[Secure-testing-commits] r20553 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Nov 26 21:14:18 UTC 2012
Author: joeyh
Date: 2012-11-26 21:14:18 +0000 (Mon, 26 Nov 2012)
New Revision: 20553
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-11-26 19:43:32 UTC (rev 20552)
+++ data/CVE/list 2012-11-26 21:14:18 UTC (rev 20553)
@@ -1,3 +1,207 @@
+CVE-2012-6037 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x ...)
+ TODO: check
+CVE-2012-6036 (The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) ...)
+ TODO: check
+CVE-2012-6035 (The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in ...)
+ TODO: check
+CVE-2012-6034 (The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv ...)
+ TODO: check
+CVE-2012-6033 (The do_tmem_control function in the Transcendent Memory (TMEM) in Xen ...)
+ TODO: check
+CVE-2012-6032 (Multiple integer overflows in the (1) tmh_copy_from_client and (2) ...)
+ TODO: check
+CVE-2012-6031 (The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, ...)
+ TODO: check
+CVE-2012-6030 (The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, ...)
+ TODO: check
+CVE-2012-6029
+ RESERVED
+CVE-2012-6028
+ RESERVED
+CVE-2012-6027
+ RESERVED
+CVE-2012-6026
+ RESERVED
+CVE-2012-6025
+ RESERVED
+CVE-2012-6024
+ RESERVED
+CVE-2012-6023
+ RESERVED
+CVE-2012-6022
+ RESERVED
+CVE-2012-6021
+ RESERVED
+CVE-2012-6020
+ RESERVED
+CVE-2012-6019
+ RESERVED
+CVE-2012-6018
+ RESERVED
+CVE-2012-6017
+ RESERVED
+CVE-2012-6016
+ RESERVED
+CVE-2012-6015
+ RESERVED
+CVE-2012-6014
+ RESERVED
+CVE-2012-6013
+ RESERVED
+CVE-2012-6012
+ RESERVED
+CVE-2012-6011
+ RESERVED
+CVE-2012-6010
+ RESERVED
+CVE-2012-6009
+ RESERVED
+CVE-2012-6008
+ RESERVED
+CVE-2012-6007
+ RESERVED
+CVE-2012-6006
+ RESERVED
+CVE-2012-6005
+ RESERVED
+CVE-2012-6004
+ RESERVED
+CVE-2012-6003
+ RESERVED
+CVE-2012-6002
+ RESERVED
+CVE-2012-6001
+ RESERVED
+CVE-2012-6000
+ RESERVED
+CVE-2012-5999
+ RESERVED
+CVE-2012-5998
+ RESERVED
+CVE-2012-5997
+ RESERVED
+CVE-2012-5996
+ RESERVED
+CVE-2012-5995
+ RESERVED
+CVE-2012-5994
+ RESERVED
+CVE-2012-5993
+ RESERVED
+CVE-2012-5992
+ RESERVED
+CVE-2012-5991
+ RESERVED
+CVE-2012-5990
+ RESERVED
+CVE-2012-5989
+ RESERVED
+CVE-2012-5988
+ RESERVED
+CVE-2012-5987
+ RESERVED
+CVE-2012-5986
+ RESERVED
+CVE-2012-5985
+ RESERVED
+CVE-2012-5984
+ RESERVED
+CVE-2012-5983
+ RESERVED
+CVE-2012-5982
+ RESERVED
+CVE-2012-5981
+ RESERVED
+CVE-2012-5980
+ RESERVED
+CVE-2012-5978
+ RESERVED
+CVE-2012-5977
+ RESERVED
+CVE-2012-5976
+ RESERVED
+CVE-2012-5975
+ RESERVED
+CVE-2012-5974
+ RESERVED
+CVE-2012-5973
+ RESERVED
+CVE-2012-5972
+ RESERVED
+CVE-2012-5971
+ RESERVED
+CVE-2012-5970
+ RESERVED
+CVE-2012-5969
+ RESERVED
+CVE-2012-5968
+ RESERVED
+CVE-2012-5967
+ RESERVED
+CVE-2012-5966
+ RESERVED
+CVE-2012-5965
+ RESERVED
+CVE-2012-5964
+ RESERVED
+CVE-2012-5963
+ RESERVED
+CVE-2012-5962
+ RESERVED
+CVE-2012-5961
+ RESERVED
+CVE-2012-5960
+ RESERVED
+CVE-2012-5959
+ RESERVED
+CVE-2012-5958
+ RESERVED
+CVE-2012-5957
+ RESERVED
+CVE-2012-5956
+ RESERVED
+CVE-2012-5955
+ RESERVED
+CVE-2012-5954
+ RESERVED
+CVE-2012-5953
+ RESERVED
+CVE-2012-5952
+ RESERVED
+CVE-2012-5951
+ RESERVED
+CVE-2012-5950
+ RESERVED
+CVE-2012-5949
+ RESERVED
+CVE-2012-5948
+ RESERVED
+CVE-2012-5947
+ RESERVED
+CVE-2012-5946
+ RESERVED
+CVE-2012-5945
+ RESERVED
+CVE-2012-5944
+ RESERVED
+CVE-2012-5943
+ RESERVED
+CVE-2012-5942
+ RESERVED
+CVE-2012-5941
+ RESERVED
+CVE-2012-5940
+ RESERVED
+CVE-2012-5939
+ RESERVED
+CVE-2012-5938
+ RESERVED
+CVE-2012-5937
+ RESERVED
+CVE-2012-5936
+ RESERVED
+CVE-2011-5245 (The readFrom function in providers.jaxb.JAXBXmlTypeProvider in ...)
