[Secure-testing-commits] r21425 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Feb 25 21:14:27 UTC 2013
Author: joeyh
Date: 2013-02-25 21:14:27 +0000 (Mon, 25 Feb 2013)
New Revision: 21425
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-02-25 21:05:54 UTC (rev 21424)
+++ data/CVE/list 2013-02-25 21:14:27 UTC (rev 21425)
@@ -1,3 +1,7 @@
+CVE-2013-2268 (Unspecified vulnerability in the MathML implementation in WebKit in ...)
+ TODO: check
+CVE-2012-6534
+ RESERVED
CVE-2013-XXXX [monkey: world-readable logdir]
TODO: check
NOTE: http://www.openwall.com/lists/oss-security/2013/02/24/5
@@ -1234,8 +1238,8 @@
RESERVED
CVE-2013-1660
RESERVED
-CVE-2013-1659
- RESERVED
+CVE-2013-1659 (VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and ...)
+ TODO: check
CVE-2013-1658
RESERVED
CVE-2013-1657
@@ -2935,74 +2939,52 @@
RESERVED
CVE-2013-0901
RESERVED
-CVE-2013-0900
- RESERVED
+CVE-2013-0900 (Race condition in the International Components for Unicode (ICU) ...)
- chromium-browser 25.0.1364.97-1
- icu <unfixed>
-CVE-2013-0899
- RESERVED
+CVE-2013-0899 (Integer overflow in the padding implementation in the ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0898
- RESERVED
+CVE-2013-0898 (Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0897
- RESERVED
+CVE-2013-0897 (Off-by-one error in the PDF functionality in Google Chrome before ...)
- chromium-browser <not-affected> (PDF viewer not included in Chromium)
-CVE-2013-0896
- RESERVED
+CVE-2013-0896 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0895
- RESERVED
+CVE-2013-0895 (Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0894
- RESERVED
+CVE-2013-0894 (Buffer overflow in the vorbis_parse_setup_hdr_floors function in the ...)
- chromium-browser 25.0.1364.97-1
- ffmpeg <removed>
- libav <unfixed>
-CVE-2013-0893
- RESERVED
+CVE-2013-0893 (Race condition in Google Chrome before 25.0.1364.97 on Windows and ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0892
- RESERVED
+CVE-2013-0892 (Multiple unspecified vulnerabilities in the IPC layer in Google Chrome ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0891
- RESERVED
+CVE-2013-0891 (Integer overflow in Google Chrome before 25.0.1364.97 on Windows and ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0890
- RESERVED
+CVE-2013-0890 (Multiple unspecified vulnerabilities in the IPC layer in Google Chrome ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0889
- RESERVED
+CVE-2013-0889 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0888
- RESERVED
+CVE-2013-0888 (Skia, as used in Google Chrome before 25.0.1364.97 on Windows and ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0887
- RESERVED
+CVE-2013-0887 (The developer-tools process in Google Chrome before 25.0.1364.97 on ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0886
- RESERVED
+CVE-2013-0886 (Google Chrome before 25.0.1364.99 on Mac OS X does not properly ...)
- chromium-browser <unfixed>
-CVE-2013-0885
- RESERVED
+CVE-2013-0885 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0884
- RESERVED
+CVE-2013-0884 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0883
- RESERVED
+CVE-2013-0883 (Skia, as used in Google Chrome before 25.0.1364.97 on Windows and ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0882
- RESERVED
+CVE-2013-0882 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0881
- RESERVED
+CVE-2013-0881 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0880
- RESERVED
+CVE-2013-0880 (Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on ...)
- chromium-browser 25.0.1364.97-1
-CVE-2013-0879
- RESERVED
+CVE-2013-0879 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
- chromium-browser 25.0.1364.97-1
CVE-2013-0878
RESERVED
@@ -3155,8 +3137,8 @@
RESERVED
CVE-2013-0805
RESERVED
-CVE-2013-0804
- RESERVED
+CVE-2013-0804 (The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before ...)
+ TODO: check
CVE-2013-0803
RESERVED
CVE-2012-6497 (The Authlogic gem for Ruby on Rails, when used with certain versions ...)
