[Secure-testing-commits] r21269 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Feb 13 21:14:49 UTC 2013
Author: joeyh
Date: 2013-02-13 21:14:49 +0000 (Wed, 13 Feb 2013)
New Revision: 21269
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-02-13 20:17:16 UTC (rev 21268)
+++ data/CVE/list 2013-02-13 21:14:49 UTC (rev 21269)
@@ -1,3 +1,37 @@
+CVE-2013-1663
+ RESERVED
+CVE-2013-1662
+ RESERVED
+CVE-2013-1661
+ RESERVED
+CVE-2013-1660
+ RESERVED
+CVE-2013-1659
+ RESERVED
+CVE-2013-1658
+ RESERVED
+CVE-2013-1657
+ RESERVED
+CVE-2011-5265 (Cross-site scripting (XSS) vulnerability in cached_image.php in the ...)
+ TODO: check
+CVE-2011-5264 (Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the ...)
+ TODO: check
+CVE-2011-5263 (Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in ...)
+ TODO: check
+CVE-2011-5262 (SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail ...)
+ TODO: check
+CVE-2011-5261 (Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis ...)
+ TODO: check
+CVE-2011-5260 (Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP ...)
+ TODO: check
+CVE-2011-5259 (SQL injection vulnerability in lib/controllers/CentralController.php ...)
+ TODO: check
+CVE-2011-5258 (Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM ...)
+ TODO: check
+CVE-2011-5257 (Multiple cross-site scripting (XSS) vulnerabilities in the Classipress ...)
+ TODO: check
+CVE-2011-5256 (Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey ...)
+ TODO: check
CVE-2013-1656
RESERVED
CVE-2013-1655
@@ -69,8 +103,10 @@
- mysql-5.5 <unfixed> (bug #699886)
CVE-2013-1622
REJECTED
+ {DSA-2622-1}
- polarssl 1.1.4-2 (bug #699887)
CVE-2013-1621 (Array index error in the SSL module in PolarSSL before 1.2.5 might ...)
+ {DSA-2622-1}
- polarssl 1.1.4-2 (bug #699887)
CVE-2013-1620 (The TLS implementation in Mozilla Network Security Services (NSS) does ...)
- nss <unfixed> (bug #699888)
@@ -473,14 +509,11 @@
RESERVED
CVE-2013-1456
RESERVED
-CVE-2013-1455
- RESERVED
+CVE-2013-1455 (Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive ...)
- joomla <itp> (bug #571794)
-CVE-2013-1454
- RESERVED
+CVE-2013-1454 (Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive ...)
- joomla <itp> (bug #571794)
-CVE-2013-1453
- RESERVED
+CVE-2013-1453 (Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers ...)
- joomla <itp> (bug #571794)
CVE-2013-1452
RESERVED
@@ -691,34 +724,25 @@
RESERVED
CVE-2013-1375
RESERVED
-CVE-2013-1374
- RESERVED
+CVE-2013-1374 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-1373
- RESERVED
+CVE-2013-1373 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-1372
- RESERVED
+CVE-2013-1372 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1371
RESERVED
-CVE-2013-1370
- RESERVED
+CVE-2013-1370 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-1369
- RESERVED
+CVE-2013-1369 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-1368
- RESERVED
+CVE-2013-1368 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-1367
- RESERVED
+CVE-2013-1367 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-1366
- RESERVED
+CVE-2013-1366 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-1365
- RESERVED
+CVE-2013-1365 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2012-6110 [bcron file descriptors not closed]
RESERVED
@@ -828,8 +852,8 @@
RESERVED
CVE-2013-1314
RESERVED
-CVE-2013-1313
- RESERVED
+CVE-2013-1313 (Object Linking and Embedding (OLE) Automation in Microsoft Windows XP ...)
+ TODO: check
CVE-2013-1312
RESERVED
CVE-2013-1311
@@ -892,74 +916,74 @@
RESERVED
CVE-2013-1282
RESERVED
-CVE-2013-1281
- RESERVED
-CVE-2013-1280
- RESERVED
-CVE-2013-1279
- RESERVED
-CVE-2013-1278
- RESERVED
-CVE-2013-1277
- RESERVED
-CVE-2013-1276
- RESERVED
-CVE-2013-1275
- RESERVED
-CVE-2013-1274
- RESERVED
-CVE-2013-1273
- RESERVED
-CVE-2013-1272
- RESERVED
-CVE-2013-1271
- RESERVED
-CVE-2013-1270
- RESERVED
-CVE-2013-1269
- RESERVED
-CVE-2013-1268
- RESERVED
-CVE-2013-1267
- RESERVED
-CVE-2013-1266
- RESERVED
-CVE-2013-1265
- RESERVED
-CVE-2013-1264
- RESERVED
-CVE-2013-1263
- RESERVED
-CVE-2013-1262
- RESERVED
-CVE-2013-1261
- RESERVED
-CVE-2013-1260
- RESERVED
-CVE-2013-1259
- RESERVED
-CVE-2013-1258
- RESERVED
-CVE-2013-1257
- RESERVED
-CVE-2013-1256
- RESERVED
-CVE-2013-1255
- RESERVED
-CVE-2013-1254
- RESERVED
-CVE-2013-1253
- RESERVED
-CVE-2013-1252
- RESERVED
-CVE-2013-1251
- RESERVED
-CVE-2013-1250
- RESERVED
-CVE-2013-1249
- RESERVED
-CVE-2013-1248
- RESERVED
+CVE-2013-1281 (The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and ...)
