[Secure-testing-commits] r23481 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu Aug 29 21:14:25 UTC 2013 

Author: joeyh
Date: 2013-08-29 21:14:25 +0000 (Thu, 29 Aug 2013)
New Revision: 23481

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-08-29 21:10:18 UTC (rev 23480)
+++ data/CVE/list	2013-08-29 21:14:25 UTC (rev 23481)
@@ -1,3 +1,15 @@
+CVE-2013-5646 (Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git ...)
+	TODO: check
+CVE-2013-5645 (Multiple cross-site scripting (XSS) vulnerabilities in Roundcube ...)
+	TODO: check
+CVE-2013-5644
+	RESERVED
+CVE-2013-5643
+	RESERVED
+CVE-2013-5640
+	RESERVED
+CVE-2013-5639
+	RESERVED
 CVE-2013-XXXX [virBitmapParse out-of-bounds read access]
 	- libvirt 1.1.2~rc1-1
 	[squeeze] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
@@ -4,15 +16,16 @@
 	[wheezy] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
 	NOTE: introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=0fc89098a68f0f6962de8be4fc03ddd960ffbf08
 	NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=47b9127e883677a0d60d767030a147450e919a25
-CVE-2013-5648 [arbitrary file overwrite flaw]
-	RESERVED
+CVE-2013-5648 (Absolute path traversal vulnerability in the handleStartDataFile ...)
 	- libdigidoc <itp> (bug #658300)
-CVE-2013-5647 [Command Injection]
+CVE-2013-5647 (lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote ...)
 	NOT-FOR-US: Sounder Ruby Gem
 CVE-2013-5642
+	RESERVED
 	- asterisk <unfixed> (bug #721220)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2013-005.html
 CVE-2013-5641
+	RESERVED
 	- asterisk <unfixed> (bug #721220)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2013-004.html
 CVE-2013-5638
@@ -162,11 +175,9 @@
 	TODO: check
 CVE-2010-5289 (Buffer overflow in the Authenticate method in the ...)
 	TODO: check
-CVE-2013-5589 [cacti sql injection in /cacti/host.php]
-	RESERVED
+CVE-2013-5589 (SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and ...)
 	- cacti 0.8.8b+dfsg-3
-CVE-2013-5588 [cacti XSS in /install/index.php and /cacti/host.php]
-	RESERVED
+CVE-2013-5588 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b ...)
 	- cacti 0.8.8b+dfsg-3
 CVE-2013-5587 (Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x ...)
 	- request-tracker3.8 <removed>
@@ -905,8 +916,7 @@
 	RESERVED
 CVE-2013-5210
 	RESERVED
-CVE-2013-5209 [sctp kernel memory disclosure]
-	RESERVED
+CVE-2013-5209 (The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in ...)
 	{DSA-2743-1}
 	- kfreebsd-8 <unfixed> (bug #720476)
 	- kfreebsd-9 9.2~svn254368-2 (bug #720475)
@@ -1303,8 +1313,7 @@
 	NOT-FOR-US: miniBB
 CVE-2013-5019 (Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote ...)
 	NOT-FOR-US: Ultra Mini HTTPD
-CVE-2013-5018 [strongswan DoS via XAuth/EAP identities and PEM files]
-	RESERVED
+CVE-2013-5018 (The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not ...)
 	- strongswan <not-affected> (Only affects 5.0.4 from experimental)
 	NOTE: The PEM aspect is under control of the administrator, so not a security issue
 	NOTE: The XAuth / EAP Issue only affects 5.0.3/5.0.4
@@ -2950,12 +2959,12 @@
 	- lcms2 <not-affected> (Vulnerable code not present)
 CVE-2013-4275
 	RESERVED
-CVE-2013-4274
-	RESERVED
+CVE-2013-4274 (Cross-site scripting (XSS) vulnerability in the ...)
+	TODO: check
 CVE-2013-4273
 	RESERVED
-CVE-2013-4272
-	RESERVED
+CVE-2013-4272 (The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x ...)
+	TODO: check
 CVE-2013-4271
 	RESERVED
 CVE-2013-4270
@@ -3397,11 +3406,9 @@
 	REJECTED
 CVE-2013-4140 (Cross-site scripting (XSS) vulnerability in the TinyBox (Simple ...)
 	NOT-FOR-US: TinyBox Drupal contributed module
-CVE-2013-4139 [Denial of Service]
-	RESERVED
+CVE-2013-4139 (The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows ...)
 	NOT-FOR-US: Stage File Proxy Drupal contributed module
-CVE-2013-4138 [Cross Site Scripting]
-	RESERVED
+CVE-2013-4138 (Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x ...)
