[Secure-testing-commits] r20396 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Oct 23 21:14:24 UTC 2012
Author: joeyh
Date: 2012-10-23 21:14:24 +0000 (Tue, 23 Oct 2012)
New Revision: 20396
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-10-23 19:22:54 UTC (rev 20395)
+++ data/CVE/list 2012-10-23 21:14:24 UTC (rev 20396)
@@ -1,3 +1,15 @@
+CVE-2012-5455 (Cross-site scripting (XSS) vulnerability in the language search ...)
+ TODO: check
+CVE-2012-5454 (user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not ...)
+ TODO: check
+CVE-2012-5453 (SQL injection vulnerability in user/index_inline_editor_submit.php in ...)
+ TODO: check
+CVE-2012-5452 (Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS ...)
+ TODO: check
+CVE-2011-5212 (SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 ...)
+ TODO: check
+CVE-2011-5211 (Cross-site scripting (XSS) vulnerability in the poll module in Subrion ...)
+ TODO: check
CVE-2012-5451
RESERVED
CVE-2012-5450
@@ -619,12 +631,12 @@
RESERVED
CVE-2012-5170
RESERVED
-CVE-2012-5169
- RESERVED
-CVE-2012-5168
- RESERVED
-CVE-2012-5167
- RESERVED
+CVE-2012-5169 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2012-5168 (ATutor AContent before 1.2-1 allows remote attackers to modify ...)
+ TODO: check
+CVE-2012-5167 (Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 ...)
+ TODO: check
CVE-2012-5166 (ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before ...)
{DSA-2560-1}
- bind9 <unfixed> (bug #690118)
@@ -1017,10 +1029,10 @@
NOT-FOR-US: FlashFXP
CVE-2012-4991
RESERVED
-CVE-2012-4990
- RESERVED
-CVE-2012-4989
- RESERVED
+CVE-2012-4990 (SQL injection vulnerability in admin/campaign-zone-link.php in OpenX ...)
+ TODO: check
+CVE-2012-4989 (Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in ...)
+ TODO: check
CVE-2012-4988
RESERVED
CVE-2012-4987
@@ -1521,12 +1533,12 @@
RESERVED
CVE-2012-4774
RESERVED
-CVE-2012-4773
- RESERVED
-CVE-2012-4772
- RESERVED
-CVE-2012-4771
- RESERVED
+CVE-2012-4773 (Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion ...)
+ TODO: check
+CVE-2012-4772 (SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 ...)
+ TODO: check
+CVE-2012-4771 (Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS ...)
+ TODO: check
CVE-2012-4770
RESERVED
CVE-2012-4769
@@ -1747,8 +1759,7 @@
- owncloud 4.0.7debian-1
[wheezy] - owncloud 4.0.4debian2-2
NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
-CVE-2012-4751
- RESERVED
+CVE-2012-4751 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
- otrs2 3.1.7+dfsg1-6
CVE-2012-4750
RESERVED
@@ -2419,6 +2430,7 @@
RESERVED
CVE-2012-4533 [viewvc xxs via commit message]
RESERVED
+ {DSA-2563-1}
- viewvc 1.1.5-1.4 (low; bug #691062)
CVE-2012-4532
RESERVED
@@ -2466,14 +2478,11 @@
CVE-2012-4519
RESERVED
NOT-FOR-US: Zenphoto
-CVE-2012-4518
- RESERVED
+CVE-2012-4518 (ibacm 1.0.7 creates files with world-writable permissions, which ...)
NOT-FOR-US: ibacm
-CVE-2012-4517
- RESERVED
+CVE-2012-4517 (ibacm before 1.0.6 does not properly manage reference counts for ...)
NOT-FOR-US: ibacm
-CVE-2012-4516
- RESERVED
+CVE-2012-4516 (librdmacm 1.0.16, when ibacm.port is not specified, connects to port ...)
- librdmacm 1.0.16-1 (bug #690672)
[squeeze] - librdmacm <not-affected> (Introduced in 1.0.12)
CVE-2012-4515
@@ -2496,25 +2505,23 @@
- kdebase <removed> (unimportant)
- kde-baseapps <unfixed> (unimportant)
NOTE: Konqueror not supported security-wise
-CVE-2012-4511 [libsocialweb untrusted connection to flickr]
- RESERVED
+CVE-2012-4511 (services/flickr/flickr.c in libsocialweb before 0.25.22 automatically ...)
- libsocialweb <unfixed> (low; bug #690675)
[wheezy] - libsocialweb <no-dsa> (Minor issue)
CVE-2012-4510 [cups-pk-helper cupsGetFile/cupsPutFile]
RESERVED
+ {DSA-2562-1}
- cups-pk-helper 0.2.3-1
CVE-2012-4509
RESERVED
CVE-2012-4508
RESERVED
-CVE-2012-4507 [claws-mail null ptr crash]
- RESERVED
+CVE-2012-4507 (The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 ...)
