)
 	[squeeze] - weechat <not-affected> (Vulnerable code not present)
 CVE-2012-5848
@@ -43,8 +64,8 @@
 	RESERVED
 CVE-2012-5828
 	RESERVED
-CVE-2012-5827
-	RESERVED
+CVE-2012-5827 (Joomla! 2.5.x before 2.5.8 allows remote attackers to conduct ...)
+	TODO: check
 CVE-2012-5826
 	RESERVED
 CVE-2011-5243 (TwitterOAuth does not verify that the server hostname matches a domain ...)
@@ -371,8 +392,7 @@
 	RESERVED
 CVE-2012-5674
 	RESERVED
-CVE-2012-5673
-	RESERVED
+CVE-2012-5673 (Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-5235 (SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote ...)
 	NOT-FOR-US: mnoGoSearch
@@ -854,8 +874,7 @@
 	RESERVED
 CVE-2012-5483
 	RESERVED
-CVE-2012-5482
-	RESERVED
+CVE-2012-5482 (The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex ...)
 	- glance 2012.1.1-3 (bug #692641)
 CVE-2012-5481
 	RESERVED
@@ -1312,14 +1331,11 @@
 CVE-2012-XXXX [gunicorn fails to drop supplemental groups]
 	- gunicorn 0.14.5-3 (low)
 	[squeeze] - gunicorn <no-dsa> (Minor issue)
-CVE-2012-5287
-	RESERVED
+CVE-2012-5287 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2012-5286
-	RESERVED
+CVE-2012-5286 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2012-5285
-	RESERVED
+CVE-2012-5285 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2012-5284
 	RESERVED
@@ -2233,8 +2249,7 @@
 	RESERVED
 CVE-2012-4885 (The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x ...)
 	- mediawiki 1:1.19.0-1 (low)
-CVE-2012-4884
-	RESERVED
+CVE-2012-4884 (Argument injection vulnerability in Request Tracker (RT) 3.8.x before ...)
 	{DSA-2567-1}
 	- request-tracker3.8 <removed>
 	- request-tracker4 4.0.7-2
@@ -2755,25 +2770,21 @@
 	{DSA-2567-1}
 	- request-tracker3.8 <removed>
 	- request-tracker4 4.0.7-2
-CVE-2012-4734
-	RESERVED
+CVE-2012-4734 (Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows ...)
 	{DSA-2567-1}
 	- request-tracker3.8 <removed>
 	- request-tracker4 4.0.7-2
 CVE-2012-4733
 	RESERVED
-CVE-2012-4732
-	RESERVED
+CVE-2012-4732 (Cross-site request forgery (CSRF) vulnerability in Request Tracker ...)
 	{DSA-2567-1}
 	- request-tracker3.8 <removed>
 	- request-tracker4 4.0.7-2
-CVE-2012-4731
-	RESERVED
+CVE-2012-4731 (FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly ...)
 	{DSA-2568-1}
 	- rtfm <removed>
 	- request-tracker4 4.0.7-2
-CVE-2012-4730
-	RESERVED
+CVE-2012-4730 (Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows ...)
 	{DSA-2567-1}
 	- request-tracker3.8 <removed>
 	- request-tracker4 4.0.7-2
@@ -3295,8 +3306,7 @@
 	- pgbouncer 1.5.2-4
 CVE-2012-4574
 	RESERVED
-CVE-2012-4573
-	RESERVED
+CVE-2012-4573 (The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex ...)
 	- glance 2012.1.1-2 (bug #692641)
 CVE-2012-4572
 	RESERVED
@@ -3323,8 +3333,7 @@
 	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <removed>
-CVE-2012-4564 [ppm2tiff heap overflow]
-	RESERVED
+CVE-2012-4564 (ppm2tiff does not check the return value of the TIFFScanlineSize ...)