 	NOT-FOR-US: Hatch Drupal contributed module
 CVE-2013-4137 [SQL Injection]
 	RESERVED
@@ -3517,8 +3524,7 @@
 	[wheezy] - libjgroups-java <no-dsa> (Minor issue)
 	[squeeze] - libjgroups-java <no-dsa> (Minor issue)
 	NOTE: libjgroups-java/2.12.2.Final-4 disables diagnostic probing by default
-CVE-2013-4111
-	RESERVED
+CVE-2013-4111 (The Python client library for Glance (python-glanceclient) before ...)
 	- python-glanceclient 1:0.9.0-2 (bug #718282)
 CVE-2013-4110
 	RESERVED
@@ -3791,8 +3797,8 @@
 	TODO: check
 CVE-2013-4004 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
 	TODO: check
-CVE-2013-4003
-	RESERVED
+CVE-2013-4003 (Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA ...)
+	TODO: check
 CVE-2013-4002 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
 	NOT-FOR-US: IBM JDK
 CVE-2013-4001
@@ -4932,8 +4938,7 @@
 	NOT-FOR-US: Juniper
 CVE-2013-3496 (Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator ...)
 	NOT-FOR-US: Infotecs ViPNet Client
-CVE-2013-3495 [Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts]
-	RESERVED
+CVE-2013-3495 (The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x ...)
 	- xen <unfixed> (unimportant)
 	NOTE: Hardware design flaw, no software solution
 CVE-2013-3494
@@ -4980,20 +4985,20 @@
 	RESERVED
 CVE-2013-3473
 	RESERVED
-CVE-2013-3472
-	RESERVED
-CVE-2013-3471
-	RESERVED
+CVE-2013-3472 (Cross-site request forgery (CSRF) vulnerability in the Enterprise ...)
+	TODO: check
+CVE-2013-3471 (The captive portal application in Cisco Identity Services Engine (ISE) ...)
+	TODO: check
 CVE-2013-3470
 	RESERVED
 CVE-2013-3469
 	RESERVED
-CVE-2013-3468
-	RESERVED
+CVE-2013-3468 (The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote ...)
+	TODO: check
 CVE-2013-3467
 	RESERVED
-CVE-2013-3466
-	RESERVED
+CVE-2013-3466 (The EAP-FAST authentication module in Cisco Secure Access Control ...)
+	TODO: check
 CVE-2013-3465
 	RESERVED
 CVE-2013-3464 (Cisco IOS XR allows local users to cause a denial of service (Silicon ...)
@@ -8000,8 +8005,7 @@
 	[squeeze] - apache2 <not-affected> (mod_session_dbd available apache 2.3 and later only)
 CVE-2013-2248 (Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through ...)
 	- libstruts1.2-java <not-affected> (Only affect 2.x)
-CVE-2013-2247 [Access bypass]
-	RESERVED
+CVE-2013-2247 (The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and ...)
 	NOT-FOR-US: Fast Permissions Administration Drupal contributed module
 CVE-2013-2246 (mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, ...)
 	- moodle 2.5.1-1 (low)
@@ -8131,12 +8135,10 @@
 CVE-2013-2213 [KRandom::random() Small Space of Random Values]
 	RESERVED
 	- kdeplasma-addons <not-affected> (only affects if incomplete patch for CVE-2013-2120 is applied)
-CVE-2013-2212 [Excessive time to disable caching with HVM guests with PCI passthrough]
-	RESERVED
+CVE-2013-2212 (The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling ...)
 	- xen <unfixed>
 	NOTE: http://xenbits.xen.org/xsa/advisory-60.html
-CVE-2013-2211 [libxl allows guest write access to sensitive console related xenstore keys]
-	RESERVED
+CVE-2013-2211 (The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and ...)
 	- xen <unfixed>
 CVE-2013-2210 (Heap-based buffer overflow in the XML Signature Reference ...)
 	{DSA-2717-1}
@@ -8182,8 +8184,7 @@
 CVE-2013-2198
 	RESERVED
 	NOT-FOR-US: Login Security Drupal contributed module
-CVE-2013-2197
-	RESERVED
+CVE-2013-2197 (The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before ...)
 	NOT-FOR-US: Login Security Drupal contributed module 
 CVE-2013-2196 (Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen ...)
 	- xen <unfixed>
@@ -8246,14 +8247,12 @@
 	[squeeze] - xdm <not-affected> (same as above and glibc too old)
 	[wheezy] - xdm <not-affected> (same as above and glibc too old)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/06/11/5
-CVE-2013-2178 [fail2ban remote denial of service]
-	RESERVED
+CVE-2013-2178 (The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and ...)
 	{DSA-2708-1}
 	- fail2ban 0.8.10-1
 CVE-2013-2177 (Cross-site scripting (XSS) vulnerability in the Display Suite module ...)
 	NOT-FOR-US: third party drupal module (Display Suite)
-CVE-2013-2176
-	RESERVED
+CVE-2013-2176 (Unquoted Windows search path vulnerability in the Red Hat Enterprise ...)
 	NOT-FOR-US: Red Hat Enterprise Virtualization Apt service
 CVE-2013-2175 (HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to ...)
