[Secure-testing-commits] r20198 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Sep 19 21:14:48 UTC 2012
Author: joeyh
Date: 2012-09-19 21:14:47 +0000 (Wed, 19 Sep 2012)
New Revision: 20198
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-19 21:01:27 UTC (rev 20197)
+++ data/CVE/list 2012-09-19 21:14:47 UTC (rev 20198)
@@ -1,5 +1,5 @@
CVE-2012-XXXX [fwknop 2.0.3: Multiple security issues]
- - fwknop <unfixed> (bug #688151)
+ - fwknop <unfixed> (bug #688151)
CVE-2012-XXXX [php-Smarty: XSS in Smarty exception messages]
- smarty3 <unfixed> (bug #688153)
- smarty <not-affected> (Vulnerable code not present)
@@ -1556,8 +1556,7 @@
RESERVED
- mcrypt 2.6.8-1.1
[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)
-CVE-2012-4425 [libdbus]
- RESERVED
+CVE-2012-4425 (libgio, when used in setuid or other privileged programs in spice-gtk ...)
TODO: check
NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18
CVE-2012-4424
@@ -1600,8 +1599,7 @@
RESERVED
- mysql-5.1 <unfixed> (bug #687484)
- mysql-5.5 <unfixed> (bug #687485)
-CVE-2012-4413 [openstack revoking a role does not affect existing tokens]
- RESERVED
+CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens when ...)
- keystone 2012.1.1-6 (bug #687428)
NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/7
CVE-2012-4412 [strcoll int->buffer overflow]
@@ -1617,19 +1615,16 @@
- mcrypt 2.6.8-1.1
[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)
NOTE: http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html
-CVE-2012-4408
- RESERVED
+CVE-2012-4408 (course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and ...)
- moodle <unfixed> (low; bug #687924)
[squeeze] - moodle <not-affected> (Only affects >= 2.1)
-CVE-2012-4407
- RESERVED
+CVE-2012-4407 (lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and ...)
- moodle <unfixed> (low; bug #687924)
[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-4406
RESERVED
- swift 1.4.8-2 (bug #686812)
-CVE-2012-4405 [heap-based buffer overflow in icclib]
- RESERVED
+CVE-2012-4405 (Multiple integer underflows in the icmLut_allocate function in ...)
- argyll 1.4.0-7 (bug #687275)
- ghostscript <unfixed> (bug #687274)
NOTE: isolated security fix
@@ -1637,19 +1632,15 @@
{DSA-2538-1}
- moin 1.9.4-8
NOTE: http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
-CVE-2012-4403
- RESERVED
+CVE-2012-4403 (theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly ...)
- moodle <not-affected> (Only affects >= 2.3)
-CVE-2012-4402
- RESERVED
+CVE-2012-4402 (webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, ...)
- moodle <unfixed> (bug #687924)
[squeeze] - moodle <not-affected> (Only affects >= 2.1)
-CVE-2012-4401
- RESERVED
+CVE-2012-4401 (Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote ...)
- moodle <unfixed> (low; bug #687924)
[squeeze] - moodle <not-affected> (Only affects >= 2.2)
-CVE-2012-4400
- RESERVED
+CVE-2012-4400 (repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x ...)
- moodle <unfixed> (low; bug #687924)
[squeeze] - moodle <not-affected> (Only affects >= 2.2)
CVE-2012-4399 [cakephp XXE injection]
@@ -3561,8 +3552,7 @@
- wireshark <unfixed> (unimportant; bug #686225)
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: Doesn't allow code injection
-CVE-2012-3547 [EAP-TLS buffer overflow]
- RESERVED
+CVE-2012-3547 (Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS ...)
{DSA-2546-1}
- freeradius 2.1.12+dfsg-1.1 (medium; bug #687175)
CVE-2012-3546
@@ -3617,8 +3607,7 @@
- libapache2-mod-rpaf 0.6-1 (bug #683984)
CVE-2012-3525 (s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a ...)
- jabberd2 <unfixed> (bug #685666)
-CVE-2012-3524 [libdbus getenv]
- RESERVED
+CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privileged ...)
TODO: Needs more checking, probably this should be fixed in the affected apps like spice?
NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=697105
@@ -4404,8 +4393,8 @@
RESERVED
CVE-2012-3259
RESERVED
-CVE-2012-3258
- RESERVED
+CVE-2012-3258 (Unspecified vulnerability in HP Operations Orchestration 9.0 before ...)
+ TODO: check
CVE-2012-3257 (HP Business Availability Center (BAC) 8.07 allows remote authenticated ...)
NOT-FOR-US: HP Business Availability Center
CVE-2012-3256 (Cross-site request forgery (CSRF) vulnerability in HP Business ...)
@@ -4858,20 +4847,20 @@
RESERVED
CVE-2012-3035
RESERVED
-CVE-2012-3034
- RESERVED
+CVE-2012-3034 (WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC ...)
