[Secure-testing-commits] r20921 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Jan 14 21:14:24 UTC 2013 

Author: joeyh
Date: 2013-01-14 21:14:23 +0000 (Mon, 14 Jan 2013)
New Revision: 20921

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-01-14 16:43:21 UTC (rev 20920)
+++ data/CVE/list	2013-01-14 21:14:23 UTC (rev 20921)
@@ -1,5 +1,217 @@
+CVE-2013-1347
+	RESERVED
+CVE-2013-1346
+	RESERVED
+CVE-2013-1345
+	RESERVED
+CVE-2013-1344
+	RESERVED
+CVE-2013-1343
+	RESERVED
+CVE-2013-1342
+	RESERVED
+CVE-2013-1341
+	RESERVED
+CVE-2013-1340
+	RESERVED
+CVE-2013-1339
+	RESERVED
+CVE-2013-1338
+	RESERVED
+CVE-2013-1337
+	RESERVED
+CVE-2013-1336
+	RESERVED
+CVE-2013-1335
+	RESERVED
+CVE-2013-1334
+	RESERVED
+CVE-2013-1333
+	RESERVED
+CVE-2013-1332
+	RESERVED
+CVE-2013-1331
+	RESERVED
+CVE-2013-1330
+	RESERVED
+CVE-2013-1329
+	RESERVED
+CVE-2013-1328
+	RESERVED
+CVE-2013-1327
+	RESERVED
+CVE-2013-1326
+	RESERVED
+CVE-2013-1325
+	RESERVED
+CVE-2013-1324
+	RESERVED
+CVE-2013-1323
+	RESERVED
+CVE-2013-1322
+	RESERVED
+CVE-2013-1321
+	RESERVED
+CVE-2013-1320
+	RESERVED
+CVE-2013-1319
+	RESERVED
+CVE-2013-1318
+	RESERVED
+CVE-2013-1317
+	RESERVED
+CVE-2013-1316
+	RESERVED
+CVE-2013-1315
+	RESERVED
+CVE-2013-1314
+	RESERVED
+CVE-2013-1313
+	RESERVED
+CVE-2013-1312
+	RESERVED
+CVE-2013-1311
+	RESERVED
+CVE-2013-1310
+	RESERVED
+CVE-2013-1309
+	RESERVED
+CVE-2013-1308
+	RESERVED
+CVE-2013-1307
+	RESERVED
+CVE-2013-1306
+	RESERVED
+CVE-2013-1305
+	RESERVED
+CVE-2013-1304
+	RESERVED
+CVE-2013-1303
+	RESERVED
+CVE-2013-1302
+	RESERVED
+CVE-2013-1301
+	RESERVED
+CVE-2013-1300
+	RESERVED
+CVE-2013-1299
+	RESERVED
+CVE-2013-1298
+	RESERVED
+CVE-2013-1297
+	RESERVED
+CVE-2013-1296
+	RESERVED
+CVE-2013-1295
+	RESERVED
+CVE-2013-1294
+	RESERVED
+CVE-2013-1293
+	RESERVED
+CVE-2013-1292
+	RESERVED
+CVE-2013-1291
+	RESERVED
+CVE-2013-1290
+	RESERVED
+CVE-2013-1289
+	RESERVED
+CVE-2013-1288
+	RESERVED
+CVE-2013-1287
+	RESERVED
+CVE-2013-1286
+	RESERVED
+CVE-2013-1285
+	RESERVED
+CVE-2013-1284
+	RESERVED
+CVE-2013-1283
+	RESERVED
+CVE-2013-1282
+	RESERVED
+CVE-2013-1281
+	RESERVED
+CVE-2013-1280
+	RESERVED
+CVE-2013-1279
+	RESERVED
+CVE-2013-1278
+	RESERVED
+CVE-2013-1277
+	RESERVED
+CVE-2013-1276
+	RESERVED
+CVE-2013-1275
+	RESERVED
+CVE-2013-1274
+	RESERVED
+CVE-2013-1273
+	RESERVED
+CVE-2013-1272
+	RESERVED
+CVE-2013-1271
+	RESERVED
+CVE-2013-1270
+	RESERVED
+CVE-2013-1269
+	RESERVED
+CVE-2013-1268
+	RESERVED
+CVE-2013-1267
+	RESERVED
+CVE-2013-1266
+	RESERVED
+CVE-2013-1265
+	RESERVED
+CVE-2013-1264
+	RESERVED
+CVE-2013-1263
+	RESERVED
+CVE-2013-1262
+	RESERVED
+CVE-2013-1261
+	RESERVED
+CVE-2013-1260
+	RESERVED
+CVE-2013-1259
+	RESERVED
+CVE-2013-1258
+	RESERVED
