[Secure-testing-commits] r24731 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Dec 13 07:28:16 UTC 2013
Author: carnil
Date: 2013-12-13 07:28:16 +0000 (Fri, 13 Dec 2013)
New Revision: 24731
Modified:
data/CVE/list
Log:
Add new CVE identifiers
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-12-13 06:57:52 UTC (rev 24730)
+++ data/CVE/list 2013-12-13 07:28:16 UTC (rev 24731)
@@ -1,3 +1,71 @@
+CVE-2013-7083
+ RESERVED
+CVE-2013-7068
+ RESERVED
+CVE-2013-7067
+ RESERVED
+CVE-2013-7066
+ RESERVED
+CVE-2013-7065
+ RESERVED
+CVE-2013-7064
+ RESERVED
+CVE-2013-7063
+ RESERVED
+CVE-2013-7059
+ RESERVED
+CVE-2013-7058
+ RESERVED
+CVE-2013-7057
+ RESERVED
+CVE-2013-7056
+ RESERVED
+CVE-2013-7055
+ RESERVED
+CVE-2013-7054
+ RESERVED
+CVE-2013-7053
+ RESERVED
+CVE-2013-7052
+ RESERVED
+CVE-2013-7051
+ RESERVED
+CVE-2013-7047
+ RESERVED
+CVE-2013-7046
+ RESERVED
+CVE-2013-7045
+ RESERVED
+CVE-2013-7044
+ RESERVED
+CVE-2013-7043 (Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco ...)
+ TODO: check
+CVE-2013-7042 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses ...)
+ TODO: check
+CVE-2013-7037
+ RESERVED
+CVE-2013-7036
+ RESERVED
+CVE-2013-7035
+ RESERVED
+CVE-2013-7034
+ RESERVED
+CVE-2013-7033
+ RESERVED
+CVE-2013-7032
+ RESERVED
+CVE-2013-7031
+ RESERVED
+CVE-2013-7030 (** DISPUTED ** The TFTP service in Cisco Unified Communications ...)
+ TODO: check
+CVE-2013-7029
+ RESERVED
+CVE-2013-7028
+ RESERVED
+CVE-2013-7027 (The ieee80211_radiotap_iterator_init function in ...)
+ TODO: check
+CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before ...)
+ TODO: check
CVE-2013-7089 [dbg_printhex possible information leak]
- clamav 0.97.7+dfsg-1
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6804
@@ -16,51 +84,71 @@
[wheezy] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
[squeeze] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
CVE-2013-7082
+ RESERVED
- typo3-src <unfixed> (bug #731999)
CVE-2013-7081
+ RESERVED
- typo3-src <unfixed> (bug #731999)
CVE-2013-7080
+ RESERVED
- typo3-src <unfixed> (bug #731999)
CVE-2013-7079
+ RESERVED
- typo3-src <unfixed> (bug #731999)
CVE-2013-7078
+ RESERVED
- typo3-src <unfixed> (bug #731999)
CVE-2013-7077
+ RESERVED
- typo3-src <unfixed> (bug #731999)
CVE-2013-7076
+ RESERVED
- typo3-src <unfixed> (bug #731999)
CVE-2013-7075
+ RESERVED
- typo3-src <unfixed> (bug #731999)
CVE-2013-7074
+ RESERVED
- typo3-src <unfixed> (bug #731999)
CVE-2013-7073
+ RESERVED
- typo3-src <unfixed> (bug #731999)
CVE-2013-7072
+ RESERVED
NOT-FOR-US: Monitorix
CVE-2013-7071
+ RESERVED
NOT-FOR-US: Monitorix
CVE-2013-7070
+ RESERVED
NOT-FOR-US: Monitorix
CVE-2013-7062 [XSS]
+ RESERVED
TODO: check plone/zope
CVE-2013-7061 [Privilege escalation through exposed underlying API]
+ RESERVED
TODO: check plone/zope
CVE-2013-7060 [Filesystem path information leak]
+ RESERVED
TODO: check plone/zope
CVE-2013-7049 [ZNC IRC Bouncer DoS in FiSH Plugin]
+ RESERVED
NOTE: vulnerable code not found in Debian
NOTE: http://www.openwall.com/lists/oss-security/2013/12/11/14
NOT-FOR-US: FiSH Plugin for ZNC IRC Bouncer
CVE-2013-7048 [Nova live snapshots use an insecure local directory]
+ RESERVED
