[Secure-testing-commits] r20332 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Oct 11 21:14:23 UTC 2012
Author: joeyh
Date: 2012-10-11 21:14:23 +0000 (Thu, 11 Oct 2012)
New Revision: 20332
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-10-11 17:25:12 UTC (rev 20331)
+++ data/CVE/list 2012-10-11 21:14:23 UTC (rev 20332)
@@ -1,18 +1,64 @@
-CVE-2012-5383 [Windows PATH issues]
+CVE-2012-5376 (The Inter-process Communication (IPC) implementation in Google Chrome ...)
+ TODO: check
+CVE-2012-5375
+ RESERVED
+CVE-2012-5374
+ RESERVED
+CVE-2012-5373
+ RESERVED
+CVE-2012-5372
+ RESERVED
+CVE-2012-5371
+ RESERVED
+CVE-2012-5370
+ RESERVED
+CVE-2012-5369
+ RESERVED
+CVE-2012-5368
+ RESERVED
+CVE-2012-5367
+ RESERVED
+CVE-2012-5366
+ RESERVED
+CVE-2012-5365
+ RESERVED
+CVE-2012-5364
+ RESERVED
+CVE-2012-5363
+ RESERVED
+CVE-2012-5362
+ RESERVED
+CVE-2012-5361
+ RESERVED
+CVE-2012-5360
+ RESERVED
+CVE-2012-5359
+ RESERVED
+CVE-2012-5358
+ RESERVED
+CVE-2012-5357
+ RESERVED
+CVE-2012-5356 (The apt-add-repository tool in Ubuntu Software Properties 0.75.x ...)
+ TODO: check
+CVE-2012-5355 (welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to ...)
+ TODO: check
+CVE-2012-5354 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...)
+ TODO: check
+CVE-2012-5383 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
- mysql-5.1 <not-affected> (Windows issue only)
- mysql-5.5 <not-affected> (Windows issue only)
-CVE-2012-5382 [Windows PATH issues]
+CVE-2012-5382 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
NOT-FOR-US: Zend Server
-CVE-2012-5381 [Windows PATH issues]
+CVE-2012-5381 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
- php5 <not-affected> (Windows issue only)
-CVE-2012-5380 [Windows PATH issues]
+CVE-2012-5380 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
- ruby1.8 <not-affected> (Windows issue only)
- ruby1.9.1 <not-affected> (Windows issue only)
-CVE-2012-5379 [Windows PATH issues]
+CVE-2012-5379 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
NOT-FOR-US: ActivePython
-CVE-2012-5378 [Windows PATH issues]
+CVE-2012-5378 (Untrusted search path vulnerability in the installation functionality ...)
NOT-FOR-US: ActiveTcl
-CVE-2012-5377 [Windows PATH issues]
+CVE-2012-5377 (Untrusted search path vulnerability in the installation functionality ...)
NOT-FOR-US: ActivePerl
CVE-2012-XXXX [ssmpt doesn't validate server TLS certificates]
- ssmtp <unfixed> (bug #662960)
@@ -428,8 +474,7 @@
RESERVED
CVE-2012-5167
RESERVED
-CVE-2012-5166
- RESERVED
+CVE-2012-5166 (ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before ...)
- bind9 <unfixed> (bug #690118)
CVE-2012-5165
RESERVED
@@ -535,8 +580,8 @@
RESERVED
CVE-2012-5113
RESERVED
-CVE-2012-5112
- RESERVED
+CVE-2012-5112 (Use-after-free vulnerability in the SVG implementation in WebKit, as ...)
+ TODO: check
CVE-2012-5111 (Google Chrome before 22.0.1229.92 does not monitor for crashes of ...)
- chromium-browser <unfixed>
CVE-2012-5110 (The compositor in Google Chrome before 22.0.1229.92 allows remote ...)
@@ -1049,8 +1094,8 @@
RESERVED
CVE-2012-4900
RESERVED
-CVE-2012-4899
- RESERVED
+CVE-2012-4899 (WellinTech KingView 6.5.3 and earlier uses a weak password-hashing ...)
