[Secure-testing-commits] r22560 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Jun 10 21:16:07 UTC 2013
Author: joeyh
Date: 2013-06-10 21:16:07 +0000 (Mon, 10 Jun 2013)
New Revision: 22560
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-06-10 21:05:21 UTC (rev 22559)
+++ data/CVE/list 2013-06-10 21:16:07 UTC (rev 22560)
@@ -1,3 +1,233 @@
+CVE-2013-4085
+ RESERVED
+CVE-2013-4084
+ RESERVED
+CVE-2013-4083 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the ...)
+ TODO: check
+CVE-2013-4082 (The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file ...)
+ TODO: check
+CVE-2013-4081 (The http_payload_subdissector function in ...)
+ TODO: check
+CVE-2013-4080 (The dissect_r3_upstreamcommand_queryconfig function in ...)
+ TODO: check
+CVE-2013-4079 (The dissect_schedule_message function in ...)
+ TODO: check
+CVE-2013-4078 (epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x ...)
+ TODO: check
+CVE-2013-4077 (Array index error in the NBAP dissector in Wireshark 1.8.x before ...)
+ TODO: check
+CVE-2013-4076 (Buffer overflow in the dissect_iphc_crtp_fh function in ...)
+ TODO: check
+CVE-2013-4075 (epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in ...)
+ TODO: check
+CVE-2013-4074 (The dissect_capwap_data function in epan/dissectors/packet-capwap.c in ...)
+ TODO: check
+CVE-2013-4073
+ RESERVED
+CVE-2013-4072
+ RESERVED
+CVE-2013-4071
+ RESERVED
+CVE-2013-4070
+ RESERVED
+CVE-2013-4069
+ RESERVED
+CVE-2013-4068
+ RESERVED
+CVE-2013-4067
+ RESERVED
+CVE-2013-4066
+ RESERVED
+CVE-2013-4065
+ RESERVED
+CVE-2013-4064
+ RESERVED
+CVE-2013-4063
+ RESERVED
+CVE-2013-4062
+ RESERVED
+CVE-2013-4061
+ RESERVED
+CVE-2013-4060
+ RESERVED
+CVE-2013-4059
+ RESERVED
+CVE-2013-4058
+ RESERVED
+CVE-2013-4057
+ RESERVED
+CVE-2013-4056
+ RESERVED
+CVE-2013-4055
+ RESERVED
+CVE-2013-4054
+ RESERVED
+CVE-2013-4053
+ RESERVED
+CVE-2013-4052
+ RESERVED
+CVE-2013-4051
+ RESERVED
+CVE-2013-4050
+ RESERVED
+CVE-2013-4049
+ RESERVED
+CVE-2013-4048
+ RESERVED
+CVE-2013-4047
+ RESERVED
+CVE-2013-4046
+ RESERVED
+CVE-2013-4045
+ RESERVED
+CVE-2013-4044
+ RESERVED
+CVE-2013-4043
+ RESERVED
+CVE-2013-4042
+ RESERVED
+CVE-2013-4041
+ RESERVED
+CVE-2013-4040
+ RESERVED
+CVE-2013-4039
+ RESERVED
+CVE-2013-4038
+ RESERVED
+CVE-2013-4037
+ RESERVED
+CVE-2013-4036
+ RESERVED
+CVE-2013-4035
+ RESERVED
+CVE-2013-4034
+ RESERVED
+CVE-2013-4033
+ RESERVED
+CVE-2013-4032
+ RESERVED
+CVE-2013-4031
+ RESERVED
+CVE-2013-4030
+ RESERVED
+CVE-2013-4029
+ RESERVED
+CVE-2013-4028
+ RESERVED
+CVE-2013-4027
+ RESERVED
+CVE-2013-4026
+ RESERVED
+CVE-2013-4025
+ RESERVED
+CVE-2013-4024
+ RESERVED
+CVE-2013-4023
+ RESERVED
+CVE-2013-4022
+ RESERVED
+CVE-2013-4021
+ RESERVED
+CVE-2013-4020
+ RESERVED
+CVE-2013-4019
+ RESERVED
+CVE-2013-4018
+ RESERVED
+CVE-2013-4017
+ RESERVED
+CVE-2013-4016
+ RESERVED
+CVE-2013-4015
+ RESERVED
+CVE-2013-4014
+ RESERVED
+CVE-2013-4013
+ RESERVED
+CVE-2013-4012
+ RESERVED
+CVE-2013-4011
+ RESERVED
+CVE-2013-4010
+ RESERVED
+CVE-2013-4009
+ RESERVED
+CVE-2013-4008
+ RESERVED
+CVE-2013-4007