 	{DSA-2711-1}
@@ -8438,8 +8437,7 @@
 	- libguestfs 1:1.20.8-1 (bug #710290)
 	[wheezy] - libguestfs <not-affected> (Vulnerable code not present)
 	NOTE: Introduced with commit https://github.com/libguestfs/libguestfs/commit/5a3da366268825b26b470cde35658b67c1d11cd4
-CVE-2013-2123
-	RESERVED
+CVE-2013-2123 (The Node access user reference module 6.x-3.x before 6.x-3.5 and ...)
 	NOT-FOR-US: Node access user reference Drupal contributed module
 CVE-2013-2122 (The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not ...)
 	NOT-FOR-US: Edit Limit Drupal contributed module
@@ -8612,12 +8610,10 @@
 CVE-2013-2078 (Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users ...)
 	- xen 4.2.2-1
 	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00000.html
-CVE-2013-2077 [xen: Hypervisor crash due to missing exception recovery on XRSTOR]
-	RESERVED
+CVE-2013-2077 (Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of ...)
 	- xen 4.2.2-1
 	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00001.html
-CVE-2013-2076 [xen: Information leak on XSAVE/XRSTOR capable AMD CPUs]
-	RESERVED
+CVE-2013-2076 (Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only ...)
 	- xen 4.2.2-1
 	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
 CVE-2013-2075
@@ -8634,8 +8630,7 @@
 	- transifex-client 0.9-1 (low)
 	[wheezy] - transifex-client <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/oss-sec/2013/q2/394
-CVE-2013-2072
-	RESERVED
+CVE-2013-2072 (Buffer overflow in the Python bindings for the xc_vcpu_setaffinity ...)
 	- xen 4.2.2-1 (low)
 	[squeeze] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
 	[wheezy] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
@@ -8758,8 +8753,7 @@
 	NOTE: http://openwall.com/lists/oss-security/2013/05/01/5
 CVE-2013-2036 (Cross-site scripting (XSS) vulnerability in the Filebrowser module ...)
 	NOT-FOR-US: Drupal module Filebrowser
-CVE-2013-2035
-	RESERVED
+CVE-2013-2035 (hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java ...)
 	- hawtjni <unfixed> (low; bug #708293)
 	[wheezy] - hawtjni <unfixed> (low; bug #708293)
 CVE-2013-2034 [jenkins CSRF]
@@ -9786,7 +9780,7 @@
 CVE-2013-1718
 	RESERVED
 CVE-2013-1717 (Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, ...)
-	{DSA-2735-1}
+	{DSA-2746-1 DSA-2735-1}
 	- iceweasel 17.0.8esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove 17.0.8-1
@@ -9798,7 +9792,7 @@
 CVE-2013-1715 (Multiple untrusted search path vulnerabilities in the (1) full ...)
 	- iceweasel <not-affected> (Windows-specific)
 CVE-2013-1714 (The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ...)
-	{DSA-2735-1}
+	{DSA-2746-1 DSA-2735-1}
 	- iceweasel 17.0.8esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove 17.0.8-1
@@ -9806,7 +9800,7 @@
 	- iceape <unfixed>
 	[squeeze] - iceape <end-of-life>
 CVE-2013-1713 (Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, ...)
-	{DSA-2735-1}
+	{DSA-2746-1 DSA-2735-1}
 	- iceweasel 17.0.8esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove 17.0.8-1
@@ -9821,7 +9815,7 @@
 	- iceweasel <not-affected> (Only affects Firefox > 17)
 	- iceape <not-affected> (Only affects Firefox > 17)
 CVE-2013-1710 (The crypto.generateCRMFRequest function in Mozilla Firefox before ...)
-	{DSA-2735-1}
+	{DSA-2746-1 DSA-2735-1}
 	- iceweasel 17.0.8esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove 17.0.8-1
@@ -9829,7 +9823,7 @@
 	- iceape <unfixed>
 	[squeeze] - iceape <end-of-life>
 CVE-2013-1709 (Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, ...)
-	{DSA-2735-1}
+	{DSA-2746-1 DSA-2735-1}
 	- iceweasel 17.0.8esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove 17.0.8-1
@@ -9860,7 +9854,7 @@
 	- icedove <not-affected> (Only affects Firefox > 17)
 	- iceape <not-affected> (Only affects Firefox > 17)
 CVE-2013-1701 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	{DSA-2735-1}
+	{DSA-2746-1 DSA-2735-1}
 	- iceweasel 17.0.8esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove 17.0.8-1
@@ -10742,8 +10736,7 @@
 	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7394
 CVE-2013-1433
 	RESERVED
-CVE-2013-1432 [Page reference counting error]
-	RESERVED
+CVE-2013-1432 (Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not ...)
 	- xen <unfixed>
 	NOTE: All Xen versions having the XSA-45/CVE-2013-1918 fixes applied are vulnerable
 CVE-2013-1431

More information about the Secure-testing-commits mailing list