+ TODO: check
+CVE-2013-1280 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...)
+ TODO: check
+CVE-2013-1279 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, ...)
+ TODO: check
+CVE-2013-1278 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, ...)
+ TODO: check
+CVE-2013-1277 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1276 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1275 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1274 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1273 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1272 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1271 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1270 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1269 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1268 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1267 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1266 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1265 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1264 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1263 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1262 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1261 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1260 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1259 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1258 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1257 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1256 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1255 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1254 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1253 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1252 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1251 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1250 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1249 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-1248 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
CVE-2012-6501 (The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) ...)
NOT-FOR-US: HP PKI ActiveX
CVE-2012-6500 (Directory traversal vulnerability in download.lib.php in Pragyan CMS ...)
@@ -2388,39 +2412,31 @@
RESERVED
CVE-2013-0650
RESERVED
-CVE-2013-0649
- RESERVED
+CVE-2013-0649 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0648
RESERVED
-CVE-2013-0647
- RESERVED
+CVE-2013-0647 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0646
RESERVED
-CVE-2013-0645
- RESERVED
+CVE-2013-0645 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-0644
- RESERVED
+CVE-2013-0644 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0643
RESERVED
-CVE-2013-0642
- RESERVED
+CVE-2013-0642 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0641
RESERVED
CVE-2013-0640
RESERVED
-CVE-2013-0639
- RESERVED
+CVE-2013-0639 (Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-0638
- RESERVED
+CVE-2013-0638 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-0637
- RESERVED
+CVE-2013-0637 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0636
RESERVED
@@ -3411,16 +3427,14 @@
RESERVED
CVE-2013-0278
RESERVED
-CVE-2013-0277 [Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0]
- RESERVED
+CVE-2013-0277 (Active Record in Ruby on Rails 3.x before 3.1.0 and 2.3.x before ...)
{DSA-2620-1}
- ruby-activerecord-2.3 <unfixed>
- rails 2.3.14.1
NOTE: According to advisory 3.1.0 and above are not affected, check?
NOTE: Starting with 2.3.14.1 rails is a transition package
TODO: check and report to BTS
-CVE-2013-0276 [Circumvention of attr_protected]
- RESERVED
+CVE-2013-0276 (ActiveRecord in Ruby on Rails 3.2.x before 3.2.12, 3.1.x before ...)
{DSA-2620-1}
- ruby-activerecord-3.2 <unfixed>
- ruby-activemodel-3.2 3.2.6-3
@@ -3446,8 +3460,7 @@
RESERVED
- keystone <unfixed> (bug #700240)
NOTE: https://bugs.launchpad.net/keystone/+bug/1099025
-CVE-2013-0269 [DoS and Unsafe Object Creation Vulnerability in JSON]
- RESERVED
+CVE-2013-0269 (The JSON gem 1.7.x before 1.7.7, 1.6.x before 1.6.8, and 1.5.x before ...)
- ruby-json 1.7.3-3 (bug #700436)
- libjson-ruby <removed>
CVE-2013-0268
@@ -3458,8 +3471,7 @@
RESERVED
CVE-2013-0266
RESERVED
-CVE-2013-0265 [xnbd: CWE-61]
- RESERVED
+CVE-2013-0265 (The redirect_stderr function in xnbd_common.c in xnbd-server and ...)
- xnbd 0.1.0-pre-hg20-e75b93a47722-3 (low)
NOTE: http://seclists.org/oss-sec/2013/q1/248
CVE-2013-0264
@@ -3491,8 +3503,7 @@
- ruby1.8 <not-affected> (Only affects 1.9 and 2.0)
NOTE: http://marc.info/?l=oss-security&m=136021623726440&w=2
NOTE: https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60
-CVE-2013-0255
- RESERVED
+CVE-2013-0255 (PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before ...)
- postgresql-9.1 9.1.8-1
- postgresql-8.4 8.4.16-1
CVE-2013-0254 (The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before ...)
@@ -3542,8 +3553,7 @@
[wheezy] - eglibc <no-dsa> (Minor issue)
[squeeze] - eglibc <no-dsa> (Minor issue)
NOTE: http://seclists.org/oss-sec/2013/q1/202
-CVE-2013-0241 [qxl: synchronous io guest DoS]
- RESERVED
+CVE-2013-0241 (The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to ...)
- xserver-xorg-video-qxl <unfixed> (bug #699396)
NOTE: http://seclists.org/oss-sec/2013/q1/204
TODO: check
@@ -3554,8 +3564,7 @@
CVE-2013-0239
RESERVED
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
-CVE-2013-0238 [ircd-hybrid: denial of service in try_parse_v4_netmask]
- RESERVED
+CVE-2013-0238 (The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before ...)
