[Secure-testing-commits] r23000 - data/CVE
Helmut Grohne
helmut-guest at alioth.debian.org
Thu Jul 18 12:59:29 UTC 2013
Author: helmut-guest
Date: 2013-07-18 12:59:29 +0000 (Thu, 18 Jul 2013)
New Revision: 23000
Modified:
data/CVE/list
Log:
NFUs and NOTEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-07-18 12:51:08 UTC (rev 22999)
+++ data/CVE/list 2013-07-18 12:59:29 UTC (rev 23000)
@@ -147,8 +147,9 @@
NOT-FOR-US: Android
CVE-2013-4786 (The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange ...)
TODO: check
+ NOTE: Design flaw in the IPMI 2.0 specification. Any correctly implemented device is vulnerable.
CVE-2013-4784 (The HP Integrated Lights-Out (iLO) BMC implementation allows remote ...)
- TODO: check
+ NOT-FOR-US: HP IPMI device
CVE-2013-4781
RESERVED
CVE-2013-4780
@@ -302,11 +303,11 @@
CVE-2012-6577 (SQL injection vulnerability in the Formhandler extension before 1.4.1 ...)
NOT-FOR-US: Formhandler TYPO3 extension
CVE-2012-6576 (Cross-site scripting (XSS) vulnerability in the PRH Search module ...)
- TODO: check
+ NOT-FOR-US: Drupal module PRH Search
CVE-2012-6575 (Cross-site scripting (XSS) vulnerability in the Exposed Filter Data ...)
- TODO: check
+ NOT-FOR-US: Drupal module Exposed Filter Data
CVE-2012-6574 (Cross-site scripting (XSS) vulnerability in the Fonecta verify module ...)
- TODO: check
+ NOT-FOR-US: Drupal module Fonecta verify
CVE-2013-4716
RESERVED
CVE-2013-4715
@@ -4792,7 +4793,7 @@
CVE-2013-2705
RESERVED
CVE-2013-2704 (Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin Dropdown Menu Widget
CVE-2013-2703 (Cross-site request forgery (CSRF) vulnerability in the Facebook ...)
NOT-FOR-US: Facebook Members plugin for WordPres
CVE-2013-2702 (Cross-site request forgery (CSRF) vulnerability in the Easy AdSense ...)
@@ -6738,6 +6739,7 @@
- openswan <unfixed> (low; bug #709144)
CVE-2013-2052 (Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when ...)
NOT-FOR-US: libreswan not in Debian
+ NOTE: pseudo-RFP bug: #700030
CVE-2013-2051 (The Tomcat 6 DIGEST authentication functionality as used in Red Hat ...)
- tomcat6 <not-affected> (RedHat-specific issue)
- tomcat7 <not-affected> (RedHat-specific issue)
@@ -6788,7 +6790,7 @@
[wheezy] - python-httplib2 <no-dsa> (Minor issue)
NOTE: http://openwall.com/lists/oss-security/2013/05/01/5
CVE-2013-2036 (Cross-site scripting (XSS) vulnerability in the Filebrowser module ...)
- TODO: check
+ NOT-FOR-US: Drupal module Filebrowser
CVE-2013-2035
RESERVED
- hawtjni <unfixed> (bug #708293)
@@ -7248,9 +7250,9 @@
CVE-2013-1907 (The Commons Group module before 7.x-3.1 for Drupal, as used in the ...)
TODO: check
CVE-2013-1906 (Cross-site scripting (XSS) vulnerability in the Rules module 7.x-2.x ...)
- TODO: check
+ NOT-FOR-US: Drupal module Rules
CVE-2013-1905 (Cross-site scripting (XSS) vulnerability in the Zero Point theme ...)
- TODO: check
+ NOT-FOR-US: Drupal theme Zero Point
CVE-2013-1904 [roundcube variable overwrite]
RESERVED
- roundcube 0.7.2-9
@@ -7678,7 +7680,7 @@
CVE-2013-1778 (Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x ...)
NOT-FOR-US: Drupal addon
CVE-2013-1777 (The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as ...)
- NOT-FOR-US: Apache Geronimo
+ NOT-FOR-US: JMX componenent of Apache Geronimo is not packaged
CVE-2013-1776 (sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ...)
{DSA-2642-1}
- sudo 1.8.5p2-1+nmu1 (bug #701839)
@@ -8850,7 +8852,7 @@
CVE-2013-1394
RESERVED
CVE-2013-1393 (Cross-site scripting (XSS) vulnerability in the CurvyCorners module ...)
- TODO: check
+ NOT-FOR-US: Drupal module CurvyCorners
CVE-2013-1392
RESERVED
CVE-2013-1391
More information about the Secure-testing-commits
mailing list