- nova <unfixed> (bug #732022)
[wheezy] - nova <not-affected> (Support for live snapshots added later)
NOTE: https://bugs.launchpad.net/nova/+bug/1227027
CVE-2013-7050 [uscan: arbitrary code execution]
+ RESERVED
- devscripts 2.13.8 (bug #731849)
[wheezy] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
[squeeze] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
NOTE: http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=91f05b5
CVE-2013-7069 [remote code execution via per-project .ackrc files]
+ RESERVED
- ack-grep 2.12-1 (bug #731848)
[wheezy] - ack-grep <not-affected> (don't support per-project .ackrc files)
[squeeze] - ack-grep <not-affected> (don't support per-project .ackrc files)
@@ -163,8 +251,10 @@
CVE-2014-0326
RESERVED
CVE-2013-7041 [password hashes aren't compared case-sensitively]
+ RESERVED
- pam <unfixed> (bug #731368)
CVE-2013-7040
+ RESERVED
- python2.5 <removed>
- python2.6 <removed>
- python2.7 <unfixed>
@@ -173,11 +263,13 @@
- python3.3 <unfixed>
TODO: check
CVE-2013-7039 [stack overflow in MHD_digest_auth_check()]
+ RESERVED
- libmicrohttpd 0.9.32-1 (low; bug #731933)
[squeeze] - libmicrohttpd <no-dsa> (Minor issue, only expoitable in corner cases)
[wheezy] - libmicrohttpd <no-dsa> (Minor issue, only expoitable in corner cases)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039390
CVE-2013-7038 [out-of-bounds read in MHD_http_unescape()]
+ RESERVED
- libmicrohttpd 0.9.32-1 (low; bug #731933)
[squeeze] - libmicrohttpd <no-dsa> (Minor issue)
[wheezy] - libmicrohttpd <no-dsa> (Minor issue)
@@ -308,8 +400,7 @@
RESERVED
CVE-2013-6987
RESERVED
-CVE-2013-6986
- RESERVED
+CVE-2013-6986 (The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in ...)
NOT-FOR-US: ZippyYum
CVE-2013-6984
RESERVED
@@ -1091,8 +1182,7 @@
RESERVED
CVE-2014-0001
RESERVED
-CVE-2013-6985
- RESERVED
+CVE-2013-6985 (SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth ...)
NOT-FOR-US: Enorth Webpublisher CMS
CVE-2013-6920 (Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not ...)
NOT-FOR-US: Siemens
@@ -1244,8 +1334,8 @@
RESERVED
CVE-2013-6841
RESERVED
-CVE-2013-6840
- RESERVED
+CVE-2013-6840 (Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 ...)
+ TODO: check
CVE-2013-6839
RESERVED
NOT-FOR-US: InstantCMS
@@ -1315,8 +1405,7 @@
RESERVED
CVE-2013-6811
RESERVED
-CVE-2013-6810
- RESERVED
+CVE-2013-6810 (The server in EMC Connectrix Manager Converged Network Edition (CMCNE) ...)
NOT-FOR-US: EMC Connectrix Manager Converged Network Edition
CVE-2013-6809
RESERVED
@@ -1554,8 +1643,8 @@
RESERVED
CVE-2013-6709
RESERVED
-CVE-2013-6708
- RESERVED
+CVE-2013-6708 (Cisco Cloud Portal 9.4 allows remote attackers to read files of ...)
+ TODO: check
CVE-2013-6707 (Memory leak in the connection-manager implementation in Cisco Adaptive ...)
NOT-FOR-US: Cisco
CVE-2013-6706 (The Cisco Express Forwarding processing module in Cisco IOS XE allows ...)
@@ -1624,20 +1713,17 @@
RESERVED
CVE-2013-6674
RESERVED
-CVE-2013-6673
- RESERVED
+CVE-2013-6673 (Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
[squeeze] - iceape <end-of-life>
-CVE-2013-6672
- RESERVED
+CVE-2013-6672 (Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow ...)