+ TODO: check
CVE-2012-3033
RESERVED
-CVE-2012-3032
- RESERVED
-CVE-2012-3031
- RESERVED
-CVE-2012-3030
- RESERVED
+CVE-2012-3032 (SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 ...)
+ TODO: check
+CVE-2012-3031 (Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in ...)
+ TODO: check
+CVE-2012-3030 (WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC ...)
+ TODO: check
CVE-2012-3029
RESERVED
-CVE-2012-3028
- RESERVED
+CVE-2012-3028 (Cross-site request forgery (CSRF) vulnerability in WebNavigator in ...)
+ TODO: check
CVE-2012-3027
RESERVED
CVE-2012-3026
@@ -5904,8 +5893,8 @@
RESERVED
CVE-2012-2587 (Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic ...)
NOT-FOR-US: AfterLogic MailSuite Pro
-CVE-2012-2586
- RESERVED
+CVE-2012-2586 (Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq ...)
+ TODO: check
CVE-2012-2585 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2012-2584 (Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon ...)
@@ -5921,8 +5910,8 @@
RESERVED
CVE-2012-2579
RESERVED
-CVE-2012-2578
- RESERVED
+CVE-2012-2578 (Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 ...)
+ TODO: check
CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds ...)
NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2012-2576
@@ -7691,8 +7680,7 @@
RESERVED
CVE-2012-1902 (show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a ...)
- phpmyadmin 4:3.4.10.2-1 (unimportant)
-CVE-2012-1901
- RESERVED
+CVE-2012-1901 (Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS ...)
NOT-FOR-US: FlexCMS
CVE-2012-1900
RESERVED
@@ -8231,26 +8219,19 @@
NOT-FOR-US: CA ARCserve Backup
CVE-2012-1661 (ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly ...)
NOT-FOR-US: ESRI ArcMap, ArcGIS
-CVE-2012-1660
- RESERVED
+CVE-2012-1660 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1659
- RESERVED
+CVE-2012-1659 (Cross-site scripting (XSS) vulnerability in the Node Recommendation ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1658
- RESERVED
+CVE-2012-1658 (Cross-site scripting (XSS) vulnerability in the Read More Link module ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1657
- RESERVED
+CVE-2012-1657 (Cross-site scripting (XSS) vulnerability in block_class.module in the ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1656
- RESERVED
+CVE-2012-1656 (SQL injection vulnerability in the Multisite Search module 6.x-2.2 for ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1655
- RESERVED
+CVE-2012-1655 (Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1654
- RESERVED
+CVE-2012-1654 (Multiple cross-site scripting (XSS) vulnerabilities in the Data module ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1653
RESERVED
@@ -9283,13 +9264,11 @@
CVE-2012-1185 (Multiple integer overflows in (1) magick/profile.c or (2) ...)
{DSA-2462-1}
- imagemagick 8:6.6.9.7-7 (bug #665007)
-CVE-2012-1184 [Asterisk: Stack Buffer Overflow in HTTP Manager]
- RESERVED
+CVE-2012-1184 (Stack-based buffer overflow in the ast_parse_digest function in ...)
- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
[squeeze] - asterisk <not-affected> (HTTP digest authentication code not present)
NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
-CVE-2012-1183 [Asterisk: Remote Crash Vulnerability in Milliwatt Application]
- RESERVED
+CVE-2012-1183 (Stack-based buffer overflow in the milliwatt_generate function in the ...)
{DSA-2460-1}
- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
@@ -11769,10 +11748,10 @@
RESERVED
CVE-2012-0273
RESERVED
-CVE-2012-0272
- RESERVED
-CVE-2012-0271
- RESERVED
+CVE-2012-0272 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...)
+ TODO: check
+CVE-2012-0271 (Integer overflow in the WebConsole component in gwia.exe in GroupWise ...)
+ TODO: check
CVE-2012-0270 [csound buffer overflows]
RESERVED
- csound 1:5.16.6~dfsg-1 (low; bug #661197)
@@ -12026,8 +12005,7 @@
RESERVED
CVE-2011-4942 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Geeklog
-CVE-2011-4941
- RESERVED
+CVE-2011-4941 (Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote ...)
- piwik <itp> (bug #506933)
CVE-2011-4940 (The list_directory function in Lib/SimpleHTTPServer.py in ...)
- python2.7 2.7.2-8 (unimportant)
@@ -16081,8 +16059,8 @@
NOT-FOR-US: Support Incident Tracker
CVE-2011-3828 (DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote ...)
NOT-FOR-US: DVR Remote
-CVE-2011-3827
- RESERVED
+CVE-2011-3827 (The iCalendar component in gwwww1.dll in GroupWise Internet Agent ...)
+ TODO: check
CVE-2010-4852 (Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b ...)
NOT-FOR-US: Eclime
CVE-2010-4851 (Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote ...)
More information about the Secure-testing-commits
mailing list