[Secure-testing-commits] r20199 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Sep 20 15:31:45 UTC 2012
Author: jmm
Date: 2012-09-20 15:31:44 +0000 (Thu, 20 Sep 2012)
New Revision: 20199
Modified:
data/CVE/list
Log:
new condor issues
openttd fixed
mediawiki fixed
silverstripe ITP
owncloud issue already CVEfied
another owncloud issue was fixed in tpu upload
xchat non-issue
filed bug for owncloud
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-19 21:14:47 UTC (rev 20198)
+++ data/CVE/list 2012-09-20 15:31:44 UTC (rev 20199)
@@ -4,9 +4,9 @@
- smarty3 <unfixed> (bug #688153)
- smarty <not-affected> (Vulnerable code not present)
CVE-2012-4969 (Use-after-free vulnerability in the CMshtmlEd::Exec function in ...)
- TODO: check
+ NOT-FOR-US: Internet Explorer
CVE-2012-4968 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...)
- TODO: check
+ - silverstripe <itp> (bug #528461)
CVE-2012-4967
RESERVED
CVE-2012-4966
@@ -658,10 +658,11 @@
RESERVED
NOTE: to be rejected
CVE-2012-4753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
- - owncloud 4.0.5debian-1
+ - owncloud 4.0.5debian-1 (bug #688123)
NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
CVE-2012-4752 (appconfig.php in ownCloud before 4.0.6 does not properly restrict ...)
- owncloud 4.0.7debian-1
+ [wheezy] - owncloud 4.0.4debian2-2
NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
CVE-2012-4751
RESERVED
@@ -846,7 +847,7 @@
CVE-2011-5130 (dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when ...)
NOT-FOR-US: Family Connections CMS
CVE-2011-5129 (Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote ...)
- - xchat <unfixed> (bug #686454)
+ - xchat <unfixed> (unimportant; bug #686454)
CVE-2011-5128 (Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize ...)
NOT-FOR-US: Adminimize plugin for Wordpress
CVE-2012-4737 (channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and ...)
@@ -1696,32 +1697,32 @@
NOT-FOR-US: Contao
CVE-2012-4382 [Info leak in user blocks]
RESERVED
- - mediawiki <unfixed> (bug #686330)
+ - mediawiki 1:1.19.2-1 (bug #686330)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823
NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4381 [Passwords were stored in local DB even if auth systems like LDAP were used]
RESERVED
- - mediawiki <unfixed> (bug #686330)
+ - mediawiki 1:1.19.2-1 (bug #686330)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184
NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4380 [Insufficient API for account creation block]
RESERVED
- - mediawiki <unfixed> (bug #686330)
+ - mediawiki 1:1.19.2-1 (bug #686330)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39824
NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4379 [CSRF]
RESERVED
- - mediawiki <unfixed> (bug #686330)
+ - mediawiki 1:1.19.2-1 (bug #686330)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39180
NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4378 [DOM-based XSS]
RESERVED
- - mediawiki <unfixed> (bug #686330)
+ - mediawiki 1:1.19.2-1 (bug #686330)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=37587
NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4377 [[mediawiki stored XSS]
RESERVED
- - mediawiki <unfixed> (bug #686330)
+ - mediawiki 1:1.19.2-1 (bug #686330)
[squeeze] - mediawiki <not-affected> (Introduced in 1.16)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39700
NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
@@ -2055,8 +2056,6 @@
RESERVED
CVE-2012-4226
RESERVED
-CVE-2012-XXXX [owncloud privilege escalation]
- - owncloud 4.0.5debian2-2
CVE-2012-4225 [Security issue in NVIDIA UNIX device files to map and program registers to redirect the VGA window]
RESERVED
- nvidia-graphics-drivers 304.37-1 (bug #684781)
@@ -3491,7 +3490,7 @@
CVE-2012-3573
RESERVED
CVE-2012-3572 (Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and ...)
- TODO: check
+ NOT-FOR-US: Open Source Competency Center (OSCC) MyMeeting
CVE-2011-5094 (** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with ...)
