[Secure-testing-commits] r20398 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Oct 24 21:16:13 UTC 2012 

Author: joeyh
Date: 2012-10-24 21:16:13 +0000 (Wed, 24 Oct 2012)
New Revision: 20398

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-10-24 06:30:16 UTC (rev 20397)
+++ data/CVE/list	2012-10-24 21:16:13 UTC (rev 20398)
@@ -1,3 +1,5 @@
+CVE-2012-5456 (The Zoner AntiVirus Free application for Android does not verify that ...)
+	TODO: check
 CVE-2012-5455 (Cross-site scripting (XSS) vulnerability in the language search ...)
 	TODO: check
 CVE-2012-5454 (user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not ...)
@@ -141,10 +143,10 @@
 	- drupal6 <not-affected> (according to upstream)
 	TODO: check
 	NOTE: http://drupal.org/node/1815912
-CVE-2012-5388
-	RESERVED
-CVE-2012-5387
-	RESERVED
+CVE-2012-5388 (Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the ...)
+	TODO: check
+CVE-2012-5387 (Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in ...)
+	TODO: check
 CVE-2012-5386 (Directory traversal vulnerability in index.php in phpPaleo 4.8b180 ...)
 	NOT-FOR-US: phpPaleo
 CVE-2012-5385 (install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows ...)
@@ -330,8 +332,8 @@
 	NOT-FOR-US: YVS
 CVE-2012-5303 (Monkey HTTP Daemon 0.9.3 might allow local users to overwrite ...)
 	- monkey <removed> (unimportant)
-CVE-2012-5302
-	RESERVED
+CVE-2012-5302 (The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not ...)
+	TODO: check
 CVE-2011-5208 (Multiple directory traversal vulnerabilities in the BackWPup plugin ...)
 	NOT-FOR-US: BackWPup
 CVE-2010-5279 (article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers ...)
@@ -415,8 +417,8 @@
 	RESERVED
 CVE-2012-5274
 	RESERVED
-CVE-2012-5273
-	RESERVED
+CVE-2012-5273 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
+	TODO: check
 CVE-2012-5272 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2012-5271 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
@@ -3388,16 +3390,16 @@
 	NOT-FOR-US: Symantec Web Gateway
 CVE-2012-4177 (The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote ...)
 	NOT-FOR-US: Ubisoft Uplay PC 
-CVE-2012-4176
-	RESERVED
-CVE-2012-4175
-	RESERVED
-CVE-2012-4174
-	RESERVED
-CVE-2012-4173
-	RESERVED
-CVE-2012-4172
-	RESERVED
+CVE-2012-4176 (Array index error in Adobe Shockwave Player before 11.6.8.638 allows ...)
+	TODO: check
+CVE-2012-4175 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
+	TODO: check
+CVE-2012-4174 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
+	TODO: check
+CVE-2012-4173 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
+	TODO: check
+CVE-2012-4172 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
+	TODO: check
 CVE-2012-4171 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2012-4170 (Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows ...)
@@ -3408,7 +3410,8 @@
 	NOT-FOR-US: Adobe Flash
 CVE-2012-4167 (Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x ...)
 	NOT-FOR-US: Adobe Flash
-CVE-2012-4166 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
+CVE-2012-4166
+	REJECTED
 	NOT-FOR-US: Adobe Flash
 CVE-2012-4165 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
 	NOT-FOR-US: Adobe Flash
@@ -25560,7 +25563,8 @@
 CVE-2011-1058 (Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) ...)
 	{DSA-2321-1}
 	- moin 1.9.3-3
-CVE-2011-1057 (The installer for Metasploit Framework 3.5.1, when running on Windows, ...)
+CVE-2011-1057
+	REJECTED
 	NOT-FOR-US: Metasploit Framework
 CVE-2011-1056 (The installer for Metasploit Framework 3.5.1, when running on Windows, ...)
 	NOT-FOR-US: Metasploit Framework
@@ -113684,7 +113688,8 @@
 	NOT-FOR-US: EtoShop
 CVE-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...)
 	NOT-FOR-US: NetBSD
-CVE-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2005-1915.  Reason: ...)
+CVE-2005-2133
+	REJECTED
 	NOT-FOR-US: log4sh
 CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...)
 	NOT-FOR-US: SCO UnixWare

More information about the Secure-testing-commits mailing list