+CVE-2013-1257
+	RESERVED
+CVE-2013-1256
+	RESERVED
+CVE-2013-1255
+	RESERVED
+CVE-2013-1254
+	RESERVED
+CVE-2013-1253
+	RESERVED
+CVE-2013-1252
+	RESERVED
+CVE-2013-1251
+	RESERVED
+CVE-2013-1250
+	RESERVED
+CVE-2013-1249
+	RESERVED
+CVE-2013-1248
+	RESERVED
+CVE-2012-6501 (The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) ...)
+	TODO: check
+CVE-2012-6500 (Directory traversal vulnerability in download.lib.php in Pragyan CMS ...)
+	TODO: check
+CVE-2012-6499 (Open redirect vulnerability in age-verification.php in the Age ...)
+	TODO: check
+CVE-2011-5254 (Unspecified vulnerability in the Connections plugin before 0.7.1.6 for ...)
+	TODO: check
+CVE-2011-5253 (Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to ...)
+	TODO: check
+CVE-2011-5252 (Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x ...)
+	TODO: check
 CVE-2012-0722
-	RESERVED
+	REJECTED
 CVE-2013-1247
 	RESERVED
 CVE-2013-1246
@@ -977,140 +1189,113 @@
 	RESERVED
 CVE-2013-0772
 	RESERVED
-CVE-2013-0771
-	RESERVED
+CVE-2013-0771 (Heap-based buffer overflow in the ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
-CVE-2013-0770
-	RESERVED
+CVE-2013-0770 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
-CVE-2013-0769
-	RESERVED
+CVE-2013-0769 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel 10.0.12esr-1
 	- icedove <unfixed>
 	- iceape <unfixed>
-CVE-2013-0768
-	RESERVED
+CVE-2013-0768 (Stack-based buffer overflow in the Canvas implementation in Mozilla ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
-CVE-2013-0767
-	RESERVED
+CVE-2013-0767 (The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox ...)
 	- iceweasel 10.0.12esr-1
 	- icedove <unfixed>
 	- iceape <unfixed>
-CVE-2013-0766
-	RESERVED
+CVE-2013-0766 (Use-after-free vulnerability in the ~nsHTMLEditRules implementation in ...)
 	- iceweasel 10.0.12esr-1
 	- icedove <unfixed>
 	- iceape <unfixed>
 CVE-2013-0765
 	RESERVED
-CVE-2013-0764
-	RESERVED
+CVE-2013-0764 (The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
-CVE-2013-0763
-	RESERVED
+CVE-2013-0763 (Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
-CVE-2013-0762
-	RESERVED
+CVE-2013-0762 (Use-after-free vulnerability in the imgRequest::OnStopFrame function ...)
 	- iceweasel 10.0.12esr-1
 	- icedove <unfixed>
 	- iceape <unfixed>
-CVE-2013-0761
-	RESERVED
+CVE-2013-0761 (Use-after-free vulnerability in the ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
-CVE-2013-0760
-	RESERVED
+CVE-2013-0760 (Buffer overflow in the CharDistributionAnalysis::HandleOneChar ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
-CVE-2013-0759
-	RESERVED
+CVE-2013-0759 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x ...)
