[Secure-testing-commits] r20521 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Nov 20 21:14:24 UTC 2012 

Author: joeyh
Date: 2012-11-20 21:14:24 +0000 (Tue, 20 Nov 2012)
New Revision: 20521

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-11-20 15:36:45 UTC (rev 20520)
+++ data/CVE/list	2012-11-20 21:14:24 UTC (rev 20521)
@@ -1,3 +1,5 @@
+CVE-2012-5920 (Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) ...)
+	TODO: check
 CVE-2012-5919 (Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 ...)
 	NOT-FOR-US: havalite
 CVE-2012-5918 (razorCMS 1.2 allows remote authenticated users to access administrator ...)
@@ -463,8 +465,8 @@
 	NOT-FOR-US: Drupal addon not packaged in Debian
 CVE-2012-5704 (The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote ...)
 	NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2012-5703
-	RESERVED
+CVE-2012-5703 (The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers ...)
+	TODO: check
 CVE-2012-5702
 	RESERVED
 CVE-2012-5701
@@ -523,8 +525,8 @@
 	RESERVED
 CVE-2012-5675
 	RESERVED
-CVE-2012-5674
-	RESERVED
+CVE-2012-5674 (Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when ...)
+	TODO: check
 CVE-2012-5673 (Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-5235 (SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote ...)
@@ -862,8 +864,7 @@
 CVE-2012-5530
 	RESERVED
 	- pcp <unfixed>
-CVE-2012-5529
-	RESERVED
+CVE-2012-5529 (TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, ...)
 	- firebird2.5 <unfixed> (bug #693210)
 CVE-2012-5528
 	RESERVED
@@ -895,8 +896,7 @@
 CVE-2012-5520
 	RESERVED
 	NOT-FOR-US: OpenVAS Manager
-CVE-2012-5519 [Privilege escalation (lpadmin -> root) in cups]
-	RESERVED
+CVE-2012-5519 (CUPS 1.4.4, when running in certain Linux distributions such as Debian ...)
 	- cups <unfixed> (bug #692791)
 	NOTE: http://seclists.org/oss-sec/2012/q4/253
 CVE-2012-5518
@@ -3499,8 +3499,7 @@
 CVE-2012-4567 [multiple xss in 3.3.8]
 	RESERVED
 	- letodms 3.3.9+dfsg-1
-CVE-2012-4566
-	RESERVED
+CVE-2012-4566 (The DTLS support in radsecproxy before 1.6.2 does not properly verify ...)
 	{DSA-2573-1}
 	- radsecproxy 1.6.2-1
 CVE-2012-4565
@@ -3511,8 +3510,7 @@
 	{DSA-2575-1}
 	- tiff3 <not-affected> (The tiff-tools package is only built from the tiff source package)
 	- tiff 4.0.2-5 (bug #692345)
-CVE-2012-4563
-	RESERVED
+CVE-2012-4563 (Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) ...)
 	- gwt <unfixed> (bug #691900)
 	[squeeze] - gwt <not-affected> (Vulnerable code not present)
 CVE-2012-4562
@@ -3623,8 +3621,7 @@
 CVE-2012-4524 [xlockmore bypass]
 	RESERVED
 	- xlockmore <removed> (low)
-CVE-2012-4523
-	RESERVED
+CVE-2012-4523 (radsecproxy before 1.6.1 does not properly verify certificates when ...)
 	{DSA-2573-1}
 	- radsecproxy 1.6.2-1
 CVE-2012-4522 [ruby Unintentional file creation caused by inserting a illegal NUL character]
@@ -3666,8 +3663,7 @@
 CVE-2012-4511 (services/flickr/flickr.c in libsocialweb before 0.25.21 automatically ...)
 	- libsocialweb <unfixed> (low; bug #690675)
 	[wheezy] - libsocialweb <no-dsa> (Minor issue)
-CVE-2012-4510 [cups-pk-helper cupsGetFile/cupsPutFile]
-	RESERVED
+CVE-2012-4510 (cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile ...)
 	{DSA-2562-1}
 	- cups-pk-helper 0.2.3-1
 CVE-2012-4509
@@ -4092,8 +4088,8 @@
 	RESERVED
 CVE-2012-4367
 	RESERVED
-CVE-2012-4366
-	RESERVED
+CVE-2012-4366 (Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model ...)
+	TODO: check
 CVE-2012-4365
 	RESERVED
 CVE-2012-4364
@@ -6667,8 +6663,7 @@
 	- rhythmbox 2.97-2.1 (bug #616673)
 	NOTE: Upstream bug report https://bugzilla.gnome.org/show_bug.cgi?id=678661
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835076
-CVE-2012-3354 [Full path disclosure in DokuWiki]
-	RESERVED
+CVE-2012-3354 (doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain ...)
 	- dokuwiki <unfixed> (unimportant)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/06/24/2
 CVE-2012-3353
@@ -8374,7 +8369,7 @@
 CVE-2012-2616
 	RESERVED
 CVE-2012-2615
-	RESERVED
+	REJECTED
 CVE-2012-2614 (Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 ...)
 	NOT-FOR-US: Lattice Diamond Programmer
 CVE-2012-2613
@@ -8426,7 +8421,7 @@
 CVE-2012-2590 (Multiple cross-site scripting (XSS) vulnerabilities in ESCON ...)
 	NOT-FOR-US: ESCON SupportPortal Professional Edition
 CVE-2012-2589
-	RESERVED
+	REJECTED
 CVE-2012-2588
 	RESERVED
 CVE-2012-2587 (Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic ...)
@@ -16076,8 +16071,7 @@
 	[squeeze] - xorg 1:7.5+8+squeeze1
 	[lenny] - xorg <no-dsa> (potential privilege handling weakness, no known attack vector)
 	NOTE: http://anonscm.debian.org/gitweb/?p=pkg-xorg/debian/xorg.git;a=commitdiff;h=e81b3943be75ca6674867fc7756905490e979522
-CVE-2011-4612
-	RESERVED
+CVE-2011-4612 (icecast before 2.3.3 allows remote attackers to inject control ...)
 	- icecast2 2.3.3-1 (bug #652663)
 	[lenny] - icecast2 <no-dsa> (Minor issue)
 	[squeeze] - icecast2 <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list