[Secure-testing-commits] r20277 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Oct 1 21:14:22 UTC 2012
Author: joeyh
Date: 2012-10-01 21:14:22 +0000 (Mon, 01 Oct 2012)
New Revision: 20277
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-10-01 18:07:58 UTC (rev 20276)
+++ data/CVE/list 2012-10-01 21:14:22 UTC (rev 20277)
@@ -1,3 +1,9 @@
+CVE-2012-5197 (Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and ...)
+ TODO: check
+CVE-2012-5196 (Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x ...)
+ TODO: check
+CVE-2012-5195
+ RESERVED
CVE-2012-5194
RESERVED
CVE-2012-5193
@@ -2000,15 +2006,13 @@
CVE-2012-4451 [php-ZendFramework: XSS vectors in multiple Zend Framework components ZF2012-03]
RESERVED
- zendframework <unfixed> (bug #688946)
-CVE-2012-4450 [389-ds-base ACL rules bypass]
- RESERVED
+CVE-2012-4450 (389 Directory Server 1.2.10 does not properly update the ACL when a DN ...)
- 389-ds-base <unfixed> (bug #688942)
NOTE: Upstream ticket https://fedorahosted.org/389/ticket/340
NOTE: Upstream patch http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09
CVE-2012-4449
RESERVED
-CVE-2012-4448
- RESERVED
+CVE-2012-4448 (Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php ...)
- wordpress <unfixed> (bug #689031)
CVE-2012-4447 [libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression]
RESERVED
@@ -2044,8 +2048,7 @@
RESERVED
- jenkins 1.447.2+dfsg-2 (bug #688298)
NOTE: http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb
-CVE-2012-4437 [Smarty / php-Smarty: XSS in Smarty exception messages]
- RESERVED
+CVE-2012-4437 (Cross-site scripting (XSS) vulnerability in the SmartyException class ...)
- smarty3 3.1.10-2 (bug #688153)
- smarty <not-affected> (Vulnerable code not present)
NOTE: http://www.openwall.com/lists/oss-security/2012/09/19/1
@@ -2069,8 +2072,7 @@
NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=d46ba1c027a11e45821ba897a4928819bccc8f22
CVE-2012-4433
RESERVED
-CVE-2012-4432 [OptiPNG Palette Reduction Use-After-Free Vulnerability]
- RESERVED
+CVE-2012-4432 (Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x ...)
- optipng <not-affected> (Introduced in 0.7, bug #687998)
CVE-2012-4431
RESERVED
@@ -2078,14 +2080,12 @@
RESERVED
- bacula 5.2.6+dfsg-4 (bug #687923)
NOTE: http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905
-CVE-2012-4429
- RESERVED
+CVE-2012-4429 (Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read ...)
- vino <unfixed> (bug #687596; low)
CVE-2012-4428
RESERVED
- openslp-dfsg <unfixed> (bug #687597; low)
-CVE-2012-4427
- RESERVED
+CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...)
NOTE: I don't see much of a problem here, if you install from a repo, you need to trust it
CVE-2012-4426
RESERVED
@@ -2127,8 +2127,7 @@
CVE-2012-4416
RESERVED
- sun-java6 <not-affected> (Only affects Java 7)
-CVE-2012-4415 [guacd buffer overflow]
- RESERVED
+CVE-2012-4415 (Stack-based buffer overflow in the guac_client_plugin_open function in ...)
- libguac 0.6.0-2 (medium)
NOTE: maintainer contacted us, working on update
NOTE: http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac
@@ -4257,8 +4256,7 @@
NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=53727
CVE-2012-3501 (The squidclamav_check_preview_handler function in squidclamav.c in ...)
- squidclamav <unfixed> (bug #685398)
-CVE-2012-3500 [annotate-output temp files handling]
- RESERVED
+CVE-2012-3500 (scripts/annotate-output.sh in devscripts before 2.12.2, as used in ...)
{DSA-2549-1}
- devscripts 2.12.2
CVE-2012-3499
@@ -4282,14 +4280,11 @@
RESERVED
{DSA-2544-1}
- xen 4.1.3-2 (bug #686764)
-CVE-2012-3493
- RESERVED
+CVE-2012-3493 (The command_give_request_ad function in condor_startd.V6/command.cpp ...)
- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
-CVE-2012-3492
- RESERVED
+CVE-2012-3492 (The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor ...)
- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
-CVE-2012-3491
- RESERVED
+CVE-2012-3491 (src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and ...)
- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
CVE-2012-3490
RESERVED
@@ -4379,8 +4374,7 @@
- libotr 3.2.1-1 (medium; bug #684121)
CVE-2012-3460
RESERVED
-CVE-2012-3459
- RESERVED
+CVE-2012-3459 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...)
NOT-FOR-US: Cumin
CVE-2012-3458 (Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES ...)
{DSA-2541-1}
@@ -6145,11 +6139,9 @@
RESERVED
- network-manager 0.9.4.0-1 (low; bug #655972)
[squeeze] - network-manager 0.8.1-6+squeeze2
-CVE-2012-2735
- RESERVED
+CVE-2012-2735 (Session fixation vulnerability in Cumin before 0.1.5444, as used in ...)
NOT-FOR-US: Cumin
-CVE-2012-2734
- RESERVED
+CVE-2012-2734 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin ...)
NOT-FOR-US: Cumin
CVE-2012-2733
RESERVED
@@ -6259,22 +6251,17 @@
[squeeze] - apache2 2.2.16-6+squeeze8
CVE-2012-2686
RESERVED
-CVE-2012-2685
- RESERVED
+CVE-2012-2685 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...)
