[Secure-testing-commits] r23486 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Fri Aug 30 06:47:49 UTC 2013
Author: carnil
Date: 2013-08-30 06:47:49 +0000 (Fri, 30 Aug 2013)
New Revision: 23486
Modified:
data/CVE/list
Log:
CVE assigned for libvirt issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-08-30 06:42:49 UTC (rev 23485)
+++ data/CVE/list 2013-08-30 06:47:49 UTC (rev 23486)
@@ -1,3 +1,9 @@
+CVE-2013-5651 [virBitmapParse out-of-bounds read access]
+ - libvirt 1.1.2~rc1-1
+ [squeeze] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
+ [wheezy] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
+ NOTE: introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=0fc89098a68f0f6962de8be4fc03ddd960ffbf08
+ NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=47b9127e883677a0d60d767030a147450e919a25
CVE-2013-5646 (Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git ...)
TODO: check
CVE-2013-5645 (Multiple cross-site scripting (XSS) vulnerabilities in Roundcube ...)
@@ -10,12 +16,6 @@
RESERVED
CVE-2013-5639
RESERVED
-CVE-2013-XXXX [virBitmapParse out-of-bounds read access]
- - libvirt 1.1.2~rc1-1
- [squeeze] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
- [wheezy] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
- NOTE: introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=0fc89098a68f0f6962de8be4fc03ddd960ffbf08
- NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=47b9127e883677a0d60d767030a147450e919a25
CVE-2013-5648 (Absolute path traversal vulnerability in the handleStartDataFile ...)
- libdigidoc <itp> (bug #658300)
CVE-2013-5647 (lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote ...)
More information about the Secure-testing-commits
mailing list