- iceweasel <not-affected> (Only affects Firefox 25)
- iceape <not-affected> (Only affects Firefox 25)
-CVE-2013-6671
- RESERVED
+CVE-2013-6671 (The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
@@ -2193,15 +2279,13 @@
RESERVED
CVE-2013-6433
RESERVED
-CVE-2013-6432 [ping: NULL pointer dereference on write to msg_name]
- RESERVED
+CVE-2013-6432 (The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel ...)
- linux <unfixed>
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.11)
- linux-2.6 <not-affected> (Vulnerable code introduced in 3.11)
NOTE: Introduced by https://git.kernel.org/linus/6d0bfe22611602f36617bc7aa2ffa1bbb2f54c67
NOTE: fixed by https://git.kernel.org/linus/cf970c002d270c36202bd5b9c2804d3097a52da0
-CVE-2013-6431 [net: fib: fib6_add: potential NULL pointer dereference]
- RESERVED
+CVE-2013-6431 (The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before ...)
- linux-2.6 <removed> (low)
- linux <unfixed> (low)
NOTE: fixed by https://git.kernel.org/linus/ae7b4e1f213aa659aedf9c6ecad0bf5f0476e1e2
@@ -2213,8 +2297,7 @@
RESERVED
- heat <unfixed> (bug #732033)
NOTE: https://launchpad.net/bugs/1256983
-CVE-2013-6427 [insecure auto update feature]
- RESERVED
+CVE-2013-6427 (upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing ...)
- hplip <unfixed> (bug #731480)
[squeeze] - hplip <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=853405
@@ -2233,8 +2316,7 @@
RESERVED
CVE-2013-6422
RESERVED
-CVE-2013-6421 [Command injection]
- RESERVED
+CVE-2013-6421 (The unpack_zip function in archive_unpacker.rb in the sprout gem ...)
NOT-FOR-US: Ruby Gem sprout
CVE-2013-6420 [php: memory corruption in openssl_x509_parse()]
RESERVED
@@ -2463,7 +2545,7 @@
CVE-2013-6357 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the ...)
NOT-FOR-US: Disputed non-issue in Tomcat
CVE-2013-6356
- RESERVED
+ REJECTED
CVE-2013-6355
RESERVED
CVE-2013-6354
@@ -2738,8 +2820,7 @@
RESERVED
CVE-2013-6238
RESERVED
-CVE-2013-6237 [Clipboard security issue]
- RESERVED
+CVE-2013-6237 (The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 ...)
NOT-FOR-US: ISL Light
CVE-2013-6236
RESERVED
@@ -2767,8 +2848,7 @@
NOT-FOR-US: Pydio (AjaXplorer) Zoho Editor plugin
CVE-2013-6225
RESERVED
-CVE-2013-6224
- RESERVED
+CVE-2013-6224 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla ...)
NOT-FOR-US: Livezilla
CVE-2013-6223
RESERVED
@@ -2857,8 +2937,7 @@
RESERVED
CVE-2013-6181
RESERVED
-CVE-2013-6180
- RESERVED
+CVE-2013-6180 (EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness ...)
NOT-FOR-US: RSA Security Analytics
CVE-2013-6179
RESERVED
@@ -3130,15 +3209,13 @@
RESERVED
CVE-2013-6055
RESERVED
-CVE-2013-6054
- RESERVED
+CVE-2013-6054 (Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and ...)
{DSA-2808-1}
- openjpeg <unfixed> (bug #731237)
CVE-2013-6053
RESERVED
- openjpeg <not-affected> (only affects 1.5, in experimental)
-CVE-2013-6052
- RESERVED
+CVE-2013-6052 (OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive ...)
{DSA-2808-1}
- openjpeg <unfixed> (bug #731237)
CVE-2013-6051 [bgpd crash on valid BGP updates]
@@ -3165,8 +3242,7 @@
[wheezy] - ikiwiki-hosting <no-dsa> (Minor XSS)
CVE-2013-6046
RESERVED
-CVE-2013-6045
- RESERVED
+CVE-2013-6045 (Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might ...)
{DSA-2808-1}
- openjpeg <unfixed> (bug #731237)
CVE-2013-6044 (The is_safe_url function in utils/http.py in Django 1.4.x before ...)
@@ -3180,8 +3256,7 @@
RESERVED
CVE-2013-6040
RESERVED
-CVE-2013-6039
- RESERVED
+CVE-2013-6039 (Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 ...)
