[Secure-testing-commits] r24656 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Mon Dec 9 21:14:11 UTC 2013
Author: joeyh
Date: 2013-12-09 21:14:11 +0000 (Mon, 09 Dec 2013)
New Revision: 24656
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-12-09 20:52:42 UTC (rev 24655)
+++ data/CVE/list 2013-12-09 21:14:11 UTC (rev 24656)
@@ -1,3 +1,19 @@
+CVE-2013-7025 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2013-7007
+ RESERVED
+CVE-2013-7006
+ RESERVED
+CVE-2013-7005
+ RESERVED
+CVE-2013-7004
+ RESERVED
+CVE-2013-7003
+ RESERVED
+CVE-2012-6614
+ RESERVED
+CVE-2012-6613
+ RESERVED
CVE-2013-XXXX [password hashes aren't compared case-sensitively]
- pam <unfixed> (bug #731368)
CVE-2013-XXXX [out-of-bounds read in MHD_http_unescape()]
@@ -86,98 +102,99 @@
RESERVED
CVE-2014-0326
RESERVED
-CVE-2013-7024
+CVE-2013-7024 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/fe448cd28d674c3eff3072552eae366d0b659ce9
NOTE: https://trac.ffmpeg.org/ticket/2921
NOTE: Only present in libav trunk
-CVE-2013-7023
+CVE-2013-7023 (The ff_combine_frame function in libavcodec/parser.c in FFmpeg before ...)
- ffmpeg <removed>
- libav <unfixed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/f31011e9abfb2ae75bb32bc44e2c34194c8dc40a
NOTE: https://trac.ffmpeg.org/ticket/2982
-CVE-2013-7022
+CVE-2013-7022 (The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/e07ac727c1cc9eed39e7f9117c97006f719864bd
NOTE: https://trac.ffmpeg.org/ticket/2971
NOTE: Only present in libav trunk
-CVE-2013-7021
+CVE-2013-7021 (The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <unfixed>
[wheezy] - libav <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/cdd5df8189ff1537f7abe8defe971f80602cc2d2
NOTE: https://trac.ffmpeg.org/ticket/2905
-CVE-2013-7020
+CVE-2013-7020 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...)
- ffmpeg <removed>
- libav <unfixed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f
-CVE-2013-7019
+CVE-2013-7019 (The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/a1b9004b768bef606ee98d417bceb9392ceb788d
NOTE: https://trac.ffmpeg.org/ticket/2898
NOTE: Only present in libav trunk
-CVE-2013-7018
+CVE-2013-7018 (libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/9a271a9368eaabf99e6c2046103acb33957e63b7
NOTE: https://trac.ffmpeg.org/ticket/2895
NOTE: Only present in libav trunk
-CVE-2013-7017
+CVE-2013-7017 (libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/912ce9dd2080c5837285a471d750fa311e09b555
NOTE: Only present in libav trunk
-CVE-2013-7016
+CVE-2013-7016 (The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f
NOTE: https://trac.ffmpeg.org/ticket/2848
NOTE: Only present in libav trunk
-CVE-2013-7015
+CVE-2013-7015 (The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg ...)
- ffmpeg <removed>
- libav <unfixed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446
NOTE: https://trac.ffmpeg.org/ticket/2844
-CVE-2013-7014
+CVE-2013-7014 (Integer signedness error in the add_bytes_l2_c function in ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <unfixed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07
NOTE: https://trac.ffmpeg.org/ticket/2919
-CVE-2013-7013
+CVE-2013-7013 (The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/821a5938d100458f4d09d634041b05c860554ce0
NOTE: https://trac.ffmpeg.org/ticket/2922
NOTE: Only present in libav trunk
-CVE-2013-7012
+CVE-2013-7012 (The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a
NOTE: https://trac.ffmpeg.org/ticket/3080
NOTE: Only present in libav trunk
-CVE-2013-7011
+CVE-2013-7011 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...)
- ffmpeg <removed>
- libav <unfixed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445
NOTE: https://trac.ffmpeg.org/ticket/2906
-CVE-2013-7010
+CVE-2013-7010 (Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg ...)
- ffmpeg <removed>
- libav <unfixed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760
-CVE-2013-7009
+CVE-2013-7009 (The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before ...)
