[Secure-testing-commits] r24656 - data/CVE

Joey Hess joeyh at moszumanska.debian.org
Mon Dec 9 21:14:11 UTC 2013 

Author: joeyh
Date: 2013-12-09 21:14:11 +0000 (Mon, 09 Dec 2013)
New Revision: 24656

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-12-09 20:52:42 UTC (rev 24655)
+++ data/CVE/list	2013-12-09 21:14:11 UTC (rev 24656)
@@ -1,3 +1,19 @@
+CVE-2013-7025 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2013-7007
+	RESERVED
+CVE-2013-7006
+	RESERVED
+CVE-2013-7005
+	RESERVED
+CVE-2013-7004
+	RESERVED
+CVE-2013-7003
+	RESERVED
+CVE-2012-6614
+	RESERVED
+CVE-2012-6613
+	RESERVED
 CVE-2013-XXXX [password hashes aren't compared case-sensitively]
 	- pam <unfixed> (bug #731368)
 CVE-2013-XXXX [out-of-bounds read in MHD_http_unescape()]
@@ -86,98 +102,99 @@
 	RESERVED
 CVE-2014-0326
 	RESERVED
-CVE-2013-7024
+CVE-2013-7024 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/fe448cd28d674c3eff3072552eae366d0b659ce9
 	NOTE: https://trac.ffmpeg.org/ticket/2921
 	NOTE: Only present in libav trunk
-CVE-2013-7023
+CVE-2013-7023 (The ff_combine_frame function in libavcodec/parser.c in FFmpeg before ...)
 	- ffmpeg <removed>
 	- libav <unfixed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/f31011e9abfb2ae75bb32bc44e2c34194c8dc40a
 	NOTE: https://trac.ffmpeg.org/ticket/2982
-CVE-2013-7022
+CVE-2013-7022 (The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e07ac727c1cc9eed39e7f9117c97006f719864bd
 	NOTE: https://trac.ffmpeg.org/ticket/2971
 	NOTE: Only present in libav trunk
-CVE-2013-7021
+CVE-2013-7021 (The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <unfixed>
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/cdd5df8189ff1537f7abe8defe971f80602cc2d2
 	NOTE: https://trac.ffmpeg.org/ticket/2905
-CVE-2013-7020
+CVE-2013-7020 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...)
 	- ffmpeg <removed>
 	- libav <unfixed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f
-CVE-2013-7019
+CVE-2013-7019 (The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/a1b9004b768bef606ee98d417bceb9392ceb788d
 	NOTE: https://trac.ffmpeg.org/ticket/2898
 	NOTE: Only present in libav trunk
-CVE-2013-7018
+CVE-2013-7018 (libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9a271a9368eaabf99e6c2046103acb33957e63b7
 	NOTE: https://trac.ffmpeg.org/ticket/2895
 	NOTE: Only present in libav trunk
-CVE-2013-7017
+CVE-2013-7017 (libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/912ce9dd2080c5837285a471d750fa311e09b555
 	NOTE: Only present in libav trunk
-CVE-2013-7016
+CVE-2013-7016 (The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f
 	NOTE: https://trac.ffmpeg.org/ticket/2848
 	NOTE: Only present in libav trunk
-CVE-2013-7015
+CVE-2013-7015 (The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg ...)
 	- ffmpeg <removed>
 	- libav <unfixed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446
 	NOTE: https://trac.ffmpeg.org/ticket/2844
-CVE-2013-7014
+CVE-2013-7014 (Integer signedness error in the add_bytes_l2_c function in ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <unfixed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07
 	NOTE: https://trac.ffmpeg.org/ticket/2919
-CVE-2013-7013
+CVE-2013-7013 (The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/821a5938d100458f4d09d634041b05c860554ce0
 	NOTE: https://trac.ffmpeg.org/ticket/2922
 	NOTE: Only present in libav trunk
-CVE-2013-7012
+CVE-2013-7012 (The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a
 	NOTE: https://trac.ffmpeg.org/ticket/3080
 	NOTE: Only present in libav trunk
-CVE-2013-7011
+CVE-2013-7011 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...)
 	- ffmpeg <removed>
 	- libav <unfixed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445
 	NOTE: https://trac.ffmpeg.org/ticket/2906
-CVE-2013-7010
+CVE-2013-7010 (Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg ...)
 	- ffmpeg <removed>
 	- libav <unfixed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760
-CVE-2013-7009
+CVE-2013-7009 (The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before ...)
