[Secure-testing-commits] r21475 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Mar 1 21:14:24 UTC 2013
Author: joeyh
Date: 2013-03-01 21:14:24 +0000 (Fri, 01 Mar 2013)
New Revision: 21475
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-03-01 20:38:58 UTC (rev 21474)
+++ data/CVE/list 2013-03-01 21:14:24 UTC (rev 21475)
@@ -1,3 +1,47 @@
+CVE-2013-2293
+ RESERVED
+CVE-2013-2292
+ RESERVED
+CVE-2013-2291
+ RESERVED
+CVE-2013-2290
+ RESERVED
+CVE-2013-2289
+ RESERVED
+CVE-2013-2288
+ RESERVED
+CVE-2013-2287
+ RESERVED
+CVE-2013-2286
+ RESERVED
+CVE-2013-2285
+ RESERVED
+CVE-2013-2284
+ RESERVED
+CVE-2013-2283
+ RESERVED
+CVE-2013-2282
+ RESERVED
+CVE-2013-2281
+ RESERVED
+CVE-2013-2280
+ RESERVED
+CVE-2013-2279
+ RESERVED
+CVE-2013-2278
+ RESERVED
+CVE-2013-2277 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in ...)
+ TODO: check
+CVE-2013-2276 (The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg ...)
+ TODO: check
+CVE-2013-2275
+ RESERVED
+CVE-2013-2274
+ RESERVED
+CVE-2013-2273
+ RESERVED
+CVE-2013-2272
+ RESERVED
CVE-2013-XXXX [busybox insecure subdir creation under /dev]
- busybox <unfixed> (low; bug #701965)
[squeeze] - busybox <no-dsa> (Minor issue)
@@ -1018,16 +1062,13 @@
RESERVED
- sudo 1.8.5p2-1+nmu1 (bug #701838)
NOTE: severity depends a lot on the environment
-CVE-2013-1774
- RESERVED
+CVE-2013-1774 (The chase_port function in drivers/usb/serial/io_ti.c in the Linux ...)
- linux 3.2.38-1
- linux-2.6 <removed>
-CVE-2013-1773
- RESERVED
+CVE-2013-1773 (Buffer overflow in the VFAT filesystem implementation in the Linux ...)
- linux <unfixed>
- linux-2.6 <removed>
-CVE-2013-1772 [call_console_drivers() Function Log Prefix Stripping buffer overflow]
- RESERVED
+CVE-2013-1772 (The log_prefix function in kernel/printk.c in the Linux kernel 3.x ...)
- linux 3.2.39-1
- linux-2.6 <not-affected> (Vulnerability exposed since 3.0)
CVE-2013-1771 [monkey: world-readable logdir]
@@ -1045,8 +1086,7 @@
- telepathy-gabble <unfixed>
CVE-2013-1768
RESERVED
-CVE-2013-1767
- RESERVED
+CVE-2013-1767 (Use-after-free vulnerability in the shmem_remount_fs function in ...)
- linux <unfixed>
- linux-2.6 <removed>
CVE-2013-1766 [libvirtd changes permissions of devices to libvirt-qemu:kvm]
@@ -1058,8 +1098,7 @@
CVE-2013-1764
RESERVED
- packagekit <not-affected> (Zypp backend specific to SuSE)
-CVE-2013-1763 [out-of-bounds access of the sock_diag_handlers[] array]
- RESERVED
+CVE-2013-1763 (Array index error in the __sock_diag_rcv_msg function in ...)
- linux <not-affected> (Introduced in 3.3)
NOTE: 3.6.9 and 3.7.8 in experimental are affected, 3.8 will be fixed.