@@ -3203,13 +3185,11 @@
RESERVED
CVE-2013-0787
RESERVED
-CVE-2013-0786 [information leak flaws]
- RESERVED
+CVE-2013-0786 (The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <no-dsa> (Minor issue)
- bugzilla4 <itp> (bug #669643)
-CVE-2013-0785 [XSS flaws]
- RESERVED
+CVE-2013-0785 (Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <no-dsa> (Minor issue)
- bugzilla4 <itp> (bug #669643)
@@ -4090,8 +4070,8 @@
NOT-FOR-US: IBM
CVE-2013-0466 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Message ...)
NOT-FOR-US: IBM
-CVE-2013-0465
- RESERVED
+CVE-2013-0465 (Unspecified vulnerability in the IBM WebSphere Cast Iron physical and ...)
+ TODO: check
CVE-2013-0464
RESERVED
CVE-2013-0463
@@ -4323,8 +4303,8 @@
RESERVED
CVE-2012-6327
RESERVED
-CVE-2012-6326
- RESERVED
+CVE-2012-6326 (VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and ...)
+ TODO: check
CVE-2012-6325 (VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not ...)
NOT-FOR-US: VMware vCenter Server Appliance
CVE-2012-6324 (Directory traversal vulnerability in VMware vCenter Server Appliance ...)
@@ -4915,8 +4895,7 @@
[wheezy] - curl 7.26.0-1+wheezy1
CVE-2013-0248
RESERVED
-CVE-2013-0247 [Keystone denial of service through invalid token requests]
- RESERVED
+CVE-2013-0247 (OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and ...)
- keystone 2012.1.1-12 (bug #699835)
CVE-2013-0246 [Access bypass Image module - Drupal 7]
RESERVED
@@ -5012,11 +4991,9 @@
RESERVED
- coreutils <not-affected> (Affected patch not added to Debian package)
NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14
-CVE-2013-0220
- RESERVED
+CVE-2013-0220 (The (1) sss_autofs_cmd_getautomntent and (2) ...)
- sssd <unfixed> (bug #698871)
-CVE-2013-0219
- RESERVED
+CVE-2013-0219 (System Security Services Daemon (SSSD) before 1.9.4, when (1) ...)
- sssd <unfixed> (bug #698871)
CVE-2013-0218 (The GUI installer in JBoss Enterprise Application Platform (EAP) and ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
@@ -5037,8 +5014,7 @@
CVE-2013-0213 (The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, ...)
{DSA-2617-1}
- samba 2:3.6.6-5
-CVE-2013-0212 [Backend password leak in Glance error message]
- RESERVED
+CVE-2013-0212 (store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) ...)
- glance 2012.1.1-4
CVE-2013-0211
RESERVED
@@ -5210,8 +5186,7 @@
- openssl 1.0.1e-1 (bug #699889)
CVE-2013-0165
RESERVED
-CVE-2013-0164
- RESERVED
+CVE-2013-0164 (The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in ...)
NOT-FOR-US: OpenShift
CVE-2013-0163
RESERVED
@@ -5229,8 +5204,7 @@
CVE-2013-0159
RESERVED
NOT-FOR-US: Fedora build script
-CVE-2013-0158 [possible remote code execution]
- RESERVED
+CVE-2013-0158 (Unspecified vulnerability in CloudBees Jenkins before 1.498, Jenkins ...)
- jenkins 1.480.2+dfsg-1~exp1 (bug #697617)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
CVE-2013-0157 [mount discloses information about existence of folders]
@@ -5326,12 +5300,12 @@
RESERVED
CVE-2013-0121
RESERVED
-CVE-2013-0120
- RESERVED
+CVE-2013-0120 (The web interface on Dell PowerConnect 6248P switches allows remote ...)
+ TODO: check
CVE-2013-0119
RESERVED
-CVE-2013-0118
- RESERVED
+CVE-2013-0118 (CS-Cart before 3.0.6, when PayPal Standard Payments is configured, ...)