 	- ffmpeg <removed>
 	- libav <unfixed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34
 	NOTE: https://trac.ffmpeg.org/ticket/2850
-CVE-2013-7008
+CVE-2013-7008 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <unfixed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f
 	NOTE: https://trac.ffmpeg.org/ticket/2927
 CVE-2013-7002
+	RESERVED
 	NOT-FOR-US: LiveZilla
 CVE-2013-7001 (The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway ...)
 	NOT-FOR-US: NowSMS
@@ -2183,8 +2200,7 @@
 	RESERVED
 	- linux-2.6 <removed> (low)
 	- linux <unfixed> (low)
-CVE-2013-6404 [manipulated clients can access backlog of all users on a shared core]
-	RESERVED
+CVE-2013-6404 (Quassel core (server daemon) in Quassel IRC before 0.9.2 does not ...)
 	- quassel 0.9.2-1 (low)
 	[wheezy] - quassel <no-dsa> (Minor issue)
 	[squeeze] - quassel <no-dsa> (Minor issue)
@@ -2315,6 +2331,7 @@
 	RESERVED
 CVE-2013-6359 [node DoS on bad plugin]
 	RESERVED
+	{DSA-2815-1}
 	- munin 2.0.18-1
 	NOTE: http://munin-monitoring.org/ticket/1397
 CVE-2013-6358
@@ -2739,8 +2756,7 @@
 	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
 	NOTE: http://roundcube.net/news/2013/10/21/security-updates-095-and-087/
 	NOTE: http://trac.roundcube.net/ticket/1489382
-CVE-2013-6171
-	RESERVED
+CVE-2013-6171 (checkpassword-reply in Dovecot before 2.2.7 performs setuid operations ...)
 	- dovecot <unfixed> (low; bug #729063)
 CVE-2013-6170 (Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before ...)
 	NOT-FOR-US: Juniper Junos
@@ -3016,6 +3032,7 @@
 	[wheezy] - apt-listbugs <no-dsa> (Minor issue)
 CVE-2013-6048 [OOM in HTML generation on bad multigraph data]
 	RESERVED
+	{DSA-2815-1}
 	- munin 2.0.18-1
 CVE-2013-6047 [XSS in site creation interface]
 	RESERVED
@@ -6728,6 +6745,7 @@
 CVE-2013-4485 (389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before ...)
 	- 389-ds-base <unfixed> (bug #730115)
 CVE-2013-4484 (Varnish before 3.0.5 allows remote attackers to cause a denial of ...)
+	{DSA-2814-1}
 	- varnish 3.0.5-1 (medium; bug #728989)
 	NOTE: https://www.varnish-cache.org/trac/ticket/1367
 CVE-2013-4483 (The ipc_rcu_putref function in ipc/util.c in the Linux kernel before ...)
@@ -6999,13 +7017,12 @@
 	{DSA-2774-1 DSA-2773-1}
 	- gnupg2 2.0.22-1 (bug #725433)
 	- gnupg 1.4.15-1 (bug #725439)
-CVE-2013-4401 (The virConnectDomainXMLToNative API function in libvirt 1.1.0 checks ...)
+CVE-2013-4401 (The virConnectDomainXMLToNative API function in libvirt 1.1.0 through ...)
 	- libvirt 1.1.4-1 (bug #727101)
 	[squeeze] - libvirt <not-affected> (Introduced in 1.1.0, REMOTE_PROC_CONNECT_DOMAIN_XML_TO|FROM_NATIVE not yet present)
 	[wheezy] - libvirt <not-affected> (Introduced in 1.1.0, REMOTE_PROC_CONNECT_DOMAIN_XML_TO|FROM_NATIVE not yet present)
 	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c
-CVE-2013-4400 [virt-login-shell arbitrary file overwrites vulnerability]
-	RESERVED
+CVE-2013-4400 (virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to ...)
 	- libvirt 1.1.4-1 (bug #727101)
 	[squeeze] - libvirt <not-affected> (Introduced in 1.1.2, virt-login-shell not yet present)
 	[wheezy] - libvirt <not-affected> (Introduced in 1.1.2, virt-login-shell not yet present)
@@ -7089,8 +7106,7 @@
 	[squeeze] - qemu <not-affected> (Introduced in 1.4)
 	- qemu-kvm <not-affected> (Introduced in 1.4)
 	NOTE: patches: http://thread.gmane.org/gmane.comp.emulators.qemu/234440
-CVE-2013-4376 [arbitrary code as the x2go user]
-	RESERVED
+CVE-2013-4376 (The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server ...)
