[Secure-testing-commits] r23179 - data/CVE

Thijs Kinkhorst thijs at alioth.debian.org
Sat Aug 3 08:48:41 UTC 2013 

Author: thijs
Date: 2013-08-03 08:48:41 +0000 (Sat, 03 Aug 2013)
New Revision: 23179

Modified:
   data/CVE/list
Log:
bitcoind issues already fixed; several nfu's


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-08-03 08:37:08 UTC (rev 23178)
+++ data/CVE/list	2013-08-03 08:48:41 UTC (rev 23179)
@@ -143,7 +143,7 @@
 CVE-2013-4955
 	RESERVED
 CVE-2013-4954 (Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in ...)
-	TODO: check
+	NOT-FOR-US: Genetech Solutions Pie-Register
 CVE-2013-4953 (SQL injection vulnerability in play.php in Top Games Script 1.2 allows ...)
 	NOT-FOR-US: Top Games Script
 CVE-2013-4952 (SQL injection vulnerability in functions/global.php in Elemata CMS RC ...)
@@ -163,7 +163,7 @@
 CVE-2013-4945 (Multiple SQL injection vulnerabilities in BMC Service Desk Express ...)
 	NOT-FOR-US: BMC Service Desk Express
 CVE-2013-4944 (Cross-site scripting (XSS) vulnerability in the BuddyPress Extended ...)
-	TODO: check
+	NOT-FOR-US: BuddyPress 
 CVE-2013-4943
 	RESERVED
 CVE-2013-4942 (Cross-site scripting (XSS) vulnerability in flashuploader.swf in the ...)
@@ -278,9 +278,9 @@
 CVE-2013-4913
 	RESERVED
 CVE-2013-4912 (Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2013-4911 (Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2013-4910
 	RESERVED
 CVE-2013-4909
@@ -811,13 +811,13 @@
 CVE-2013-4674 (Cross-site scripting (XSS) vulnerability in the Web Email Protection ...)
 	NOT-FOR-US: Symantec
 CVE-2013-4673 (The management console on the Symantec Web Gateway (SWG) appliance ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2013-4672 (The management console on the Symantec Web Gateway (SWG) appliance ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2013-4671 (Cross-site request forgery (CSRF) vulnerability in the management ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2013-4670 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2013-4668 (Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, ...)
 	- file-roller 3.8.3-1
 	[squeeze] - file-roller <not-affected> (Doesn't use libarchive)
@@ -854,9 +854,9 @@
 CVE-2013-4653
 	RESERVED
 CVE-2013-4652 (Unspecified vulnerability in the command-line management interface on ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2013-4651 (Siemens Scalance W7xx devices with firmware before 4.5.4 use the same ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2013-4650 (MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote ...)
 	- mongodb 1:2.4.5-1 (bug #715007)
 	[squeeze] - mongodb <not-affected> (Only affects 2.4.x)
@@ -915,7 +915,7 @@
 CVE-2013-4628 (The firewall module on the Huawei Quidway Service Process Unit (SPU) ...)
 	NOT-FOR-US: Huawei Quidway Service Process Unit
 CVE-2013-4627 (Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows ...)
-	TODO: check
+	- bitcoind 0.8.3-1
 CVE-2012-6571 (The HTTP module in the (1) Branch Intelligent Management System (BIMS) ...)
 	NOT-FOR-US: Branch Intelligent Management System, Huawei routers
 CVE-2012-6570 (The HTTP module in the (1) Branch Intelligent Management System (BIMS) ...)
@@ -1781,8 +1781,9 @@
 	RESERVED
 CVE-2013-4204
 	RESERVED
-CVE-2013-4203
+CVE-2013-4203 [Rgpg Ruby Gem Remote Command Injection]
 	RESERVED
+	NOT-FOR-US: Ruby Rgpg Gem
 CVE-2013-4202
 	RESERVED
 CVE-2013-4201
@@ -3584,7 +3585,7 @@
 CVE-2013-3449
 	RESERVED
 CVE-2013-3448 (Cisco WebEx Meetings Server does not check whether a user account is ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2013-3447
 	RESERVED
 CVE-2013-3446
@@ -4125,9 +4126,9 @@
 	NOTE: Starting with 2.3.14.1 rails is a transition package
 	NOTE: This is a general design problem and only mitigated by documented best practices
 CVE-2013-3220 (bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x ...)
-	TODO: check
+	- bitcoind 0.8.1-1
 CVE-2013-3219 (bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain ...)
-	TODO: check
+	- bitcoind 0.8.1-1
 CVE-2013-3218
 	RESERVED
 CVE-2013-3217
@@ -4581,9 +4582,9 @@
 CVE-2013-2995
 	RESERVED
 CVE-2013-2994 (IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2013-2993 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2013-2992
 	RESERVED
 CVE-2013-2991
@@ -8690,9 +8691,9 @@
 CVE-2013-1618 (The TLS implementation in Opera before 12.13 does not properly ...)
 	NOT-FOR-US: Opera
 CVE-2013-1617 (Multiple SQL injection vulnerabilities in the management console on ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2013-1616 (The management console on the Symantec Web Gateway (SWG) appliance ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2013-1615 (The management console (aka Java console) on the Symantec Security ...)
 	NOT-FOR-US: Symantec
 CVE-2013-1614 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
@@ -9369,7 +9370,7 @@
 CVE-2013-1378 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...)
 	NOT-FOR-US: Adobe Flash Plugin
 CVE-2013-1377 (Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Adobe Digital Editions
 CVE-2013-1376
 	RESERVED
 	NOT-FOR-US: Adobe Reader
@@ -9766,7 +9767,7 @@
 CVE-2013-1191
 	RESERVED
 CVE-2013-1190 (The C-Series Rack Server component 1.4 in Cisco Unified Computing ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2013-1189 (Cisco Universal Broadband (aka uBR) 10000 series routers, when an ...)
 	NOT-FOR-US: Cisco Universal Broadband 10000 series routers
 CVE-2013-1188 (Cisco Unified Communications Manager (CUCM) does not properly limit ...)
@@ -15610,7 +15611,7 @@
 CVE-2012-5461
 	RESERVED
 CVE-2012-5460 (Cross-site scripting (XSS) vulnerability in the help page in Juniper ...)
-	TODO: check
+	NOT-FOR-US: Juniper IVE OS
 CVE-2012-5459 (Untrusted search path vulnerability in VMware Workstation 8.x before ...)
 	NOT-FOR-US: VMware
 CVE-2012-5458 (VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 ...)
@@ -19962,7 +19963,7 @@
 CVE-2012-3914
 	RESERVED
 CVE-2012-3913 (The Cisco VC220 and VC240 cameras allow remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-3912
 	RESERVED
 CVE-2012-3911

More information about the Secure-testing-commits mailing list