NOT-FOR-US: Cumin
-CVE-2012-2684
- RESERVED
+CVE-2012-2684 (Multiple SQL injection vulnerabilities in the ...)
NOT-FOR-US: Cumin
-CVE-2012-2683
- RESERVED
+CVE-2012-2683 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before ...)
NOT-FOR-US: Cumin
CVE-2012-2682
RESERVED
-CVE-2012-2681
- RESERVED
+CVE-2012-2681 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...)
NOT-FOR-US: Cumin
-CVE-2012-2680
- RESERVED
+CVE-2012-2680 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...)
NOT-FOR-US: Cumin
CVE-2012-2679
RESERVED
@@ -7427,16 +7414,13 @@
RESERVED
CVE-2012-2243
RESERVED
-CVE-2012-2242 [dget arbitrary code execution]
- RESERVED
+CVE-2012-2242 (scripts/dget.pl in devscripts before 2.10.73 allows remote attackers ...)
{DSA-2549-1}
- devscripts 2.12.3
-CVE-2012-2241 [dget arbitrary file deletion]
- RESERVED
+CVE-2012-2241 (scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to ...)
{DSA-2549-1}
- devscripts 2.12.3
-CVE-2012-2240 [dscverify arbitrary code execution]
- RESERVED
+CVE-2012-2240 (scripts/dscverify.pl in devscripts before 2.12.3 allows remote ...)
{DSA-2549-1}
- devscripts 2.12.3
CVE-2012-2239
@@ -7623,8 +7607,7 @@
NOT-FOR-US: Drupal addon not packaged
CVE-2012-2154 (Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x ...)
NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2153 [drupal7 access bypass]
- RESERVED
+CVE-2012-2153 (Drupal 7.x before 7.14 does not properly restrict access to nodes in a ...)
- drupal7 7.14-1
CVE-2012-2152 (Stack-based buffer overflow in the get_packet method in socket.c in ...)
{DSA-2498-1}
@@ -7649,8 +7632,7 @@
- elixir <unfixed> (low; bug #670919)
[squeeze] - elixir <no-dsa> (Minor issue)
[wheezy] - elixir <no-dsa> (Minor issue)
-CVE-2012-2145 [qpid DoS]
- RESERVED
+CVE-2012-2145 (Apache Qpid 0.17 and earlier does not properly restrict incoming ...)
- qpid-cpp 0.16-1 (bug #672124)
CVE-2012-2144 (Session fixation vulnerability in OpenStack Dashboard (Horizon) ...)
- horizon 2012.1-4 (bug #671604)
@@ -8446,8 +8428,8 @@
NOT-FOR-US: All-in-One Event Calendar plugin for WordPress
CVE-2012-1834
RESERVED
-CVE-2012-1833
- RESERVED
+CVE-2012-1833 (VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does ...)
+ TODO: check
CVE-2012-1832 (WellinTech KingView 6.53 allows remote attackers to execute arbitrary ...)
NOT-FOR-US: WellinTech KingView not in Debian
CVE-2012-1831 (Heap-based buffer overflow in WellinTech KingView 6.53 allows remote ...)
@@ -8666,6 +8648,7 @@
- mysql-5.1 <not-affected> (Only affects 5.5)
- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1734 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, ...)
+ {DSA-2496-1}
- mysql-5.1 <removed> (bug #682212)
- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1733 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
@@ -8783,6 +8766,7 @@
- mysql-5.1 5.1.62-1 (bug #670636)
- mysql-5.5 5.5.23-1
CVE-2012-1689 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, ...)
+ {DSA-2496-1}
- mysql-5.1 <removed> (bug #682212)
- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1688 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
@@ -9008,16 +8992,13 @@
CVE-2012-1592
RESERVED
- libstruts1.2-java <not-affected> (Only applies to Struts 2, see bug #657870)
-CVE-2012-1591
- RESERVED
+CVE-2012-1591 (The image module in Drupal 7.x before 7.14 does not properly check ...)
- drupal7 7.14-1 (bug #671402)
-CVE-2012-1590
- RESERVED
+CVE-2012-1590 (The forum list in Drupal 7.x before 7.14 does not properly check user ...)
- drupal7 7.14-1 (bug #671402)
CVE-2012-1589 (Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 ...)
- drupal7 7.14-1 (bug #671402)
-CVE-2012-1588
- RESERVED
+CVE-2012-1588 (Algorithmic complexity vulnerability in the _filter_url function in ...)
- drupal7 7.14-1 (bug #671402)
CVE-2012-1587
REJECTED
@@ -10488,8 +10469,7 @@
RESERVED
CVE-2012-0957
RESERVED
-CVE-2012-0956
- RESERVED
+CVE-2012-0956 (ubiquity-slideshow-ubuntu before 58.2, during installation, allows ...)
NOT-FOR-US: ubiquity-slideshow-ubuntu
CVE-2012-0955
RESERVED
@@ -11495,6 +11475,7 @@
CVE-2012-0541 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0540 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier ...)
+ {DSA-2496-1}
- mysql-5.1 <removed> (bug #682212)
- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-0539 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows ...)
@@ -14315,8 +14296,7 @@
NOT-FOR-US: One Click Orgs
CVE-2011-4552 (Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs ...)
NOT-FOR-US: One Click Orgs
-CVE-2011-4551
- RESERVED
+CVE-2011-4551 (Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in ...)
- tikiwiki <removed>
CVE-2011-4550
RESERVED
More information about the Secure-testing-commits
mailing list