[Secure-testing-commits] r21829 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Apr 3 21:14:35 UTC 2013
Author: joeyh
Date: 2013-04-03 21:14:35 +0000 (Wed, 03 Apr 2013)
New Revision: 21829
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-04-03 18:54:14 UTC (rev 21828)
+++ data/CVE/list 2013-04-03 21:14:35 UTC (rev 21829)
@@ -1,3 +1,19 @@
+CVE-2013-2753
+ RESERVED
+CVE-2013-2752
+ RESERVED
+CVE-2013-2751
+ RESERVED
+CVE-2013-2750
+ RESERVED
+CVE-2013-2749
+ RESERVED
+CVE-2013-2748
+ RESERVED
+CVE-2013-2747
+ RESERVED
+CVE-2013-2746
+ RESERVED
CVE-2013-2745
RESERVED
CVE-2013-2744 (importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows ...)
@@ -1832,8 +1848,8 @@
RESERVED
- haproxy <unfixed> (bug #704611)
NOTE: http://git.1wt.eu/web?p=haproxy-1.4.git;a=commitdiff;h=dc80672211
-CVE-2013-1911
- RESERVED
+CVE-2013-1911 (lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote ...)
+ TODO: check
CVE-2013-1910 [Not removing bad metadata and using it in next run]
RESERVED
- yum <unfixed>
@@ -2111,8 +2127,7 @@
- php5 5.4.4-14
NOTE: See CVE-2013-1643
NOTE: http://git.php.net/?p=web/php.git;a=commitdiff;h=e8432b34ee7a196a14a6e0191a00fe73b5a095e7
-CVE-2013-1823
- RESERVED
+CVE-2013-1823 (Cross-site scripting (XSS) vulnerability in the Notifications form in ...)
NOT-FOR-US: Katello
CVE-2013-1822
RESERVED
@@ -2498,13 +2513,11 @@
CVE-2013-1666
RESERVED
- foswiki <itp> (bug #509864)
-CVE-2013-1665 [Information leak via xml entity parsing]
- RESERVED
+CVE-2013-1665 (OpenStack Keystone Essex and Folsom allows remote attackers to read ...)
{DSA-2634-1}
- keystone 2012.1.1-13 (bug #700948)
- python-django 1.4.4-1
-CVE-2013-1664 [Denial of service via xml entity parsing]
- RESERVED
+CVE-2013-1664 (OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex ...)
- keystone 2012.1.1-13 (bug #700948)
- nova 2012.1.1-13 (bug #700949)
- cinder <unfixed>
@@ -4479,32 +4492,32 @@
RESERVED
CVE-2013-0801
RESERVED
-CVE-2013-0800
- RESERVED
-CVE-2013-0799
- RESERVED
-CVE-2013-0798
- RESERVED
-CVE-2013-0797
- RESERVED
-CVE-2013-0796
- RESERVED
-CVE-2013-0795
- RESERVED
-CVE-2013-0794
- RESERVED
-CVE-2013-0793
- RESERVED
-CVE-2013-0792
- RESERVED
-CVE-2013-0791
- RESERVED
-CVE-2013-0790
- RESERVED
-CVE-2013-0789
- RESERVED
-CVE-2013-0788
- RESERVED
+CVE-2013-0800 (Integer signedness error in the pixman_fill_sse2 function in ...)
+ TODO: check
+CVE-2013-0799 (Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox ...)
+ TODO: check
+CVE-2013-0798 (Mozilla Firefox before 20.0 on Android uses world-writable and ...)
+ TODO: check
+CVE-2013-0797 (Untrusted search path vulnerability in the Mozilla Updater in Mozilla ...)
+ TODO: check
+CVE-2013-0796 (The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x ...)
+ TODO: check
+CVE-2013-0795 (The System Only Wrapper (SOW) implementation in Mozilla Firefox before ...)
+ TODO: check
+CVE-2013-0794 (Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent ...)
+ TODO: check
+CVE-2013-0793 (Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, ...)
+ TODO: check
+CVE-2013-0792 (Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when ...)
+ TODO: check
+CVE-2013-0791 (The CERT_DecodeCertPackage function in Mozilla Network Security ...)
+ TODO: check
+CVE-2013-0790 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
+ TODO: check
+CVE-2013-0789 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
+ TODO: check
+CVE-2013-0788 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
+ TODO: check
CVE-2013-0787 (Use-after-free vulnerability in the nsEditor::IsPreformatted function ...)
- iceweasel <unfixed>
- icedove <unfixed>
@@ -6103,13 +6116,13 @@
[squeeze] - pacemaker <no-dsa> (Minor issue)
[wheezy] - pacemaker <no-dsa> (Minor issue)
CVE-2013-0280
- RESERVED
+ REJECTED
NOTE: To be rejected
CVE-2013-0279
- RESERVED
+ REJECTED
NOTE: To be rejected
CVE-2013-0278
- RESERVED
+ REJECTED
NOTE: To be rejected
CVE-2013-0277 (ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 ...)
{DSA-2620-1}
@@ -7063,8 +7076,7 @@
RESERVED
- roundup 1.4.20-1
NOTE: http://issues.roundup-tracker.org/issue2550684
-CVE-2012-6129 [Transmission can be made to crash remotely]
- RESERVED
+CVE-2012-6129 (Stack-based buffer overflow in utp.cpp in libutp, as used in ...)
- transmission 2.52-3+nmu1 (bug #700234)
[squeeze] - transmission <not-affected> (UTP code not present)
CVE-2012-6128 (Multiple stack-based buffer overflows in http.c in OpenConnect before ...)
@@ -7102,8 +7114,7 @@
[squeeze] - puppet <no-dsa> (Minor issue)
NOTE: puppet-common postinst in unstable sets dpkg-statoverride --update --add puppet puppet 0750 /var/log/puppet
NOTE: After starting puppetmaster permissions on directory are restricted
-CVE-2012-6119
- RESERVED
+CVE-2012-6119 (Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager ...)
NOTE: Candlepin
CVE-2012-6118 (The Administer tab in Aeolus Conductor allows remote authenticated ...)
NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
@@ -11665,8 +11676,7 @@
CVE-2012-4547 (Unspecified vulnerability in awredir.pl in AWStats before 7.1 has ...)
- awstats <not-affected>
NOTE: awredir.pl is not installed into the binary package
-CVE-2012-4546
- RESERVED
+CVE-2012-4546 (The default configuration for IPA servers in Red Hat Enterprise Linux ...)
NOT-FOR-US: FreeIPA
CVE-2012-4545 (The http_negotiate_create_context function in ...)
{DSA-2592-1}
@@ -20535,8 +20545,8 @@
RESERVED
CVE-2012-1039 (Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before ...)
- dotclear 2.4.2+dfsg-1
-CVE-2012-1038
- RESERVED
+CVE-2012-1038 (Cross-site scripting (XSS) vulnerability in the WebAAA login ...)
+ TODO: check
CVE-2012-1037 (PHP remote file inclusion vulnerability in front/popup.php in GLPI ...)
- glpi 0.80.7-1 (bug #659383; unimportant)
[squeeze] - glpi <not-affected> (Introduced in 0.78)
More information about the Secure-testing-commits
mailing list