[Secure-testing-commits] r22882 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Jul 8 21:14:26 UTC 2013
Author: joeyh
Date: 2013-07-08 21:14:26 +0000 (Mon, 08 Jul 2013)
New Revision: 22882
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-07-08 14:06:29 UTC (rev 22881)
+++ data/CVE/list 2013-07-08 21:14:26 UTC (rev 22882)
@@ -1,4 +1,41 @@
+CVE-2013-4774
+ RESERVED
+CVE-2013-4773
+ RESERVED
+CVE-2013-4772
+ RESERVED
+CVE-2013-4771
+ RESERVED
+CVE-2013-4770
+ RESERVED
+CVE-2013-4769
+ RESERVED
+CVE-2013-4768
+ RESERVED
+CVE-2013-4767
+ RESERVED
+CVE-2013-4766
+ RESERVED
+CVE-2013-4765
+ RESERVED
+CVE-2013-4764
+ RESERVED
+CVE-2013-4763
+ RESERVED
+CVE-2013-4762
+ RESERVED
+CVE-2013-4761
+ RESERVED
+CVE-2013-4760
+ RESERVED
+CVE-2013-4759
+ RESERVED
+CVE-2013-4757
+ RESERVED
+CVE-2013-4756
+ RESERVED
CVE-2013-4758 [Double Free Memory Corruption in ElasticSearch Plugin]
+ RESERVED
- rsyslog <not-affected> (omelasticsearch plugin not enabled; see #715009)
[jessie] - rsyslog <not-affected> (omelasticsearch plugin not enabled)
[squeeze] - rsyslog <not-affected> (omelasticsearch plugin not yet present)
@@ -58,8 +95,8 @@
CVE-2013-4730
RESERVED
NOT-FOR-US: PCMan FTP Server
-CVE-2013-4729
- RESERVED
+CVE-2013-4729 (import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict ...)
+ TODO: check
CVE-2013-4728
RESERVED
CVE-2013-4727
@@ -226,8 +263,7 @@
RESERVED
CVE-2013-4651
RESERVED
-CVE-2013-4650
- RESERVED
+CVE-2013-4650 (MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote ...)
- mongodb <unfixed> (bug #715007)
[squeeze] - mongodb <not-affected> (Only affects 2.4.x)
[wheezy] - mongodb <not-affected> (Only affects 2.4.x)
@@ -1745,7 +1781,7 @@
RESERVED
CVE-2013-3927 (Unspecified vulnerability in the client library in Siemens COMOS 9.2 ...)
NOT-FOR-US: Siemens COMOS
-CVE-2013-3926 (Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary ...)
+CVE-2013-3926 (** DISPUTED ** Atlassian Crowd 2.6.3 allows remote attackers to ...)
NOT-FOR-US: Atlassian Crowd
CVE-2013-3925 (Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and ...)
NOT-FOR-US: Atlassian Crowd
@@ -2130,8 +2166,7 @@
CVE-2013-3919 (resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, ...)
- bind9 <not-affected> (vulnerable code not present)
NOTE: https://kb.isc.org/article/AA-00967
-CVE-2013-3742 [phpMyAdmin PMASA-2013-6]
- RESERVED
+CVE-2013-3742 (Cross-site scripting (XSS) vulnerability in view_create.php (aka the ...)
- phpmyadmin 4:4.0.1-3 (low)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -2539,8 +2574,8 @@
RESERVED
CVE-2013-3564
RESERVED
-CVE-2013-3563
- RESERVED
+CVE-2013-3563 (Stack-based buffer overflow in db_netserver in Lianja SQL Server ...)
+ TODO: check
CVE-2013-3562 (Multiple integer signedness errors in the tvb_unmasked function in ...)
{DSA-2700-1}
- wireshark 1.8.7-1 (bug #709167)
@@ -2869,8 +2904,8 @@
RESERVED
CVE-2013-3414
RESERVED
-CVE-2013-3413
- RESERVED
+CVE-2013-3413 (Cross-site scripting (XSS) vulnerability in the search form in the ...)
+ TODO: check
CVE-2013-3412
RESERVED
CVE-2013-3411
@@ -3121,8 +3156,8 @@
- autopostgresqlbackup 1.0-2 (bug #706095)
CVE-2013-3300
RESERVED
-CVE-2013-3299
- RESERVED
+CVE-2013-3299 (RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers ...)
+ TODO: check
CVE-2013-3298
RESERVED
CVE-2013-3297
@@ -3766,8 +3801,8 @@
RESERVED
CVE-2013-3006
RESERVED
-CVE-2013-3005
- RESERVED
+CVE-2013-3005 (The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, ...)
+ TODO: check
CVE-2013-3004
RESERVED
CVE-2013-3003 (Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite ...)
@@ -5415,10 +5450,10 @@
NOT-FOR-US: HP
CVE-2013-2342 (The HP StoreOnce D2D backup system with software before 3.0.0 has a ...)