+ TODO: check
CVE-2013-0117
RESERVED
CVE-2013-0116
@@ -5340,8 +5314,8 @@
RESERVED
CVE-2013-0114
RESERVED
-CVE-2013-0113
- RESERVED
+CVE-2013-0113 (Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers ...)
+ TODO: check
CVE-2013-0112
RESERVED
CVE-2013-0111
@@ -5350,8 +5324,8 @@
RESERVED
CVE-2013-0109
RESERVED
-CVE-2013-0108
- RESERVED
+CVE-2013-0108 (An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise ...)
+ TODO: check
CVE-2013-0107 (Stack-based buffer overflow in Foxit Advanced PDF Editor 3 before 3.04 ...)
NOT-FOR-US: Foxit Advanced PDF Editor
CVE-2013-0106
@@ -5467,12 +5441,12 @@
RESERVED
CVE-2012-6276 (Directory traversal vulnerability in the web-based management ...)
NOT-FOR-US: TP-LINK TL-WR841N
-CVE-2012-6275
- RESERVED
-CVE-2012-6274
- RESERVED
-CVE-2012-6273
- RESERVED
+CVE-2012-6275 (Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft ...)
+ TODO: check
+CVE-2012-6274 (BigAntSoft BigAnt IM Message Server does not require authentication ...)
+ TODO: check
+CVE-2012-6273 (SQL injection vulnerability in BigAntSoft BigAnt IM Message Server ...)
+ TODO: check
CVE-2012-6272 (Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage ...)
NOT-FOR-US: Dell OpenManage Server Administrator
CVE-2012-6271 (Adobe Shockwave Player through 11.6.8.638 allows remote attackers to ...)
@@ -5764,8 +5738,7 @@
RESERVED
- transmission 2.52-3+nmu1 (bug #700234)
[squeeze] - transmission <not-affected> (UTP code not present)
-CVE-2012-6128 [openconnect buffer overflow in processing certain headers]
- RESERVED
+CVE-2012-6128 (Multiple stack-based buffer overflows in http.c in OpenConnect before ...)
{DSA-2623-1}
- openconnect 3.20-3 (bug #700794)
NOTE: http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491
@@ -5790,8 +5763,7 @@
RESERVED
- chicken <unfixed>
[squeeze] - chicken <no-dsa> (Minor issue)
-CVE-2012-6121 [Cross-site scripting (XSS) in vbscript: and data:text URL handling]
- RESERVED
+CVE-2012-6121 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...)
- roundcube <not-affected> (vulnerable code not in stable or testing)
NOTE: http://trac.roundcube.net/ticket/1488850
NOTE: Upstream patch: https://github.com/roundcube/roundcubemail/commit/74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba
@@ -5901,8 +5873,7 @@
CVE-2012-6094
RESERVED
- cups <not-affected> (systemd patch not applied in Debian, see bug #697584)
-CVE-2012-6093 [QSslSocket may report incorrect errors when certificate verification fails]
- RESERVED
+CVE-2012-6093 (The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before ...)
- qt4-x11 <not-affected> (Only affects environments where a different OpenSSL is used, doesn't apply to Debian; bug #697582)
NOTE: http://lists.qt-project.org/pipermail/announce/2013-January/000020.html
NOTE: https://codereview.qt-project.org/#change,42461
@@ -5989,18 +5960,15 @@
- qemu-kvm 1.1.2+dfsg-4 (bug #696051)
- xen 4.1.3-8
NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/1
-CVE-2012-6074 [cross-site scripting vulnerability]
- RESERVED
+CVE-2012-6074 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
- jenkins 1.447.2+dfsg-3 (bug #696816)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
-CVE-2012-6073 [open redirect]
- RESERVED
+CVE-2012-6073 (Open redirect vulnerability in CloudBees Jenkins before 1.491, Jenkins ...)
- jenkins 1.447.2+dfsg-3 (bug #696816)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
-CVE-2012-6072 [HTTP response splitting]
- RESERVED
+CVE-2012-6072 (CRLF injection vulnerability in CloudBees Jenkins before 1.491, ...)
