[Secure-testing-commits] r22966 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Jul 16 21:14:28 UTC 2013 

Author: joeyh
Date: 2013-07-16 21:14:28 +0000 (Tue, 16 Jul 2013)
New Revision: 22966

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-07-16 20:52:56 UTC (rev 22965)
+++ data/CVE/list	2013-07-16 21:14:28 UTC (rev 22966)
@@ -1,3 +1,7 @@
+CVE-2013-4848
+	RESERVED
+CVE-2013-4847
+	RESERVED
 CVE-2013-4846
 	RESERVED
 CVE-2013-4845
@@ -1506,8 +1510,7 @@
 	- linux-2.6 <not-affected> (Introduced in 3.8)
 CVE-2013-4126
 	RESERVED
-CVE-2013-4125 [BUG_ON in fib6_add_rt2node()]
-	RESERVED
+CVE-2013-4125 (The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack ...)
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (Introduced in 3.7)
 	- linux-2.6 <not-affected> (Introduced in 3.7)
@@ -1540,8 +1543,7 @@
 	- freerdp <unfixed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7
 	TODO: check
-CVE-2013-4117
-	RESERVED
+CVE-2013-4117 (Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php ...)
 	NOT-FOR-US: WordPress plugin category-grid-view-gallery
 CVE-2013-4116 [npm: predictable temporary filenames when unpacking tarballs]
 	RESERVED
@@ -2751,10 +2753,10 @@
 	RESERVED
 CVE-2013-3579 (The Lookout Mobile Security application before 8.17-8a39d3f for ...)
 	NOT-FOR-US: Lookout Mobile Security application for Android
-CVE-2013-3578
-	RESERVED
-CVE-2013-3577
-	RESERVED
+CVE-2013-3578 (SQL injection vulnerability in the Help Desk application in Wave ...)
+	TODO: check
+CVE-2013-3577 (SQL injection vulnerability in the Help Desk application in Wave ...)
+	TODO: check
 CVE-2013-3576 (ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote ...)
 	NOT-FOR-US: HP System Management Homepage
 CVE-2013-3575 (hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics ...)
@@ -2958,8 +2960,8 @@
 	RESERVED
 CVE-2013-3492
 	RESERVED
-CVE-2013-3491
-	RESERVED
+CVE-2013-3491 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
 CVE-2013-3490
 	RESERVED
 CVE-2013-3489
@@ -3084,8 +3086,8 @@
 	RESERVED
 CVE-2013-3429
 	RESERVED
-CVE-2013-3428
-	RESERVED
+CVE-2013-3428 (The web interface in Cisco Secure Access Control System (ACS) does not ...)
+	TODO: check
 CVE-2013-3427
 	RESERVED
 CVE-2013-3426
@@ -4556,8 +4558,7 @@
 	NOT-FOR-US: Citrix NetScaler Access Gateway
 CVE-2013-2766 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 ...)
 	NOT-FOR-US: Splunk
-CVE-2013-2765 [NULL pointer dereference]
-	RESERVED
+CVE-2013-2765 (The ModSecurity module before 2.7.4 for the Apache HTTP Server allows ...)
 	- modsecurity-apache 2.6.6-9 (bug #710217)
 	- libapache-mod-security <removed> (bug #710217)
 	[wheezy] - modsecurity-apache 2.6.6-6+deb7u1
@@ -6123,8 +6124,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=954054
 CVE-2013-2189
 	RESERVED
-CVE-2013-2188
-	RESERVED
+CVE-2013-2188 (A certain Red Hat patch to the do_filp_open function in fs/namei.c in ...)
 	- linux-2.6 <not-affected> (RHEL-specific issue)
 	- linux <not-affected> (RHEL-specific issue)
 CVE-2013-2187
@@ -7015,8 +7015,7 @@
 	- curl 7.29.0-2.1 (bug #705274)
 	[wheezy] - curl 7.26.0-1+wheezy2
 	NOTE: http://curl.haxx.se/docs/adv_20130412.html
-CVE-2013-1943 [kernel: kvm: missing check in kvm_set_memory_region()]
-	RESERVED
+CVE-2013-1943 (The KVM subsystem in the Linux kernel before 3.0 does not check ...)
 	- linux 3.0-1
 	- linux-2.6 <removed>
 CVE-2013-1942 [XSS vulnerability in jPlayer]
@@ -7046,8 +7045,7 @@
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a
 CVE-2013-1936
 	RESERVED
-CVE-2013-1935 [kernel: kvm: pv_eoi guest updates with interrupts disabled]
-	RESERVED
+CVE-2013-1935 (A certain Red Hat patch to the KVM subsystem in the kernel package ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: Might be RHEL-specific, contacted Red Hat
@@ -9391,8 +9389,8 @@
 	RESERVED
 CVE-2013-1088 (Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 ...)
 	NOT-FOR-US: Novell iManager
-CVE-2013-1087
-	RESERVED
+CVE-2013-1087 (Cross-site scripting (XSS) vulnerability in the client in Novell ...)
+	TODO: check
 CVE-2013-1086 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell ...)
 	NOT-FOR-US: Novell GroupWise
 CVE-2013-1085 (Stack-based buffer overflow in the nim: protocol handler in Novell ...)

More information about the Secure-testing-commits mailing list