[Secure-testing-commits] r22465 - data/CVE

Mon Jun 3 21:14:31 UTC 2013

Author: joeyh
Date: 2013-06-03 21:14:31 +0000 (Mon, 03 Jun 2013)
New Revision: 22465

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2013-06-03 20:55:13 UTC (rev 22464)
+++ data/CVE/list	2013-06-03 21:14:31 UTC (rev 22465)
@@ -1,3 +1,11 @@
+CVE-2013-3737
+	RESERVED
+CVE-2013-3736
+	RESERVED
+CVE-2013-3735 (** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 ...)
+	TODO: check
+CVE-2013-3734
+	RESERVED
 CVE-2013-XXXX [libimobiledevice: insecure tmp use]
 	- libimobiledevice <unfixed> (low; bug #710885)
 	NOTE: CVE request: http://www.openwall.com/lists/oss-security/2013/05/31/5
@@ -948,8 +956,7 @@
 	RESERVED
 CVE-2013-3316
 	RESERVED
-CVE-2013-3315
-	RESERVED
+CVE-2013-3315 (The server in TIBCO Silver Mobile 1.1.0 does not properly verify ...)
 	NOT-FOR-US: TIBCO
 CVE-2013-3314
 	RESERVED
@@ -1073,8 +1080,8 @@
 	RESERVED
 CVE-2013-3262
 	RESERVED
-CVE-2013-3261
-	RESERVED
+CVE-2013-3261 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the ...)
+	TODO: check
 CVE-2013-3260
 	RESERVED
 CVE-2013-3259
@@ -3867,8 +3874,7 @@
 	- xen <unfixed> (low)
 	[squeeze] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
 	[wheezy] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
-CVE-2013-2071 [Information disclosure]
-	RESERVED
+CVE-2013-2071 (java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat ...)
 	- tomcat7 7.0.40-1 (bug #707704)
 	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=54178
 CVE-2013-2070 [nginx proxy_pass buffer overflow]
@@ -3881,8 +3887,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=964299
 CVE-2013-2068
 	RESERVED
-CVE-2013-2067 [Session fixation with FORM authenticator]
-	RESERVED
+CVE-2013-2067 (java/org/apache/catalina/authenticator/FormAuthenticator.java in the ...)
 	- tomcat7 7.0.33
 	- tomcat6 <unfixed>
 CVE-2013-2066
@@ -5835,6 +5840,7 @@
 	RESERVED
 CVE-2013-1431
 	RESERVED
+	{DSA-2702-1}
 	- telepathy-gabble 0.16.6-1
 CVE-2013-1430
 	RESERVED
@@ -6281,11 +6287,9 @@
 	NOT-FOR-US: Orchard
 CVE-2012-0722
 	REJECTED
-CVE-2013-1247
-	RESERVED
+CVE-2013-1247 (Cross-site scripting (XSS) vulnerability in the wireless configuration ...)
 	NOT-FOR-US: Cisco
-CVE-2013-1246
-	RESERVED
+CVE-2013-1246 (Cisco TelePresence System Software does not properly handle inactive ...)
 	NOT-FOR-US: Cisco
 CVE-2013-1245 (The user-management page in Cisco WebEx Social relies on client-side ...)
 	NOT-FOR-US: Cisco WebEx Social
@@ -6427,7 +6431,8 @@
 	NOT-FOR-US: Cisco Network Admission Control Manager
 CVE-2013-1176 (The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before ...)
 	NOT-FOR-US: Cisco
-CVE-2013-1175 (The SSL logging daemon in the Application Control Engine module in ...)
+CVE-2013-1175
+	REJECTED
 	NOT-FOR-US: Cisco ACE
 CVE-2013-1174 (Cisco Tivoli Business Service Manager (TBSM) in Hosted Collaboration ...)
 	NOT-FOR-US: Cisco Tivoli Business Service Manager
@@ -9514,8 +9519,8 @@
 	NOT-FOR-US: BitZipper
 CVE-2013-0137
 	RESERVED
-CVE-2013-0136
-	RESERVED
+CVE-2013-0136 (Multiple directory traversal vulnerabilities in the EditDocument ...)
+	TODO: check
 CVE-2013-0135 (Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow ...)
 	NOT-FOR-US: PHP Address Book
 CVE-2013-0134 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
@@ -17198,8 +17203,7 @@
 	- tomcat6 6.0.35-6 (bug #695250)
 CVE-2012-3545
 	RESERVED
-CVE-2012-3544 [Chunked transfer encoding extension size is not limited]
-	RESERVED
+CVE-2012-3544 (Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not ...)
 	- tomcat6 <unfixed>
 	- tomcat7 7.0.30
 CVE-2012-3543