+ TODO: check
CVE-2012-XXXX [phpcas curl usage]
- php-case <unfixed>
NOTE: https://github.com/Jasig/phpCAS/pull/58
@@ -118,6 +322,7 @@
- tomcat6 6.0.35-5+nmu1 (bug #692439)
- tomcat7 7.0.28-3+nmu1 (bug #692440)
CVE-2011-5244 (Multiple off-by-one errors in the (1) token and (2) linetoken ...)
+ {DSA-2357-1}
- evince 2.32.0-1
NOTE: This issue was already fixed in DSA-2357-1 by shipping the correct fix from the start
CVE-2012-5884 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 ...)
@@ -165,14 +370,14 @@
RESERVED
CVE-2012-5865
RESERVED
-CVE-2012-5864
- RESERVED
-CVE-2012-5863
- RESERVED
-CVE-2012-5862
- RESERVED
-CVE-2012-5861
- RESERVED
+CVE-2012-5864 (The management web pages on the Sinapsi eSolar Light Photovoltaic ...)
+ TODO: check
+CVE-2012-5863 (ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka ...)
+ TODO: check
+CVE-2012-5862 (login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka ...)
+ TODO: check
+CVE-2012-5861 (Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light ...)
+ TODO: check
CVE-2012-5860 (Unspecified vulnerability on Oberthur ID-One COSMO 5.2, 5.2a, and 64 ...)
NOT-FOR-US: ID-One COSMO
CVE-2012-XXXX [xscreensaver lock bypass]
@@ -422,14 +627,14 @@
RESERVED
CVE-2012-5760
RESERVED
-CVE-2012-5759
- RESERVED
-CVE-2012-5758
- RESERVED
+CVE-2012-5759 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...)
+ TODO: check
+CVE-2012-5758 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...)
+ TODO: check
CVE-2012-5757
RESERVED
-CVE-2012-5756
- RESERVED
+CVE-2012-5756 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...)
+ TODO: check
CVE-2012-5755
RESERVED
CVE-2012-5754
@@ -932,8 +1137,7 @@
CVE-2012-5534
RESERVED
- weechat <unfixed>
-CVE-2012-5533
- RESERVED
+CVE-2012-5533 (The http_request_split_value function in request.c in lighttpd 1.4.32 ...)
- lighttpd 1.4.31-2
[squeeze] - lighttpd <not-affected> (Introduced in 1.4.31)
CVE-2012-5532
@@ -951,8 +1155,7 @@
RESERVED
- claws-mail-extra-plugins 3.8.1-2 (unimportant; bug #693391)
NOTE: More of a plain bug than a security vulnerability
-CVE-2012-5526 [libcgi-pm-perl: newline injection]
- RESERVED
+CVE-2012-5526 (CGI.pm module before 3.63 for Perl does not properly escape newlines ...)
- perl <unfixed> (bug #693420)
- libcgi-pm-perl 3.61-2 (bug #693421)
NOTE: http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
@@ -972,8 +1175,7 @@
CVE-2012-5521
RESERVED
- quagga <unfixed> (bug #693102)
-CVE-2012-5520
- RESERVED
+CVE-2012-5520 (The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x ...)