- ffmpeg <removed>
- libav <unfixed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34
NOTE: https://trac.ffmpeg.org/ticket/2850
-CVE-2013-7008
+CVE-2013-7008 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <unfixed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f
NOTE: https://trac.ffmpeg.org/ticket/2927
CVE-2013-7002
+ RESERVED
NOT-FOR-US: LiveZilla
CVE-2013-7001 (The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway ...)
NOT-FOR-US: NowSMS
@@ -2183,8 +2200,7 @@
RESERVED
- linux-2.6 <removed> (low)
- linux <unfixed> (low)
-CVE-2013-6404 [manipulated clients can access backlog of all users on a shared core]
- RESERVED
+CVE-2013-6404 (Quassel core (server daemon) in Quassel IRC before 0.9.2 does not ...)
- quassel 0.9.2-1 (low)
[wheezy] - quassel <no-dsa> (Minor issue)
[squeeze] - quassel <no-dsa> (Minor issue)
@@ -2315,6 +2331,7 @@
RESERVED
CVE-2013-6359 [node DoS on bad plugin]
RESERVED
+ {DSA-2815-1}
- munin 2.0.18-1
NOTE: http://munin-monitoring.org/ticket/1397
CVE-2013-6358
@@ -2739,8 +2756,7 @@
[squeeze] - roundcube <not-affected> (Vulnerable code not present)
NOTE: http://roundcube.net/news/2013/10/21/security-updates-095-and-087/
NOTE: http://trac.roundcube.net/ticket/1489382
-CVE-2013-6171
- RESERVED
+CVE-2013-6171 (checkpassword-reply in Dovecot before 2.2.7 performs setuid operations ...)
- dovecot <unfixed> (low; bug #729063)
CVE-2013-6170 (Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before ...)
NOT-FOR-US: Juniper Junos
@@ -3016,6 +3032,7 @@
[wheezy] - apt-listbugs <no-dsa> (Minor issue)
CVE-2013-6048 [OOM in HTML generation on bad multigraph data]
RESERVED
+ {DSA-2815-1}
- munin 2.0.18-1
CVE-2013-6047 [XSS in site creation interface]
RESERVED
@@ -6728,6 +6745,7 @@
CVE-2013-4485 (389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before ...)
- 389-ds-base <unfixed> (bug #730115)
CVE-2013-4484 (Varnish before 3.0.5 allows remote attackers to cause a denial of ...)
+ {DSA-2814-1}
- varnish 3.0.5-1 (medium; bug #728989)
NOTE: https://www.varnish-cache.org/trac/ticket/1367
CVE-2013-4483 (The ipc_rcu_putref function in ipc/util.c in the Linux kernel before ...)
@@ -6999,13 +7017,12 @@
{DSA-2774-1 DSA-2773-1}
- gnupg2 2.0.22-1 (bug #725433)
- gnupg 1.4.15-1 (bug #725439)
-CVE-2013-4401 (The virConnectDomainXMLToNative API function in libvirt 1.1.0 checks ...)
+CVE-2013-4401 (The virConnectDomainXMLToNative API function in libvirt 1.1.0 through ...)
- libvirt 1.1.4-1 (bug #727101)
[squeeze] - libvirt <not-affected> (Introduced in 1.1.0, REMOTE_PROC_CONNECT_DOMAIN_XML_TO|FROM_NATIVE not yet present)
[wheezy] - libvirt <not-affected> (Introduced in 1.1.0, REMOTE_PROC_CONNECT_DOMAIN_XML_TO|FROM_NATIVE not yet present)
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c
-CVE-2013-4400 [virt-login-shell arbitrary file overwrites vulnerability]
- RESERVED
+CVE-2013-4400 (virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to ...)
- libvirt 1.1.4-1 (bug #727101)
[squeeze] - libvirt <not-affected> (Introduced in 1.1.2, virt-login-shell not yet present)
[wheezy] - libvirt <not-affected> (Introduced in 1.1.2, virt-login-shell not yet present)
@@ -7089,8 +7106,7 @@
[squeeze] - qemu <not-affected> (Introduced in 1.4)
- qemu-kvm <not-affected> (Introduced in 1.4)
NOTE: patches: http://thread.gmane.org/gmane.comp.emulators.qemu/234440
-CVE-2013-4376 [arbitrary code as the x2go user]
- RESERVED
+CVE-2013-4376 (The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server ...)