CVE-2013-1762
@@ -1264,6 +1303,7 @@
- foswiki <itp> (bug #509864)
CVE-2013-1665 [Information leak via xml entity parsing]
RESERVED
+ {DSA-2634-1}
- keystone 2012.1.1-13 (bug #700948)
- python-django 1.4.4-1
CVE-2013-1664 [Denial of service via xml entity parsing]
@@ -1869,6 +1909,7 @@
RESERVED
CVE-2013-1423
RESERVED
+ {DSA-2633-1}
- fusionforge 5.2.1+20130227-1
CVE-2013-1422
RESERVED
@@ -2507,24 +2548,24 @@
RESERVED
CVE-2013-1142
RESERVED
-CVE-2013-1141
- RESERVED
+CVE-2013-1141 (The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) ...)
+ TODO: check
CVE-2013-1140
RESERVED
-CVE-2013-1139
- RESERVED
+CVE-2013-1139 (The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 ...)
+ TODO: check
CVE-2013-1138 (The NAT process on Cisco Adaptive Security Appliances (ASA) devices ...)
NOT-FOR-US: Cisco
-CVE-2013-1137
- RESERVED
+CVE-2013-1137 (Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 ...)
+ TODO: check
CVE-2013-1136
RESERVED
-CVE-2013-1135
- RESERVED
-CVE-2013-1134
- RESERVED
-CVE-2013-1133
- RESERVED
+CVE-2013-1135 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance ...)
+ TODO: check
+CVE-2013-1134 (The Location Bandwidth Manager (LBM) Intracluster-communication ...)
+ TODO: check
+CVE-2013-1133 (Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 ...)
+ TODO: check
CVE-2013-1132
RESERVED
CVE-2013-1131 (Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, ...)
@@ -2541,8 +2582,8 @@
RESERVED
CVE-2013-1125 (The command-line interface in Cisco Identity Services Engine Software, ...)
NOT-FOR-US: Cisco
-CVE-2013-1124
- RESERVED
+CVE-2013-1124 (The Cisco Network Admission Control (NAC) agent on Mac OS X does not ...)
+ TODO: check
CVE-2013-1123 (Multiple cross-site scripting (XSS) vulnerabilities in the server in ...)
NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2013-1122 (Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport ...)
@@ -2694,6 +2735,7 @@
- gnome-screensaver <not-affected> (Ubuntu-specific Unity patch)
CVE-2013-1049 [remotely-exploitable buffer overflow in cfingerd's rfc1413 (ident) client]
RESERVED
+ {DSA-2635-1}
- cfingerd 1.4.3-3.1 (bug #700098)
NOTE: https://bugs.launchpad.net/ubuntu/+source/cfingerd/+bug/1104425
CVE-2013-1048
@@ -3537,12 +3579,12 @@
RESERVED
CVE-2013-0710
RESERVED
-CVE-2013-0709
- RESERVED
-CVE-2013-0708
- RESERVED
-CVE-2013-0707
- RESERVED
+CVE-2013-0709 (Cross-site scripting (XSS) vulnerability in dopvSTAR* 0091 allows ...)
+ TODO: check
+CVE-2013-0708 (Cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b allows ...)
+ TODO: check
+CVE-2013-0707 (Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, ...)
+ TODO: check
CVE-2013-0706 (NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and ...)
NOT-FOR-US: NEC Universal RAID Utility
CVE-2013-0705 (Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) ...)
@@ -3750,8 +3792,8 @@
RESERVED
CVE-2013-0649 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-0648
- RESERVED
+CVE-2013-0648 (Unspecified vulnerability in the ExternalInterface ActionScript ...)
+ TODO: check
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0647 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on ...)
NOT-FOR-US: Adobe Flash Plugin
@@ -3761,8 +3803,8 @@
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0644 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-0643
- RESERVED
+CVE-2013-0643 (The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x ...)
+ TODO: check
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0642 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
@@ -4048,8 +4090,8 @@
RESERVED
CVE-2013-0505
RESERVED
-CVE-2013-0504
- RESERVED
+CVE-2013-0504 (Buffer overflow in the broker service in Adobe Flash Player before ...)
+ TODO: check
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0503
RESERVED
@@ -4077,8 +4119,8 @@
RESERVED
CVE-2013-0491
RESERVED
-CVE-2013-0490
- RESERVED
+CVE-2013-0490 (Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 ...)
