[Secure-testing-commits] r21171 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Feb 6 21:14:28 UTC 2013
Author: joeyh
Date: 2013-02-06 21:14:28 +0000 (Wed, 06 Feb 2013)
New Revision: 21171
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-02-06 19:40:00 UTC (rev 21170)
+++ data/CVE/list 2013-02-06 21:14:28 UTC (rev 21171)
@@ -1,18 +1,25 @@
CVE-2013-1624 [Lucky 13 TLS protocol flaw in bouncy castle]
+ RESERVED
- bouncycastle <unfixed> (bug #699885)
CVE-2013-1623 [Lucky 13 TLS protocol flaw in yassl]
+ RESERVED
- mysql-5.1 <unfixed>
- mysql-5.5 <unfixed> (bug #699886)
CVE-2013-1622 [Lucky 13 TLS protocol flaw in polarssl]
+ RESERVED
- polarssl <unfixed> (bug #699887)
CVE-2013-1621 [Lucky 13 TLS protocol flaw in polarssl]
+ RESERVED
- polarssl <unfixed> (bug #699887)
CVE-2013-1620 [Lucky 13 TLS protocol flaw in nss]
+ RESERVED
- nss <unfixed> (bug #699888)
CVE-2013-1619 [Lucky 13 TLS protocol flaw in gnutls]
+ RESERVED
- gnutls26 2.12.20-4
- gnutls28 <unfixed>
CVE-2013-1618 [Lucky 13 TLS protocol flaw in Opera]
+ RESERVED
NOT-FOR-US: Opera
CVE-2013-1617
RESERVED
@@ -1149,8 +1156,8 @@
RESERVED
CVE-2013-1121
RESERVED
-CVE-2013-1120
- RESERVED
+CVE-2013-1120 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
+ TODO: check
CVE-2013-1119
RESERVED
CVE-2013-1118
@@ -1175,8 +1182,8 @@
NOT-FOR-US: Cisco WebEx Training Center
CVE-2013-1108 (Cisco WebEx Training Center allows remote authenticated users to ...)
NOT-FOR-US: Cisco WebEx Training Center
-CVE-2013-1107
- RESERVED
+CVE-2013-1107 (The search function in Cisco Webex Social (formerly Cisco Quad) allows ...)
+ TODO: check
CVE-2013-1106
RESERVED
CVE-2013-1105 (Cisco Wireless LAN Controller (WLC) devices with software 7.0 before ...)
@@ -3368,8 +3375,7 @@
RESERVED
CVE-2013-0255
RESERVED
-CVE-2013-0254 [Qt Project Security Advisory: System V shared memory segments created world-writeable]
- RESERVED
+CVE-2013-0254 (The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before ...)
- qt4-x11 4:4.8.2+dfsg-11 (bug #699870)
CVE-2013-0253
RESERVED
@@ -3493,8 +3499,7 @@
CVE-2013-0219
RESERVED
- sssd <unfixed> (bug #698871)
-CVE-2013-0218
- RESERVED
+CVE-2013-0218 (The GUI installer in JBoss Enterprise Application Platform (EAP) and ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2013-0217
RESERVED
@@ -3637,8 +3642,7 @@
CVE-2013-0177
RESERVED
NOT-FOR-US: OFBiz
-CVE-2013-0176
- RESERVED
+CVE-2013-0176 (The publickey_from_privatekey function in libssh before 0.5.4, when no ...)
- libssh 0.5.4-1 (bug #698963)
NOTE: http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
NOTE: http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=55b09f426417406bb25c0b9c474fbab1398b0dc8
@@ -6259,8 +6263,7 @@
- moodle 2.2.3.dfsg-2.6
[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0
[squeeze] - moodle <not-affected> (Doesn't affect 1.9)
-CVE-2012-5478
- RESERVED
+CVE-2012-5478 (The AuthorizationInterceptor in JBoss Enterprise Application Platform ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-5477
RESERVED
@@ -6938,10 +6941,10 @@
RESERVED
CVE-2012-5188
RESERVED
-CVE-2012-5187
- RESERVED
-CVE-2012-5186
- RESERVED
+CVE-2012-5187 (The Weathernews Touch application 2.3.2 and earlier for Android allows ...)
+ TODO: check
+CVE-2012-5186 (Cross-site scripting (XSS) vulnerability in FLUGELz netmania myu-s and ...)
+ TODO: check
CVE-2012-5185 (Directory traversal vulnerability in the Olive Toast Documents Pro ...)
NOT-FOR-US: Olive Toast Documents Pro File Viewer
CVE-2012-5184 (Cross-site scripting (XSS) vulnerability in the Olive Toast Documents ...)
@@ -7026,7 +7029,7 @@
- chromium-browser <unfixed>
CVE-2012-5145 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...)
- chromium-browser <unfixed>
-CVE-2012-5144 (Google Chrome before 23.0.1271.97 does not properly perform AAC ...)
+CVE-2012-5144 (Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and ...)
- chromium-browser <unfixed>
- ffmpeg <removed>
- libav 6:0.8.5-1 (bug #694483)
@@ -11927,11 +11930,9 @@
NOTE: https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d
NOTE: https://github.com/openstack/nova/commit/25f5bd31805bd21d7b7e3583c775252aa8f737e9
NOTE: https://bugs.launchpad.net/nova/+bug/1017795
-CVE-2012-3370
- RESERVED
+CVE-2012-3370 (The SecurityAssociation.getCredential method in JBoss Enterprise ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
-CVE-2012-3369
- RESERVED
+CVE-2012-3369 (The CallerIdentityLoginModule in JBoss Enterprise Application Platform ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-3368 (Integer signedness error in attach.c in dtach 0.8 allows remote ...)