 	- iceweasel 10.0.12esr-1
 	- icedove <unfixed>
 	- iceape <unfixed>
-CVE-2013-0758
-	RESERVED
+CVE-2013-0758 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x ...)
 	- iceweasel 10.0.12esr-1
 	- icedove <unfixed>
 	- iceape <unfixed>
-CVE-2013-0757
-	RESERVED
+CVE-2013-0757 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
-CVE-2013-0756
-	RESERVED
+CVE-2013-0756 (Use-after-free vulnerability in the obj_toSource function in Mozilla ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
-CVE-2013-0755
-	RESERVED
+CVE-2013-0755 (Use-after-free vulnerability in the mozVibrate implementation in the ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
-CVE-2013-0754
-	RESERVED
+CVE-2013-0754 (Use-after-free vulnerability in the ListenerManager implementation in ...)
 	- iceweasel 10.0.12esr-1
 	- icedove <unfixed>
 	- iceape <unfixed>
-CVE-2013-0753
-	RESERVED
+CVE-2013-0753 (Use-after-free vulnerability in the serializeToStream implementation ...)
 	- iceweasel 10.0.12esr-1
 	- icedove <unfixed>
 	- iceape <unfixed>
-CVE-2013-0752
-	RESERVED
+CVE-2013-0752 (Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
-CVE-2013-0751
-	RESERVED
+CVE-2013-0751 (Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do ...)
 	- iceape <not-affected> (Android-specific)
 	- iceweasel <not-affected> (Android-specific)
 	- icedove <not-affected> (Android-specific)
-CVE-2013-0750
-	RESERVED
+CVE-2013-0750 (Integer overflow in the JavaScript implementation in Mozilla Firefox ...)
 	- iceweasel 10.0.12esr-1
 	- icedove <unfixed>
 	- iceape <unfixed>
-CVE-2013-0749
-	RESERVED
+CVE-2013-0749 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
-CVE-2013-0748
-	RESERVED
+CVE-2013-0748 (The XBL.__proto__.toString implementation in Mozilla Firefox before ...)
 	- iceweasel 10.0.12esr-1
 	- icedove <unfixed>
 	- iceape <unfixed>
-CVE-2013-0747
-	RESERVED
+CVE-2013-0747 (The gPluginHandler.handleEvent function in the plugin handler in ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
-CVE-2013-0746
-	RESERVED
+CVE-2013-0746 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x ...)
 	- iceweasel 10.0.12esr-1
 	- icedove <unfixed>
 	- iceape <unfixed>
-CVE-2013-0745
-	RESERVED
+CVE-2013-0745 (The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
-CVE-2013-0744
-	RESERVED
+CVE-2013-0744 (Use-after-free vulnerability in the ...)
 	- iceweasel 10.0.12esr-1
 	- icedove <unfixed>
 	- iceape <unfixed>
@@ -1161,8 +1346,7 @@
 	RESERVED
 CVE-2013-0723
 	RESERVED
-CVE-2013-0722 [stack-based buffer overflow when parsing hosts list]
-	RESERVED
+CVE-2013-0722 (Stack-based buffer overflow in the scan_load_hosts function in ...)
 	- ettercap 1:0.7.5.1-2 (low; bug #697987)
 	[squeeze] - ettercap <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/01/10/2
@@ -1489,8 +1673,7 @@
 	RESERVED
 CVE-2013-0631 (Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain ...)
 	NOT-FOR-US: Adobe ColdFusion
-CVE-2013-0630
-	RESERVED
+CVE-2013-0630 (Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2013-0629 (Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not ...)
 	NOT-FOR-US: Adobe ColdFusion
@@ -2120,7 +2303,7 @@
 	RESERVED
 CVE-2013-0423
 	RESERVED
-CVE-2013-0422 (The MBeanInstantiator in Oracle Java Runtime Environment (JRE) 1.7 in ...)