 	- tiff <unfixed> (bug #692345)
 	- tiff3 <not-affected> (The tiff-tools package is only built from the tiff source package)
 CVE-2012-4563
@@ -3348,13 +3357,11 @@
 	RESERVED
 CVE-2012-4555
 	RESERVED
-CVE-2012-4554
-	RESERVED
+CVE-2012-4554 (The OpenID module in Drupal 7.x before 7.16 allows remote OpenID ...)
 	- drupal7 7.14-1.1 (bug #690817)
 	- drupal6 <not-affected> (according to upstream)
 	NOTE: http://drupal.org/node/1815912
-CVE-2012-4553
-	RESERVED
+CVE-2012-4553 (Drupal 7.x before 7.16 allows remote attackers to obtain sensitive ...)
 	- drupal7 7.14-1.1 (bug #690817)
 	- drupal6 <not-affected> (according to upstream)
 	NOTE: http://drupal.org/node/1815912
@@ -3369,8 +3376,7 @@
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
 CVE-2012-4549
 	RESERVED
-CVE-2012-4548
-	RESERVED
+CVE-2012-4548 (Argument injection vulnerability in syntax-highlighting.sh in cgit ...)
 	- cgit <itp> (bug #515793)
 CVE-2012-4547 (Unspecified vulnerability in awredir.pl in AWStats before 7.1 has ...)
 	- awstats <not-affected>
@@ -3388,8 +3394,7 @@
 	RESERVED
 CVE-2012-4541
 	RESERVED
-CVE-2012-4540 [IcedTea-Web: buffer overflow in IcedTeaScriptableJavaObject::invoke.]
-	RESERVED
+CVE-2012-4540 (Off-by-one error in the invoke function in ...)
 	- icedtea-web 1.3.1-1 (bug #692608)
 	NOTE: http://seclists.org/oss-sec/2012/q4/237
 CVE-2012-4539
@@ -3454,7 +3459,7 @@
 	- ruby1.8 <not-affected> (Only affects 1.9.x, see bug #690670)
 	- ruby1.9.1 1.9.3.194-3 (bug #690670)
 CVE-2012-4521 [rejected dupe assignment]
-	RESERVED
+	REJECTED
 CVE-2012-4520
 	RESERVED
 	- python-django 1.4.2-1 (bug #691145)
@@ -3469,18 +3474,15 @@
 	- librdmacm 1.0.16-1 (bug #690672)
 	[squeeze] - librdmacm <not-affected> (Introduced in 1.0.12)
 	[wheezy] - librdmacm 1.0.15-1+deb7u1
-CVE-2012-4515
-	RESERVED
+CVE-2012-4515 (Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in ...)
 	- kdebase <removed> (unimportant)
 	- kde-baseapps <unfixed> (unimportant)
 	NOTE: Konqueror not supported security-wise
-CVE-2012-4514
-	RESERVED
+CVE-2012-4514 (rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows ...)
 	- kdebase <removed> (unimportant)
 	- kde-baseapps <unfixed> (unimportant)
 	NOTE: Konqueror not supported security-wise
-CVE-2012-4513
-	RESERVED
+CVE-2012-4513 (khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows ...)
 	- kdebase <removed> (unimportant)
 	- kde-baseapps <unfixed> (unimportant)
 	NOTE: Konqueror not supported security-wise
@@ -3511,12 +3513,10 @@
 	- gitolite <not-affected> (Only affects 3.x releases)
 	NOTE: https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion
 	NOTE: https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2
-CVE-2012-4505
-	RESERVED
+CVE-2012-4505 (Heap-based buffer overflow in the px_pac_reload function in lib/pac.c ...)
 	{DSA-2571-1}
 	- libproxy 0.3.1-5.1 (bug #690376)
-CVE-2012-4504
-	RESERVED
+CVE-2012-4504 (Stack-based buffer overflow in the url::get_pac function in url.cpp in ...)