+ TODO: check
CVE-2012-4898
RESERVED
CVE-2012-4897 (Untrusted search path vulnerability in the installer in VMware Movie ...)
@@ -2231,6 +2276,7 @@
CVE-2012-4520
RESERVED
CVE-2012-4519
+ RESERVED
NOT-FOR-US: Zenphoto
CVE-2012-4518
RESERVED
@@ -2343,23 +2389,20 @@
RESERVED
CVE-2012-4468
RESERVED
-CVE-2012-4467
- RESERVED
+CVE-2012-4467 (The (1) do_siocgstamp and (2) do_siocgstampns functions in ...)
- linux-2.6 <not-affected> (Vulnerable code introduced in 3.3)
- linux <not-affected> (Vulnerable code introduced in 3.3)
CVE-2012-4466
RESERVED
- ruby1.9.1 1.9.3.194-2 (low; bug #689075)
[squeeze] - ruby1.9.1 <no-dsa> (Minor issue)
-CVE-2012-4465
- RESERVED
+CVE-2012-4465 (Heap-based buffer overflow in the substr function in parsing.c in cgit ...)
- cgit <itp> (bug #515793)
CVE-2012-4464
RESERVED
- ruby1.9.1 1.9.3.194-2 (low; bug #689075)
[squeeze] - ruby1.9.1 <not-affected> (Introduced in 1.9.3)
-CVE-2012-4463 [Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files]
- RESERVED
+CVE-2012-4463 (Midnight Commander (mc) 4.8.5 does not properly handle the (1) ...)
- mc <unfixed> (bug #689571)
NOTE: https://www.midnight-commander.org/ticket/2913
CVE-2012-4462
@@ -2376,11 +2419,9 @@
- keystone 2012.1.1-9 (bug #689210)
CVE-2012-4456 (The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone ...)
- keystone 2012.1.1-9 (bug #689210)
-CVE-2012-4455
- RESERVED
+CVE-2012-4455 (openCryptoki 2.4.1 allows local users to create or set world-writable ...)
- opencryptoki <unfixed> (bug #689417)
-CVE-2012-4454
- RESERVED
+CVE-2012-4454 (openCryptoki before 2.4.1, when using spinlocks, allows local users to ...)
- opencryptoki <unfixed> (bug #689417)
CVE-2012-4453 (dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 ...)
- dracut <unfixed> (bug #688956)
@@ -2404,8 +2445,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=860198
CVE-2012-4446
RESERVED
-CVE-2012-4445
- RESERVED
+CVE-2012-4445 (Heap-based buffer overflow in the eap_server_tls_process_fragment ...)
{DSA-2557-1}
- hostapd <removed>
- wpa 1.0-3 (bug #689990)
@@ -2463,8 +2503,7 @@
- optipng <not-affected> (Introduced in 0.7, bug #687998)
CVE-2012-4431
RESERVED
-CVE-2012-4430 [bacula console ACL bypass]
- RESERVED
+CVE-2012-4430 (The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 ...)
{DSA-2558-1}
- bacula 5.2.6+dfsg-4 (bug #687923)
NOTE: http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905
@@ -3055,53 +3094,43 @@
RESERVED
CVE-2012-4189
RESERVED
-CVE-2012-4188
- RESERVED
+CVE-2012-4188 (Heap-based buffer overflow in the Convolve3x3 function in Mozilla ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-4187
- RESERVED
+CVE-2012-4187 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-4186
- RESERVED
+CVE-2012-4186 (Heap-based buffer overflow in the nsWaveReader::DecodeAudioData ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-4185
- RESERVED
+CVE-2012-4185 (Buffer overflow in the nsCharTraits::length function in Mozilla ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-4184
- RESERVED
+CVE-2012-4184 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-4183
- RESERVED
+CVE-2012-4183 (Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-4182
- RESERVED
+CVE-2012-4182 (Use-after-free vulnerability in the nsTextEditRules::WillInsert ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-4181
- RESERVED
+CVE-2012-4181 (Use-after-free vulnerability in the ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-4180
- RESERVED
+CVE-2012-4180 (Heap-based buffer overflow in the ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-4179
- RESERVED
+CVE-2012-4179 (Use-after-free vulnerability in the ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
@@ -3509,72 +3538,58 @@
NOT-FOR-US: Sticky Notes
CVE-2012-3996 (TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to ...)