NOT-FOR-US: HP StoreOnce D2D backup system
-CVE-2013-2341
- RESERVED
-CVE-2013-2340
- RESERVED
+CVE-2013-2341 (Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, ...)
+ TODO: check
+CVE-2013-2340 (Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, ...)
+ TODO: check
CVE-2013-2339 (HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero ...)
NOT-FOR-US: HP Smart Zero Client
CVE-2013-2338 (Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) ...)
@@ -5649,8 +5684,7 @@
CVE-2013-2238 [buffer overflow]
RESERVED
- freeswitch <itp> (bug #389591)
-CVE-2013-2237 [information leak]
- RESERVED
+CVE-2013-2237 (The key_notify_policy_flush function in net/key/af_key.c in the Linux ...)
- linux-2.6 <removed> (low)
- linux 3.9.4-1 (low)
NOTE: https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40
@@ -5660,16 +5694,14 @@
NOTE: http://lists.quagga.net/pipermail/quagga-dev/2013-July/010621.html
CVE-2013-2235
RESERVED
-CVE-2013-2234
- RESERVED
+CVE-2013-2234 (The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions ...)
- linux-2.6 <removed>
- linux <unfixed>
CVE-2013-2233 [not caching SSH host keys]
RESERVED
- ansible <unfixed> (bug #714822)
NOTE: https://github.com/ansible/ansible/issues/857
-CVE-2013-2232
- RESERVED
+CVE-2013-2232 (The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux ...)
- linux-2.6 <removed>
- linux <unfixed>
CVE-2013-2231
@@ -5693,8 +5725,7 @@
RESERVED
- glpi 0.83.91-1 (bug #714720; unimportant)
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2013-2224 [IP_RETOPTS Buffer Poisoning DoS]
- RESERVED
+CVE-2013-2224 (A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat ...)
- linux-2.6 <not-affected> (Caused by RHEL backport)
- linux <not-affected> (Caused by RHEL backport)
CVE-2013-2223 [Multiple remote heap memory disclosures]
@@ -5764,8 +5795,7 @@
[wheezy] - tpp <no-dsa> (Minor issue)
CVE-2013-2207
RESERVED
-CVE-2013-2206 [sctp: duplicate cookie handling NULL pointer dereference]
- RESERVED
+CVE-2013-2206 (The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in ...)
- linux-2.6 <removed>
- linux 3.9.4-1
[wheezy] - linux 3.2.46-1
@@ -5891,8 +5921,7 @@
RESERVED
CVE-2013-2169
RESERVED
-CVE-2013-2168 [DoS in system services caused by _dbus_printf_string_upper_bound]
- RESERVED
+CVE-2013-2168 (The _dbus_printf_string_upper_bound function in ...)
{DSA-2707-1}
- dbus 1.6.12-1
[squeeze] - dbus <not-affected> (Introduced in 1.4.16)
@@ -5904,8 +5933,7 @@
- python-keystoneclient 1:0.2.5-2 (bug #713819)
CVE-2013-2165
RESERVED
-CVE-2013-2164
- RESERVED
+CVE-2013-2164 (The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the ...)
- linux-2.6 <removed> (low)
- linux 3.9.8-1 (low)
CVE-2013-2163 [monkey denial of service]
@@ -5977,8 +6005,7 @@
- libmodule-signature-perl 0.73-1 (bug #711239)
[wheezy] - libmodule-signature-perl <no-dsa> (Minor issue)
[squeeze] - libmodule-signature-perl <no-dsa> (Minor issue)
-CVE-2013-2144 [insufficient target domain permission check when cloning a VM from a snapshot]
- RESERVED
+CVE-2013-2144 (Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not ...)
NOT-FOR-US: RHEV Manager
CVE-2013-2143
RESERVED
@@ -6091,8 +6118,7 @@
CVE-2013-2117 [directory traversal]
RESERVED
- cgit <itp> (bug #515793)
-CVE-2013-2116
- RESERVED
+CVE-2013-2116 (The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in ...)
{DSA-2697-1}
- gnutls26 2.12.23-5 (bug #709301)
[squeeze] - gnutls26 <not-affected> (vulnerable code not backported)
@@ -6663,14 +6689,12 @@
CVE-2013-1962 (The remoteDispatchStoragePoolListAllVolumes function in the storage ...)
- libvirt <not-affected> (Vulnerable code not present)
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739
-CVE-2013-1961 [libtiff-tools: Stack-based buffer overflow with malformed image-length and resolution]
- RESERVED
+CVE-2013-1961 (Stack-based buffer overflow in the t2p_write_pdf_page function in ...)
{DSA-2698-1}
- tiff 4.0.2-6+nmu1 (bug #706674)
- tiff3 3.9.7-1 (bug #712840)
[wheezy] - tiff3 <no-dsa> (the changes that effect the library are just hardening, converting uses of sprintf to snprintf. those can be rolled into the next tiff3 update, but a separate dsa isn't needed)
-CVE-2013-1960 [libtiff-tools: Heap-based buffer overflow in t2_process_jpeg_strip]
- RESERVED
+CVE-2013-1960 (Heap-based buffer overflow in the tp_process_jpeg_strip function in ...)
