[Secure-testing-commits] r23180 - data/CVE

Sat Aug 3 09:13:01 UTC 2013

Author: thijs
Date: 2013-08-03 09:13:01 +0000 (Sat, 03 Aug 2013)
New Revision: 23180

Modified:
   data/CVE/list
Log:
jboss, ospf issues not-affected; several more nfu's


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2013-08-03 08:48:41 UTC (rev 23179)
+++ data/CVE/list	2013-08-03 09:13:01 UTC (rev 23180)
@@ -1786,34 +1786,48 @@
 	NOT-FOR-US: Ruby Rgpg Gem
 CVE-2013-4202
 	RESERVED
-CVE-2013-4201
+CVE-2013-4201 [Katello: CLI - user without access can call "system remove_deletion" command]
 	RESERVED
-CVE-2013-4200
+	NOT-FOR-US: Katello
+CVE-2013-4200 [plone: Forwarding of cookie data (session hijack) in certain browsers (in_portal.py)]
 	RESERVED
-CVE-2013-4199
+	NOT-FOR-US: Plone
+CVE-2013-4199 [plone: DoS by decompressing large zip archives (cb_decode.py, linkintegrity.py)]
 	RESERVED
-CVE-2013-4198
+	NOT-FOR-US: Plone
+CVE-2013-4198 [plone: Authenticated users able to alter their password despite of policy definition / setting prohibiting it (mail_password.py)]
 	RESERVED
-CVE-2013-4197
+	NOT-FOR-US: Plone
+CVE-2013-4197 [plone: Authenticated users able to modify / delete portraits of other users (member_portrait.py)]
 	RESERVED
-CVE-2013-4196
+	NOT-FOR-US: Plone
+CVE-2013-4196 [plone: Multiple information exposure flaws via certain object methods (objectmanager.py)]
 	RESERVED
-CVE-2013-4195
+	NOT-FOR-US: Plone
+CVE-2013-4195 [plone: Open redirect in the HTTP server implementation (marmoset_patch.py, publish.py, principiaredirect.py)]
 	RESERVED
-CVE-2013-4194
+	NOT-FOR-US: Plone
+CVE-2013-4194 [plone: File system path exposure (wysiwyg.py)]
 	RESERVED
-CVE-2013-4193
+	NOT-FOR-US: Plone
+CVE-2013-4193 [plone: Anonymous users capable to hide certain fields from content edit forms (typeswidget.py)]
 	RESERVED
-CVE-2013-4192
+	NOT-FOR-US: Plone
+CVE-2013-4192 [plone: Ability to spoof emails (sendto.py)]
 	RESERVED
-CVE-2013-4191
+	NOT-FOR-US: Plone
+CVE-2013-4191 [plone: Information exposure due improper access control enforcement when generating zip archives (zip.py)]
 	RESERVED
-CVE-2013-4190
+	NOT-FOR-US: Plone
+CVE-2013-4190 [plone: Multiple cross-site scripting (XSS) flaws (spamProtect.py, pts.py, request.py)]
 	RESERVED
-CVE-2013-4189
+	NOT-FOR-US: Plone
+CVE-2013-4189 [plone: Privilege escalation due improper authorization (dataitems.py, get.py, traverseName.py)]
 	RESERVED
-CVE-2013-4188
+	NOT-FOR-US: Plone
+CVE-2013-4188 [plone: DoS (infinite loop) by administrator privilege users when retrieving information for certain resources (traverser.py)]
 	RESERVED
+	NOT-FOR-US: Plone
 CVE-2013-4187 [Access Bypass]
 	RESERVED
 	NOT-FOR-US: Flippy Contributed Drupal module
@@ -12950,8 +12964,10 @@
 	- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
 CVE-2013-0150
 	RESERVED
-CVE-2013-0149
+CVE-2013-0149 [VU#229804 Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifers]
 	RESERVED
+	- quagga <not-affected>
+	NOTE: OSPF protocol vulnerability, quagga implementation not affected
 CVE-2013-0148 (The Data Camouflage (aka FairCom Standard Encryption) algorithm in ...)
 	NOT-FOR-US: FairCom c-treeACE
 CVE-2013-0147
@@ -46881,8 +46897,10 @@
 CVE-2010-3858 (The setup_arg_pages function in fs/exec.c in the Linux kernel before ...)
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-27
-CVE-2010-3857
+CVE-2010-3857 [JBoss BRMS XSS via UUID parameter]
 	RESERVED
+	- jbossas4 <not-affected> (Vulnerable code not present)
+	NOTE: JBoss 5 only; fixed in 5.1.0
 CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and ...)
 	{DSA-2122-2 DSA-2122-1}
 	- glibc <removed>