+CVE-2013-0422 (The findClass method in the MBeanInstantiator class in Oracle Java ...)
 	TODO: check
 	NOTE: Exploitable on Linux http://www.openwall.com/lists/oss-security/2013/01/11/1
 CVE-2013-0421
@@ -2665,8 +2848,7 @@
 	- mount <unfixed> (bug #697464; low)
 	[squeeze] - mount <no-dsa> (Minor issue)
 	NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/06/1
-CVE-2013-0156 [Multiple vulnerabilities in parameter parsing in ActionPack]
-	RESERVED
+CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails before ...)
 	{DSA-2604-1}
 	- rails 2.3.14.1 (bug #697722; high)
 	- ruby-activesupport-2.3 2.3.14-5 (bug #697789)
@@ -2677,8 +2859,7 @@
 	NOTE: http://www.insinuator.net/2013/01/rails-yaml/
 	NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/14
 	NOTE: experimental has 3.2.8-1 and should be affected too
-CVE-2013-0155 [Unsafe Query Generation Risk in Ruby on Rails]
-	RESERVED
+CVE-2013-0155 (Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x ...)
 	- ruby-activerecord-3.2 3.2.6-4 (bug #697744)
 	- ruby-activerecord-2.3 <not-affected> (Only applies to 3.x)
 	- ruby-actionpack-3.2 3.2.6-5 (bug #697802)
@@ -2686,8 +2867,7 @@
 	- rails <not-affected> (Only applies to 3.x)
 	NOTE: Starting with 2.3.14.1 rails is a transition package
 	NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/13
-CVE-2013-0154
-	RESERVED
+CVE-2013-0154 (The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when ...)
 	- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
 CVE-2013-0153
 	RESERVED
@@ -4059,8 +4239,8 @@
 	RESERVED
 CVE-2012-5875
 	RESERVED
-CVE-2012-5874
-	RESERVED
+CVE-2012-5874 (Multiple SQL injection vulnerabilities in the (1) ...)
+	TODO: check
 CVE-2012-5873
 	RESERVED
 CVE-2012-5872
@@ -5941,8 +6121,8 @@
 	- chromium-browser <unfixed>
 	- ffmpeg <removed>
 	- libav 6:0.8.5-1 (bug #694483)
-        NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=6d5b0092678b2a95dfe209a207550bd2fe9ef646 is supposed to fix this.
-        NOTE: Upstream has a sample, but can only be reproduced with asan/tsan. However, Chrome seems to be affected by this somehow more directly.
+	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=6d5b0092678b2a95dfe209a207550bd2fe9ef646 is supposed to fix this.
+	NOTE: Upstream has a sample, but can only be reproduced with asan/tsan. However, Chrome seems to be affected by this somehow more directly.
 CVE-2012-5143 (Integer overflow in Google Chrome before 23.0.1271.97 allows remote ...)
 	- chromium-browser <unfixed>
 CVE-2012-5142 (Google Chrome before 23.0.1271.97 does not properly handle history ...)
@@ -11899,7 +12079,7 @@
 	- ffmpeg <removed>
 	NOTE: https://chromiumcodereview.appspot.com/10829204
 	NOTE: proposed patch for libav: http://patches.libav.org/patch/32636/
-        NOTE: fixed with http://git.libav.org/?p=libav.git;a=commitdiff;h=7751e4693dd10ec98c20fbd9887233b575034272
+	NOTE: fixed with http://git.libav.org/?p=libav.git;a=commitdiff;h=7751e4693dd10ec98c20fbd9887233b575034272
 CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle plug-ins, ...)
 	- chromium-browser 22.0.1229.94~r161065-1
 CVE-2012-2880 (Race condition in Google Chrome before 22.0.1229.79 allows remote ...)

More information about the Secure-testing-commits mailing list