- claws-mail 3.8.1-2 (bug #690151)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862578
NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743
NOTE: www.thewildbeast.co.uk/claws-mail/bugzilla/attachment.cgi?id=1165
-CVE-2012-4506 [gitolite path traversal]
- RESERVED
+CVE-2012-4506 (Directory traversal vulnerability in gitolite 3.x before 3.1, when ...)
- gitolite <not-affected> (Only affects 3.x releases)
NOTE: https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion
NOTE: https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2
@@ -2692,14 +2699,12 @@
NOTE: http://secunia.com/advisories/50589/
NOTE: http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt
NOTE: http://code.google.com/p/smarty-php/source/detail?r=4658
-CVE-2012-4436 [local buffer overflow in --last processing with a maliciously constructed ~/.fwknop.run file]
- RESERVED
+CVE-2012-4436 (Buffer overflow in the run_last_args function in client/fwknop.c in ...)
- fwknop 2.0.3-1 (bug #688151)
[squeeze] - fwknop <not-affected> (Vulnerable code not present)
NOTE: http://seclists.org/oss-sec/2012/q3/509
NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=a60f05ad44e824f6230b22f8976399340cb535dc
-CVE-2012-4435 [fwknop 2.0.3: server did not properly validate allow IP addresses ... ]
- RESERVED
+CVE-2012-4435 (fwknop before 2.0.3 does not properly validate IP addresses, which ...)
- fwknop 2.0.3-1 (bug #688151)
[squeeze] - fwknop <not-affected> (Vulnerable code not present)
NOTE: http://seclists.org/oss-sec/2012/q3/509
@@ -2801,8 +2806,7 @@
CVE-2012-4407 (lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and ...)
- moodle 2.2.3.dfsg-2.3 (low; bug #687924)
[squeeze] - moodle <not-affected> (Only affects >= 2.1)
-CVE-2012-4406
- RESERVED
+CVE-2012-4406 (OpenStack Object Storage (swift) before 1.7.0 uses the loads function ...)
- swift 1.4.8-2 (bug #686812)
CVE-2012-4405 (Multiple integer underflows in the icmLut_allocate function in ...)
- argyll 1.4.0-7 (bug #687275)
@@ -3218,10 +3222,10 @@
RESERVED
CVE-2012-4233
RESERVED
-CVE-2012-4232
- RESERVED
-CVE-2012-4231
- RESERVED
+CVE-2012-4232 (SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 ...)
+ TODO: check
+CVE-2012-4231 (Cross-site scripting (XSS) vulnerability in admin/index.php in jCore ...)
+ TODO: check
CVE-2012-4230
RESERVED
CVE-2012-4229
@@ -3324,6 +3328,7 @@
CVE-2012-4189
RESERVED
CVE-2012-4188 (Heap-based buffer overflow in the Convolve3x3 function in Mozilla ...)
+ {DSA-2565-1}
- iceweasel 10.0.8esr-1
- icedove 10.0.9-1
- iceape 2.7.9-1
@@ -3335,6 +3340,7 @@
[squeeze] - icedove <not-affected> (Vulnerable code not present)
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4186 (Heap-based buffer overflow in the nsWaveReader::DecodeAudioData ...)
+ {DSA-2565-1}
- iceweasel 10.0.8esr-1
- icedove 10.0.9-1
- iceape 2.7.9-1
@@ -3357,6 +3363,7 @@
- icedove 10.0.9-1
- iceape <unfixed>
CVE-2012-4182 (Use-after-free vulnerability in the nsTextEditRules::WillInsert ...)
+ {DSA-2565-1}
- iceweasel 10.0.8esr-1
- icedove 10.0.9-1
- iceape 2.7.9-1
@@ -3368,10 +3375,12 @@
[squeeze] - icedove <not-affected> (Vulnerable code not present)
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4180 (Heap-based buffer overflow in the ...)
+ {DSA-2565-1}
- iceweasel 10.0.8esr-1
- icedove 10.0.9-1
- iceape 2.7.9-1
CVE-2012-4179 (Use-after-free vulnerability in the ...)
+ {DSA-2565-1}
- iceweasel 10.0.8esr-1
- icedove 10.0.9-1
- iceape 2.7.9-1
@@ -3805,10 +3814,12 @@
[squeeze] - icedove <not-affected> (Vulnerable code not present)
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3991 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
+ {DSA-2565-1}
- iceweasel 10.0.8esr-1
- icedove 10.0.9-1
- iceape 2.7.9-1
CVE-2012-3990 (Use-after-free vulnerability in the IME State Manager implementation ...)
+ {DSA-2565-1}
- iceweasel 10.0.8esr-1
- icedove 10.0.9-1
- iceape 2.7.9-1
@@ -3826,6 +3837,7 @@
CVE-2012-3987 (Mozilla Firefox before 16.0 on Android assigns chrome privileges to ...)