+ TODO: check
CVE-2013-0489
RESERVED
CVE-2013-0488
@@ -4620,8 +4662,7 @@
RESERVED
- pktstat 1.8.5-3 (bug #701211)
[squeeze] - pktstat <not-affected> (Vulnerable code not present)
-CVE-2013-0349 [Linux kernel: Bluetooth HIDP information disclosure]
- RESERVED
+CVE-2013-0349 (The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux ...)
- linux <unfixed>
- linux-2.6 <removed>
CVE-2013-0348 [sthttpd world-redable logdir]
@@ -4640,8 +4681,7 @@
- varnish <not-affected> (Logfiles are owned by varnishlog:varnishlog)
CVE-2013-0344
RESERVED
-CVE-2013-0343
- RESERVED
+CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux ...)
- linux <unfixed> (low)
- linux-2.6 <removed> (low)
CVE-2013-0342 [CreateID() creates serialized packet IDs for RADIUS]
@@ -4758,9 +4798,11 @@
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
CVE-2013-0306 [Formset denial-of-service]
RESERVED
+ {DSA-2634-1}
- python-django 1.4.4-1 (bug #701186)
CVE-2013-0305 [Data leakage via admin history log]
RESERVED
+ {DSA-2634-1}
- python-django 1.4.4-1 (bug #701186)
NOTE: https://www.djangoproject.com/weblog/2013/feb/19/security/
CVE-2013-0304
@@ -4921,8 +4963,7 @@
RESERVED
CVE-2013-0257
RESERVED
-CVE-2013-0256 [XSS exploit of RDoc documentation generated by rdoc]
- RESERVED
+CVE-2013-0256 (darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before ...)
- ruby1.9.1 1.9.3.194-6 (low; bug #699929)
- ruby1.8 <not-affected> (Only affects 1.9 and 2.0)
NOTE: http://marc.info/?l=oss-security&m=136021623726440&w=2
@@ -5029,8 +5070,7 @@
- miniupnpd <unfixed>
CVE-2013-0229 (The ProcessSSDPRequest function in minissdp.c in the SSDP handler in ...)
- miniupnpd <unfixed>
-CVE-2013-0228
- RESERVED
+CVE-2013-0228 (The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel ...)
- linux 3.2.39-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-48
@@ -5174,12 +5214,10 @@
RESERVED
CVE-2013-0185
RESERVED
-CVE-2013-0184 [Rack::Auth::AbstractRequest DoS]
- RESERVED
+CVE-2013-0184 (Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x ...)
- ruby-rack 1.4.1-2.1 (bug #698440)
- librack-ruby <removed>
-CVE-2013-0183 [receiving excessively long lines triggers out-of-memory error]
- RESERVED
+CVE-2013-0183 (multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 ...)
- ruby-rack 1.4.1-2.1 (bug #698440)
- librack-ruby <removed>
CVE-2013-0182
@@ -5255,8 +5293,7 @@
NOT-FOR-US: OpenShift
CVE-2013-0163
RESERVED
-CVE-2013-0162 [insecure temporary file usage]
- RESERVED
+CVE-2013-0162 (The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser ...)
- ruby-parser 2.3.1-2 (bug #701637)
NOTE: http://www.openwall.com/lists/oss-security/2013/02/22/5
CVE-2013-0161
@@ -5299,6 +5336,7 @@
CVE-2013-0154 (The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when ...)
- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
CVE-2013-0153 (The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, ...)
+ {DSA-2636-1}
- xen 4.1.4-2
CVE-2013-0152 (Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a ...)
- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
@@ -5854,8 +5892,7 @@
CVE-2012-6117
RESERVED
NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
-CVE-2012-6116
- RESERVED
+CVE-2012-6116 (modules/certs/manifests/config.pp in katello-configure before ...)