NOT-FOR-US: NagiosQL
CVE-2013-6038
RESERVED
@@ -3808,8 +3883,8 @@
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5764
RESERVED
-CVE-2013-5763
- RESERVED
+CVE-2013-5763 (Unspecified vulnerability in the Oracle Outside In Technology ...)
+ TODO: check
CVE-2013-5762 (Unspecified vulnerability in the Oracle Siebel CTMS component in ...)
NOT-FOR-US: Oracle Siebel
CVE-2013-5761 (Unspecified vulnerability in the Siebel Core - Server BizLogic Script ...)
@@ -4194,12 +4269,10 @@
REJECTED
CVE-2013-5620
REJECTED
-CVE-2013-5619
- RESERVED
+CVE-2013-5619 (Multiple integer overflows in the binary-search implementation in ...)
- iceweasel <not-affected> (Only affects Firefox 25)
- iceape <not-affected> (Only affects Firefox 25)
-CVE-2013-5618
- RESERVED
+CVE-2013-5618 (Use-after-free vulnerability in the nsNodeUtils::LastRelease function ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
@@ -4208,46 +4281,38 @@
[squeeze] - iceape <end-of-life>
CVE-2013-5617
RESERVED
-CVE-2013-5616
- RESERVED
+CVE-2013-5616 (Use-after-free vulnerability in the ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
[squeeze] - iceape <end-of-life>
-CVE-2013-5615
- RESERVED
+CVE-2013-5615 (The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
[squeeze] - iceape <end-of-life>
-CVE-2013-5614
- RESERVED
+CVE-2013-5614 (Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly ...)
- iceweasel <not-affected> (Only affects Firefox 25)
-CVE-2013-5613
- RESERVED
+CVE-2013-5613 (Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
[squeeze] - iceape <end-of-life>
-CVE-2013-5612
- RESERVED
+CVE-2013-5612 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
- iceweasel <not-affected> (Only affects Firefox 25)
-CVE-2013-5611
- RESERVED
+CVE-2013-5611 (Mozilla Firefox before 26.0 does not properly remove the Application ...)
- iceweasel <not-affected> (Only affects Firefox 25)
-CVE-2013-5610
- RESERVED
+CVE-2013-5610 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox 25)
- iceape <not-affected> (Only affects Firefox 25)
- icedove <not-affected> (Only affects Firefox 25)
-CVE-2013-5609
- RESERVED
+CVE-2013-5609 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
@@ -4681,8 +4746,8 @@
NOT-FOR-US: IBM
CVE-2013-5448 (Cross-site scripting (XSS) vulnerability in the Right Click Plugin ...)
NOT-FOR-US: IBM Security QRadar SIEM
-CVE-2013-5447
- RESERVED
+CVE-2013-5447 (Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and ...)
+ TODO: check
CVE-2013-5446 (The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 ...)
NOT-FOR-US: IBM WebSphere DataPower XC10 appliances
CVE-2013-5445
@@ -4767,8 +4832,8 @@
RESERVED
CVE-2013-5405
RESERVED
-CVE-2013-5404
- RESERVED
+CVE-2013-5404 (Cross-site scripting (XSS) vulnerability in the search implementation ...)
+ TODO: check
CVE-2013-5403 (Unspecified vulnerability on the IBM WebSphere DataPower XC10 ...)
NOT-FOR-US: IBM WebSphere
CVE-2013-5402
@@ -4865,10 +4930,10 @@
RESERVED
CVE-2013-5356
RESERVED
-CVE-2013-5355
- RESERVED
-CVE-2013-5354
- RESERVED
+CVE-2013-5355 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2013-5354 (Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow ...)
+ TODO: check
CVE-2013-5353
RESERVED
CVE-2013-5352
@@ -4907,15 +4972,13 @@
RESERVED
CVE-2013-5335
RESERVED
-CVE-2013-5334
- RESERVED
-CVE-2013-5333
- RESERVED
-CVE-2013-5332
- RESERVED
+CVE-2013-5334 (Adobe Shockwave Player before 12.0.7.148 allows attackers to execute ...)
+ TODO: check
+CVE-2013-5333 (Adobe Shockwave Player before 12.0.7.148 allows attackers to execute ...)
+ TODO: check
+CVE-2013-5332 (Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2013-5331
- RESERVED
+CVE-2013-5331 (Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2013-5330 (Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before ...)
