[Secure-testing-commits] r23364 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Aug 20 21:14:32 UTC 2013
Author: joeyh
Date: 2013-08-20 21:14:32 +0000 (Tue, 20 Aug 2013)
New Revision: 23364
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-08-20 17:52:13 UTC (rev 23363)
+++ data/CVE/list 2013-08-20 21:14:32 UTC (rev 23364)
@@ -1,6 +1,12 @@
-CVE-2013-5315
+CVE-2013-5313 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2013-5312 (Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech ...)
+ TODO: check
+CVE-2013-5311 (Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 ...)
+ TODO: check
+CVE-2013-5315 (Cross-site scripting (XSS) vulnerability in the Resource Manager in ...)
NOT-FOR-US: Drupal module
-CVE-2013-5314
+CVE-2013-5314 (Cross-site scripting (XSS) vulnerability in ...)
- serendipity <removed>
CVE-2013-5310 (SQL injection vulnerability in the DB Integration (wfqbe) extension ...)
TODO: check
@@ -572,8 +578,7 @@
RESERVED
CVE-2013-5030
RESERVED
-CVE-2013-5029 [PMASA-2013-10 clickjacking hardening]
- RESERVED
+CVE-2013-5029 (phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to ...)
- phpmyadmin 4:4.0.5-1
[squeeze] - phpmyadmin <no-dsa> (Not feasible)
[wheezy] - phpmyadmin <no-dsa> (Not feasible)
@@ -987,8 +992,7 @@
NOTE: https://kb.isc.org/article/AA-01015/0
CVE-2013-4853
RESERVED
-CVE-2013-4852 [PuTTY SSH handshake heap overflow]
- RESERVED
+CVE-2013-4852 (Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and ...)
{DSA-2736-1}
- putty 0.63-1 (bug #718779)
- filezilla <unfixed> (low; bug #718800)
@@ -1449,8 +1453,7 @@
RESERVED
CVE-2013-4654
RESERVED
-CVE-2013-4653
- RESERVED
+CVE-2013-4653 (Multiple cross-site scripting (XSS) vulnerabilities in the signin ...)
NOT-FOR-US: Alcatel-Lucent Omnitouch
CVE-2013-4652 (Unspecified vulnerability in the command-line management interface on ...)
NOT-FOR-US: Siemens
@@ -2317,8 +2320,7 @@
- tiff <unfixed>
- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
TODO: check
-CVE-2013-4242 [the Yarom/Falkner flush+reload side-channel attack on RSA secret keys]
- RESERVED
+CVE-2013-4242 (GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x ...)
{DSA-2731-1 DSA-2730-1}
- gnupg 1.4.14-1 (bug #717880)
- libgcrypt11 1.5.3-1
@@ -2351,8 +2353,7 @@
[squeeze] - eglibc <unfixed> (low; bug #719558)
NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=14699
NOTE: http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html
-CVE-2013-4236
- RESERVED
+CVE-2013-4236 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...)
NOT-FOR-US: Red Hat vdms
NOTE: for incomplete fix for CVE-2013-0167
CVE-2013-4235
@@ -2443,24 +2444,21 @@
RESERVED
CVE-2013-4209
RESERVED
-CVE-2013-4208 [Private keys left in memory after being used by PuTTY tools]
- RESERVED
+CVE-2013-4208 (The rsa_verify function in PuTTY before 0.63 (1) does not clear ...)
{DSA-2736-1}
- putty 0.63-1
- filezilla <unfixed> (low; bug #719070)
[squeeze] - filezilla <no-dsa> (Minor issue)
[wheezy] - filezilla <no-dsa> (Minor issue)
NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html
-CVE-2013-4207 [non-coprime values in DSA signatures can cause buffer overflow in modular inverse]
- RESERVED
+CVE-2013-4207 (Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH ...)
