[Secure-testing-commits] r23364 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Aug 20 21:14:32 UTC 2013 

Author: joeyh
Date: 2013-08-20 21:14:32 +0000 (Tue, 20 Aug 2013)
New Revision: 23364

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-08-20 17:52:13 UTC (rev 23363)
+++ data/CVE/list	2013-08-20 21:14:32 UTC (rev 23364)
@@ -1,6 +1,12 @@
-CVE-2013-5315
+CVE-2013-5313 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2013-5312 (Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech ...)
+	TODO: check
+CVE-2013-5311 (Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 ...)
+	TODO: check
+CVE-2013-5315 (Cross-site scripting (XSS) vulnerability in the Resource Manager in ...)
 	NOT-FOR-US: Drupal module
-CVE-2013-5314
+CVE-2013-5314 (Cross-site scripting (XSS) vulnerability in ...)
 	- serendipity <removed>
 CVE-2013-5310 (SQL injection vulnerability in the DB Integration (wfqbe) extension ...)
 	TODO: check
@@ -572,8 +578,7 @@
 	RESERVED
 CVE-2013-5030
 	RESERVED
-CVE-2013-5029 [PMASA-2013-10 clickjacking hardening]
-	RESERVED
+CVE-2013-5029 (phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to ...)
 	- phpmyadmin 4:4.0.5-1
 	[squeeze] - phpmyadmin <no-dsa> (Not feasible)
 	[wheezy] - phpmyadmin <no-dsa> (Not feasible)
@@ -987,8 +992,7 @@
 	NOTE: https://kb.isc.org/article/AA-01015/0
 CVE-2013-4853
 	RESERVED
-CVE-2013-4852 [PuTTY SSH handshake heap overflow]
-	RESERVED
+CVE-2013-4852 (Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and ...)
 	{DSA-2736-1}
 	- putty 0.63-1 (bug #718779)
 	- filezilla <unfixed> (low; bug #718800)
@@ -1449,8 +1453,7 @@
 	RESERVED
 CVE-2013-4654
 	RESERVED
-CVE-2013-4653
-	RESERVED
+CVE-2013-4653 (Multiple cross-site scripting (XSS) vulnerabilities in the signin ...)
 	NOT-FOR-US: Alcatel-Lucent Omnitouch
 CVE-2013-4652 (Unspecified vulnerability in the command-line management interface on ...)
 	NOT-FOR-US: Siemens
@@ -2317,8 +2320,7 @@
 	- tiff <unfixed>
 	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
 	TODO: check
-CVE-2013-4242 [the Yarom/Falkner flush+reload side-channel attack on RSA secret keys]
-	RESERVED
+CVE-2013-4242 (GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x ...)
 	{DSA-2731-1 DSA-2730-1}
 	- gnupg 1.4.14-1 (bug #717880)
 	- libgcrypt11 1.5.3-1
@@ -2351,8 +2353,7 @@
 	[squeeze] - eglibc <unfixed> (low; bug #719558)
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=14699
 	NOTE: http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html
-CVE-2013-4236
-	RESERVED
+CVE-2013-4236 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...)
 	NOT-FOR-US: Red Hat vdms
 	NOTE: for incomplete fix for CVE-2013-0167
 CVE-2013-4235
@@ -2443,24 +2444,21 @@
 	RESERVED
 CVE-2013-4209
 	RESERVED
-CVE-2013-4208 [Private keys left in memory after being used by PuTTY tools]
-	RESERVED
+CVE-2013-4208 (The rsa_verify function in PuTTY before 0.63 (1) does not clear ...)
 	{DSA-2736-1}
 	- putty 0.63-1
 	- filezilla <unfixed> (low; bug #719070)
 	[squeeze] - filezilla <no-dsa> (Minor issue)
 	[wheezy] - filezilla <no-dsa> (Minor issue)
 	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html
-CVE-2013-4207 [non-coprime values in DSA signatures can cause buffer overflow in modular inverse]
-	RESERVED
+CVE-2013-4207 (Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH ...)
 	{DSA-2736-1}
 	- putty 0.63-1
 	- filezilla <unfixed> (low; bug #719070)
