[Secure-testing-commits] r21238 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Feb 11 21:14:20 UTC 2013
Author: joeyh
Date: 2013-02-11 21:14:19 +0000 (Mon, 11 Feb 2013)
New Revision: 21238
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-02-11 15:06:01 UTC (rev 21237)
+++ data/CVE/list 2013-02-11 21:14:19 UTC (rev 21238)
@@ -1,3 +1,13 @@
+CVE-2013-1644
+ RESERVED
+CVE-2013-1643
+ RESERVED
+CVE-2013-1642
+ RESERVED
+CVE-2013-1641
+ RESERVED
+CVE-2013-1640
+ RESERVED
CVE-2013-1639 (Opera before 12.13 does not send CORS preflight requests in all ...)
TODO: check
CVE-2013-1638 (Opera before 12.13 allows remote attackers to execute arbitrary code ...)
@@ -28,28 +38,21 @@
RESERVED
CVE-2013-1625
RESERVED
-CVE-2013-1624 [Lucky 13 TLS protocol flaw in bouncy castle]
- RESERVED
+CVE-2013-1624 (The TLS implementation in the Bouncy Castle Java library before 1.48 ...)
- bouncycastle <unfixed> (bug #699885)
-CVE-2013-1623 [Lucky 13 TLS protocol flaw in yassl]
- RESERVED
+CVE-2013-1623 (The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not ...)
- mysql-5.1 <unfixed>
- mysql-5.5 <unfixed> (bug #699886)
-CVE-2013-1622 [Lucky 13 TLS protocol flaw in polarssl]
- RESERVED
+CVE-2013-1622 (The SSL module in PolarSSL before 1.2.5, when TLS alert messages for ...)
- polarssl 1.1.4-2 (bug #699887)
-CVE-2013-1621 [Lucky 13 TLS protocol flaw in polarssl]
- RESERVED
+CVE-2013-1621 (Array index error in the SSL module in PolarSSL before 1.2.5 might ...)
- polarssl 1.1.4-2 (bug #699887)
-CVE-2013-1620 [Lucky 13 TLS protocol flaw in nss]
- RESERVED
+CVE-2013-1620 (The TLS implementation in Mozilla Network Security Services (NSS) does ...)
- nss <unfixed> (bug #699888)
-CVE-2013-1619 [Lucky 13 TLS protocol flaw in gnutls]
- RESERVED
+CVE-2013-1619 (The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, ...)
- gnutls26 2.12.20-4
- gnutls28 3.0.22-3
-CVE-2013-1618 [Lucky 13 TLS protocol flaw in Opera]
- RESERVED
+CVE-2013-1618 (The TLS implementation in Opera before 12.13 does not properly ...)
NOT-FOR-US: Opera
CVE-2013-1617
RESERVED
@@ -425,8 +428,8 @@
RESERVED
CVE-2013-1466
RESERVED
-CVE-2013-1465
- RESERVED
+CVE-2013-1465 (The Cubecart::_basket method in classes/cubecart.class.php in CubeCart ...)
+ TODO: check
CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in ssets/player.swf in the ...)
TODO: check
CVE-2013-1463 (Cross-site scripting (XSS) vulnerability in ...)
@@ -3405,14 +3408,12 @@
CVE-2013-0264
RESERVED
NOT-FOR-US: Cumin
-CVE-2013-0263 [Timing attack in cookie sessions]
- RESERVED
+CVE-2013-0263 (Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, ...)
- ruby-rack <unfixed> (bug #700226)
- librack-ruby <removed> (bug #700226)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=802794
NOTE: Patches in git, commits 0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07 and 9a81b961457805f6d1a5c275d053068440421e11
-CVE-2013-0262 [Path sanitization information disclosure]
- RESERVED
+CVE-2013-0262 (rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before ...)
- ruby-rack <unfixed> (bug #700173)
- librack-ruby <not-affected> (Introduced in 1.4.0, see #700226)
NOTE: Patches in git, commit 6f237e4c9fab649d3750482514f0fde76c56ab30
@@ -3478,8 +3479,7 @@
- drupal6 <unfixed> (bug #698333)
- drupal7 7.14-1.3 (bug #698334)
NOTE: https://drupal.org/SA-CORE-2013-001
-CVE-2013-0242 [glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters]
- RESERVED
+CVE-2013-0242 (Buffer overflow in the extend_buffers function in the regular ...)
- eglibc <unfixed> (low; bug #699399)
[wheezy] - eglibc <no-dsa> (Minor issue)
[squeeze] - eglibc <no-dsa> (Minor issue)
@@ -3665,8 +3665,7 @@
RESERVED
- linux <unfixed>
- linux-2.6 <removed>
-CVE-2013-0189
- RESERVED
+CVE-2013-0189 (cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and ...)
- squid 2.7.STABLE9-2
NOTE: squid-cgi was removed in 2.7.STABLE9-2
- squid3 3.1.20-2.1 (bug #696187)
@@ -3729,14 +3728,12 @@
NOTE: https://lists.samba.org/archive/samba-technical/2013-January/089911.html
CVE-2013-0171
RESERVED
-CVE-2013-0170 [libvirt Use-After-Free May Let Remote Users Execute Arbitrary Code]
- RESERVED
+CVE-2013-0170 (Use-after-free vulnerability in the virNetMessageFree function in ...)
- libvirt 0.9.12-6 (bug #699224)
[squeeze] - libvirt <not-affected> (Vulnerable code not present, see bug #699224)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=893450
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720
-CVE-2013-0169 [Lucky 13 TLS protocol timing flaw]
- RESERVED
+CVE-2013-0169 (The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as ...)
- openssl <unfixed> (bug #699889)
- bouncycastle <unfixed> (bug #699885)
- mysql-5.1 <unfixed>
@@ -3751,8 +3748,7 @@
NOTE: RHEV management tool
CVE-2013-0167
RESERVED
-CVE-2013-0166 [openssl OCSP invalid key DoS issue]
- RESERVED
+CVE-2013-0166 (OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d ...)
- openssl <unfixed> (bug #699889)
CVE-2013-0165
RESERVED
@@ -7033,7 +7029,7 @@
CVE-2012-5190
RESERVED
CVE-2012-5189
- RESERVED
+ REJECTED
CVE-2012-5188
RESERVED
CVE-2012-5187 (The Weathernews Touch application 2.3.2 and earlier for Android allows ...)
@@ -13633,8 +13629,7 @@
CVE-2012-2687 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- apache2 2.2.22-8 (low)
[squeeze] - apache2 2.2.16-6+squeeze8
-CVE-2012-2686 [openssl TLS 1.1 and 1.2 AES-NI crash]
- RESERVED
+CVE-2012-2686 (crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the ...)
- openssl <unfixed> (low; bug #699889)
[squeeze] - openssl <not-affected> (Vulnerable code not present)
NOTE: DoS in specific protocol + cpu type combination
More information about the Secure-testing-commits
mailing list