NOT-FOR-US: OpenVAS Manager
CVE-2012-5519 (CUPS 1.4.4, when running in certain Linux distributions such as Debian ...)
- cups <unfixed> (bug #692791)
@@ -1807,8 +2009,8 @@
RESERVED
CVE-2012-5174
RESERVED
-CVE-2012-5173
- RESERVED
+CVE-2012-5173 (Session fixation vulnerability in BIGACE before 2.7.8 allows remote ...)
+ TODO: check
CVE-2012-5172 (The Asial Monaca Debugger application before 1.4.2 for Android allows ...)
NOT-FOR-US: Asial Monaca Debugger
CVE-2012-5171 (Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows ...)
@@ -3469,10 +3671,10 @@
NOT-FOR-US: Websense Web Security
CVE-2012-4603
RESERVED
-CVE-2012-4602
- RESERVED
-CVE-2012-4601
- RESERVED
+CVE-2012-4602 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2012-4601 (Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before ...)
+ TODO: check
CVE-2012-4600 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
- otrs2 3.1.7+dfsg1-5
CVE-2011-5102 (The Investigative Reports web interface in the TRITON management ...)
@@ -3653,21 +3855,16 @@
CVE-2012-4540 (Off-by-one error in the invoke function in ...)
- icedtea-web 1.3.1-1 (bug #692608)
NOTE: http://seclists.org/oss-sec/2012/q4/237
-CVE-2012-4539
- RESERVED
+CVE-2012-4539 (Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit ...)
- xen 4.1.3-4
-CVE-2012-4538
- RESERVED
+CVE-2012-4538 (The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not ...)
- xen 4.1.3-4
-CVE-2012-4537
- RESERVED
+CVE-2012-4537 (Xen 3.4 through 4.2, and possibly earlier versions, does not properly ...)
- xen 4.1.3-4
-CVE-2012-4536
- RESERVED
+CVE-2012-4536 (The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in ...)
- xen 4.1.3-4
[squeeze] - xen <not-affected> (Only affects 4.1.x)
-CVE-2012-4535
- RESERVED
+CVE-2012-4535 (Xen 3.4 through 4.2, and possibly earlier versions, allows local guest ...)
- xen 4.1.3-4
CVE-2012-4534
RESERVED
@@ -3689,8 +3886,7 @@
RESERVED
- modsecurity-apache 2.6.6-5 (bug #691146)
- libapache-mod-security <removed>
-CVE-2012-4527
- RESERVED
+CVE-2012-4527 (Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows ...)
- mcrypt 2.6.8-1.3 (bug #690924)
NOTE: patch proposed by submitter at RH bugzilla is incorrect
CVE-2012-4526 [XSS in password.php, incomplete fix for CVE-2012-4525]
@@ -3708,8 +3904,7 @@
CVE-2012-4523 (radsecproxy before 1.6.1 does not properly verify certificates when ...)
{DSA-2573-1}
- radsecproxy 1.6.2-1
-CVE-2012-4522 [ruby Unintentional file creation caused by inserting a illegal NUL character]
- RESERVED
+CVE-2012-4522 (The rb_get_path_check function in file.c in Ruby 1.9.3 before ...)
- ruby1.8 <not-affected> (Only affects 1.9.x, see bug #690670)
- ruby1.9.1 1.9.3.194-3 (bug #690670)
CVE-2012-4521 [rejected dupe assignment]
@@ -3984,8 +4179,7 @@
NOTE: I don't see much of a problem here, if you install from a repo, you need to trust it
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=684215
NOTE: As far as I can see there is still a yes/no prompt for the user. I suggest unfixed unimportant. -- helmut
-CVE-2012-4426
- RESERVED
+CVE-2012-4426 (Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier ...)
- mcrypt 2.6.8-1.1
[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)
CVE-2012-4425 (libgio, when used in setuid or other privileged programs in spice-gtk ...)
@@ -4036,13 +4230,11 @@
CVE-2012-4412 [strcoll int->buffer overflow]
RESERVED
- eglibc <unfixed> (bug #687530)
-CVE-2012-4411
- RESERVED
+CVE-2012-4411 (The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest ...)
{DSA-2543-1}
- xen 4.1.3-2
- xen-qemu-dm-4.0 <removed>
-CVE-2012-4409
- RESERVED
+CVE-2012-4409 (Stack-based buffer overflow in the check_file_head function in extra.c ...)