- dtach 0.8-2.1 (low; bug #625302)
@@ -12136,20 +12137,20 @@
NOT-FOR-US: md5crypt
CVE-2012-3286
RESERVED
-CVE-2012-3285
- RESERVED
-CVE-2012-3284
- RESERVED
-CVE-2012-3283
- RESERVED
-CVE-2012-3282
- RESERVED
-CVE-2012-3281
- RESERVED
+CVE-2012-3285 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance ...)
+ TODO: check
+CVE-2012-3284 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance ...)
+ TODO: check
+CVE-2012-3283 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance ...)
+ TODO: check
+CVE-2012-3282 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance ...)
+ TODO: check
+CVE-2012-3281 (Unspecified vulnerability in Device Manager in HP XP P9000 Command ...)
+ TODO: check
CVE-2012-3280
RESERVED
-CVE-2012-3279
- RESERVED
+CVE-2012-3279 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...)
+ TODO: check
CVE-2012-3278 (Stack-based buffer overflow in magentservice.exe in HP Diagnostics ...)
NOT-FOR-US: HP Diagnostics Server
CVE-2012-3277 (HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, ...)
@@ -13229,7 +13230,7 @@
CVE-2012-2802 (Unspecified vulnerability in the ac3_decode_frame function in ...)
[squeeze] - ffmpeg <unfixed> (bug #688849)
- libav 6:0.8.4-1 (bug #688847)
-CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11 ...)
+CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, ...)
[squeeze] - ffmpeg <unfixed> (bug #688849)
- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2800 (Unspecified vulnerability in the ff_ivi_process_empty_tile function in ...)
@@ -13286,7 +13287,7 @@
- libav 6:0.8.4-1 (bug #688847)
NOTE: duplicate of CVE-2012-2777
TODO: mark this properly as duplicate
-CVE-2012-2783 (Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11 ...)
+CVE-2012-2783 (Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, ...)
- ffmpeg <removed> (bug #688849)
- libav 6:0.8.5-1 (bug #688847)
CVE-2012-2782 (Unspecified vulnerability in the decode_slice_header function in ...)
@@ -14590,12 +14591,12 @@
NOT-FOR-US: Drupal addon not packaged
CVE-2012-2295
RESERVED
-CVE-2012-2294
- RESERVED
-CVE-2012-2293
- RESERVED
-CVE-2012-2292
- RESERVED
+CVE-2012-2294 (EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before ...)
+ TODO: check
+CVE-2012-2293 (Directory traversal vulnerability in EMC RSA Archer SmartSuite ...)
+ TODO: check
+CVE-2012-2292 (The Silverlight cross-domain policy in EMC RSA Archer SmartSuite ...)
+ TODO: check
CVE-2012-2291 (EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC ...)
NOT-FOR-US: EMC Avamar
CVE-2012-2290 (The client in EMC NetWorker Module for Microsoft Applications (NMM) ...)
@@ -17557,8 +17558,8 @@
NOT-FOR-US: SmartyCMS
CVE-2012-1065 (Insecure method vulnerability in TuxScripting.dll in the TuxSystem ...)
NOT-FOR-US: TuxSystem
-CVE-2012-1064
- RESERVED
+CVE-2012-1064 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...)
+ TODO: check
CVE-2011-5080 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: jftcaforms extension for TYPO3
CVE-2011-5079 (Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 ...)
@@ -18023,8 +18024,7 @@
- systemtap 1.7-1 (low; bug #660929; bug #660886)
[squeeze] - systemtap <not-affected> (Vulnerable code not present)
[lenny] - systemtap <not-affected> (Vulnerable code not present)
-CVE-2012-0874
- RESERVED
+CVE-2012-0874 (The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-0873 (Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin ...)
NOT-FOR-US: Boonex Dolphin
@@ -21193,8 +21193,7 @@
[squeeze] - cedet <no-dsa> (Minor issue)
- emacs23 23.3+1-5 (low; bug #655300)
[squeeze] - emacs23 <no-dsa> (Minor issue)
-CVE-2012-0034
- RESERVED
+CVE-2012-0034 (The NonManagedConnectionFactory in JBoss Enterprise Application ...)
NOT-FOR-US: JBoss Enterprise Application Platform
CVE-2012-0033 [znc bouncedcc DoS]
RESERVED
@@ -21585,8 +21584,7 @@
CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before ...)
{DSA-2390-1}
- openssl 1.0.0f-1
-CVE-2011-4575
- RESERVED
+CVE-2011-4575 (Cross-site scripting (XSS) vulnerability in the JMX console in JBoss ...)
NOT-FOR-US: JMX Console
CVE-2011-4574
RESERVED
@@ -31099,12 +31097,12 @@
RESERVED
CVE-2011-1353 (Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-1352
- RESERVED
+CVE-2011-1352 (The PowerVR SGX driver in Android before 2.3.6 allows attackers to ...)
+ TODO: check
CVE-2011-1351
RESERVED
-CVE-2011-1350
- RESERVED
+CVE-2011-1350 (The PowerVR SGX driver in Android before 2.3.6 allows attackers to ...)
+ TODO: check
CVE-2011-1349
RESERVED
CVE-2011-1348
More information about the Secure-testing-commits
mailing list