NOTE: Candlepin
CVE-2012-6115
RESERVED
@@ -5886,8 +5923,7 @@
[squeeze] - libgnome-keyring <no-dsa> (Minor issue)
[wheezy] - libgnome-keyring <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2013/01/11/5
-CVE-2012-6109 [parsing Content-Disposition header DoS]
- RESERVED
+CVE-2012-6109 (lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x ...)
- ruby-rack 1.4.1-2.1 (bug #698440)
- librack-ruby <removed>
CVE-2012-6108 [default permissions for /var/log/hp are too open]
@@ -7034,8 +7070,8 @@
NOT-FOR-US: IBM SPSS Modeler
CVE-2012-5768
RESERVED
-CVE-2012-5767
- RESERVED
+CVE-2012-5767 (Unspecified vulnerability in the web interface on the IBM TS3500 Tape ...)
+ TODO: check
CVE-2012-5766
RESERVED
CVE-2012-5765 (The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before ...)
@@ -7400,6 +7436,7 @@
CVE-2012-5635
RESERVED
CVE-2012-5634 (Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, ...)
+ {DSA-2636-1}
- xen 4.1.3-8 (low)
CVE-2012-5633
RESERVED
@@ -7501,8 +7538,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5605 (Grinder in Red Hat CloudForms before 1.1 uses world-writable ...)
NOT-FOR-US: Red Hat CloudForms
-CVE-2012-5604
- RESERVED
+CVE-2012-5604 (The ldap_fluff gem for Ruby, as used in Red Hat CloudFroms 1.1, when ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2012-5603 (proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does ...)
NOT-FOR-US: Red Hat CloudForms
@@ -7619,8 +7655,7 @@
- keystone <not-affected> (Folsom branch not packaged yet)
CVE-2012-5562
RESERVED
-CVE-2012-5561 [Katello: /etc/katello/secure/passphrase is world readable]
- RESERVED
+CVE-2012-5561 (script/katello-generate-passphrase in Katello 1.1 uses world-readable ...)
NOT-FOR-US: Katello
CVE-2012-5560
RESERVED
@@ -7752,6 +7787,7 @@
- xen 4.1.3-5
[squeeze] - xen <not-affected> (Only affects Xen 4.1)
CVE-2012-5511 (Stack-based buffer overflow in the dirty video RAM tracking ...)
+ {DSA-2636-1}
- xen 4.1.3-5
CVE-2012-5510 (Xen 4.x, when downgrading the grant table version, does not properly ...)
{DSA-2582-1}
@@ -9354,12 +9390,12 @@
NOT-FOR-US: IBM Lotus Notes
CVE-2012-4845 (The FTP client in AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does ...)
NOT-FOR-US: AIX
-CVE-2012-4844
- RESERVED
+CVE-2012-4844 (Cross-site scripting (XSS) vulnerability in the web server in IBM ...)
+ TODO: check
CVE-2012-4843
RESERVED
-CVE-2012-4842
- RESERVED
+CVE-2012-4842 (Open redirect vulnerability in the web server in IBM Lotus Domino ...)
+ TODO: check
CVE-2012-4841 (Unspecified vulnerability in Tivoli Endpoint Manager for Remote ...)
NOT-FOR-US: Tivoli
CVE-2012-4840
@@ -10375,8 +10411,7 @@
CVE-2012-4559 (Multiple double free vulnerabilities in the (1) agent_sign_data ...)
{DSA-2577-1}
- libssh 0.5.3-1
-CVE-2012-4558 [apache2 XSS in mod_proxy_balancer manager]
- RESERVED
+CVE-2012-4558 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- apache2 <unfixed> (low)
CVE-2012-4557 (The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through ...)
{DSA-2579-1}
@@ -10414,11 +10449,11 @@
{DSA-2592-1}
- elinks 0.12~pre5-9
CVE-2012-4544 (The PV domain builder in Xen 4.2 and earlier does not validate the ...)
+ {DSA-2636-1}
- xen 4.1.3-4 (low; bug #688125)
CVE-2012-4543 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat ...)
