[Secure-testing-commits] r21238 - data/CVE

Mon Feb 11 21:14:20 UTC 2013

Author: joeyh
Date: 2013-02-11 21:14:19 +0000 (Mon, 11 Feb 2013)
New Revision: 21238

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2013-02-11 15:06:01 UTC (rev 21237)
+++ data/CVE/list	2013-02-11 21:14:19 UTC (rev 21238)
@@ -1,3 +1,13 @@
+CVE-2013-1644
+	RESERVED
+CVE-2013-1643
+	RESERVED
+CVE-2013-1642
+	RESERVED
+CVE-2013-1641
+	RESERVED
+CVE-2013-1640
+	RESERVED
 CVE-2013-1639 (Opera before 12.13 does not send CORS preflight requests in all ...)
 	TODO: check
 CVE-2013-1638 (Opera before 12.13 allows remote attackers to execute arbitrary code ...)
@@ -28,28 +38,21 @@
 	RESERVED
 CVE-2013-1625
 	RESERVED
-CVE-2013-1624 [Lucky 13 TLS protocol flaw in bouncy castle]
-	RESERVED
+CVE-2013-1624 (The TLS implementation in the Bouncy Castle Java library before 1.48 ...)
 	- bouncycastle <unfixed> (bug #699885)
-CVE-2013-1623 [Lucky 13 TLS protocol flaw in yassl]
-	RESERVED
+CVE-2013-1623 (The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not ...)
 	- mysql-5.1 <unfixed>
 	- mysql-5.5 <unfixed> (bug #699886)
-CVE-2013-1622 [Lucky 13 TLS protocol flaw in polarssl]
-	RESERVED
+CVE-2013-1622 (The SSL module in PolarSSL before 1.2.5, when TLS alert messages for ...)
 	- polarssl 1.1.4-2 (bug #699887)
-CVE-2013-1621 [Lucky 13 TLS protocol flaw in polarssl]
-	RESERVED
+CVE-2013-1621 (Array index error in the SSL module in PolarSSL before 1.2.5 might ...)
 	- polarssl 1.1.4-2 (bug #699887)
-CVE-2013-1620 [Lucky 13 TLS protocol flaw in nss]
-	RESERVED
+CVE-2013-1620 (The TLS implementation in Mozilla Network Security Services (NSS) does ...)
 	- nss <unfixed> (bug #699888)
-CVE-2013-1619 [Lucky 13 TLS protocol flaw in gnutls]
-	RESERVED
+CVE-2013-1619 (The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, ...)
 	- gnutls26 2.12.20-4
 	- gnutls28 3.0.22-3
-CVE-2013-1618 [Lucky 13 TLS protocol flaw in Opera]
-	RESERVED
+CVE-2013-1618 (The TLS implementation in Opera before 12.13 does not properly ...)
 	NOT-FOR-US: Opera
 CVE-2013-1617
 	RESERVED
@@ -425,8 +428,8 @@
 	RESERVED
 CVE-2013-1466
 	RESERVED
-CVE-2013-1465
-	RESERVED
+CVE-2013-1465 (The Cubecart::_basket method in classes/cubecart.class.php in CubeCart ...)
+	TODO: check
 CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in ssets/player.swf in the ...)
 	TODO: check
 CVE-2013-1463 (Cross-site scripting (XSS) vulnerability in ...)
@@ -3405,14 +3408,12 @@
 CVE-2013-0264
 	RESERVED
 	NOT-FOR-US: Cumin
-CVE-2013-0263 [Timing attack in cookie sessions]
-	RESERVED
+CVE-2013-0263 (Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, ...)
 	- ruby-rack <unfixed> (bug #700226)
 	- librack-ruby <removed> (bug #700226)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=802794
 	NOTE: Patches in git, commits 0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07 and 9a81b961457805f6d1a5c275d053068440421e11
-CVE-2013-0262 [Path sanitization information disclosure]
-	RESERVED
+CVE-2013-0262 (rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before ...)
 	- ruby-rack <unfixed> (bug #700173)
 	- librack-ruby <not-affected> (Introduced in 1.4.0, see #700226)
 	NOTE: Patches in git, commit 6f237e4c9fab649d3750482514f0fde76c56ab30
@@ -3478,8 +3479,7 @@
 	- drupal6 <unfixed> (bug #698333)
 	- drupal7 7.14-1.3 (bug #698334)
 	NOTE: https://drupal.org/SA-CORE-2013-001
-CVE-2013-0242 [glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters]
-	RESERVED
+CVE-2013-0242 (Buffer overflow in the extend_buffers function in the regular ...)
 	- eglibc <unfixed> (low; bug #699399)
 	[wheezy] - eglibc <no-dsa> (Minor issue)
 	[squeeze] - eglibc <no-dsa> (Minor issue)
@@ -3665,8 +3665,7 @@
 	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <removed>
-CVE-2013-0189
-	RESERVED
+CVE-2013-0189 (cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and ...)
 	- squid 2.7.STABLE9-2
 	NOTE: squid-cgi was removed in 2.7.STABLE9-2
 	- squid3 3.1.20-2.1 (bug #696187)
@@ -3729,14 +3728,12 @@
 	NOTE: https://lists.samba.org/archive/samba-technical/2013-January/089911.html
 CVE-2013-0171
 	RESERVED
-CVE-2013-0170 [libvirt Use-After-Free May Let Remote Users Execute Arbitrary Code]
-	RESERVED
+CVE-2013-0170 (Use-after-free vulnerability in the virNetMessageFree function in ...)
 	- libvirt 0.9.12-6 (bug #699224)
 	[squeeze] - libvirt <not-affected> (Vulnerable code not present, see bug #699224)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=893450
 	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720
-CVE-2013-0169 [Lucky 13 TLS protocol timing flaw]
-	RESERVED
+CVE-2013-0169 (The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as ...)
 	- openssl <unfixed> (bug #699889)
 	- bouncycastle <unfixed> (bug #699885)
 	- mysql-5.1 <unfixed>
@@ -3751,8 +3748,7 @@
 	NOTE: RHEV management tool
 CVE-2013-0167
 	RESERVED
-CVE-2013-0166 [openssl OCSP invalid key DoS issue]
-	RESERVED
+CVE-2013-0166 (OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d ...)
 	- openssl <unfixed> (bug #699889)
 CVE-2013-0165
 	RESERVED
@@ -7033,7 +7029,7 @@
 CVE-2012-5190
 	RESERVED
 CVE-2012-5189
-	RESERVED
+	REJECTED
 CVE-2012-5188
 	RESERVED
 CVE-2012-5187 (The Weathernews Touch application 2.3.2 and earlier for Android allows ...)
@@ -13633,8 +13629,7 @@
 CVE-2012-2687 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	- apache2 2.2.22-8 (low)
 	[squeeze] - apache2 2.2.16-6+squeeze8
-CVE-2012-2686 [openssl TLS 1.1 and 1.2 AES-NI crash]
-	RESERVED
+CVE-2012-2686 (crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the ...)
 	- openssl <unfixed> (low; bug #699889)
 	[squeeze] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: DoS in specific protocol + cpu type combination