- tikiwiki <removed>
-CVE-2012-3995
- RESERVED
+CVE-2012-3995 (The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-3994
- RESERVED
+CVE-2012-3994 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-3993
- RESERVED
+CVE-2012-3993 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-3992
- RESERVED
+CVE-2012-3992 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-3991
- RESERVED
+CVE-2012-3991 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-3990
- RESERVED
+CVE-2012-3990 (Use-after-free vulnerability in the IME State Manager implementation ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-3989
- RESERVED
+CVE-2012-3989 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...)
- iceweasel <not-affected> (Only affects Firefox >= 10)
- icedove <not-affected> (Only affects Firefox >= 10)
- iceape <not-affected> (Only affects Firefox >= 10)
-CVE-2012-3988
- RESERVED
+CVE-2012-3988 (Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-3987
- RESERVED
+CVE-2012-3987 (Mozilla Firefox before 16.0 on Android assigns chrome privileges to ...)
- iceweasel <not-affected> (Android-specific)
-CVE-2012-3986
- RESERVED
+CVE-2012-3986 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-3985
- RESERVED
+CVE-2012-3985 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...)
- iceweasel <not-affected> (Only affects Firefox >= 10)
- icedove <not-affected> (Only affects Firefox >= 10)
- iceape <not-affected> (Only affects Firefox >= 10)
-CVE-2012-3984
- RESERVED
+CVE-2012-3984 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
NOTE: Only fixed in Firefox 16, not ESR. Not sure whether this affects 10, although the title of the bugreport indicates so
-CVE-2012-3983
- RESERVED
+CVE-2012-3983 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox >= 10)
- icedove <not-affected> (Only affects Firefox >= 10)
- iceape <not-affected> (Only affects Firefox >= 10)
-CVE-2012-3982
- RESERVED
+CVE-2012-3982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel 10.0.8esr-1
- icedove <unfixed>
- iceape <unfixed>
@@ -4692,8 +4707,7 @@
CVE-2012-3505 (tinyproxy before 1.8.3-3 allows remote attackers to cause a denial of ...)
- tinyproxy 1.8.3-3 (bug #685281)
NOTE: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985
-CVE-2012-3504
- RESERVED
+CVE-2012-3504 (The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 ...)
NOT-FOR-US: genkey script from Red Hat, not present in Debian
CVE-2012-3503 (The installation script in Katello 1.0 and earlier does not properly ...)
NOT-FOR-US: Katello
@@ -5835,8 +5849,8 @@
RESERVED
CVE-2012-3041
RESERVED
-CVE-2012-3040
- RESERVED
+CVE-2012-3040 (Cross-site scripting (XSS) vulnerability in the web server on Siemens ...)
+ TODO: check
CVE-2012-3039
RESERVED
CVE-2012-3038
@@ -7759,8 +7773,8 @@
NOT-FOR-US: EMC NetWorker
CVE-2012-2287 (The authentication functionality in EMC RSA Authentication Agent 7.1 ...)
NOT-FOR-US: EMC RSA Authentication agent
-CVE-2012-2286
- RESERVED
+CVE-2012-2286 (Unspecified vulnerability in EMC RSA Adaptive Authentication ...)
+ TODO: check
CVE-2012-2285 (EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, ...)
NOT-FOR-US: EMC Cloud Tiering Appliance
CVE-2012-2284
@@ -23624,8 +23638,7 @@
RESERVED
CVE-2009-5068
RESERVED
-CVE-2009-5067
- RESERVED
+CVE-2009-5067 (Directory traversal vulnerability in html2ps before 1.0b6 allows ...)
- html2ps 1.0b7-1 (bug #548633)
CVE-2009-5066 (twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials ...)
- jbossas4 <not-affected> (twiddle.sh is included in the source package, but not in any of the binary packages)
More information about the Secure-testing-commits
mailing list