 	- x2goserver <itp> (bug #465821)
 CVE-2013-4375 [qemu disk backend (qdisk) resource leak]
 	RESERVED
@@ -13494,6 +13510,7 @@
 	- linux-2.6 <not-affected> (Introduced in 2.6.36)
 CVE-2013-1978 [XWD plugin color map heap-based buffer overflow]
 	RESERVED
+	{DSA-2813-1}
 	- gimp <unfixed> (bug #731305)
 CVE-2013-1977 (OpenStack devstack uses world-readable permissions for keystone.conf, ...)
 	- keystone <not-affected> (permissions to /etc/keystone/keystone.conf restricted in postinst)
@@ -13570,8 +13587,7 @@
 CVE-2013-1954 (The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player ...)
 	- vlc 2.0.6-1 (bug #705136)
 	NOTE: http://www.videolan.org/security/sa1302.html
-CVE-2013-1953 [stack-based buffer overflow in bmp parser]
-	RESERVED
+CVE-2013-1953 (Integer underflow in the input_bmp_reader function in input-bmp.c in ...)
 	- autotrace <unfixed> (low)
 	[wheezy] - autotrace <no-dsa> (Minor issue)
 	[squeeze] - autotrace <no-dsa> (Minor issue)
@@ -13718,6 +13734,7 @@
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 CVE-2013-1913 [xwd plugin g_new() integer overflow]
 	RESERVED
+	{DSA-2813-1}
 	- gimp <unfixed> (bug #731305)
 CVE-2013-1912 (Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through ...)
 	{DSA-2711-1}
@@ -15632,8 +15649,8 @@
 	RESERVED
 CVE-2013-1350
 	RESERVED
-CVE-2013-1349
-	RESERVED
+CVE-2013-1349 (Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 ...)
+	TODO: check
 CVE-2013-1348
 	RESERVED
 CVE-2013-1347 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
@@ -37943,8 +37960,7 @@
 	- ffmpeg <not-affected> (Was introduced in 0.6)
 	- ffmpeg-debian <not-affected> (Was introduced in 0.6)
 	NOTE: http://article.gmane.org/gmane.comp.video.libav.devel/15182
-CVE-2011-4351 [QDM2 buffer overflow]
-	RESERVED
+CVE-2011-4351 (Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x ...)
 	{DSA-2378-1}
 	- libav 4:0.7.3-1
 	- ffmpeg <removed>
@@ -39363,29 +39379,29 @@
 	{DSA-2494-1}
 	- libav 4:0.8.1-1
 	- ffmpeg <removed>
-CVE-2011-3950
-	RESERVED
-CVE-2011-3949
-	RESERVED
+CVE-2011-3950 (The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg ...)
+	TODO: check
+CVE-2011-3949 (The dirac_unpack_idwt_params function in libavcodec/diracdec.c in ...)
+	TODO: check
 CVE-2011-3948
 	RESERVED
 CVE-2011-3947 (Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before ...)
 	{DSA-2471-1}
 	- libav 4:0.8.1-1
 	- ffmpeg <removed>
-CVE-2011-3946
-	RESERVED
+CVE-2011-3946 (The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg ...)
+	TODO: check
 CVE-2011-3945 (The decode_frame function in the KVG1 decoder (kgv1dec.c) in ...)
 	- libav 4:0.8.1-1
 	- ffmpeg <not-affected> (Vulnerable code not present)
-CVE-2011-3944
-	RESERVED
+CVE-2011-3944 (The smacker_decode_header_tree function in libavcodec/smacker.c in ...)
+	TODO: check
 CVE-2011-3943
 	RESERVED
 CVE-2011-3942
 	RESERVED
-CVE-2011-3941
-	RESERVED
+CVE-2011-3941 (The decode_mb function in libavcodec/error_resilience.c in FFmpeg ...)
+	TODO: check
 CVE-2011-3940 (nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before ...)
 	{DSA-2471-1}
 	- libav 4:0.8.1-1
@@ -39401,10 +39417,10 @@
 	{DSA-2471-1}
 	- libav 4:0.8.1-1
 	- ffmpeg <removed>
-CVE-2011-3935
-	RESERVED
-CVE-2011-3934
-	RESERVED
+CVE-2011-3935 (The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows ...)
+	TODO: check
+CVE-2011-3934 (Double free vulnerability in the vp3_update_thread_context function in ...)
+	TODO: check
 CVE-2011-3933
 	RESERVED
 CVE-2011-3932

More information about the Secure-testing-commits mailing list