[Secure-testing-commits] r20846 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Jan 7 21:14:27 UTC 2013
Author: joeyh
Date: 2013-01-07 21:14:27 +0000 (Mon, 07 Jan 2013)
New Revision: 20846
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-01-07 19:57:22 UTC (rev 20845)
+++ data/CVE/list 2013-01-07 21:14:27 UTC (rev 20846)
@@ -1,9 +1,63 @@
+CVE-2013-0827
+ RESERVED
+CVE-2013-0826
+ RESERVED
+CVE-2013-0825
+ RESERVED
+CVE-2013-0824
+ RESERVED
+CVE-2013-0823
+ RESERVED
+CVE-2013-0822
+ RESERVED
+CVE-2013-0821
+ RESERVED
+CVE-2013-0820
+ RESERVED
+CVE-2013-0819
+ RESERVED
+CVE-2013-0818
+ RESERVED
+CVE-2013-0817
+ RESERVED
+CVE-2013-0816
+ RESERVED
+CVE-2013-0815
+ RESERVED
+CVE-2013-0814
+ RESERVED
+CVE-2013-0813
+ RESERVED
+CVE-2013-0812
+ RESERVED
+CVE-2013-0811
+ RESERVED
+CVE-2013-0810
+ RESERVED
+CVE-2013-0809
+ RESERVED
+CVE-2013-0808
+ RESERVED
+CVE-2013-0807
+ RESERVED
+CVE-2013-0806
+ RESERVED
+CVE-2013-0805
+ RESERVED
+CVE-2013-0804
+ RESERVED
+CVE-2013-0803
+ RESERVED
+CVE-2012-6497 (The Authlogic gem for Ruby on Rails, when used with certain versions ...)
+ TODO: check
+CVE-2012-6496 (SQL injection vulnerability in the Active Record component in Ruby on ...)
+ TODO: check
CVE-2013-XXXX [possible remote code execution]
- - jenkins <unfixed> (bug #697617)
+ - jenkins <unfixed> (bug #697617)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
NOTE: CVE requested on oss-security list
CVE-2013-XXXX [Possible symlink race when applying UserOwner]
- - proftpd-dfsg <unfixed> (bug #697524)
+ - proftpd-dfsg <unfixed> (bug #697524)
NOTE: CVE requested: http://www.openwall.com/lists/oss-security/2013/01/07/1
CVE-2013-0802
RESERVED
@@ -174,6 +228,7 @@
CVE-2013-0722
RESERVED
CVE-2012-6495 (Multiple directory traversal vulnerabilities in the (1) twikidraw ...)
+ {DSA-2593-1}
- moin 1.9.5-3
CVE-2012-6494
RESERVED
@@ -1012,8 +1067,8 @@
RESERVED
CVE-2012-6349
RESERVED
-CVE-2012-6348
- RESERVED
+CVE-2012-6348 (Centrify Deployment Manager 2.1.0.283, as distributed in Centrify ...)
+ TODO: check
CVE-2012-6347
RESERVED
CVE-2012-6346
@@ -1050,11 +1105,9 @@
RESERVED
CVE-2012-6331
RESERVED
-CVE-2012-6330
- RESERVED
+CVE-2012-6330 (The localization functionality in TWiki before 5.1.3, and Foswiki ...)
- foswiki <itp> (bug #509864)
-CVE-2012-6329
- RESERVED
+CVE-2012-6329 (The _compile function in Maketext.pm in the Locale::Maketext ...)
- foswiki <itp> (bug #509864)
CVE-2012-6328
RESERVED
@@ -2244,14 +2297,12 @@
RESERVED
CVE-2012-6091
RESERVED
-CVE-2012-6090 [pl: Possible buffer overflows when expanding file-names with long paths]
- RESERVED
+CVE-2012-6090 (Multiple stack-based buffer overflows in the expand function in ...)
