[Secure-testing-commits] r20337 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Oct 12 21:14:18 UTC 2012 

Author: joeyh
Date: 2012-10-12 21:14:18 +0000 (Fri, 12 Oct 2012)
New Revision: 20337

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-10-12 06:43:40 UTC (rev 20336)
+++ data/CVE/list	2012-10-12 21:14:18 UTC (rev 20337)
@@ -1,3 +1,9 @@
+CVE-2012-5386 (Directory traversal vulnerability in index.php in phpPaleo 4.8b180 ...)
+	TODO: check
+CVE-2012-5385 (install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows ...)
+	TODO: check
+CVE-2012-5384 (Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen ...)
+	TODO: check
 CVE-2012-5376 (The Inter-process Communication (IPC) implementation in Google Chrome ...)
 	TODO: check
 CVE-2012-5375
@@ -3084,21 +3090,17 @@
 	RESERVED
 CVE-2012-4194
 	RESERVED
-CVE-2012-4193
-	RESERVED
+CVE-2012-4193 (Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
-CVE-2012-4192
-	RESERVED
+CVE-2012-4192 (Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
-CVE-2012-4191
-	RESERVED
+CVE-2012-4191 (The mozilla::net::FailDelayManager::Lookup function in the WebSockets ...)
 	- iceweasel <not-affected> (Doesn't affect ESR series)
-CVE-2012-4190
-	RESERVED
+CVE-2012-4190 (The FT2FontEntry::CreateFontEntry function in FreeType, as used in the ...)
 	- iceweasel <not-affected> (Only affects Firefox Mobile)
 CVE-2012-4189
 	RESERVED
@@ -17146,7 +17148,7 @@
 	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
 CVE-2011-3815 (WeBid 1.0.0 allows remote attackers to obtain sensitive information ...)
 	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
-CVE-2011-3814 (WebCalendar 1.2.3 allows remote attackers to obtain sensitive ...)
+CVE-2011-3814 (WebCalendar 1.2.3, and other versions before 1.2.5, allows remote ...)
 	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
 CVE-2011-3813 (Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain ...)
 	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)

More information about the Secure-testing-commits mailing list