+ RESERVED
+CVE-2013-4006
+ RESERVED
+CVE-2013-4005
+ RESERVED
+CVE-2013-4004
+ RESERVED
+CVE-2013-4003
+ RESERVED
+CVE-2013-4002
+ RESERVED
+CVE-2013-4001
+ RESERVED
+CVE-2013-4000
+ RESERVED
+CVE-2013-3999
+ RESERVED
+CVE-2013-3998
+ RESERVED
+CVE-2013-3997
+ RESERVED
+CVE-2013-3996
+ RESERVED
+CVE-2013-3995
+ RESERVED
+CVE-2013-3994
+ RESERVED
+CVE-2013-3993
+ RESERVED
+CVE-2013-3992
+ RESERVED
+CVE-2013-3991
+ RESERVED
+CVE-2013-3990
+ RESERVED
+CVE-2013-3989
+ RESERVED
+CVE-2013-3988
+ RESERVED
+CVE-2013-3987
+ RESERVED
+CVE-2013-3986
+ RESERVED
+CVE-2013-3985
+ RESERVED
+CVE-2013-3984
+ RESERVED
+CVE-2013-3983
+ RESERVED
+CVE-2013-3982
+ RESERVED
+CVE-2013-3981
+ RESERVED
+CVE-2013-3980
+ RESERVED
+CVE-2013-3979
+ RESERVED
+CVE-2013-3978
+ RESERVED
+CVE-2013-3977
+ RESERVED
+CVE-2013-3976
+ RESERVED
+CVE-2013-3975
+ RESERVED
+CVE-2013-3974
+ RESERVED
+CVE-2013-3973
+ RESERVED
+CVE-2013-3972
+ RESERVED
+CVE-2013-3971
+ RESERVED
CVE-2013-3970
RESERVED
CVE-2013-3969
@@ -603,43 +833,37 @@
RESERVED
CVE-2013-3676
RESERVED
-CVE-2013-3675 [libavcodec/sanm.c integer overflow and out of array accesses]
- RESERVED
+CVE-2013-3675 (The process_frame_obj function in sanm.c in libavcodec in FFmpeg ...)
- ffmpeg <removed>
- libav <unfixed>
TODO: check
NOTE: fixed in ffmpeg 1.2.1
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915
-CVE-2013-3674 [libavcodec/cdgraphics.c out of array accesses]
- RESERVED
+CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg ...)
- ffmpeg <removed>
- libav <unfixed>
TODO: check
NOTE: fixed in ffmpeg 1.2.1
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ad002e1a13a8df934bd6cb2c84175a4780ab8942
-CVE-2013-3673 [libavcodec/gifdec.c out of array accesses]
- RESERVED
+CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg ...)
- ffmpeg <removed>
- libav <unfixed>
TODO: check
NOTE: fixed in ffmpeg 1.2.1
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d23b8462b5a4a9da78ed45c4a7a3b35d538df909
-CVE-2013-3672 [libavcodec/mmvideo.c out of array accesses]
- RESERVED
+CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg ...)
- ffmpeg <removed>
- libav <unfixed>
TODO: check
NOTE: fixed in ffmpeg 1.2.1
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8d3c99e825317b7efda5fd12e69896b47c700303
-CVE-2013-3671 [libavutil/log.c calling random pointer]
- RESERVED
+CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before 1.2.1 ...)
- ffmpeg <removed>
- libav <unfixed>
TODO: check
NOTE: fixed in ffmpeg 1.2.1
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7edb984dd051b6919d7d8471c70499273f31b0fa
-CVE-2013-3670 [libavcodec/vmdav.c out of array accesses]
- RESERVED
+CVE-2013-3670 (The rle_unpack function in vmdav.c in libavcodec in FFmpeg git ...)
- ffmpeg <removed>
- libav <unfixed>
TODO: check
@@ -2388,26 +2612,36 @@
CVE-2013-2866
RESERVED
CVE-2013-2865 (Multiple unspecified vulnerabilities in Google Chrome before ...)
+ {DSA-2706-1}
- chromium-browser 27.0.1453.110-1
CVE-2013-2864 (The PDF functionality in Google Chrome before 27.0.1453.110 allows ...)
