[Secure-testing-commits] r21912 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Apr 10 21:14:24 UTC 2013


Author: joeyh
Date: 2013-04-10 21:14:23 +0000 (Wed, 10 Apr 2013)
New Revision: 21912

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-04-10 17:29:50 UTC (rev 21911)
+++ data/CVE/list	2013-04-10 21:14:23 UTC (rev 21912)
@@ -510,7 +510,7 @@
 	NOT-FOR-US: Internet Explorer
 CVE-2013-2556 (Unspecified vulnerability in Microsoft Windows 7 allows attackers to ...)
 	NOT-FOR-US: Windows 7
-CVE-2013-2555 (Adobe Flash Player 11.6.602.171 on Windows allows remote attackers to ...)
+CVE-2013-2555 (Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x ...)
 	NOT-FOR-US: Adobe Flash plugin
 CVE-2013-2554 (Unspecified vulnerability in Microsoft Windows 7 allows attackers to ...)
 	NOT-FOR-US: Windows 7
@@ -1961,8 +1961,7 @@
 CVE-2013-1899 (Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, ...)
 	{DSA-2658-1}
 	- postgresql-9.1 9.1.9-1 (bug #704479)
-CVE-2013-1898 [ruby gem Thumbshooter RCE]
-	RESERVED
+CVE-2013-1898 (lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows ...)
 	NOT-FOR-US: Ruby gem Thumbshooter
 CVE-2013-1897 [unintended information exposure when rootdse is enabled]
 	RESERVED
@@ -2221,8 +2220,7 @@
 	- owncloud <not-affected> (owncloud stable4 (4.0.x) is not affected) 
 	NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-008/
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
-CVE-2013-1821 [entity expansion DoS vulnerability in REXML]
-	RESERVED
+CVE-2013-1821 (lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows ...)
 	- ruby1.9.1 1.9.3.194-8.1 (bug #702525)
 	- ruby1.8 1.8.7.358-7 (bug #702526)
 	NOTE: http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/
@@ -2281,15 +2279,12 @@
 	RESERVED
 CVE-2013-1803
 	RESERVED
-CVE-2013-1802 [YAML parameter parsing vulnerability] 
-	RESERVED
+CVE-2013-1802 (The extlib gem 0.9.15 and earlier for Ruby does not properly restrict ...)
 	- ruby-extlib 0.9.15-3 (bug #697895)
 	- libextlib-ruby <removed> (bug #697895)
-CVE-2013-1801 [YAML parameter parsing vulnerability]
-	RESERVED
+CVE-2013-1801 (The httparty gem 0.9.0 and earlier for Ruby does not properly restrict ...)
 	NOT-FOR-US: httparty Ruby gem
-CVE-2013-1800 [YAML parameter parsing vulnerability]
-	RESERVED
+CVE-2013-1800 (The crack gem 0.3.1 and earlier for Ruby does not properly restrict ...)
 	- ruby-crack <itp> (bug #623900)
 CVE-2013-1799 (Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before ...)
 	TODO: check
@@ -2318,15 +2313,12 @@
 	- linux-2.6 <removed>
 CVE-2013-1791
 	RESERVED
-CVE-2013-1790 [uninitialized memory read]
-	RESERVED
+CVE-2013-1790 (poppler/Stream.cc in poppler before 0.22.1 allows context-dependent ...)
 	- poppler 0.18.4-6 (low; bug #702071)
-CVE-2013-1789 [crash in broken documents]
-	RESERVED
+CVE-2013-1789 (splash/Splash.cc in poppler before 0.22.1 allows context-dependent ...)
 	- poppler <not-affected> (vulnerable code introduced in a later version)
 	TODO: recheck poppler >= 0.22 when it gets uploaded
-CVE-2013-1788 [invalid memory issues]
-	RESERVED
+CVE-2013-1788 (poppler before 0.22.1 allows context-dependent attackers to cause a ...)
 	- poppler 0.18.4-6 (low; bug #702071)
 CVE-2013-1787 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
 	NOT-FOR-US: Drupal addon
@@ -3351,28 +3343,28 @@
 	RESERVED
 CVE-2013-1389
 	RESERVED
-CVE-2013-1388
-	RESERVED
-CVE-2013-1387
-	RESERVED
-CVE-2013-1386
-	RESERVED
-CVE-2013-1385
-	RESERVED
-CVE-2013-1384
-	RESERVED
-CVE-2013-1383
-	RESERVED
+CVE-2013-1388 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, ...)
+	TODO: check
+CVE-2013-1387 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, ...)
+	TODO: check
+CVE-2013-1386 (Adobe Shockwave Player before 12.0.2.122 allows attackers to execute ...)
+	TODO: check
+CVE-2013-1385 (Adobe Shockwave Player before 12.0.2.122 does not prevent access to ...)
+	TODO: check
+CVE-2013-1384 (Adobe Shockwave Player before 12.0.2.122 allows attackers to execute ...)
+	TODO: check
+CVE-2013-1383 (Buffer overflow in Adobe Shockwave Player before 12.0.2.122 allows ...)
+	TODO: check
 CVE-2013-1382
 	RESERVED
 CVE-2013-1381
 	RESERVED
-CVE-2013-1380
-	RESERVED
-CVE-2013-1379
-	RESERVED
-CVE-2013-1378
-	RESERVED
+CVE-2013-1380 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...)
+	TODO: check
+CVE-2013-1379 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...)
+	TODO: check
+CVE-2013-1378 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...)
+	TODO: check
 CVE-2013-1377
 	RESERVED
 CVE-2013-1376
@@ -3528,10 +3520,10 @@
