[Secure-testing-commits] r20294 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Oct 5 21:14:23 UTC 2012 

Author: joeyh
Date: 2012-10-05 21:14:23 +0000 (Fri, 05 Oct 2012)
New Revision: 20294

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-10-05 20:27:55 UTC (rev 20293)
+++ data/CVE/list	2012-10-05 21:14:23 UTC (rev 20294)
@@ -1,3 +1,41 @@
+CVE-2012-5301 (The default configuration of Cerberus FTP Server before 5.0.4.0 ...)
+	TODO: check
+CVE-2012-5300 (SQL injection vulnerability in art_catalogo.php in MyStore Xpress ...)
+	TODO: check
+CVE-2012-5299 (Mavili Guestbook, as released in November 2007, allows remote attackers to ...)
+	TODO: check
+CVE-2012-5298 (Mavili Guestbook, as released in November 2007, stores guestbook.mdb under ...)
+	TODO: check
+CVE-2012-5297 (SQL injection vulnerability in edit.asp in Mavili Guestbook, as ...)
+	TODO: check
+CVE-2012-5296 (Multiple cross-site scripting (XSS) vulnerabilities in Mavili ...)
+	TODO: check
+CVE-2012-5295 (Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk ...)
+	TODO: check
+CVE-2012-5294 (SQL injection vulnerability in art_detalle.php in MyStore Xpress ...)
+	TODO: check
+CVE-2012-5293 (Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 ...)
+	TODO: check
+CVE-2012-5292 (Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow ...)
+	TODO: check
+CVE-2012-5291 (SQL injection vulnerability in team.php in Posse Softball Director CMS ...)
+	TODO: check
+CVE-2012-5290 (Multiple SQL injection vulnerabilities in EasyWebRealEstate allow ...)
+	TODO: check
+CVE-2012-5289 (Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote ...)
+	TODO: check
+CVE-2012-5288 (SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows ...)
+	TODO: check
+CVE-2011-5207 (Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php ...)
+	TODO: check
+CVE-2011-5206 (Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech ...)
+	TODO: check
+CVE-2011-5205 (Cross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 ...)
+	TODO: check
+CVE-2011-5204 (Akiva WebBoard 8.x stores passwords in plaintext, which allows local ...)
+	TODO: check
+CVE-2011-5203 (SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before ...)
+	TODO: check
 CVE-2012-XXXX [gunicorn fails to drop supplemental groups]
 	- gunicorn 0.14.5-3 (low)
 	[squeeze] - gunicorn <no-dsa> (Minor issue)
@@ -95,14 +133,14 @@
 	RESERVED
 CVE-2012-5241
 	RESERVED
-CVE-2012-5240
-	RESERVED
+CVE-2012-5240 (Buffer overflow in the dissect_tlv function in ...)
+	TODO: check
 CVE-2012-5239
 	REJECTED
-CVE-2012-5238
-	RESERVED
-CVE-2012-5237
-	RESERVED
+CVE-2012-5238 (epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x ...)
+	TODO: check
+CVE-2012-5237 (The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP ...)
+	TODO: check
 CVE-2012-5236
 	RESERVED
 CVE-2012-5235
@@ -871,12 +909,12 @@
 	RESERVED
 CVE-2012-4897
 	RESERVED
-CVE-2012-4896
-	RESERVED
-CVE-2012-4895
-	RESERVED
-CVE-2012-4894
-	RESERVED
+CVE-2012-4896 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote ...)
+	TODO: check
+CVE-2012-4895 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote ...)
+	TODO: check
+CVE-2012-4894 (Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows ...)
+	TODO: check
 CVE-2012-4893 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	NOT-FOR-US: Webmin
 CVE-2012-4892 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS ...)
@@ -3233,8 +3271,8 @@
 	RESERVED
 CVE-2012-4019
 	RESERVED
-CVE-2012-4018
-	RESERVED
+CVE-2012-4018 (Cross-site scripting (XSS) vulnerability in Final Beta Laboratory ...)
+	TODO: check
 CVE-2012-4017 (The jigbrowser+ application before 1.5.0 for Android does not properly ...)
 	NOT-FOR-US: Android application
 CVE-2012-4016 (The ATOK application before 1.0.4 for Android allows remote attackers ...)
@@ -5657,8 +5695,8 @@
 	RESERVED
 CVE-2012-3000
 	RESERVED
-CVE-2012-2999
-	RESERVED
+CVE-2012-2999 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
+	TODO: check
 CVE-2012-2998 (SQL injection vulnerability in the ad hoc query module in Trend Micro ...)
 	NOT-FOR-US: Trend Micro Control Manager
 CVE-2012-2997
@@ -5892,6 +5930,7 @@
 CVE-2012-2894 (Google Chrome before 22.0.1229.79 does not properly handle ...)
 	- chromium-browser <unfixed>
 CVE-2012-2893 (Double free vulnerability in libxslt, as used in Google Chrome before ...)
+	{DSA-2555-1}
 	- chromium-browser <unfixed>
 	- libxslt 1.1.26-14 (bug #689422)
 CVE-2012-2892 (Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows ...)
@@ -5937,9 +5976,11 @@
 CVE-2012-2872 (Cross-site scripting (XSS) vulnerability in an SSL interstitial page ...)
 	- chromium-browser 21.0.1180.89~r154005-1
 CVE-2012-2871 (libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before ...)
+	{DSA-2555-1}
 	- chromium-browser 21.0.1180.89~r154005-1
 	- libxslt 1.1.26-14 (bug #689422)
 CVE-2012-2870 (libxslt 1.1.26 and earlier, as used in Google Chrome before ...)
+	{DSA-2555-1}
 	- chromium-browser 21.0.1180.89~r154005-1
 	- libxslt 1.1.26-14 (bug #689422)
 CVE-2012-2869 (Google Chrome before 21.0.1180.89 does not properly load URLs, which ...)
@@ -23375,6 +23416,7 @@
 CVE-2009-5068
 	RESERVED
 CVE-2009-5067
+	RESERVED
 	- html2ps 1.0b7-1 (bug #548633)
 CVE-2009-5066 (twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials ...)
 	- jbossas4 <not-affected> (twiddle.sh is included in the source package, but not in any of the binary packages)

More information about the Secure-testing-commits mailing list