- x2goserver <itp> (bug #465821)
CVE-2013-4375 [qemu disk backend (qdisk) resource leak]
RESERVED
@@ -13494,6 +13510,7 @@
- linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2013-1978 [XWD plugin color map heap-based buffer overflow]
RESERVED
+ {DSA-2813-1}
- gimp <unfixed> (bug #731305)
CVE-2013-1977 (OpenStack devstack uses world-readable permissions for keystone.conf, ...)
- keystone <not-affected> (permissions to /etc/keystone/keystone.conf restricted in postinst)
@@ -13570,8 +13587,7 @@
CVE-2013-1954 (The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player ...)
- vlc 2.0.6-1 (bug #705136)
NOTE: http://www.videolan.org/security/sa1302.html
-CVE-2013-1953 [stack-based buffer overflow in bmp parser]
- RESERVED
+CVE-2013-1953 (Integer underflow in the input_bmp_reader function in input-bmp.c in ...)
- autotrace <unfixed> (low)
[wheezy] - autotrace <no-dsa> (Minor issue)
[squeeze] - autotrace <no-dsa> (Minor issue)
@@ -13718,6 +13734,7 @@
[squeeze] - eglibc <no-dsa> (Minor issue)
CVE-2013-1913 [xwd plugin g_new() integer overflow]
RESERVED
+ {DSA-2813-1}
- gimp <unfixed> (bug #731305)
CVE-2013-1912 (Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through ...)
{DSA-2711-1}
@@ -15632,8 +15649,8 @@
RESERVED
CVE-2013-1350
RESERVED
-CVE-2013-1349
- RESERVED
+CVE-2013-1349 (Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 ...)
+ TODO: check
CVE-2013-1348
RESERVED
CVE-2013-1347 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
@@ -37943,8 +37960,7 @@
- ffmpeg <not-affected> (Was introduced in 0.6)
- ffmpeg-debian <not-affected> (Was introduced in 0.6)
NOTE: http://article.gmane.org/gmane.comp.video.libav.devel/15182
-CVE-2011-4351 [QDM2 buffer overflow]
- RESERVED
+CVE-2011-4351 (Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x ...)
{DSA-2378-1}
- libav 4:0.7.3-1
- ffmpeg <removed>
@@ -39363,29 +39379,29 @@
{DSA-2494-1}
- libav 4:0.8.1-1
- ffmpeg <removed>
-CVE-2011-3950
- RESERVED
-CVE-2011-3949
- RESERVED
+CVE-2011-3950 (The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg ...)
+ TODO: check
+CVE-2011-3949 (The dirac_unpack_idwt_params function in libavcodec/diracdec.c in ...)
+ TODO: check
CVE-2011-3948
RESERVED
CVE-2011-3947 (Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before ...)
{DSA-2471-1}
- libav 4:0.8.1-1
- ffmpeg <removed>
-CVE-2011-3946
- RESERVED
+CVE-2011-3946 (The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg ...)
+ TODO: check
CVE-2011-3945 (The decode_frame function in the KVG1 decoder (kgv1dec.c) in ...)
- libav 4:0.8.1-1
- ffmpeg <not-affected> (Vulnerable code not present)
-CVE-2011-3944
- RESERVED
+CVE-2011-3944 (The smacker_decode_header_tree function in libavcodec/smacker.c in ...)
+ TODO: check
CVE-2011-3943
RESERVED
CVE-2011-3942
RESERVED
-CVE-2011-3941
- RESERVED
+CVE-2011-3941 (The decode_mb function in libavcodec/error_resilience.c in FFmpeg ...)
+ TODO: check
CVE-2011-3940 (nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before ...)
{DSA-2471-1}
- libav 4:0.8.1-1
@@ -39401,10 +39417,10 @@
{DSA-2471-1}
- libav 4:0.8.1-1
- ffmpeg <removed>
-CVE-2011-3935
- RESERVED
-CVE-2011-3934
- RESERVED
+CVE-2011-3935 (The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows ...)
+ TODO: check
+CVE-2011-3934 (Double free vulnerability in the vp3_update_thread_context function in ...)
+ TODO: check
CVE-2011-3933
RESERVED
CVE-2011-3932
More information about the Secure-testing-commits
mailing list