 	[squeeze] - filezilla <no-dsa> (Minor issue)
 	[wheezy] - filezilla <no-dsa> (Minor issue)
 	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html
-CVE-2013-4206 [buffer underrun in modmul can corrupt the heap]
-	RESERVED
+CVE-2013-4206 (Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY ...)
 	{DSA-2736-1}
 	- putty 0.63-1
 	- filezilla <unfixed> (low; bug #719070)
@@ -2560,8 +2558,7 @@
 CVE-2013-4175 [local denial of service]
 	RESERVED
 	NOT-FOR-US: MySecureShell
-CVE-2013-4174
-	RESERVED
+CVE-2013-4174 (Multiple cross-site scripting (XSS) vulnerabilities in the Scald ...)
 	NOT-FOR-US: Scald Drupal contributed module
 CVE-2013-4173 [remote file deletion]
 	RESERVED
@@ -4035,8 +4032,7 @@
 	RESERVED
 CVE-2013-3568
 	RESERVED
-CVE-2013-3567
-	RESERVED
+CVE-2013-3567 (Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet ...)
 	{DSA-2715-1}
 	- puppet 3.2.2-1 (bug #712745)
 CVE-2013-3566
@@ -7537,8 +7533,7 @@
 	RESERVED
 	{DSA-2737-1}
 	- swift 1.8.0-6 (low; bug #712202)
-CVE-2013-2160
-	RESERVED
+CVE-2013-2160 (Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before ...)
 	NOT-FOR-US: Apache CXF
 CVE-2013-2159 [monkey broken authentication]
 	RESERVED
@@ -7588,8 +7583,7 @@
 	- linux-2.6 <removed>
 	- linux 3.9.4-1
 	[wheezy] - linux 3.2.46-1
-CVE-2013-2145 [arbitrary code execution when verifying SIGNATURE]
-	RESERVED
+CVE-2013-2145 (The cpansign verify functionality in the Module::Signature module ...)
 	- libmodule-signature-perl 0.73-1 (bug #711239)
 	[wheezy] - libmodule-signature-perl <no-dsa> (Minor issue)
 	[squeeze] - libmodule-signature-perl <no-dsa> (Minor issue)
@@ -7618,8 +7612,7 @@
 	- gallery <not-affected> (Old 1.5 version not affected)
 CVE-2013-2137 (Cross-site scripting (XSS) vulnerability in the "View Log" screen in ...)
 	NOT-FOR-US: Apache OFBiz
-CVE-2013-2136
-	RESERVED
+CVE-2013-2136 (Multiple cross-site scripting (XSS) vulnerabilities in Apache ...)
 	NOT-FOR-US: Apache CloudStack
 CVE-2013-2135 (Apache Struts 2 before 2.3.14.3 allows remote attackers to execute ...)
 	- libstruts1.2-java <not-affected> (Only affects 2.x)
@@ -8555,8 +8548,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/19/11
 CVE-2013-1873 [linux kernel kernel stack memory disclosure]
 	REJECTED
-CVE-2013-1872 [i965: out of bounds read/write]
-	RESERVED
+CVE-2013-1872 (The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent ...)
 	{DSA-2704-1}
 	- mesa 8.0.5-7
 	[squeeze] - mesa <not-affected> (Vulnerable code not present)
@@ -13644,8 +13636,7 @@
 	NOTE: http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
 CVE-2013-0168 (The MoveDisk command in Red Hat Enterprise Virtualization Manager ...)
 	NOTE: RHEV management tool
-CVE-2013-0167
-	RESERVED
+CVE-2013-0167 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...)
 	NOT-FOR-US: Red Hat vdsm
 CVE-2013-0166 (OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d ...)
 	{DSA-2621-1}
@@ -16039,8 +16030,7 @@
 	NOTE: Upstream fix http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=687392
 	NOTE: http://www.openwall.com/lists/oss-security/2012/11/21/2
-CVE-2012-5575
-	RESERVED
+CVE-2012-5575 (Apache CFX 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x ...)
 	NOT-FOR-US: Apache CXF
 CVE-2012-5574 (lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote ...)
 	NOT-FOR-US: Symfony

More information about the Secure-testing-commits mailing list