[Secure-testing-commits] r22534 - data/CVE

Fri Jun 7 21:14:27 UTC 2013

Author: joeyh
Date: 2013-06-07 21:14:26 +0000 (Fri, 07 Jun 2013)
New Revision: 22534

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2013-06-07 19:25:19 UTC (rev 22533)
+++ data/CVE/list	2013-06-07 21:14:26 UTC (rev 22534)
@@ -1,3 +1,21 @@
+CVE-2013-3970
+	RESERVED
+CVE-2013-3969
+	RESERVED
+CVE-2013-3968
+	RESERVED
+CVE-2013-3967
+	RESERVED
+CVE-2013-3966
+	RESERVED
+CVE-2013-3965
+	RESERVED
+CVE-2013-3964
+	RESERVED
+CVE-2013-3963
+	RESERVED
+CVE-2013-3962
+	RESERVED
 CVE-2013-3961
 	RESERVED
 CVE-2013-3960
@@ -2394,12 +2412,11 @@
 	- chromium-browser 27.0.1453.110-1
 CVE-2013-2853
 	RESERVED
-CVE-2013-2852
-	RESERVED
-CVE-2013-2851
-	RESERVED
-CVE-2013-2850
-	RESERVED
+CVE-2013-2852 (Format string vulnerability in the b43_request_firmware function in ...)
+	TODO: check
+CVE-2013-2851 (Format string vulnerability in the register_disk function in ...)
+	TODO: check
+CVE-2013-2850 (Heap-based buffer overflow in the iscsi_add_notunderstood_response ...)
 	- linux 3.9.4-1
 	- linux-2.6 <removed>
 CVE-2013-2849 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...)
@@ -4065,17 +4082,14 @@
 CVE-2013-2149 [XSS vulnerability in core/js/oc-dialogs.js]
 	RESERVED
 	- owncloud 4.0.16debian-1 (bug #711517)
-CVE-2013-2148 [fanotify: info leak in copy_event_to_user]
-	RESERVED
+CVE-2013-2148 (The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c ...)
 	- linux-2.6 <removed> (low)
 	[squeeze] - linux-2.6 <not-affected> (fanotify introduced in 2.6.36)
 	- linux <unfixed> (low)
-CVE-2013-2147 [pqarray/c: info leak in ida_locked_ioctl()]
-	RESERVED
+CVE-2013-2147 (The HP Smart Array controller disk-array driver and Compaq SMART2 ...)
 	- linux-2.6 <removed> (low)
 	- linux <unfixed> (low)
-CVE-2013-2146 [perf DoS]
-	RESERVED
+CVE-2013-2146 (arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before ...)
 	- linux-2.6 <removed>
 	- linux 3.9.4-1
 CVE-2013-2145 [arbitrary code execution when verifying SIGNATURE]
@@ -4090,8 +4104,7 @@
 	- libimobiledevice <unfixed> (low; bug #710885)
 	[squeeze] - libimobiledevice <no-dsa> (Minor issue)
 	[wheezy] - libimobiledevice <no-dsa> (Minor issue)
-CVE-2013-2141 [kernel info leak in tkill/tgkill]
-	RESERVED
+CVE-2013-2141 (The do_tkill function in kernel/signal.c in the Linux kernel before ...)
 	- linux-2.6 <removed>
 	- linux 3.9.4-1
 CVE-2013-2140 [xen/blkback: Check device permissions before allowing OP_DISCARD]
@@ -4135,8 +4148,7 @@
 	[wheezy] - znc <not-affected> (Vulnerable code not present)
 CVE-2013-2129
 	RESERVED
-CVE-2013-2128
-	RESERVED
+CVE-2013-2128 (The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel ...)
 	- linux-2.6 <removed>
 	- linux 2.6.35-1~experimental.1
 	NOTE: https://git.kernel.org/linus/baff42ab1494528907bf4d5870359e31711746ae
@@ -4893,8 +4905,7 @@
 	RESERVED
 	- mantis <not-affected> (affects only Mantis 1.2.12 and later)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
-CVE-2013-1929 [tg3 VPD firmware -> driver injection]
-	RESERVED
+CVE-2013-1929 (Heap-based buffer overflow in the tg3_read_vpd function in ...)
 	{DSA-2669-1 DSA-2668-1}
 	- linux 3.8.11-1
 	- linux-2.6 <removed>
@@ -27914,8 +27925,7 @@
 	[lenny] - rocksndiamonds <no-dsa> (Contrib not supported)
 CVE-2011-4605 (The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
-CVE-2011-4604 [http://seclists.org/oss-sec/2011/q4/496]
-	RESERVED
+CVE-2011-4604 (The bat_socket_read function in net/batman-adv/icmp_socket.c in the ...)
 	- batmand-adv-kernelland <removed>
 	[squeeze] - batmand-adv-kernelland <not-affected> (Vulnerable code not present)
 	- linux-2.6 <unfixed>