- mcrypt 2.6.8-1.1
[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)
NOTE: http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html
@@ -6226,11 +6418,9 @@
- tor 0.2.3.20-rc-1 (low)
CVE-2012-3517 (Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might ...)
- tor 0.2.3.20-rc-1 (low)
-CVE-2012-3516
- RESERVED
+CVE-2012-3516 (The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall ...)
- xen <not-affected> (Only affects >= 4.2)
-CVE-2012-3515 [Qemu VT100 emulation vulnerability]
- RESERVED
+CVE-2012-3515 (Qemu, as used in Xen 4.0, 4.1 and possibly other products, when ...)
{DSA-2545-1 DSA-2543-1 DSA-2542-1}
- xen 4.1.3-2 (bug #686764)
[squeeze] - xen <not-affected> (Vulnerable code not present)
@@ -6239,13 +6429,11 @@
- qemu-kvm 1.1.2+dfsg-1
CVE-2012-3514 (OCaml Xml-Light Library before r234 computes hash values without ...)
- xml-light 2.2-15 (bug #685584)
-CVE-2012-3513 [remote execution as www-data]
- RESERVED
+CVE-2012-3513 (munin-cgi-graph in Munin before 2.0.6, when running as a CGI module ...)
- munin 2.0.6-1 (bug #684076)
[squeeze] - munin <not-affected> (vulnerable code introduced in 2.x)
NOTE: http://www.munin-monitoring.org/ticket/1238
-CVE-2012-3512 [local privilege escalation munin to root]
- RESERVED
+CVE-2012-3512 (Munin before 2.0.6 stores plugin state files that run as root in the ...)
- munin 2.0.6-1 (bug #684075)
NOTE: http://www.munin-monitoring.org/ticket/1234
CVE-2012-3511 (Multiple race conditions in the madvise_remove function in ...)
@@ -6289,23 +6477,18 @@
- devscripts 2.12.2
CVE-2012-3499
RESERVED
-CVE-2012-3498 [PHYSDEVOP_map_pirq index vulnerability]
- RESERVED
+CVE-2012-3498 (PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and ...)
- xen 4.1.3-2 (bug #686764)
[squeeze] - xen <not-affected> (Vulnerable code not present)
-CVE-2012-3497 [multiple TMEM hypercall vulnerabilities]
- RESERVED
+CVE-2012-3497 ((1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) ...)
- xen <unfixed> (bug #686764)
-CVE-2012-3496 [XENMEM_populate_physmap DoS vulnerability]
- RESERVED
+CVE-2012-3496 (XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer ...)
{DSA-2544-1}
- xen 4.1.3-2 (bug #686764)
-CVE-2012-3495 [hypercall physdev_get_free_pirq vulnerability]
- RESERVED
+CVE-2012-3495 (The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x ...)
- xen 4.1.3-2 (bug #686764)
[squeeze] - xen <not-affected> (Vulnerable code not present)
-CVE-2012-3494 [hypercall set_debugreg vulnerability]
- RESERVED
+CVE-2012-3494 (The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, ...)
{DSA-2544-1}
- xen 4.1.3-2 (bug #686764)
CVE-2012-3493 (The command_give_request_ad function in condor_startd.V6/command.cpp ...)
@@ -6480,16 +6663,14 @@
NOTE: http://seclists.org/oss-sec/2012/q3/127
CVE-2012-3434 (Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php ...)
NOT-FOR-US: WordPress plugin Count Per Day
-CVE-2012-3433
- RESERVED
+CVE-2012-3433 (Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of ...)
{DSA-2531-1}
- xen 4.1.3-1 (bug #683279)
CVE-2012-3432 [XSA-10: HVM guest user mode MMIO emulation DoS vulnerability]
RESERVED
{DSA-2531-1}
- xen 4.1.3-1 (bug #683279)
-CVE-2012-3431
- RESERVED
+CVE-2012-3431 (The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss ...)
NOT-FOR-US: Teeid
CVE-2012-3430 (The rds_recvmsg function in net/rds/recv.c in the Linux kernel before ...)
- linux 3.2.29-1
@@ -8838,10 +9019,10 @@
NOT-FOR-US: TP-Link router
CVE-2012-2439 (The default configuration of the NETGEAR ProSafe FVS318N firewall ...)