- jenkins 1.447.2+dfsg-3 (bug #696816)
- jenkins-winstone 0.9.10-jenkins-37+dfsg-2 (bug #696974)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
@@ -7281,8 +7249,7 @@
CVE-2012-5659
RESERVED
NOT-FOR-US: abrt is Red Hat / Fedora specific
-CVE-2012-5658
- RESERVED
+CVE-2012-5658 (rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug ...)
NOT-FOR-US: OpenShift
CVE-2012-5657 [zendframework: information disclosure flaw ZF2012-05]
RESERVED
@@ -7317,11 +7284,9 @@
- couchdb 1.2.0-5 (bug #698439)
CVE-2012-5648
RESERVED
-CVE-2012-5647
- RESERVED
+CVE-2012-5647 (Open redirect vulnerability in node-util/www/html/restorer.php in Red ...)
NOT-FOR-US: OpenShift
-CVE-2012-5646
- RESERVED
+CVE-2012-5646 (node-util/www/html/restorer.php in the Red Hat OpenShift Origin before ...)
NOT-FOR-US: OpenShift
CVE-2012-5645
RESERVED
@@ -7388,8 +7353,7 @@
RESERVED
CVE-2012-5625 (OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when ...)
- nova <not-affected> (Only affects OpenStack Folsom, bug #695830)
-CVE-2012-5624 [qt QML XmlHttpRequest insecure redirection]
- RESERVED
+CVE-2012-5624 (The XMLHttpRequest object in Qt before 4.8.4 enables http redirection ...)
- qt4-x11 4:4.8.2+dfsg-7 (bug #695156)
[squeeze] - qt4-x11 <not-affected> (Vulnerable code not present)
NOTE: http://lists.qt-project.org/pipermail/announce/2012-November/000014.html
@@ -8160,8 +8124,8 @@
- phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see #691728)
CVE-2012-5338
RESERVED
-CVE-2012-5337
- RESERVED
+CVE-2012-5337 (Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in ...)
+ TODO: check
CVE-2012-5336
RESERVED
CVE-2012-5335 (Directory traversal vulnerability in Tiny Server 1.1.5 allows remote ...)
@@ -9813,16 +9777,16 @@
RESERVED
CVE-2012-4709
RESERVED
-CVE-2012-4708
- RESERVED
-CVE-2012-4707
- RESERVED
-CVE-2012-4706
- RESERVED
-CVE-2012-4705
- RESERVED
-CVE-2012-4704
- RESERVED
+CVE-2012-4708 (Stack-based buffer overflow in 3S CODESYS Gateway-Server before ...)
+ TODO: check
+CVE-2012-4707 (3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to ...)
+ TODO: check
+CVE-2012-4706 (Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 ...)
+ TODO: check
+CVE-2012-4705 (Directory traversal vulnerability in 3S CODESYS Gateway-Server before ...)
+ TODO: check
+CVE-2012-4704 (Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows ...)
+ TODO: check
CVE-2012-4703
RESERVED
CVE-2012-4702
@@ -15089,8 +15053,7 @@
CVE-2012-2698 (Cross-site scripting (XSS) vulnerability in the outputPage function in ...)
[squeeze] - mediawiki <not-affected> (bug #677895; only affects experimental version 1.9.0)
- mediawiki 1:1.19.1-1
-CVE-2012-2697 [denial of service when using an LDAP-based automount map]
- RESERVED
+CVE-2012-2697 (Unspecified vulnerability in autofs, as used in Red Hat Enterprise ...)
TODO: check, probably NFU (as description mentions RedHat patch)
CVE-2012-2696 (The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) ...)
NOT-FOR-US: Red Hat Enterprise Virtualisation
@@ -20838,8 +20801,8 @@
- bugzilla <removed> (low)
- bugzilla4 <itp> (bug #669643)
[squeeze] - bugzilla <no-dsa> (Minor issue)
-CVE-2012-0439
- RESERVED
+CVE-2012-0439 (An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 ...)
+ TODO: check
CVE-2012-0438
RESERVED
CVE-2012-0437
More information about the Secure-testing-commits
mailing list