[Secure-testing-commits] r23436 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Aug 26 21:14:35 UTC 2013 

Author: joeyh
Date: 2013-08-26 21:14:35 +0000 (Mon, 26 Aug 2013)
New Revision: 23436

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-08-26 19:50:14 UTC (rev 23435)
+++ data/CVE/list	2013-08-26 21:14:35 UTC (rev 23436)
@@ -1,8 +1,56 @@
+CVE-2013-5586
+	RESERVED
+CVE-2013-5585
+	RESERVED
+CVE-2013-5584
+	RESERVED
+CVE-2013-5583
+	RESERVED
+CVE-2013-5582
+	RESERVED
+CVE-2013-5581
+	RESERVED
+CVE-2013-5579
+	RESERVED
+CVE-2013-5578 (Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ...)
+	TODO: check
+CVE-2013-5577
+	RESERVED
+CVE-2013-5574
+	RESERVED
+CVE-2013-5573
+	RESERVED
+CVE-2013-5572
+	RESERVED
+CVE-2013-5571
+	RESERVED
+CVE-2013-5570 (Cross-site scripting (XSS) vulnerability in the Javascript and CSS ...)
+	TODO: check
+CVE-2013-5569 (SQL injection vulnerability in the Slideshare extension 0.1.0 for ...)
+	TODO: check
+CVE-2012-6589 (Cross-site scripting (XSS) vulnerability in search.php in MYRE ...)
+	TODO: check
+CVE-2012-6588 (SQL injection vulnerability in links.php in MYRE Business Directory ...)
+	TODO: check
+CVE-2012-6587 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2012-6586 (Multiple SQL injection vulnerabilities in MYRE Vacation Rental ...)
+	TODO: check
+CVE-2012-6585 (Cross-site scripting (XSS) vulnerability in search.php in MYRE Realty ...)
+	TODO: check
+CVE-2012-6584 (Multiple SQL injection vulnerabilities in MYRE Realty Manager allow ...)
+	TODO: check
+CVE-2012-6583 (Cross-site scripting (XSS) vulnerability in the Imagemenu module ...)
+	TODO: check
+CVE-2010-5289 (Buffer overflow in the Authenticate method in the ...)
+	TODO: check
 CVE-2013-5589 [cacti sql injection in /cacti/host.php]
+	RESERVED
 	- cacti <unfixed>
 CVE-2013-5588 [cacti XSS in /install/index.php and /cacti/host.php]
+	RESERVED
 	- cacti <unfixed>
-CVE-2013-5587 [request-tracker: XSS]
+CVE-2013-5587 (Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x ...)
 	- request-tracker3.8 <removed>
 	- request-tracker4 <unfixed> (low)
 	NOTE: looks like CVE-2013-5587 is not fully correct
@@ -12,11 +60,14 @@
 	NOTE: NVD mentions split from CVE-2013-3371, due to different affected versions?
 	TODO: check
 CVE-2013-5580 [denial of service (server crash)]
+	RESERVED
 	- ngircd <not-affected> (only affects 20, 20.1, and 20.2)
 	NOTE: http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000652.html
 CVE-2013-5576 [Joomla unauthorised uploads]
+	RESERVED
 	- joomla <itp> (bug #571794)
 CVE-2013-5575 [integer overflow]
+	RESERVED
 	NOTE: Non-issue, to be rejected
 CVE-2013-5568
 	RESERVED
@@ -2835,8 +2886,7 @@
 	RESERVED
 	- condor <unfixed>
 	TODO: check versions and report to BTS
-CVE-2013-4254
-	RESERVED
+CVE-2013-4254 (The validate_event function in arch/arm/kernel/perf_event.c in the ...)
 	- linux <unfixed>
 	- linux-2.6 <not-affected> (No perf support on arm)
 CVE-2013-4253
@@ -2855,10 +2905,10 @@
 	[squeeze] - python-django <not-affected> (1.2.x not affected)
 	NOTE: problem introduced with https://github.com/django/django/commit/ac2052ebc84c45709ab5f0f25e685bf656ce79bc
 CVE-2013-4248 (The openssl_x509_parse function in openssl.c in the OpenSSL module in ...)
+	{DSA-2742-1}
 	- php5 5.5.3+dfsg-1 (bug #719765)
 	NOTE: fix in 5.5.2 incomplete, see http://php.net/ChangeLog-5.php
-CVE-2013-4247 [linux: cifs: off-by-one bug in build_unc_path_to_root]
-	RESERVED
+CVE-2013-4247 (Off-by-one error in the build_unc_path_to_root function in ...)
 	- linux-2.6 <not-affected> (Introduced in 3.8)
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (Introduced in 3.8)
@@ -2962,21 +3012,16 @@
 	- restlet <itp> (bug #596472)
 	NOTE: http://blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.html
 	NOTE: https://github.com/o2platform/DefCon_RESTing
-CVE-2013-4220 [arm64: unhandled el0 traps]
-	RESERVED
+CVE-2013-4220 (The bad_mode function in arch/arm64/kernel/traps.c in the Linux kernel ...)