NOT-FOR-US: NETGEAR appliance
-CVE-2012-2438
- RESERVED
-CVE-2012-2437
- RESERVED
+CVE-2012-2438 (ar web content manager (AWCM) 2.2 does not restrict the number of ...)
+ TODO: check
+CVE-2012-2437 (cookie_gen.php in ar web content manager (AWCM) 2.2 does not require ...)
+ TODO: check
CVE-2012-2436 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS ...)
NOT-FOR-US: Pligg
CVE-2012-2435 (Directory traversal vulnerability in the captcha module in Pligg CMS ...)
@@ -9114,8 +9295,7 @@
CVE-2012-2378
RESERVED
NOT-FOR-US: Apache CXF
-CVE-2012-2377
- RESERVED
+CVE-2012-2377 (JGroups diagnostics service in JBoss Enterprise Portal Platform before ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-2376 (Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and ...)
- php5 <not-affected> (Windows-specific vulnerability)
@@ -9441,8 +9621,8 @@
RESERVED
CVE-2012-2254
RESERVED
-CVE-2012-2253
- RESERVED
+CVE-2012-2253 (Cross-site scripting (XSS) vulnerability in group/members.php in ...)
+ TODO: check
CVE-2012-2252
RESERVED
CVE-2012-2251
@@ -9459,25 +9639,21 @@
[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u2
[squeeze] - isc-dhcp <not-affected> (CLIENT_PATH is not correctly defined)
NOTE: Debian-specific
-CVE-2012-2247
- RESERVED
+CVE-2012-2247 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 ...)
- mahara 1.5.1-3
NOTE: https://mahara.org/interaction/forum/topic.php?id=4938
NOTE: https://bugs.launchpad.net/mahara/+bug/1061980
-CVE-2012-2246
- RESERVED
+CVE-2012-2246 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote ...)
- mahara 1.5.1-3
NOTE: https://mahara.org/interaction/forum/topic.php?id=493
NOTE: https://bugs.launchpad.net/mahara/+bug/1057240
CVE-2012-2245
RESERVED
-CVE-2012-2244
- RESERVED
+CVE-2012-2244 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote ...)
- mahara 1.5.1-3
NOTE: https://mahara.org/interaction/forum/topic.php?id=4936
NOTE: https://bugs.launchpad.net/mahara/+bug/1057238
-CVE-2012-2243
- RESERVED
+CVE-2012-2243 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 ...)
- mahara 1.5.1-3
NOTE: https://mahara.org/interaction/forum/topic.php?id=4937
NOTE: https://bugs.launchpad.net/mahara/+bug/1055232
@@ -9491,8 +9667,7 @@
CVE-2012-2240 (scripts/dscverify.pl in devscripts before 2.12.3 allows remote ...)
{DSA-2549-1}
- devscripts 2.12.3
-CVE-2012-2239
- RESERVED
+CVE-2012-2239 (Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote ...)
- mahara 1.5.1-3
CVE-2012-2238
RESERVED
@@ -9556,8 +9731,8 @@
NOT-FOR-US: Disputed Squid access bypass, probably user error and minor impact anyway
CVE-2012-2212 (** DISPUTED ** McAfee Web Gateway 7.0 allows remote attackers to ...)
NOT-FOR-US: McAfee Web Gateway
-CVE-2012-2211
- RESERVED
+CVE-2012-2211 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2012-XXXX [libpng electric fence crash]
- libpng 1.2.49-1 (low; bug #668082)
NOTE: CVE id requested
@@ -9887,15 +10062,13 @@
- tiff3 3.9.6-6
CVE-2012-2087
RESERVED
-CVE-2012-2086 [gajim sql injection]
- RESERVED
+CVE-2012-2086 (SQL injection vulnerability in the get_last_conversation_lines ...)
{DSA-2453-2 DSA-2453-1}
- gajim 0.15-1 (low; bug #668038)
CVE-2012-2085 (The exec_command function in common/helpers.py in Gajim before 0.15 ...)