- swi-prolog 5.10.4-5 (low; bug #697416)
[squeeze] - swi-prolog <no-dsa> (Minor issue)
NOTE: https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html
NOTE: http://www.swi-prolog.org/git/pl.git/commitdiff/b2c88972e7515ada025e97e7d3ce3e34f81cf33e
-CVE-2012-6089 [pl: Possible buffer overrun in patch canonisation code]
- RESERVED
+CVE-2012-6089 (Multiple stack-based buffer overflows in the canoniseFileName function ...)
- swi-prolog 5.10.4-5 (low; bug #697416)
[squeeze] - swi-prolog <no-dsa> (Minor issue)
NOTE: https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html
@@ -2798,12 +2849,10 @@
RESERVED
CVE-2012-5978 (Multiple directory traversal vulnerabilities in the (1) View ...)
NOT-FOR-US: VMware View
-CVE-2012-5977 [Denial of Service Through Exploitation of Device State Caching]
- RESERVED
+CVE-2012-5977 (Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and ...)
- asterisk <unfixed> (bug #697230)
NOTE: http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
-CVE-2012-5976 [Crashes due to large stack allocations when using TCP]
- RESERVED
+CVE-2012-5976 (Multiple stack consumption vulnerabilities in Asterisk Open Source ...)
- asterisk <unfixed> (bug #697230)
NOTE: http://downloads.digium.com/pub/security/AST-2012-014.pdf
CVE-2012-5975 (The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 ...)
@@ -3584,7 +3633,8 @@
CVE-2012-5665 (ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly ...)
- owncloud 4.0.8debian-1.3 (bug #696574)
[wheezy] - owncloud 4.0.4debian2-3.2
-CVE-2012-5664 (SQL injection vulnerability in the Authlogic gem for Ruby on Rails ...)
+CVE-2012-5664
+ REJECTED
{DSA-2597-1}
- ruby-activerecord-3.2 3.2.6-3
- ruby-activerecord-2.3 2.3.14-3
@@ -3773,14 +3823,12 @@
- owncloud 4.0.8debian-1.1 (bug #693990)
[wheezy] - owncloud 4.0.4debian2-3.1
NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
-CVE-2012-5605
- RESERVED
+CVE-2012-5605 (Grinder in Red Hat CloudForms before 1.1 uses world-writable ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2012-5604
RESERVED
NOT-FOR-US: Red Hat CloudForms
-CVE-2012-5603
- RESERVED
+CVE-2012-5603 (proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2012-5602
REJECTED
@@ -3830,8 +3878,7 @@
RESERVED
- opendnssec <not-affected> (eppclient not built in Debian package)
NOTE: http://lists.opendnssec.org/pipermail/opendnssec-user/2012-November/002296.html
-CVE-2012-5581 [libtiff: Stack based buffer overflow when handling DOTRANGE tags]
- RESERVED
+CVE-2012-5581 (Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 ...)
{DSA-2589-1}
- tiff 4.0.2-1 (bug #694693)
- tiff3 3.9.6-10
@@ -4010,8 +4057,7 @@
- linux <unfixed>
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2012-5516
- RESERVED
+CVE-2012-5516 (Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when ...)
NOT-FOR-US: Red Hat Enterprise Virtualisation Manager
CVE-2012-5515 (The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and ...)
{DSA-2582-1}
@@ -6583,8 +6629,7 @@
- kfreebsd-10 <unfixed> (bug #694098)
CVE-2012-4575 (The add_database function in objects.c in the pgbouncer pooler 1.5.2 ...)
- pgbouncer 1.5.2-4
-CVE-2012-4574
- RESERVED
+CVE-2012-4574 (Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2012-4573 (The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex ...)
- glance 2012.1.1-2 (bug #692641)
@@ -6634,11 +6679,9 @@
CVE-2012-4557 (The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through ...)
{DSA-2579-1}
- apache2 2.2.22-1
-CVE-2012-4556
- RESERVED
+CVE-2012-4556 (The token processing system (pki-tps) in Red Hat Certificate System ...)
NOT-FOR-US: Red Hat Certificate System
-CVE-2012-4555
- RESERVED
+CVE-2012-4555 (The token processing system (pki-tps) in Red Hat Certificate System ...)
NOT-FOR-US: Red Hat Certificate System
CVE-2012-4554 (The OpenID module in Drupal 7.x before 7.16 allows remote OpenID ...)