 	RESERVED
 CVE-2013-1305
 	RESERVED
-CVE-2013-1304
-	RESERVED
-CVE-2013-1303
-	RESERVED
+CVE-2013-1304 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+	TODO: check
+CVE-2013-1303 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+	TODO: check
 CVE-2013-1302
 	RESERVED
 CVE-2013-1301
@@ -3544,22 +3536,22 @@
 	RESERVED
 CVE-2013-1297
 	RESERVED
-CVE-2013-1296
-	RESERVED
-CVE-2013-1295
-	RESERVED
-CVE-2013-1294
-	RESERVED
-CVE-2013-1293
-	RESERVED
-CVE-2013-1292
-	RESERVED
-CVE-2013-1291
-	RESERVED
-CVE-2013-1290
-	RESERVED
-CVE-2013-1289
-	RESERVED
+CVE-2013-1296 (The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote ...)
+	TODO: check
+CVE-2013-1295 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP ...)
+	TODO: check
+CVE-2013-1294 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, ...)
+	TODO: check
+CVE-2013-1293 (The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows ...)
+	TODO: check
+CVE-2013-1292 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+	TODO: check
+CVE-2013-1291 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, ...)
+	TODO: check
+CVE-2013-1290 (Microsoft SharePoint Server 2013, in certain configurations involving ...)
+	TODO: check
+CVE-2013-1289 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
+	TODO: check
 CVE-2013-1288 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2013-1287 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, ...)
@@ -3568,12 +3560,12 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2013-1285 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2013-1284
-	RESERVED
-CVE-2013-1283
-	RESERVED
-CVE-2013-1282
-	RESERVED
+CVE-2013-1284 (Race condition in the kernel in Microsoft Windows 8, Windows Server ...)
+	TODO: check
+CVE-2013-1283 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+	TODO: check
+CVE-2013-1282 (The LDAP service in Microsoft Active Directory, Active Directory ...)
+	TODO: check
 CVE-2013-1281 (The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2013-1280 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...)
@@ -6194,11 +6186,9 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12
 CVE-2013-0286
 	RESERVED
-CVE-2013-0285
-	RESERVED
+CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before ...)
 	NOT-FOR-US: nori Ruby gem
-CVE-2013-0284
-	RESERVED
+CVE-2013-0284 (Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when ...)
 	NOT-FOR-US: newrelic_rpm Ruby gem
 CVE-2013-0283
 	RESERVED
@@ -6300,8 +6290,7 @@
 	- postgresql-8.4 8.4.16-1
 CVE-2013-0254 (The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before ...)
 	- qt4-x11 4:4.8.2+dfsg-11 (bug #699870)
-CVE-2013-0253
-	RESERVED
+CVE-2013-0253 (The default configuration of Apache Maven 3.0.4, when using Maven ...)
 	- wagon2 2.2-3+nmu1 (bug #701991)
 CVE-2013-0252 (boost::locale::utf::utf_traits in the Boost.Locale library in Boost ...)
 	- boost1.50 <unfixed> (bug #699650)
@@ -7149,8 +7138,7 @@
 CVE-2012-6135
 	RESERVED
 	- ruby-passenger (low; bug #702219)
-CVE-2012-6134
-	RESERVED
+CVE-2012-6134 (Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 ...)
 	NOT-FOR-US: ruby-omniauth, there was a sponsor request, but no ITP: http://osdir.com/ml/debian-mentors/2011-08/msg00662.html
 CVE-2012-6133 [XSS flaws in ok and error messages]
 	RESERVED
@@ -7283,8 +7271,7 @@
 	- moodle <unfixed> (low; bug #702387)
 	[squeeze] - moodle <no-dsa> (Minor issue)
 	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
-CVE-2012-6097 [cronie fd leak]
-	RESERVED
+CVE-2012-6097 (File descriptor leak in cronie 1.4.8, when running in certain ...)
 	- cronie <unfixed> (low; bug #697811)
 	NOTE: Only present in experimental
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=786096
@@ -7515,8 +7502,8 @@
 	NOT-FOR-US: Microsoft SharePoint
 CVE-2013-0079 (Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute ...)
 	NOT-FOR-US: Microsoft Visio Viewer
-CVE-2013-0078
-	RESERVED
+CVE-2013-0078 (The Microsoft Antimalware Client in Windows Defender on Windows 8 and ...)
+	TODO: check
 CVE-2013-0077 (Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2013-0076 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows ...)
@@ -8750,8 +8737,7 @@
 	RESERVED
 CVE-2012-5636
 	RESERVED
-CVE-2012-5635 [GlusterFS: insecure temporary file creation]
-	RESERVED
+CVE-2012-5635 (The GlusterFS functionality in Red Hat Storage Management Console 2.0, ...)
 	- glusterfs <undetermined> (bug #704944)
 CVE-2012-5634 (Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, ...)
 	{DSA-2636-1}




More information about the Secure-testing-commits mailing list