{DSA-2453-2 DSA-2453-1}
- gajim 0.15-1 (medium; bug #668038)
-CVE-2012-2084
- RESERVED
+CVE-2012-2084 (Cross-site scripting (XSS) vulnerability in the Printer, email and PDF ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2083 (Cross-site scripting (XSS) vulnerability in the ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
@@ -11978,8 +12151,7 @@
CVE-2012-1168
RESERVED
- moodle <not-affected> (Only affects 2.0 to 2.2)
-CVE-2012-1167
- RESERVED
+CVE-2012-1167 (The JBoss Server in JBoss Enterprise Application Platform 5.1.x before ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-1166 [ldm (LTSP display manager)]
RESERVED
@@ -12522,10 +12694,9 @@
RESERVED
CVE-2012-0961
RESERVED
-CVE-2012-0960
- RESERVED
-CVE-2012-0959
- RESERVED
+CVE-2012-0960 (Unity integration extension (unity-firefox-extension) before 2.4.1 for ...)
+ TODO: check
+CVE-2012-0959 (Remote Login Service (RLS) 1.0.0 does not properly clear account ...)
NOT-FOR-US: Ubuntu remote login service
CVE-2012-0958
RESERVED
@@ -12915,8 +13086,7 @@
NOT-FOR-US: Joomla!
CVE-2012-0819 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 ...)
NOT-FOR-US: Joomla!
-CVE-2012-0818
- RESERVED
+CVE-2012-0818 (RESTEasy before 2.3.1 allows remote attackers to read arbitrary files ...)
NOT-FOR-US: RESTEasy framework for JBoss
CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote ...)
- samba 2:3.6.3-1 (low)
@@ -13191,8 +13361,7 @@
RESERVED
CVE-2012-0699
RESERVED
-CVE-2012-0698
- RESERVED
+CVE-2012-0698 (tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a ...)
{DSA-2576-1}
- trousers 0.3.9-1 (bug #692649)
CVE-2011-5066 (The SibRaRecoverableSiXaResource class in the Default Messaging ...)
@@ -16208,8 +16377,7 @@
- rocksndiamonds 3.3.0.1+dfsg1-2.2 (bug #651620)
[squeeze] - rocksndiamonds <no-dsa> (Contrib not supported)
[lenny] - rocksndiamonds <no-dsa> (Contrib not supported)
-CVE-2011-4605
- RESERVED
+CVE-2011-4605 (The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2011-4604 [http://seclists.org/oss-sec/2011/q4/496]
RESERVED
@@ -17742,8 +17910,7 @@
CVE-2011-4086 (The journal_unmap_buffer function in fs/jbd2/transaction.c in the ...)
{DSA-2469-1}
- linux-2.6 <unfixed> (low)
-CVE-2011-4085
- RESERVED
+CVE-2011-4085 (The servlets invoked by httpha-invoker in JBoss Enterprise Application ...)
NOT-FOR-US: JBoss Enterprise SOA Platform
CVE-2011-4084
REJECTED
@@ -21343,8 +21510,7 @@
RESERVED
{DSA-2303-1}
- linux-2.6 3.0.0-2
-CVE-2011-2908
- RESERVED
+CVE-2011-2908 (Cross-site request forgery (CSRF) vulnerability in the JMX Console ...)
NOT-FOR-US: JBoss Enterprise Application Platform
CVE-2011-2907 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource ...)
- torque 2.4.15+dfsg-1
@@ -26569,8 +26735,7 @@
CVE-2011-1097 (rsync 3.x before 3.0.8, when certain recursion, deletion, and ...)
- rsync 3.0.8 (low; bug #621866)
[squeeze] - rsync <no-dsa> (Minor issue)
-CVE-2011-1096
- RESERVED
+CVE-2011-1096 (The W3C XML Encryption Standard, as used in the JBoss Web Services ...)
NOT-FOR-US: alleged flaw in W3C XML Encryption standard. Nothing specific to fix
CVE-2011-1095 (locale/programs/locale.c in locale in the GNU C Library (aka glibc or ...)
- glibc <removed>
@@ -39133,8 +39298,7 @@
NOT-FOR-US: PrettyBook PrettyFormMail
CVE-2010-1331 (SQL injection vulnerability in Heartlogic HL-SiteManager allows remote ...)
NOT-FOR-US: Heartlogic HL-SiteManager
-CVE-2010-1330
- RESERVED
+CVE-2010-1330 (The regular expression engine in JRuby before 1.4.1, when $KCODE is ...)
- jruby 1.5.0~rc1-1
CVE-2010-1329 (Imperva SecureSphere Web Application Firewall and Database Firewall ...)
NOT-FOR-US: Imperva SecureSphere Web Application Firewall and Database Firewall
More information about the Secure-testing-commits
mailing list