- drupal7 7.14-1.1 (bug #690817)
@@ -6653,11 +6696,9 @@
[squeeze] - plib <no-dsa> (Minor issue)
CVE-2012-4551 (Use-after-free vulnerability in libunity-webapps before 2.4.1 allows ...)
NOT-FOR-US: libunity-webapps
-CVE-2012-4550
- RESERVED
+CVE-2012-4550 (JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
-CVE-2012-4549
- RESERVED
+CVE-2012-4549 (The processInvocation function in ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-4548 (Argument injection vulnerability in syntax-highlighting.sh in cgit ...)
- cgit <itp> (bug #515793)
@@ -6671,8 +6712,7 @@
- elinks 0.12~pre5-9
CVE-2012-4544 (The PV domain builder in Xen 4.2 and earlier does not validate the ...)
- xen 4.1.3-4 (low; bug #688125)
-CVE-2012-4543
- RESERVED
+CVE-2012-4543 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat ...)
NOT-FOR-US: Red Hat Certificate System
CVE-2012-4542
RESERVED
@@ -9227,8 +9267,7 @@
- horizon 2012.1.1-4 (bug #686050)
CVE-2012-3539
REJECTED
-CVE-2012-3538
- RESERVED
+CVE-2012-3538 (Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2012-3537 (The Crowbar Ohai plugin ...)
NOT-FOR-US: crowbar ohai plugin
@@ -11369,8 +11408,7 @@
- mediawiki 1:1.19.1-1
CVE-2012-2697
RESERVED
-CVE-2012-2696
- RESERVED
+CVE-2012-2696 (The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) ...)
NOT-FOR-US: Red Hat Enterprise Virtualisation
CVE-2012-2695 (The Active Record component in Ruby on Rails before 3.0.14, 3.1.x ...)
- ruby-activerecord-3.2 3.2.6-1 (bug #675429)
@@ -12210,8 +12248,7 @@
NOT-FOR-US: Apache Roller
CVE-2012-2379 (Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before ...)
NOT-FOR-US: Apache CXF
-CVE-2012-2378
- RESERVED
+CVE-2012-2378 (Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before ...)
NOT-FOR-US: Apache CXF
CVE-2012-2377 (JGroups diagnostics service in JBoss Enterprise Portal Platform before ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
@@ -15921,11 +15958,9 @@
CVE-2012-0862 (builtins.c in Xinetd before 2.3.15 does not check the service type ...)
- xinetd 1:2.3.14-7.1 (bug #672381)
[squeeze] - xinetd <no-dsa> (Minor issue)
-CVE-2012-0861
- RESERVED
+CVE-2012-0861 (The vds_installer in Red Hat Enterprise Virtualization Manager ...)
NOT-FOR-US: Red Hat Enterprise Virtualisation
-CVE-2012-0860
- RESERVED
+CVE-2012-0860 (Multiple untrusted search path vulnerabilities in Red Hat Enterprise ...)
NOT-FOR-US: Red Hat Enterprise Virtualisation
CVE-2012-0859 (The render_line function in the vorbis codec (vorbis.c) in libavcodec ...)
{DSA-2471-1}
@@ -20151,8 +20186,7 @@
{DSA-2405-1}
- apache2 2.2.21-3
NOTE: Related to CVE-2011-3368 and CVE-2011-3639 but a different issue
-CVE-2011-4316
- RESERVED
+CVE-2011-4316 (Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in ...)
NOT-FOR-US: ovirt
NOTE: While the Red Hat advisory refers to SPICE, this is a vulnerability in
NOTE: the server-side ovirt logic (contacted Red Hat for clarification)
@@ -21479,8 +21513,7 @@
RESERVED
CVE-2011-3938
RESERVED
-CVE-2011-3937
- RESERVED
+CVE-2011-3937 (The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, ...)
- libav 4:0.8.3-1
- ffmpeg <not-affected> (Vulnerable code not present, introduced in 0.7)
CVE-2011-3936 (The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before ...)
More information about the Secure-testing-commits
mailing list