- chromium-browser <not-affected> (PDF viewer not included in Chromium)
CVE-2013-2863 (Google Chrome before 27.0.1453.110 does not properly handle SSL ...)
+ {DSA-2706-1}
- chromium-browser 27.0.1453.110-1
CVE-2013-2862 (Skia, as used in Google Chrome before 27.0.1453.110, does not properly ...)
+ {DSA-2706-1}
- chromium-browser 27.0.1453.110-1
CVE-2013-2861 (Use-after-free vulnerability in the SVG implementation in Google ...)
+ {DSA-2706-1}
- chromium-browser 27.0.1453.110-1
CVE-2013-2860 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 ...)
+ {DSA-2706-1}
- chromium-browser 27.0.1453.110-1
CVE-2013-2859 (Google Chrome before 27.0.1453.110 allows remote attackers to bypass ...)
+ {DSA-2706-1}
- chromium-browser 27.0.1453.110-1
CVE-2013-2858 (Use-after-free vulnerability in the HTML5 Audio implementation in ...)
+ {DSA-2706-1}
- chromium-browser 27.0.1453.110-1
CVE-2013-2857 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 ...)
+ {DSA-2706-1}
- chromium-browser 27.0.1453.110-1
CVE-2013-2856 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 ...)
+ {DSA-2706-1}
- chromium-browser 27.0.1453.110-1
CVE-2013-2855 (The Developer Tools API in Google Chrome before 27.0.1453.110 allows ...)
+ {DSA-2706-1}
- chromium-browser 27.0.1453.110-1
CVE-2013-2854 (Google Chrome before 27.0.1453.110 on Windows provides an incorrect ...)
- chromium-browser 27.0.1453.110-1
@@ -4144,6 +4378,7 @@
RESERVED
CVE-2013-2132 [null pointer when decoding invalid DBRef]
RESERVED
+ {DSA-2705-1}
- pymongo 2.5.2-1 (bug #710597)
[squeeze] - pymongo <not-affected> (bson module not present)
NOTE: https://jira.mongodb.org/browse/PYTHON-532
@@ -7416,8 +7651,7 @@
- webkit <undetermined> (bug #700164)
CVE-2013-0948 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
- webkit <undetermined> (bug #700164)
-CVE-2013-0947
- RESERVED
+CVE-2013-0947 (EMC RSA Authentication Manager 8.0 before P1 allows local users to ...)
NOT-FOR-US: EMC
CVE-2013-0946 (Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor ...)
NOT-FOR-US: EMC
@@ -10029,14 +10263,11 @@
RESERVED
CVE-2013-0145 (Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote ...)
NOT-FOR-US: Serva32
-CVE-2013-0144
- RESERVED
+CVE-2013-0144 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: QNAP
-CVE-2013-0143
- RESERVED
+CVE-2013-0143 (cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, ...)
NOT-FOR-US: QNAP
-CVE-2013-0142
- RESERVED
+CVE-2013-0142 (QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance ...)
NOT-FOR-US: QNAP
CVE-2013-0141 (Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) ...)
NOT-FOR-US: McAfee ePolicy Orchestrator
@@ -28652,12 +28883,10 @@
[squeeze] - yaws <not-affected> (Vulnerable code not present)
CVE-2011-4349 (Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) ...)
- colord 0.1.15-1 (medium; bug #650021)
-CVE-2011-4348
- RESERVED
+CVE-2011-4348 (Race condition in the sctp_rcv function in net/sctp/input.c in the ...)
- linux-2.6 <not-affected> (Incomplete fix for RHEL5-specific backport regression)
NOTE: incomplete fix for CVE-2011-2482
-CVE-2011-4347
- RESERVED
+CVE-2011-4347 (The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in ...)
{DSA-2443-1}
- linux-2.6 <unfixed>
CVE-2011-4346 (Cross-site scripting (XSS) vulnerability in the web interface in Red ...)
@@ -29423,8 +29652,8 @@
RESERVED
- libcap2 1:2.22-1 (low)
[squeeze] - libcap2 <no-dsa> (Minor issue)
-CVE-2011-4098
- RESERVED
+CVE-2011-4098 (The fallocate implementation in the GFS2 filesystem in the Linux ...)
+ TODO: check
CVE-2011-4097 (Integer overflow in the oom_badness function in mm/oom_kill.c in the ...)
