[Secure-testing-commits] r21343 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Feb 19 21:14:40 UTC 2013 

Author: joeyh
Date: 2013-02-19 21:14:40 +0000 (Tue, 19 Feb 2013)
New Revision: 21343

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-02-19 19:27:42 UTC (rev 21342)
+++ data/CVE/list	2013-02-19 21:14:40 UTC (rev 21343)
@@ -1,4 +1,35 @@
+CVE-2013-1761
+	RESERVED
+CVE-2013-1760
+	RESERVED
+CVE-2013-1759
+	RESERVED
+CVE-2013-1758
+	RESERVED
+CVE-2013-1757
+	RESERVED
+CVE-2013-1756
+	RESERVED
+CVE-2013-1755
+	RESERVED
+CVE-2013-1754
+	RESERVED
+CVE-2013-1753
+	RESERVED
+CVE-2013-1752
+	RESERVED
+CVE-2013-1751
+	RESERVED
+CVE-2013-1750
+	RESERVED
+CVE-2013-1749
+	RESERVED
+CVE-2013-1748
+	RESERVED
+CVE-2012-6533 (Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and ...)
+	TODO: check
 CVE-2013-1747
+	RESERVED
 	- ngircd <not-affected> (Vulnerable version was only in experimental, introduced in 20.1-1~exp1 and fixed in 20.2-1~exp1)
 CVE-2011-XXXX [local file inclusion vulnerability]
 	- zoneminder 1.25.0-1 (bug #700912)
@@ -1939,8 +1970,7 @@
 	RESERVED
 CVE-2013-0872
 	RESERVED
-CVE-2013-0871 [PTRACE_SETREGS kernel-mode stack modification race condition]
-	RESERVED
+CVE-2013-0871 (Race condition in the ptrace functionality in the Linux kernel before ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 CVE-2013-0870
@@ -3654,20 +3684,16 @@
 	- ganglia-web <unfixed> (bug #700159)
 	NOTE: https://github.com/ganglia/ganglia-web/commit/31d348947419058c43b8dfcd062e2988abd5058e
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=892823
-CVE-2013-0274 [Crash when receiving a UPnP response with abnormally long values]
-	RESERVED
+CVE-2013-0274 (upnp.c in libpurple in Pidgin before 2.10.7 does not properly ...)
 	- pidgin 2.10.6-3
 	NOTE: http://www.pidgin.im/news/security/?id=68
-CVE-2013-0273 [Meanwhile protocol missing nul termination of long Lotus Sametime usernames]
-	RESERVED
+CVE-2013-0273 (sametime.c in the Sametime protocol plugin in libpurple in Pidgin ...)
 	- pidgin 2.10.6-3
 	NOTE: http://pidgin.im/news/security/?id=67
-CVE-2013-0272 [MXit protocol stack-based buffer overflow when processing HTTP headers]
-	RESERVED
+CVE-2013-0272 (Buffer overflow in http.c in the MXit protocol plugin in libpurple in ...)
 	- pidgin 2.10.6-3
 	NOTE: http://pidgin.im/news/security/?id=66
-CVE-2013-0271 [MXit protocol insufficient sanitization of saved image file names]
-	RESERVED
+CVE-2013-0271 (The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might ...)
 	- pidgin 2.10.6-3
 	NOTE: http://pidgin.im/news/security/?id=65
 CVE-2013-0270 [Large HTTP request DoS]
@@ -3677,8 +3703,7 @@
 CVE-2013-0269 (The JSON gem 1.7.x before 1.7.7, 1.6.x before 1.6.8, and 1.5.x before ...)
 	- ruby-json 1.7.3-3 (bug #700436)
 	- libjson-ruby <removed>
-CVE-2013-0268
-	RESERVED
+CVE-2013-0268 (The msr_open function in arch/x86/kernel/msr.c in the Linux kernel ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 CVE-2013-0267
@@ -3850,12 +3875,10 @@
 	- sssd <unfixed> (bug #698871)
 CVE-2013-0218 (The GUI installer in JBoss Enterprise Application Platform (EAP) and ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
-CVE-2013-0217
-	RESERVED
+CVE-2013-0217 (Memory leak in drivers/net/xen-netback/netback.c in the Xen netback ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
-CVE-2013-0216
-	RESERVED
+CVE-2013-0216 (The Xen netback functionality in the Linux kernel before 3.7.8 allows ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 CVE-2013-0215
@@ -4044,8 +4067,7 @@