 	- libproxy <not-affected> (Vulnerable code not present)
 	NOTE: 0.4-only issue, fixed in newest upstream 0.4.9
 CVE-2012-4503
@@ -5424,22 +5424,22 @@
 	RESERVED
 CVE-2012-3759
 	RESERVED
-CVE-2012-3758
-	RESERVED
-CVE-2012-3757
-	RESERVED
-CVE-2012-3756
-	RESERVED
-CVE-2012-3755
-	RESERVED
-CVE-2012-3754
-	RESERVED
-CVE-2012-3753
-	RESERVED
-CVE-2012-3752
-	RESERVED
-CVE-2012-3751
-	RESERVED
+CVE-2012-3758 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote ...)
+	TODO: check
+CVE-2012-3757 (Apple QuickTime before 7.7.3 allows remote attackers to execute ...)
+	TODO: check
+CVE-2012-3756 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote ...)
+	TODO: check
+CVE-2012-3755 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote ...)
+	TODO: check
+CVE-2012-3754 (Use-after-free vulnerability in the Clear method in the ActiveX ...)
+	TODO: check
+CVE-2012-3753 (Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows ...)
+	TODO: check
+CVE-2012-3752 (Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote ...)
+	TODO: check
+CVE-2012-3751 (Use-after-free vulnerability in the plugin in Apple QuickTime before ...)
+	TODO: check
 CVE-2012-3750 (The Passcode Lock implementation in Apple iOS before 6.0.1 does not ...)
 	NOT-FOR-US: iOS
 CVE-2012-3749 (The extensions APIs in the kernel in Apple iOS before 6.0.1 provide ...)
@@ -5920,8 +5920,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=697105
 	NOTE: http://stealth.openwall.net/null/dzug.c
-CVE-2012-3523 [inn prone to STARTTLS plaintext command injection]
-	RESERVED
+CVE-2012-3523 (The STARTTLS implementation in nnrpd in INN before 2.5.3 does not ...)
 	- inn <not-affected> (STARTTLS was introduced in 2.3, see bug #685581)
 	- inn2 2.5.3-1 (bug #685581)
 CVE-2012-3522 [geshi XSS in contrib/langwiz.php]
@@ -8520,8 +8519,8 @@
 	RESERVED
 CVE-2012-2456
 	RESERVED
-CVE-2012-2455
-	RESERVED
+CVE-2012-2455 (Advanced Productivity Software DTE Axiom before 12.3.3 does not ...)
+	TODO: check
 CVE-2012-2454
 	RESERVED
 CVE-2012-2453
@@ -10258,14 +10257,14 @@
 	NOT-FOR-US: DeltaV (SCADA system) not in Debian
 CVE-2012-1814 (Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV ...)
 	NOT-FOR-US: DeltaV (SCADA system) not in Debian
-CVE-2012-1813
-	RESERVED
-CVE-2012-1812
-	RESERVED
-CVE-2012-1811
-	RESERVED
-CVE-2012-1810
-	RESERVED
+CVE-2012-1813 (eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows ...)
+	TODO: check
+CVE-2012-1812 (eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows ...)
+	TODO: check
+CVE-2012-1811 (EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote ...)
+	TODO: check
+CVE-2012-1810 (EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote ...)
+	TODO: check
 CVE-2012-1809 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, ...)
 	NOT-FOR-US: Koyo ECOM
 CVE-2012-1808 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, ...)
@@ -25480,8 +25479,8 @@
 	NOT-FOR-US: IBM WebSphere
 CVE-2011-1375 (IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and ...)
 	NOT-FOR-US: IBM AIX
-CVE-2011-1374
-	RESERVED
+CVE-2011-1374 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote ...)
+	TODO: check
 CVE-2011-1373 (Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the ...)
 	NOT-FOR-US: IBM DB2
 CVE-2011-1372 (The Web User Interface on the IBM TS3100 and TS3200 tape libraries ...)




More information about the Secure-testing-commits mailing list