- linux-2.6 3.0.0-6
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
@@ -29467,8 +29696,7 @@
CVE-2011-4088
RESERVED
NOT-FOR-US: abrt/libreport
-CVE-2011-4087
- RESERVED
+CVE-2011-4087 (The br_parse_ip_options function in net/bridge/br_netfilter.c in the ...)
- linux-2.6 3.0.0-1
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.37)
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.37)
@@ -30962,8 +31190,7 @@
NOT-FOR-US: fluxbb
CVE-2011-3620 (Apache Qpid 0.12 does not properly verify credentials during the ...)
- qpid-cpp <not-affected> (Red Hat-specific extension, see bug #672124)
-CVE-2011-3619
- RESERVED
+CVE-2011-3619 (The apparmor_setprocattr function in security/apparmor/lsm.c in the ...)
- linux-2.6 3.0.0-1
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
@@ -31064,8 +31291,7 @@
- pidgin 2.10.1-1 (unimportant)
[squeeze] - pidgin 2.7.3-1+squeeze2
NOTE: relatively obscure client crash
-CVE-2011-3593
- RESERVED
+CVE-2011-3593 (A certain Red Hat patch to the vlan_hwaccel_do_receive function in ...)
- linux-2.6 <not-affected> (RHEL6 only because of badly backported patches)
CVE-2011-3592 [phpMyAdmin did not properly sanitize the content of db, table, and column names prior use of their values.]
RESERVED
@@ -31803,8 +32029,7 @@
- apache2 2.2.21-1
[squeeze] - apache2 2.2.16-6+squeeze4
[lenny] - apache2 <not-affected> (introduced in 2.2.12)
-CVE-2011-3347
- RESERVED
+CVE-2011-3347 (A certain Red Hat patch to the be2net implementation in the kernel ...)
- linux-2.6 3.2-1
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-3346
@@ -32971,8 +33196,7 @@
- pidgin 2.10.0-1 (bug #638709)
[squeeze] - pidgin <not-affected> (Only affects 2.8 to 2.10)
[lenny] - pidgin <not-affected> (Only affects 2.8 to 2.10)
-CVE-2011-2942
- RESERVED
+CVE-2011-2942 (A certain Red Hat patch to the __br_deliver function in ...)
- linux-2.6 <not-affected> (RHEL-specific backport issue)
CVE-2011-2941
RESERVED
@@ -33770,8 +33994,8 @@
CVE-2011-2694 (Cross-site scripting (XSS) vulnerability in the chg_passwd function in ...)
{DSA-2290-1}
- samba 2:3.5.10~dfsg-1 (low)
-CVE-2011-2693
- RESERVED
+CVE-2011-2693 (The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red ...)
+ TODO: check
CVE-2011-2692 (The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before ...)
{DSA-2287-1}
- libpng 1.2.46-1 (low; bug #633871)
@@ -34353,8 +34577,7 @@
- php5 5.3.6-13 (bug #631347)
- libxcrypt 1:2.4-1.1 (bug #679628)
NOTE: http://openwall.com/lists/oss-security/2011/06/20/2
-CVE-2011-2482
- RESERVED
+CVE-2011-2482 (A certain Red Hat patch to the sctp_sock_migrate function in ...)
- linux-2.6 <not-affected> (RHEL-specific regression)
CVE-2011-2481 (Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace ...)
- tomcat7 7.0.19-1
@@ -36757,8 +36980,7 @@
- kdenetwork 4:4.6.3-1
[squeeze] - kdenetwork 4:4.4.5-2+squeeze1
[lenny] - kdenetwork <not-affected> (Metalink plugin not yet present)
-CVE-2011-1585
- RESERVED
+CVE-2011-1585 (The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux ...)
{DSA-2240-1}
- linux-2.6 <unfixed> (unimportant)
NOTE: an exploitation requires the ability to run mount.cifs w/ root privs
@@ -37999,8 +38221,7 @@
CVE-2011-1181 [missing error handling in linux netdev]
RESERVED
- linux-2.6 <not-affected> (No security issue, see http://marc.info/?l=linux-netdev&m=130075091711143&w=2)
-CVE-2011-1180
- RESERVED
+CVE-2011-1180 (Multiple stack-based buffer overflows in the ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4
CVE-2011-1179 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly ...)
More information about the Secure-testing-commits
mailing list