 	- linux-2.6 <not-affected> (ARM64 not supported)
 	- linux <not-affected> (ARM64 not yet supported)
-CVE-2013-4219
-	RESERVED
+CVE-2013-4219 (Multiple integer overflows in the Intel WiMAX Network Service through ...)
 	- wimax-tools <itp> (bug #627975)
-CVE-2013-4218
-	RESERVED
+CVE-2013-4218 (The InitMethodAndPassword function in ...)
 	- wimax-tools <itp> (bug #627975)
-CVE-2013-4217
-	RESERVED
+CVE-2013-4217 (The OSAL_Crypt_SetEncryptedPassword function in ...)
 	- wimax-tools <itp> (bug #627975)
-CVE-2013-4216
-	RESERVED
+CVE-2013-4216 (The Trace_OpenLogFile function in ...)
 	- wimax-tools <itp> (bug #627975)
 CVE-2013-4215 [IPXPING_COMMAND uses fixed location in /tmp]
 	RESERVED
@@ -3019,8 +3064,7 @@
 	[squeeze] - filezilla <no-dsa> (Minor issue)
 	[wheezy] - filezilla <no-dsa> (Minor issue)
 	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html
-CVE-2013-4205 [CLONE_NEWUSER local DoS]
-	RESERVED
+CVE-2013-4205 (Memory leak in the unshare_userns function in kernel/user_namespace.c ...)
 	- linux 3.10.7-1
 	[wheezy] - linux <not-affected> (Introduced in 3.8)
 	- linux-2.6 <not-affected> (Introduced in 3.8)
@@ -3119,8 +3163,7 @@
 	- xymon <unfixed> (bug #717895)
 	[wheezy] - xymon <no-dsa> (Not remotely exploitable in Debian default config)
 	[squeeze] - xymon <no-dsa> (Not remotely exploitable in Debian default config)
-CVE-2013-4172
-	RESERVED
+CVE-2013-4172 (The Red Hat CloudForms Management Engine 5.1 allow remote ...)
 	NOT-FOR-US: RedHat CloudForms Management Engine
 CVE-2013-4171
 	RESERVED
@@ -4825,14 +4868,14 @@
 	NOT-FOR-US: Cisco IOS XR
 CVE-2013-3463
 	RESERVED
-CVE-2013-3462
-	RESERVED
-CVE-2013-3461
-	RESERVED
-CVE-2013-3460
-	RESERVED
-CVE-2013-3459
-	RESERVED
+CVE-2013-3462 (Buffer overflow in Cisco Unified Communications Manager (Unified CM) ...)
+	TODO: check
+CVE-2013-3461 (Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) ...)
+	TODO: check
+CVE-2013-3460 (Memory leak in Cisco Unified Communications Manager (Unified CM) ...)
+	TODO: check
+CVE-2013-3459 (Cisco Unified Communications Manager (Unified CM) 7.1(x) before ...)
+	TODO: check
 CVE-2013-3458
 	RESERVED
 CVE-2013-3457 (Absolute path traversal vulnerability in the web interface in Cisco ...)
@@ -4969,14 +5012,14 @@
 	NOT-FOR-US: Cisco WebEx Social
 CVE-2013-3391
 	RESERVED
-CVE-2013-3390
-	RESERVED
-CVE-2013-3389
-	RESERVED
-CVE-2013-3388
-	RESERVED
-CVE-2013-3387
-	RESERVED
+CVE-2013-3390 (Memory leak in Cisco Prime Central for Hosted Collaboration Solution ...)
+	TODO: check
+CVE-2013-3389 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance ...)
+	TODO: check
+CVE-2013-3388 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance ...)
+	TODO: check
+CVE-2013-3387 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance ...)
+	TODO: check
 CVE-2013-3386 (The IronPort Spam Quarantine (ISQ) component in the web framework in ...)
 	NOT-FOR-US: Cisco
 CVE-2013-3385 (The management GUI in the web framework in IronPort AsyncOS on Cisco ...)
@@ -5001,38 +5044,31 @@
 	NOT-FOR-US: Cisco
 CVE-2013-3375 (Cross-site scripting (XSS) vulnerability in the portal page in Cisco ...)
 	NOT-FOR-US: Cisco
-CVE-2013-3374
-	RESERVED
+CVE-2013-3374 (Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 ...)
 	{DSA-2671-1 DSA-2670-1}
 	- request-tracker3.8 <removed>
 	- request-tracker4 4.0.12-2 (bug #709836)
-CVE-2013-3373
-	RESERVED
+CVE-2013-3373 (CRLF injection vulnerability in Request Tracker (RT) 3.8.x before ...)