{DSA-2618-1}
- ircd-hybrid 1:7.2.2.dfsg.2-10 (bug #699267; high)
[squeeze] - ircd-hybrid 7.2.2.dfsg.2-6.2+squeeze1
@@ -3588,8 +3597,7 @@
- zoneminder 1.25.0-4 (bug #698910)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=904103
NOTE: Upstream forum post: http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771
-CVE-2013-0231
- RESERVED
+CVE-2013-0231 (The pciback_enable_msi function in the PCI backend driver ...)
- linux <unfixed>
- linux-2.6 <removed>
CVE-2013-0230 (Stack-based buffer overflow in the ExecuteSoapAction function in the ...)
@@ -3719,8 +3727,7 @@
NOT-FOR-US: Simple Machines Forum
CVE-2013-0188
RESERVED
-CVE-2013-0190
- RESERVED
+CVE-2013-0190 (The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 ...)
- linux <unfixed>
- linux-2.6 <removed>
CVE-2013-0189 (cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and ...)
@@ -3792,6 +3799,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=893450
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720
CVE-2013-0169 (The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as ...)
+ {DSA-2622-1 DSA-2621-1}
- openssl 1.0.1e-1 (bug #699889)
- bouncycastle <unfixed> (bug #699885)
- mysql-5.1 <unfixed>
@@ -3807,6 +3815,7 @@
CVE-2013-0167
RESERVED
CVE-2013-0166 (OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d ...)
+ {DSA-2621-1}
- openssl 1.0.1e-1 (bug #699889)
CVE-2013-0165
RESERVED
@@ -3861,8 +3870,7 @@
CVE-2013-0153
RESERVED
- xen 4.1.4-2
-CVE-2013-0152
- RESERVED
+CVE-2013-0152 (Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a ...)
- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
CVE-2013-0151
RESERVED
@@ -4578,8 +4586,7 @@
- inkscape 0.48.3.1-1.3 (low; bug #654341)
[squeeze] - inkscape <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/inkscape/+bug/911146
-CVE-2012-6075 [qemu e1000 emulated device guest-side buffer overflow]
- RESERVED
+CVE-2012-6075 (Buffer overflow in the e1000_receive function in the e1000 device ...)
{DSA-2619-1 DSA-2608-1 DSA-2607-1}
- qemu 1.1.2+dfsg-4 (bug #696051)
- qemu-kvm 1.1.2+dfsg-4 (bug #696051)
@@ -4720,16 +4727,16 @@
RESERVED
CVE-2013-0078
RESERVED
-CVE-2013-0077
- RESERVED
-CVE-2013-0076
- RESERVED
-CVE-2013-0075
- RESERVED
+CVE-2013-0077 (Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server ...)
+ TODO: check
+CVE-2013-0076 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows ...)
+ TODO: check
+CVE-2013-0075 (The TCP/IP implementation in Microsoft Windows Vista SP2, Windows ...)
+ TODO: check
CVE-2013-0074
RESERVED
-CVE-2013-0073
- RESERVED
+CVE-2013-0073 (The Windows Forms (aka WinForms) component in Microsoft .NET Framework ...)
+ TODO: check
CVE-2013-0072
RESERVED
CVE-2013-0071
@@ -4814,38 +4821,38 @@
RESERVED
CVE-2013-0031
RESERVED
-CVE-2013-0030
- RESERVED
-CVE-2013-0029
- RESERVED
-CVE-2013-0028
- RESERVED
-CVE-2013-0027
- RESERVED
-CVE-2013-0026
- RESERVED
-CVE-2013-0025
- RESERVED
-CVE-2013-0024
- RESERVED
-CVE-2013-0023
- RESERVED
-CVE-2013-0022
- RESERVED
-CVE-2013-0021
- RESERVED
-CVE-2013-0020
- RESERVED
-CVE-2013-0019
- RESERVED
-CVE-2013-0018
- RESERVED
+CVE-2013-0030 (The Vector Markup Language (VML) implementation in Microsoft Internet ...)
+ TODO: check
+CVE-2013-0029 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+ TODO: check
+CVE-2013-0028 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+ TODO: check
+CVE-2013-0027 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+ TODO: check
+CVE-2013-0026 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
+ TODO: check
+CVE-2013-0025 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...)
+ TODO: check
+CVE-2013-0024 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 ...)
+ TODO: check
+CVE-2013-0023 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...)
+ TODO: check
+CVE-2013-0022 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
+ TODO: check
+CVE-2013-0021 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+ TODO: check
+CVE-2013-0020 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
+ TODO: check
+CVE-2013-0019 (Use-after-free vulnerability in Microsoft Internet Explorer 7 through ...)
+ TODO: check
+CVE-2013-0018 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+ TODO: check
CVE-2013-0017
RESERVED
CVE-2013-0016
RESERVED
-CVE-2013-0015
- RESERVED
+CVE-2013-0015 (Microsoft Internet Explorer 6 through 9 does not properly perform ...)
+ TODO: check
CVE-2013-0014
RESERVED
CVE-2013-0013 (The SSL provider component in Microsoft Windows Vista SP2, Windows ...)
More information about the Secure-testing-commits
mailing list