[Secure-testing-commits] r20501 - data/CVE

Fri Nov 16 21:14:20 UTC 2012

Author: joeyh
Date: 2012-11-16 21:14:20 +0000 (Fri, 16 Nov 2012)
New Revision: 20501

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-11-16 10:39:54 UTC (rev 20500)
+++ data/CVE/list	2012-11-16 21:14:20 UTC (rev 20501)
@@ -1,3 +1,29 @@
+CVE-2012-5884 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 ...)
+	TODO: check
+CVE-2012-5883 (Cross-site scripting (XSS) vulnerability in the Flash component ...)
+	TODO: check
+CVE-2012-5882 (Cross-site scripting (XSS) vulnerability in the Flash component ...)
+	TODO: check
+CVE-2012-5881 (Cross-site scripting (XSS) vulnerability in the Flash component ...)
+	TODO: check
+CVE-2012-5880
+	RESERVED
+CVE-2012-5879
+	RESERVED
+CVE-2012-5878
+	RESERVED
+CVE-2012-5877
+	RESERVED
+CVE-2012-5876
+	RESERVED
+CVE-2012-5875
+	RESERVED
+CVE-2012-5874
+	RESERVED
+CVE-2012-5873
+	RESERVED
+CVE-2012-5872
+	RESERVED
 CVE-2012-5871
 	RESERVED
 CVE-2012-5870
@@ -210,8 +236,8 @@
 	RESERVED
 CVE-2012-5778
 	RESERVED
-CVE-2012-5777
-	RESERVED
+CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in the ...)
+	TODO: check
 CVE-2012-5776
 	RESERVED
 CVE-2012-5775
@@ -774,12 +800,10 @@
 CVE-2012-5524
 	RESERVED
 	- gajim <unfixed> (bug #693282)
-CVE-2012-5523 [mantis: information disclosure]
-	RESERVED
+CVE-2012-5523 (core/email_api.php in MantisBT before 1.2.12 does not properly manage ...)
 	- mantis <unfixed> (bug #693283)
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=14704
-CVE-2012-5522 [mantis: information disclosure]
-	RESERVED
+CVE-2012-5522 (MantisBT before 1.2.12 does not use an expected default value during ...)
 	- mantis <unfixed> (bug #693283)
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=14496
 CVE-2012-5521
@@ -937,7 +961,7 @@
 	RESERVED
 	- horizon <not-affected> (File is installed with 0700 perms in Debian)
 CVE-2012-5475 [YUI 2.x security issue regarding embedded SWF files]
-	RESERVED
+	REJECTED
 	- yui <unfixed> (bug #692434)
 	- yui3 <not-affected>
 	NOTE: http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/
@@ -3104,10 +3128,10 @@
 	RESERVED
 CVE-2012-4614
 	RESERVED
-CVE-2012-4613
-	RESERVED
-CVE-2012-4612
-	RESERVED
+CVE-2012-4613 (EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 ...)
+	TODO: check
+CVE-2012-4612 (Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection ...)
+	TODO: check
 CVE-2012-4611
 	RESERVED
 CVE-2012-4610 (EMC Avamar Client for VMware 6.1 stores the cleartext server root ...)
@@ -4358,17 +4382,14 @@
 	RESERVED
 CVE-2012-4200
 	RESERVED
-CVE-2012-4199
-	RESERVED
+CVE-2012-4199 (template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before ...)
 	- bugzilla <removed> (low)
 	[squeeze] - bugzilla <no-dsa> (Minor issue)
 	- bugzilla4 <itp> (bug #669643)
-CVE-2012-4198
-	RESERVED
+CVE-2012-4198 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x ...)
 	- bugzilla <not-affected> (Only affects 3.7 onwards)
 	- bugzilla4 <itp> (bug #669643)
-CVE-2012-4197
-	RESERVED
+CVE-2012-4197 (Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x ...)
 	- bugzilla <removed> (low)
 	[squeeze] - bugzilla <no-dsa> (Minor issue)
 	- bugzilla4 <itp> (bug #669643)
@@ -4408,8 +4429,7 @@
 	- iceweasel <not-affected> (Doesn't affect ESR series)
 CVE-2012-4190 (The FT2FontEntry::CreateFontEntry function in FreeType, as used in the ...)
 	- iceweasel <not-affected> (Only affects Firefox Mobile)
-CVE-2012-4189
-	RESERVED
+CVE-2012-4189 (Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x ...)
 	- bugzilla <not-affected> (Only affects 4.1 onwards)
 	- bugzilla4 <itp> (bug #669643)
 CVE-2012-4188 (Heap-based buffer overflow in the Convolve3x3 function in Mozilla ...)