NOT-FOR-US: Adobe Flash
@@ -5449,8 +5512,8 @@
RESERVED
CVE-2013-5073
RESERVED
-CVE-2013-5072
- RESERVED
+CVE-2013-5072 (Cross-site scripting (XSS) vulnerability in Outlook Web Access in ...)
+ TODO: check
CVE-2013-5071
RESERVED
CVE-2013-5070
@@ -5475,43 +5538,42 @@
RESERVED
CVE-2013-5060
RESERVED
-CVE-2013-5059
- RESERVED
-CVE-2013-5058
- RESERVED
+CVE-2013-5059 (Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web ...)
+ TODO: check
+CVE-2013-5058 (Integer overflow in the kernel-mode drivers in Microsoft Windows XP ...)
NOT-FOR-US: Microsoft Windows Kernel
-CVE-2013-5057
- RESERVED
-CVE-2013-5056
- RESERVED
+CVE-2013-5057 (hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not ...)
+ TODO: check
+CVE-2013-5056 (Use-after-free vulnerability in the Scripting Runtime Object Library ...)
+ TODO: check
CVE-2013-5055
RESERVED
-CVE-2013-5054
- RESERVED
+CVE-2013-5054 (Microsoft Office 2013 and 2013 RT allows remote attackers to discover ...)
+ TODO: check
CVE-2013-5053
RESERVED
-CVE-2013-5052
- RESERVED
-CVE-2013-5051
- RESERVED
+CVE-2013-5052 (Microsoft Internet Explorer 7 allows remote attackers to execute ...)
+ TODO: check
+CVE-2013-5051 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
CVE-2013-5050
RESERVED
-CVE-2013-5049
- RESERVED
-CVE-2013-5048
- RESERVED
-CVE-2013-5047
- RESERVED
-CVE-2013-5046
- RESERVED
-CVE-2013-5045
- RESERVED
+CVE-2013-5049 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
+ TODO: check
+CVE-2013-5048 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2013-5047 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2013-5046 (Microsoft Internet Explorer 7 through 11 allows local users to bypass ...)
+ TODO: check
+CVE-2013-5045 (Microsoft Internet Explorer 10 and 11 allows local users to bypass the ...)
+ TODO: check
CVE-2013-5044
RESERVED
CVE-2013-5043
RESERVED
-CVE-2013-5042
- RESERVED
+CVE-2013-5042 (Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR ...)
+ TODO: check
CVE-2013-5041
RESERVED
CVE-2013-5040
@@ -6645,8 +6707,7 @@
RESERVED
- mediawiki <unfixed> (bug #729629)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
-CVE-2013-4566 [incorrect handling of NSSVerifyClient in directory context]
- RESERVED
+CVE-2013-4566 (mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the ...)
- libapache2-mod-nss <unfixed> (low; bug #731627)
[wheezy] - libapache2-mod-nss <no-dsa> (Minor issue)
CVE-2013-4565 [heap-based buffer overflow]
@@ -7006,8 +7067,7 @@
NOTE: http://www.mantisbt.org/bugs/view.php?id=16513
CVE-2013-4459 (LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the ...)
- lightdm <not-affected> (Only in combination with guest profile, apparmor and 1.8.x branch)
-CVE-2013-4458 [Stack (frame) overflow in getaddrinfo() when called with AF_INET6]
- RESERVED
+CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in ...)
- eglibc <unfixed> (low; bug #727181)
[wheezy] - eglibc <no-dsa> (Minor issue)
[squeeze] - eglibc <no-dsa> (Minor issue)
@@ -7167,8 +7227,7 @@
- python-django-djblets <removed> (low)
[squeeze] - python-django-djblets <no-dsa> (Minor issue)
NOTE: Fix: https://github.com/djblets/djblets/commit/36cd15763742652ca990f913b44e91c69c707269
-CVE-2013-4408
- RESERVED
+CVE-2013-4408 (Buffer overflow in the dcerpc_read_ncacn_packet_done function in ...)
{DSA-2812-1}
- samba 2:4.0.13+dfsg-1
- samba4 <removed>
@@ -7633,8 +7692,7 @@
NOT-FOR-US: Drupal addon
CVE-2013-4271 (The default configuration of the ObjectRepresentation class in Restlet ...)