{DSA-2736-1}
- putty 0.63-1
- filezilla <unfixed> (low; bug #719070)
[squeeze] - filezilla <no-dsa> (Minor issue)
[wheezy] - filezilla <no-dsa> (Minor issue)
NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html
-CVE-2013-4206 [buffer underrun in modmul can corrupt the heap]
- RESERVED
+CVE-2013-4206 (Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY ...)
{DSA-2736-1}
- putty 0.63-1
- filezilla <unfixed> (low; bug #719070)
@@ -2560,8 +2558,7 @@
CVE-2013-4175 [local denial of service]
RESERVED
NOT-FOR-US: MySecureShell
-CVE-2013-4174
- RESERVED
+CVE-2013-4174 (Multiple cross-site scripting (XSS) vulnerabilities in the Scald ...)
NOT-FOR-US: Scald Drupal contributed module
CVE-2013-4173 [remote file deletion]
RESERVED
@@ -4035,8 +4032,7 @@
RESERVED
CVE-2013-3568
RESERVED
-CVE-2013-3567
- RESERVED
+CVE-2013-3567 (Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet ...)
{DSA-2715-1}
- puppet 3.2.2-1 (bug #712745)
CVE-2013-3566
@@ -7537,8 +7533,7 @@
RESERVED
{DSA-2737-1}
- swift 1.8.0-6 (low; bug #712202)
-CVE-2013-2160
- RESERVED
+CVE-2013-2160 (Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before ...)
NOT-FOR-US: Apache CXF
CVE-2013-2159 [monkey broken authentication]
RESERVED
@@ -7588,8 +7583,7 @@
- linux-2.6 <removed>
- linux 3.9.4-1
[wheezy] - linux 3.2.46-1
-CVE-2013-2145 [arbitrary code execution when verifying SIGNATURE]
- RESERVED
+CVE-2013-2145 (The cpansign verify functionality in the Module::Signature module ...)
- libmodule-signature-perl 0.73-1 (bug #711239)
[wheezy] - libmodule-signature-perl <no-dsa> (Minor issue)
[squeeze] - libmodule-signature-perl <no-dsa> (Minor issue)
@@ -7618,8 +7612,7 @@
- gallery <not-affected> (Old 1.5 version not affected)
CVE-2013-2137 (Cross-site scripting (XSS) vulnerability in the "View Log" screen in ...)
NOT-FOR-US: Apache OFBiz
-CVE-2013-2136
- RESERVED
+CVE-2013-2136 (Multiple cross-site scripting (XSS) vulnerabilities in Apache ...)
NOT-FOR-US: Apache CloudStack
CVE-2013-2135 (Apache Struts 2 before 2.3.14.3 allows remote attackers to execute ...)
- libstruts1.2-java <not-affected> (Only affects 2.x)
@@ -8555,8 +8548,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2013/03/19/11
CVE-2013-1873 [linux kernel kernel stack memory disclosure]
REJECTED
-CVE-2013-1872 [i965: out of bounds read/write]
- RESERVED
+CVE-2013-1872 (The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent ...)
{DSA-2704-1}
- mesa 8.0.5-7
[squeeze] - mesa <not-affected> (Vulnerable code not present)
@@ -13644,8 +13636,7 @@
NOTE: http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
CVE-2013-0168 (The MoveDisk command in Red Hat Enterprise Virtualization Manager ...)
NOTE: RHEV management tool
-CVE-2013-0167
- RESERVED
+CVE-2013-0167 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...)
NOT-FOR-US: Red Hat vdsm
CVE-2013-0166 (OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d ...)
{DSA-2621-1}
@@ -16039,8 +16030,7 @@
NOTE: Upstream fix http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=687392
NOTE: http://www.openwall.com/lists/oss-security/2012/11/21/2
-CVE-2012-5575
- RESERVED
+CVE-2012-5575 (Apache CFX 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x ...)
NOT-FOR-US: Apache CXF
CVE-2012-5574 (lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote ...)
NOT-FOR-US: Symfony
More information about the Secure-testing-commits
mailing list