 CVE-2013-0161
 	RESERVED
 	NOT-FOR-US: Havalite CMS
-CVE-2013-0160 [/dev/ptmx to measure inter-keystroke timing]
-	RESERVED
+CVE-2013-0160 (The Linux kernel through 3.7.9 allows local users to obtain sensitive ...)
 	- linux <unfixed> (unimportant)
 	- linux-2.6 <removed> (unimportant)
 	NOTE: Minor information leak, rather a missing hardening feature than a security vulnerability.
@@ -6850,13 +6872,11 @@
 	- webcalendar <removed>
 CVE-2012-5376 (The Inter-process Communication (IPC) implementation in Google Chrome ...)
 	- chromium-browser 22.0.1229.94~r161065-1
-CVE-2012-5375
-	RESERVED
+CVE-2012-5375 (The CRC32C feature in the Btrfs implementation in the Linux kernel ...)
 	- linux <unfixed> (low)
 	- linux-2.6 <unfixed> (unimportant)
 	NOTE: btrfs support in Squeeze is just a tech preview
-CVE-2012-5374
-	RESERVED
+CVE-2012-5374 (The CRC32C feature in the Btrfs implementation in the Linux kernel ...)
 	- linux <unfixed> (low)
 	- linux-2.6 <unfixed> (unimportant)
 	NOTE: btrfs support in Squeeze is just a tech preview
@@ -7292,10 +7312,10 @@
 	RESERVED
 CVE-2012-5200
 	RESERVED
-CVE-2012-5199
-	RESERVED
-CVE-2012-5198
-	RESERVED
+CVE-2012-5199 (Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and ...)
+	TODO: check
+CVE-2012-5198 (Unspecified vulnerability in HP ArcSight Connector Appliance before ...)
+	TODO: check
 CVE-2011-5202 (BazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a ...)
 	NOT-FOR-US: WinCDEmu
 CVE-2012-5197 (Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and ...)
@@ -9234,8 +9254,7 @@
 	NOT-FOR-US: Joomla addon
 CVE-2012-4531 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 ...)
 	- joomla <itp> (bug #571794)
-CVE-2012-4530 [kernel: stack disclosure in binfmt_script load_script()]
-	RESERVED
+CVE-2012-4530 (The load_script function in fs/binfmt_script.c in the Linux kernel ...)
 	- linux 3.2.35-1
 	- linux-2.6 <removed>
 CVE-2012-4529
@@ -9639,8 +9658,7 @@
 	- cakephp <not-affected> (Does not affect 1.3)
 	NOTE: http://seclists.org/bugtraq/2012/Jul/101
 	NOTE: http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1
-CVE-2012-4398
-	RESERVED
+CVE-2012-4398 (The __request_module function in kernel/kmod.c in the Linux kernel ...)
 	- linux 3.2.35-1 (low)
 	- linux-2.6 <removed>
 CVE-2012-4397 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
@@ -9778,10 +9796,10 @@
 	NOT-FOR-US: Sielco Sistemi Winlog SCADA
 CVE-2012-4353 (Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog ...)
 	NOT-FOR-US: Sielco Sistemi Winlog SCADA
-CVE-2012-4352
-	RESERVED
-CVE-2012-4351
-	RESERVED
+CVE-2012-4352 (Multiple cross-site scripting (XSS) vulnerabilities in Stoneware ...)
+	TODO: check
+CVE-2012-4351 (Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and ...)
+	TODO: check
 CVE-2012-4350 (Multiple unquoted Windows search path vulnerabilities in the (1) ...)
 	NOT-FOR-US: Symantec Enterprise Security Manager
 CVE-2012-4349 (Unquoted Windows search path vulnerability in Symantec Network Access ...)
@@ -12522,8 +12540,8 @@
 	NOT-FOR-US: VMware
 CVE-2012-3287 (Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and ...)
 	NOT-FOR-US: md5crypt
-CVE-2012-3286
-	RESERVED
+CVE-2012-3286 (Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and ...)
+	TODO: check
 CVE-2012-3285 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance ...)
 	NOT-FOR-US: HP LeftHand Virtual SAN Appliance
 CVE-2012-3284 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance ...)

More information about the Secure-testing-commits mailing list