- restlet <itp> (bug #596472)
-CVE-2013-4270 [net: permissions flaw in /proc/sys/net]
- RESERVED
+CVE-2013-4270 (The net_ctl_permissions function in net/sysctl_net.c in the Linux ...)
- linux-2.6 <not-affected> (Introduced in 3.8)
- linux 3.11.5-1
[wheezy] - linux <not-affected> (Introduced in 3.8)
@@ -7659,7 +7717,7 @@
- ffmpeg <not-affected> (g2meet codec not present in 0.5 ffmpeg)
- libav <not-affected> (g2meet codec not present in libav)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/2960576378d17d71cc8dccc926352ce568b5eec1
-CVE-2013-4263 (libavfilter in FFmpeg before 2.0.1 allows has unspecified impact and ...)
+CVE-2013-4263 (libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote ...)
- ffmpeg <not-affected> (Affected video filters not present in ffmpeg 0.5)
- libav <unfixed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/e43a0a232dbf6d3c161823c2e07c52e76227a1bc
@@ -8611,8 +8669,8 @@
RESERVED
CVE-2013-3930
RESERVED
-CVE-2013-3929
- RESERVED
+CVE-2013-3929 (Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS ...)
+ TODO: check
CVE-2013-3928
RESERVED
CVE-2013-3927 (Unspecified vulnerability in the client library in Siemens COMOS 9.2 ...)
@@ -8653,24 +8711,24 @@
NOT-FOR-US: Microsoft
CVE-2013-3908 (Microsoft Internet Explorer 6 through 10 allows user-assisted remote ...)
NOT-FOR-US: Microsoft
-CVE-2013-3907
- RESERVED
+CVE-2013-3907 (portcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...)
+ TODO: check
CVE-2013-3906 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 ...)
NOT-FOR-US: Microsoft
CVE-2013-3905 (Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does ...)
NOT-FOR-US: Microsoft
CVE-2013-3904
RESERVED
-CVE-2013-3903
- RESERVED
-CVE-2013-3902
- RESERVED
+CVE-2013-3903 (Array index error in win32k.sys in the kernel-mode drivers in ...)
+ TODO: check
+CVE-2013-3902 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
+ TODO: check
CVE-2013-3901
RESERVED
-CVE-2013-3900
- RESERVED
-CVE-2013-3899
- RESERVED
+CVE-2013-3900 (The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, ...)
+ TODO: check
+CVE-2013-3899 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
+ TODO: check
CVE-2013-3898 (Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, ...)
NOT-FOR-US: Microsoft
CVE-2013-3897 (Use-after-free vulnerability in the CDisplayPointer class in ...)
@@ -8711,8 +8769,8 @@
NOT-FOR-US: Microsoft Windows
CVE-2013-3879 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
NOT-FOR-US: Microsoft Windows
-CVE-2013-3878
- RESERVED
+CVE-2013-3878 (Stack-based buffer overflow in the LRPC client in Microsoft Windows XP ...)
+ TODO: check
CVE-2013-3877
RESERVED
CVE-2013-3876 (DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...)
@@ -9113,8 +9171,8 @@
RESERVED
CVE-2013-3711
RESERVED
-CVE-2013-3710
- RESERVED
+CVE-2013-3710 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate ...)
+ TODO: check
CVE-2013-3709
RESERVED
CVE-2013-3708 (The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 ...)
@@ -9323,10 +9381,10 @@
NOT-FOR-US: Baramundi Management Suite
CVE-2013-3624 (The OS deployment feature in Baramundi Management Suite 7.5 through ...)
NOT-FOR-US: Baramundi Management Suite
-CVE-2013-3623
- RESERVED
-CVE-2013-3622
- RESERVED
+CVE-2013-3623 (Multiple stack-based buffer overflows in cgi/close_window.cgi in the ...)
+ TODO: check
+CVE-2013-3622 (Buffer overflow in logout.cgi in the Intelligent Platform Management ...)
+ TODO: check
CVE-2013-3621
RESERVED
CVE-2013-3620
@@ -10836,14 +10894,12 @@
{DSA-2799-1}
- chromium-browser 31.0.1650.57-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-2930
- RESERVED
+CVE-2013-2930 (The perf_trace_event_perm function in kernel/trace/trace_event_perf.c ...)