- iceweasel <not-affected> (Android-specific)
CVE-2012-3986 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
+ {DSA-2565-1}
- iceweasel 10.0.8esr-1
- icedove 10.0.9-1
- iceape 2.7.9-1
@@ -3843,6 +3855,7 @@
- icedove <not-affected> (Only affects Firefox >= 10)
- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
+ {DSA-2565-1}
- iceweasel 10.0.8esr-1
- icedove 10.0.9-1
- iceape 2.7.9-1
@@ -4962,6 +4975,7 @@
CVE-2012-3506
RESERVED
CVE-2012-3505 (tinyproxy before 1.8.3-3 allows remote attackers to cause a denial of ...)
+ {DSA-2564-1}
- tinyproxy 1.8.3-3 (bug #685281)
NOTE: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985
CVE-2012-3504 (The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 ...)
@@ -5067,8 +5081,7 @@
CVE-2012-3467 (Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism ...)
- qpid-cpp 0.16-7 (bug #684456)
[wheezy] - qpid-cpp 0.16-6+deb7u1
-CVE-2012-3466 [gpg passphrases cached forever]
- RESERVED
+CVE-2012-3466 (GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set ...)
- gnome-keyring 3.4.1-5 (bug #683655)
[squeeze] - gnome-keyring <not-affected> (Only affects gnome-keyring 3.4.x)
CVE-2012-3465 (Cross-site scripting (XSS) vulnerability in ...)
@@ -5449,6 +5462,7 @@
NOTE: Upstream patch: http://code.google.com/p/openjpeg/source/detail?r=1727
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835767
CVE-2012-3357 (The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before ...)
+ {DSA-2563-1}
- viewvc 1.1.5-1.3 (bug #679069)
NOTE: http://viewvc.tigris.org/issues/show_bug.cgi?id=353
NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755
@@ -5457,6 +5471,7 @@
NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759
NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760
CVE-2012-3356 (The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC ...)
+ {DSA-2563-1}
- viewvc 1.1.5-1.3 (bug #679069)
NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758
CVE-2012-3355 ((1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) ...)
@@ -6200,8 +6215,8 @@
NOT-FOR-US: WinCC
CVE-2012-3002
RESERVED
-CVE-2012-3001
- RESERVED
+CVE-2012-3001 (Mutiny Standard before 4.5-1.12 allows remote attackers to execute ...)
+ TODO: check
CVE-2012-3000
RESERVED
CVE-2012-2999 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
@@ -6999,8 +7014,7 @@
NOT-FOR-US: Cumin
CVE-2012-2680 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...)
NOT-FOR-US: Cumin
-CVE-2012-2679
- RESERVED
+CVE-2012-2679 (Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg ...)
NOT-FOR-US: Red Hat Network configuration client
CVE-2012-2678 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server ...)
- 389-ds-base <not-affected> (Fixed before initial upload)
@@ -9045,8 +9059,8 @@
- phpmyadmin 4:3.4.10.2-1 (unimportant)
CVE-2012-1901 (Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS ...)
NOT-FOR-US: FlexCMS
-CVE-2012-1900
- RESERVED
+CVE-2012-1900 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in ...)
+ TODO: check
CVE-2012-1899 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Webfolio CMS
CVE-2012-1898 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -10707,8 +10721,7 @@
RESERVED
- moodle 1.9.9.dfsg2-6 (low; bug #668411)
[squeeze] - moodle <no-dsa> (Minor issue)
-CVE-2012-1154
- RESERVED
+CVE-2012-1154 (mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used ...)
NOT-FOR-US: mod_cluster
CVE-2012-1153 (Unrestricted file upload vulnerability in ...)
NOT-FOR-US: AppRain CMS, not in Debian
@@ -16280,8 +16293,7 @@
- proftpd-dfsg 1.3.4~rc3-2 (high; bug #648373)
[lenny] - proftpd-dfsg <not-affected> (vulnerable functionality not present)
NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3711
-CVE-2011-4129
- RESERVED
+CVE-2011-4129 ((1) services/twitter/twitter-contact-view.c and (2) ...)
- libsocialweb 0.25.20-1
CVE-2011-4128 (Buffer overflow in the gnutls_session_get_data function in ...)
- gnutls26 2.12.14-1 (low; bug #648441)
@@ -19281,8 +19293,7 @@
CVE-2010-4822 (core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-4821
- RESERVED
+CVE-2010-4821 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 ...)
NOT-FOR-US: phpMyFAQ
CVE-2010-4820 [ghostscript split from CVE-2010-2055]
RESERVED
@@ -29047,6 +29058,7 @@
RESERVED
NOT-FOR-US: PyForum
CVE-2009-5024 (ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb ...)
+ {DSA-2563-1}
- viewvc 1.1.5-1.3 (bug #671482)
CVE-2009-5023 [fail2ban: Insecure creating/writing to tmpfile]
RESERVED
More information about the Secure-testing-commits
mailing list