[Secure-testing-commits] r21829 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Apr 3 21:14:35 UTC 2013


Author: joeyh
Date: 2013-04-03 21:14:35 +0000 (Wed, 03 Apr 2013)
New Revision: 21829

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-04-03 18:54:14 UTC (rev 21828)
+++ data/CVE/list	2013-04-03 21:14:35 UTC (rev 21829)
@@ -1,3 +1,19 @@
+CVE-2013-2753
+	RESERVED
+CVE-2013-2752
+	RESERVED
+CVE-2013-2751
+	RESERVED
+CVE-2013-2750
+	RESERVED
+CVE-2013-2749
+	RESERVED
+CVE-2013-2748
+	RESERVED
+CVE-2013-2747
+	RESERVED
+CVE-2013-2746
+	RESERVED
 CVE-2013-2745
 	RESERVED
 CVE-2013-2744 (importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows ...)
@@ -1832,8 +1848,8 @@
 	RESERVED
 	- haproxy <unfixed> (bug #704611)
 	NOTE: http://git.1wt.eu/web?p=haproxy-1.4.git;a=commitdiff;h=dc80672211
-CVE-2013-1911
-	RESERVED
+CVE-2013-1911 (lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote ...)
+	TODO: check
 CVE-2013-1910 [Not removing bad metadata and using it in next run]
 	RESERVED
 	- yum <unfixed>
@@ -2111,8 +2127,7 @@
 	- php5 5.4.4-14
 	NOTE: See CVE-2013-1643
 	NOTE: http://git.php.net/?p=web/php.git;a=commitdiff;h=e8432b34ee7a196a14a6e0191a00fe73b5a095e7
-CVE-2013-1823
-	RESERVED
+CVE-2013-1823 (Cross-site scripting (XSS) vulnerability in the Notifications form in ...)
 	NOT-FOR-US: Katello
 CVE-2013-1822
 	RESERVED
@@ -2498,13 +2513,11 @@
 CVE-2013-1666
 	RESERVED
 	- foswiki <itp> (bug #509864)
-CVE-2013-1665 [Information leak via xml entity parsing]
-	RESERVED
+CVE-2013-1665 (OpenStack Keystone Essex and Folsom allows remote attackers to read ...)
 	{DSA-2634-1}
 	- keystone 2012.1.1-13 (bug #700948)
 	- python-django 1.4.4-1
-CVE-2013-1664 [Denial of service via xml entity parsing]
-	RESERVED
+CVE-2013-1664 (OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex ...)
 	- keystone 2012.1.1-13 (bug #700948)
 	- nova 2012.1.1-13 (bug #700949)
 	- cinder <unfixed>
@@ -4479,32 +4492,32 @@
 	RESERVED
 CVE-2013-0801
 	RESERVED
-CVE-2013-0800
-	RESERVED
-CVE-2013-0799
-	RESERVED
-CVE-2013-0798
-	RESERVED
-CVE-2013-0797
-	RESERVED
-CVE-2013-0796
-	RESERVED
-CVE-2013-0795
-	RESERVED
-CVE-2013-0794
-	RESERVED
-CVE-2013-0793
-	RESERVED
-CVE-2013-0792
-	RESERVED
-CVE-2013-0791
-	RESERVED
-CVE-2013-0790
-	RESERVED
-CVE-2013-0789
-	RESERVED
-CVE-2013-0788
-	RESERVED
+CVE-2013-0800 (Integer signedness error in the pixman_fill_sse2 function in ...)
+	TODO: check
+CVE-2013-0799 (Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox ...)
+	TODO: check
+CVE-2013-0798 (Mozilla Firefox before 20.0 on Android uses world-writable and ...)
+	TODO: check
+CVE-2013-0797 (Untrusted search path vulnerability in the Mozilla Updater in Mozilla ...)
+	TODO: check
+CVE-2013-0796 (The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x ...)
+	TODO: check
+CVE-2013-0795 (The System Only Wrapper (SOW) implementation in Mozilla Firefox before ...)
+	TODO: check
+CVE-2013-0794 (Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent ...)
+	TODO: check
+CVE-2013-0793 (Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, ...)
+	TODO: check
+CVE-2013-0792 (Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when ...)
+	TODO: check
+CVE-2013-0791 (The CERT_DecodeCertPackage function in Mozilla Network Security ...)
+	TODO: check
+CVE-2013-0790 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
+	TODO: check
+CVE-2013-0789 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
+	TODO: check
+CVE-2013-0788 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
+	TODO: check
 CVE-2013-0787 (Use-after-free vulnerability in the nsEditor::IsPreformatted function ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
@@ -6103,13 +6116,13 @@
 	[squeeze] - pacemaker <no-dsa> (Minor issue)
 	[wheezy] - pacemaker <no-dsa> (Minor issue)
 CVE-2013-0280
-	RESERVED
+	REJECTED
 	NOTE: To be rejected
 CVE-2013-0279
-	RESERVED
+	REJECTED
 	NOTE: To be rejected
 CVE-2013-0278
-	RESERVED
+	REJECTED
 	NOTE: To be rejected
 CVE-2013-0277 (ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 ...)
 	{DSA-2620-1}
@@ -7063,8 +7076,7 @@
 	RESERVED
 	- roundup 1.4.20-1
 	NOTE: http://issues.roundup-tracker.org/issue2550684
-CVE-2012-6129 [Transmission can be made to crash remotely]
-	RESERVED
+CVE-2012-6129 (Stack-based buffer overflow in utp.cpp in libutp, as used in ...)
 	- transmission 2.52-3+nmu1 (bug #700234)
 	[squeeze] - transmission <not-affected> (UTP code not present)
 CVE-2012-6128 (Multiple stack-based buffer overflows in http.c in OpenConnect before ...)
@@ -7102,8 +7114,7 @@
 	[squeeze] - puppet <no-dsa> (Minor issue)
 	NOTE: puppet-common postinst in unstable sets dpkg-statoverride --update --add puppet puppet 0750 /var/log/puppet
 	NOTE: After starting puppetmaster permissions on directory are restricted
-CVE-2012-6119
-	RESERVED
+CVE-2012-6119 (Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager ...)
 	NOTE: Candlepin
 CVE-2012-6118 (The Administer tab in Aeolus Conductor allows remote authenticated ...)
 	NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
@@ -11665,8 +11676,7 @@
 CVE-2012-4547 (Unspecified vulnerability in awredir.pl in AWStats before 7.1 has ...)
 	- awstats <not-affected>
 	NOTE: awredir.pl is not installed into the binary package
-CVE-2012-4546
-	RESERVED
+CVE-2012-4546 (The default configuration for IPA servers in Red Hat Enterprise Linux ...)
 	NOT-FOR-US: FreeIPA
 CVE-2012-4545 (The http_negotiate_create_context function in ...)
 	{DSA-2592-1}
@@ -20535,8 +20545,8 @@
 	RESERVED
 CVE-2012-1039 (Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before ...)
 	- dotclear 2.4.2+dfsg-1
-CVE-2012-1038
-	RESERVED
+CVE-2012-1038 (Cross-site scripting (XSS) vulnerability in the WebAAA login ...)
+	TODO: check
 CVE-2012-1037 (PHP remote file inclusion vulnerability in front/popup.php in GLPI ...)
 	- glpi 0.80.7-1 (bug #659383; unimportant)
 	[squeeze] - glpi <not-affected> (Introduced in 0.78)




More information about the Secure-testing-commits mailing list