- linux-2.6 <not-affected> (Introduced in v3.4)
[wheezy] - linux <not-affected> (Introduced in v3.4)
- linux 3.11.8-1
NOTE: Introduced by ced39002f5ea
-CVE-2013-2929
- RESERVED
+CVE-2013-2929 (The Linux kernel before 3.12.2 does not properly use the get_dumpable ...)
- linux-2.6 <removed>
- linux 3.11.10-1
CVE-2013-2928 (Multiple unspecified vulnerabilities in Google Chrome before ...)
@@ -11388,10 +11444,10 @@
RESERVED
CVE-2013-2753
RESERVED
-CVE-2013-2752
- RESERVED
-CVE-2013-2751
- RESERVED
+CVE-2013-2752 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2013-2751 (Eval injection vulnerability in frontview/lib/np_handler.pl in the ...)
+ TODO: check
CVE-2013-2750
RESERVED
CVE-2013-2749
@@ -12845,7 +12901,7 @@
CVE-2013-2216
RESERVED
CVE-2013-2215
- RESERVED
+ REJECTED
NOTE: Asked to be rejected in oss-security mailing list
CVE-2013-2214 [REJECTED: nagios3: information leak; works as designed]
RESERVED
@@ -13680,8 +13736,7 @@
{DSA-2669-1}
- linux 3.8.11-1
- linux-2.6 <not-affected> (Introduced in 2.6.36)
-CVE-2013-1978 [XWD plugin color map heap-based buffer overflow]
- RESERVED
+CVE-2013-1978 (Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c ...)
{DSA-2813-1}
- gimp <unfixed> (bug #731305)
CVE-2013-1977 (OpenStack devstack uses world-readable permissions for keystone.conf, ...)
@@ -13904,8 +13959,7 @@
- eglibc 2.17-2 (low; bug #704623)
[wheezy] - eglibc <no-dsa> (Minor issue)
[squeeze] - eglibc <no-dsa> (Minor issue)
-CVE-2013-1913 [xwd plugin g_new() integer overflow]
- RESERVED
+CVE-2013-1913 (Integer overflow in the load_image function in file-xwd.c in the X ...)
{DSA-2813-1}
- gimp <unfixed> (bug #731305)
CVE-2013-1912 (Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through ...)
@@ -14253,8 +14307,7 @@
- busybox 1:1.20.0-8 (low; bug #701965)
[wheezy] - busybox <no-dsa> (Minor issue)
[squeeze] - busybox <no-dsa> (Minor issue)
-CVE-2013-1812
- RESERVED
+CVE-2013-1812 (The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID ...)
- ruby-openid 2.1.8debian-6 (bug #702217)
- libopenid-ruby <removed> (bug #702217)
[squeeze] - libopenid-ruby 2.1.8debian-1+squeeze1
@@ -15509,8 +15562,7 @@
RESERVED
CVE-2013-1448
RESERVED
-CVE-2013-1447
- RESERVED
+CVE-2013-1447 (OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of ...)
{DSA-2808-1}
- openjpeg <unfixed> (bug #731237)
CVE-2013-1446
@@ -28440,8 +28492,8 @@
RESERVED
CVE-2012-3048
RESERVED
-CVE-2012-3047
- RESERVED
+CVE-2012-3047 (Cross-site scripting (XSS) vulnerability in the web-wizard setup page ...)
+ TODO: check
CVE-2012-3046
RESERVED
CVE-2012-3045
@@ -35492,6 +35544,7 @@
CVE-2007-6751 (Cross-site scripting (XSS) vulnerability in the MailForm plugin before ...)
NOT-FOR-US: MailForm plugin for Movable Type
CVE-2004-2776
+ RESERVED
NOT-FOR-US: Montitorix
CVE-2004-2775
RESERVED
@@ -35806,8 +35859,7 @@
CVE-2011-4972 [CKEditor module for Drupal access bypass]
RESERVED
NOT-FOR-US: Drupal module
-CVE-2011-4971 [memcached: remote DoS]
- RESERVED
+CVE-2011-4971 (Multiple integer signedness errors in the (1) process_bin_sasl_auth, ...)
- memcached <unfixed> (bug #706426)
CVE-2011-4970 [Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM)]
RESERVED
More information about the Secure-testing-commits
mailing list