NOTE: Disputed NSS issue
CVE-2012-3571 (ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows ...)
@@ -3726,12 +3725,16 @@
- xen 4.1.3-2 (bug #686764)
CVE-2012-3493
RESERVED
+ - condor <unfixed> (bug #688210)
CVE-2012-3492
RESERVED
+ - condor <unfixed> (bug #688210)
CVE-2012-3491
RESERVED
+ - condor <unfixed> (bug #688210)
CVE-2012-3490
RESERVED
+ - condor <unfixed> (bug #688210)
CVE-2012-3489
RESERVED
{DSA-2534-1}
@@ -3819,6 +3822,7 @@
RESERVED
CVE-2012-3459
RESERVED
+ NOT-FOR-US: Cumin
CVE-2012-3458 (Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES ...)
{DSA-2541-1}
- beaker 1.6.3-1.1 (bug #684890)
@@ -3838,6 +3842,7 @@
- gnome-screensaver <not-affected> (vulnerable code not present)
CVE-2012-3451
RESERVED
+ NOT-FOR-US: Apache CXF
CVE-2012-3450 (pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x ...)
{DSA-2527-1}
- php5 5.4.4-1 (bug #683694)
@@ -3892,7 +3897,7 @@
CVE-2012-3436 [OpenTTD DoS]
RESERVED
{DSA-2524-1}
- - openttd <unfixed> (low; bug #683258)
+ - openttd 1.2.1-2 (low; bug #683258)
CVE-2012-3435 (SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix ...)
{DSA-2539-1}
- zabbix 1:2.0.2+dfsg-1 (bug #683273)
@@ -4848,19 +4853,19 @@
CVE-2012-3035
RESERVED
CVE-2012-3034 (WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2012-3033
RESERVED
CVE-2012-3032 (SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2012-3031 (Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2012-3030 (WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2012-3029
RESERVED
CVE-2012-3028 (Cross-site request forgery (CSRF) vulnerability in WebNavigator in ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2012-3027
RESERVED
CVE-2012-3026
@@ -4924,13 +4929,13 @@
CVE-2012-2997
RESERVED
CVE-2012-2996 (Cross-site request forgery (CSRF) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2012-2995 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2012-2994 (The CoSoSys Endpoint Protector 4 appliance establishes an EPProot ...)
- TODO: check
+ NOT-FOR-US: CoSoSys Endpoint Protector
CVE-2012-2993 (Microsoft Windows Phone 7 does not verify the domain name in the ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Phone
CVE-2012-2992
RESERVED
CVE-2012-2991
@@ -5545,8 +5550,10 @@
NOTE: this might warrant a CVE for the kernel too
CVE-2012-2735
RESERVED
+ NOT-FOR-US: Cumin
CVE-2012-2734
RESERVED
+ NOT-FOR-US: Cumin
CVE-2012-2733
RESERVED
CVE-2012-2732
@@ -5599,7 +5606,6 @@
NOT-FOR-US: Drupal module
CVE-2012-2709
REJECTED
- NOTE: http://www.openwall.com/lists/oss-security/2012/06/27/10
CVE-2012-2708 (Cross-site scripting (XSS) vulnerability in the ...)
NOT-FOR-US: Drupal module
CVE-2012-2707 (The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does ...)
@@ -5658,16 +5664,21 @@
RESERVED
CVE-2012-2685
RESERVED
+ NOT-FOR-US: Cumin
CVE-2012-2684
RESERVED
+ NOT-FOR-US: Cumin
CVE-2012-2683
RESERVED
+ NOT-FOR-US: Cumin
CVE-2012-2682
RESERVED
CVE-2012-2681
RESERVED
+ NOT-FOR-US: Cumin
CVE-2012-2680
RESERVED
+ NOT-FOR-US: Cumin
CVE-2012-2679
RESERVED
NOT-FOR-US: Red Hat Network configuration client
More information about the Secure-testing-commits
mailing list