{DSA-2698-1}
- tiff 4.0.2-6+nmu1 (bug #706675)
- tiff3 <not-affected> (tiff command line tools not build in tiff3)
@@ -7582,7 +7606,7 @@
- iceape <unfixed>
[squeeze] - iceape <end-of-life>
CVE-2013-1681 (Use-after-free vulnerability in the ...)
- {DSA-2699-1}
+ {DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- icedove 17.0.7-1
@@ -7590,7 +7614,7 @@
- iceape <unfixed>
[squeeze] - iceape <end-of-life>
CVE-2013-1680 (Use-after-free vulnerability in the nsFrameList::FirstChild function ...)
- {DSA-2699-1}
+ {DSA-2720-1 DSA-2699-1}
[squeeze] - iceweasel <end-of-life>
- iceweasel 17.0.6esr-1
- icedove 17.0.7-1
@@ -7598,7 +7622,7 @@
- iceape <unfixed>
[squeeze] - iceape <end-of-life>
CVE-2013-1679 (Use-after-free vulnerability in the ...)
- {DSA-2699-1}
+ {DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- icedove 17.0.7-1
@@ -7606,7 +7630,7 @@
- iceape <unfixed>
[squeeze] - iceape <end-of-life>
CVE-2013-1678 (The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before ...)
- {DSA-2699-1}
+ {DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- icedove 17.0.7-1
@@ -7614,7 +7638,7 @@
- iceape <unfixed>
[squeeze] - iceape <end-of-life>
CVE-2013-1677 (The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox ...)
- {DSA-2699-1}
+ {DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- icedove 17.0.7-1
@@ -7622,7 +7646,7 @@
- iceape <unfixed>
[squeeze] - iceape <end-of-life>
CVE-2013-1676 (The SelectionIterator::GetNextSegment function in Mozilla Firefox ...)
- {DSA-2699-1}
+ {DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- icedove 17.0.7-1
@@ -7630,7 +7654,7 @@
- iceape <unfixed>
[squeeze] - iceape <end-of-life>
CVE-2013-1675 (Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, ...)
- {DSA-2699-1}
+ {DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- icedove 17.0.7-1
@@ -7638,7 +7662,7 @@
- iceape <unfixed>
[squeeze] - iceape <end-of-life>
CVE-2013-1674 (Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ...)
- {DSA-2699-1}
+ {DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- icedove 17.0.7-1
@@ -7654,7 +7678,7 @@
CVE-2013-1671 (Mozilla Firefox before 21.0 does not properly implement the INPUT ...)
- iceweasel <not-affected> (Doesn't affect ESR 17 series, only later versions in experimental)
CVE-2013-1670 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...)
- {DSA-2699-1}
+ {DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- icedove 17.0.7-1
@@ -9895,7 +9919,7 @@
CVE-2013-0802
RESERVED
CVE-2013-0801 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- {DSA-2699-1}
+ {DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
[squeeze] - iceweasel <end-of-life>
- icedove 17.0.7-1
@@ -9929,7 +9953,7 @@
- iceape <unfixed>
[squeeze] - iceape <end-of-life>
CVE-2013-0795 (The System Only Wrapper (SOW) implementation in Mozilla Firefox before ...)
- {DSA-2699-1}
+ {DSA-2720-1 DSA-2699-1}
- icedove 17.0.7-1
[squeeze] - icedove <end-of-life>
- iceape <unfixed>
@@ -10692,8 +10716,8 @@
RESERVED
CVE-2013-0582 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated ...)
NOT-FOR-US: IBM Tivoli Federated Identity Manager
-CVE-2013-0581
- RESERVED
+CVE-2013-0581 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Business ...)
+ TODO: check
CVE-2013-0580
RESERVED
CVE-2013-0579
@@ -31724,7 +31748,7 @@
[squeeze] - network-manager <no-dsa> (Minor issue)
NOTE: might be fixed earlier; I checked the source versions in Wheezy
CVE-2011-4072
- RESERVED
+ REJECTED
CVE-2011-4071
RESERVED
CVE-2011-4070
@@ -34671,15 +34695,15 @@
CVE-2011-3121
RESERVED
CVE-2011-3120
- RESERVED
+ REJECTED
CVE-2011-3119
- RESERVED
+ REJECTED
CVE-2011-3118
- RESERVED
+ REJECTED
CVE-2011-3117
- RESERVED
+ REJECTED
CVE-2011-3116
- RESERVED
+ REJECTED
CVE-2011-3115 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...)
- libv8 <not-affected> (Only affects >= 3.9, bug #687574)
CVE-2011-3114 (Multiple buffer overflows in the PDF functionality in Google Chrome ...)
More information about the Secure-testing-commits
mailing list