[Secure-testing-commits] r21025 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Jan 23 21:14:29 UTC 2013 

Author: joeyh
Date: 2013-01-23 21:14:29 +0000 (Wed, 23 Jan 2013)
New Revision: 21025

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-01-23 14:32:44 UTC (rev 21024)
+++ data/CVE/list	2013-01-23 21:14:29 UTC (rev 21025)
@@ -1,3 +1,5 @@
+CVE-2012-6502 (Microsoft Internet Explorer before 10 allows remote attackers to ...)
+	TODO: check
 CVE-2013-1413
 	RESERVED
 CVE-2013-1412
@@ -2879,8 +2881,7 @@
 	RESERVED
 CVE-2013-0210
 	RESERVED
-CVE-2013-0209 [mt-upgrade.cgi vulnerability]
-	RESERVED
+CVE-2013-0209 (lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x ...)
 	{DSA-2611-1}
 	- movabletype-opensource 5.1.2+dfsg-1 (bug #697666)
 	NOTE: Versions 5.0 or higher not affected
@@ -3197,7 +3198,7 @@
 CVE-2012-6316
 	RESERVED
 CVE-2012-6315
-	RESERVED
+	REJECTED
 CVE-2012-6314 (Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, ...)
 	NOT-FOR-US: Citrix XenDesktop
 CVE-2012-6313 (simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 ...)
@@ -3685,8 +3686,7 @@
 	- cronie <unfixed> (low; bug #697811)
 	NOTE: Only present in experimental
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=786096
-CVE-2012-6096
-	RESERVED
+CVE-2012-6096 (Multiple stack-based buffer overflows in the get_history function in ...)
 	- icinga 1.7.1-5 (bug #697931)
 	- nagios3 <unfixed> (bug #697930)
 CVE-2012-6095 [Possible symlink race when applying UserOwner]
@@ -5187,8 +5187,8 @@
 	RESERVED
 	- gksu-polkit <unfixed> (bug #695807)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/12/12/8
-CVE-2012-5616
-	RESERVED
+CVE-2012-5616 (Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly ...)
+	TODO: check
 CVE-2012-5615 (MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, ...)
 	- mysql-5.1 <unfixed> (low; bug #695001)
 	- mysql-5.5 <unfixed> (low; bug #695001)
@@ -6885,8 +6885,8 @@
 	RESERVED
 CVE-2012-4919
 	RESERVED
-CVE-2012-4918
-	RESERVED
+CVE-2012-4918 (Call of Duty Elite for iOS 2.0.1 does not properly validate the server ...)
+	TODO: check
 CVE-2012-4917
 	RESERVED
 CVE-2012-4916
@@ -8351,8 +8351,7 @@
 CVE-2012-4462
 	RESERVED
 	- condor <not-affected> (This bug only affects the Aviary contrib module, which isn't built in the Debian condor package, #690556)
-CVE-2012-4461
-	RESERVED
+CVE-2012-4461 (The KVM subsystem in the Linux kernel before 3.6.9, when running on ...)
 	- linux-2.6 <removed>
 	- linux 3.2.35-1
 CVE-2012-4460
@@ -8524,8 +8523,7 @@
 	- libguac 0.6.0-2 (medium)
 	NOTE: maintainer contacted us, working on update
 	NOTE: http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac
-CVE-2012-4414
-	RESERVED
+CVE-2012-4414 (Multiple SQL injection vulnerabilities in the replication code in ...)
 	- mysql-5.1 <unfixed> (bug #687484)
 	- mysql-5.5 <unfixed> (bug #687485)
 CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens when ...)
@@ -10657,7 +10655,7 @@
 	NOT-FOR-US: Opera
 CVE-2012-3554 (SQL injection vulnerability in the RSGallery2 (com_rsgallery2) ...)
 	NOT-FOR-US: Joomla addon
-CVE-2012-3552 (The IP implementation in the Linux kernel before 3.0 might allow ...)
+CVE-2012-3552 (Race condition in the IP implementation in the Linux kernel before 3.0 ...)
 	- linux 3.0-1
 	- linux-2.6 <removed>
 CVE-2012-3551 (Cross-site scripting (XSS) vulnerability in ...)
@@ -11263,8 +11261,7 @@
 CVE-2012-3365 (The SQLite functionality in PHP before 5.3.15 allows remote attackers ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: open_basedir not supported
-CVE-2012-3364
-	RESERVED
+CVE-2012-3364 (Multiple stack-based buffer overflows in the Near Field Communication ...)
 	- linux 3.2.23-1
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2012-3363
@@ -13674,8 +13671,7 @@
 CVE-2012-2373 (The Linux kernel before 3.4.5 on the x86 platform, when Physical ...)
 	- linux-2.6 3.2.19-1
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2012-2372
-	RESERVED
+CVE-2012-2372 (The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram ...)
 	- linux <unfixed> (low)
 CVE-2012-2371 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
 	NOT-FOR-US: WP-FaceThumb plugin for WordPress
@@ -14274,8 +14270,7 @@
 CVE-2012-2138 (The @CopyFrom operation in the POST servlet in the ...)
 	NOT-FOR-US: Apache Sling
 	NOTE: http://lists.grok.org.uk/pipermail/full-disclosure/2012-July/087554.html
-CVE-2012-2137
-	RESERVED
+CVE-2012-2137 (Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the ...)
 	- linux 3.2.20-1
 CVE-2012-2136 (The sock_alloc_send_pskb function in net/core/sock.c in the Linux ...)
 	- linux 3.2.20-1
@@ -14338,8 +14333,7 @@
 	- texlive-extra <unfixed> (low; bug #668779)
 	[wheezy] - texlive-extra <no-dsa> (Minor issue)
 	[squeeze] - texlive-extra <no-dsa> (Minor issue)
-CVE-2012-2119
-	RESERVED
+CVE-2012-2119 (Buffer overflow in the macvtap device driver in the Linux kernel ...)
 	- linux 3.2.20-1
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present, was added in 3.1)
 CVE-2012-2118 (Format string vulnerability in the LogVHdrMessageVerb function in ...)

More information about the Secure-testing-commits mailing list