 	{DSA-2671-1 DSA-2670-1}
 	- request-tracker3.8 <removed>
 	- request-tracker4 4.0.12-2 (bug #709836)
-CVE-2013-3372
-	RESERVED
+CVE-2013-3372 (Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 ...)
 	{DSA-2671-1 DSA-2670-1}
 	- request-tracker3.8 <removed>
 	- request-tracker4 4.0.12-2 (bug #709836)
-CVE-2013-3371
-	RESERVED
+CVE-2013-3371 (Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 ...)
 	{DSA-2671-1 DSA-2670-1}
 	- request-tracker3.8 <removed>
 	- request-tracker4 4.0.12-2 (bug #709836)
-CVE-2013-3370
-	RESERVED
+CVE-2013-3370 (Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does ...)
 	{DSA-2671-1 DSA-2670-1}
 	- request-tracker3.8 <removed>
 	- request-tracker4 4.0.12-2 (bug #709836)
-CVE-2013-3369
-	RESERVED
+CVE-2013-3369 (Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 ...)
 	{DSA-2671-1 DSA-2670-1}
 	- request-tracker3.8 <removed>
 	- request-tracker4 4.0.12-2 (bug #709836)
-CVE-2013-3368
-	RESERVED
+CVE-2013-3368 (bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before ...)
 	{DSA-2671-1 DSA-2670-1}
 	- request-tracker3.8 <removed>
 	- request-tracker4 4.0.12-2 (bug #709836)
@@ -7987,14 +8023,11 @@
 CVE-2013-2197
 	RESERVED
 	NOT-FOR-US: Login Security Drupal contributed module 
-CVE-2013-2196
-	RESERVED
+CVE-2013-2196 (Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen ...)
 	- xen <unfixed>
-CVE-2013-2195 [pointer dereferences]
-	RESERVED
+CVE-2013-2195 (The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest ...)
 	- xen <unfixed>
-CVE-2013-2194 [integer overflows]
-	RESERVED
+CVE-2013-2194 (Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and ...)
 	- xen <unfixed>
 CVE-2013-2193 [Apache HBase Man in the Middle Vulnerability]
 	RESERVED
@@ -9001,8 +9034,7 @@
 	- yum <unfixed> (unimportant)
 	NOTE: http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=c148eb10b798270b3d15087433c8efb2a79a69d0
 	NOTE: Only used for bootstraps of chroots, see README.Debian
-CVE-2013-1909
-	RESERVED
+CVE-2013-1909 (The Python client in Apache Qpid before 2.2 does not verify that the ...)
 	- qpid-python 0.22-1 (low; bug #714133)
 	[wheezy] - qpid-python <no-dsa> (Minor issue)
 CVE-2013-1908 (The Commons Wikis module before 7.x-3.1 for Drupal, as used in the ...)
@@ -9878,8 +9910,8 @@
 	- zendframework 1.11.13-1
 CVE-2013-1663
 	RESERVED
-CVE-2013-1662
-	RESERVED
+CVE-2013-1662 (vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x ...)
+	TODO: check
 CVE-2013-1661
 	RESERVED
 CVE-2013-1660
@@ -10523,14 +10555,12 @@
 	- xmonad-contrib 0.11.2-1 (low)
 	[squeeze] - xmonad-contrib <no-dsa> (Minor issue)
 	[wheezy] - xmonad-contrib <no-dsa> (Minor issue)
-CVE-2013-1435 [shell escaping issues]
-	RESERVED
+CVE-2013-1435 ((1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote ...)
 	{DSA-2739-1}
 	- cacti 0.8.8b+dfsg-1
 	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7392
 	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7393
-CVE-2013-1434 [SQL injection]
-	RESERVED
+CVE-2013-1434 (Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) ...)
 	{DSA-2739-1}
 	- cacti 0.8.8b+dfsg-1
 	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7394
@@ -18880,8 +18910,7 @@
 	{DSA-2567-1}
 	- request-tracker3.8 <removed>
 	- request-tracker4 4.0.7-2
-CVE-2012-4733
-	RESERVED
+CVE-2012-4733 (Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the ...)
 	{DSA-2671-1}
 	- request-tracker4 4.0.12-2 (bug #709836)
 CVE-2012-4732 (Cross-site request forgery (CSRF) vulnerability in Request Tracker ...)
@@ -32350,8 +32379,7 @@
 	[squeeze] - eglibc 2.11.3-4
 CVE-2011-4608 (mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
-CVE-2011-4607 [Passwords left in memory using SSH keyboard-interactive auth]
-	RESERVED
+CVE-2011-4607 (PuTTY 0.59 through 0.61 does not clear sensitive process memory when ...)
 	- putty 0.62-1 (unimportant)
 	[squeeze] - putty 0.60+2010-02-20-1+squeeze2
 	NOTE: DSA-2736-1

More information about the Secure-testing-commits mailing list