NOT-FOR-US: Red Hat Certificate System
-CVE-2012-4542
- RESERVED
+CVE-2012-4542 (block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly ...)
- linux <unfixed>
- linux-2.6 <removed>
CVE-2012-4541 (Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows ...)
@@ -10484,6 +10519,7 @@
CVE-2012-4521 [rejected dupe assignment]
REJECTED
CVE-2012-4520 (The django.http.HttpRequest.get_host function in Django 1.3.x before ...)
+ {DSA-2634-1}
- python-django 1.4.2-1 (bug #691145)
CVE-2012-4519
RESERVED
@@ -13109,8 +13145,7 @@
CVE-2012-3500 (scripts/annotate-output.sh in devscripts before 2.12.2, as used in ...)
{DSA-2549-1}
- devscripts 2.12.2
-CVE-2012-3499 [apache2 XSS in various modules]
- RESERVED
+CVE-2012-3499 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP ...)
- apache2 <unfixed> (low)
CVE-2012-3498 (PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and ...)
- xen 4.1.3-2 (bug #686764)
@@ -18017,8 +18052,7 @@
CVE-2012-1569 (The asn1_get_length_der function in decoding.c in GNU Libtasn1 before ...)
{DSA-2440-1}
- libtasn1-3 2.12-1 (high)
-CVE-2012-1568
- RESERVED
+CVE-2012-1568 (The ExecShield feature in a certain Red Hat patch for the Linux kernel ...)
- linux-2.6 <not-affected> (execshield issue)
CVE-2012-1567
RESERVED
@@ -26078,8 +26112,7 @@
{DSA-2405-1}
- apache2 2.2.18-1
NOTE: Related to CVE-2011-3368 and CVE-2011-4317 but a different issue
-CVE-2011-3638
- RESERVED
+CVE-2011-3638 (fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a ...)
- linux-2.6 3.0.0-1
[squeeze] - linux-2.6 2.6.32-40
CVE-2011-3637 (The m_stop function in fs/proc/task_mmu.c in the Linux kernel before ...)
@@ -28276,8 +28309,7 @@
[squeeze] - torque <no-dsa> (Not fixable, would need an update to a release with MUNGE support, clusters typically run in locked down environments)
CVE-2011-2906 (** DISPUTED ** Integer signedness error in the ...)
NOT-FOR-US: ** REJECT **
-CVE-2011-2905
- RESERVED
+CVE-2011-2905 (Untrusted search path vulnerability in the perf_config function in ...)
{DSA-2303-1}
- linux-2.6 3.0.0-2
[lenny] - linux-2.6 <not-affected> (perf not yet present)
@@ -29510,8 +29542,7 @@
CVE-2011-2492 (The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not ...)
{DSA-2310-1 DSA-2303-1}
- linux-2.6 3.0.0-1 (low)
-CVE-2011-2491
- RESERVED
+CVE-2011-2491 (The Network Lock Manager (NLM) protocol implementation in the NFS ...)
{DSA-2310-1 DSA-2303-1}
- linux-2.6 3.0.0-1
CVE-2011-2490 (opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not ...)
@@ -29557,8 +29588,7 @@
- kfreebsd-8 8.2-3 (bug #631161)
[squeeze] - kfreebsd-8 8.1+dfsg-8+squeeze1
- kfreebsd-7 <removed>
-CVE-2011-2479
- RESERVED
+CVE-2011-2479 (The Linux kernel before 2.6.39 does not properly create transparent ...)
- linux-2.6 2.6.39-1
[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.38)
[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.38)
@@ -33186,8 +33216,7 @@
- tomcat5.5 <removed>
CVE-2011-1183 (Apache Tomcat 7.0.11, when web.xml has no login configuration, does ...)
- tomcat6 <not-affected> (Only affects Tomcat 7)
-CVE-2011-1182
- RESERVED
+CVE-2011-1182 (kernel/signal.c in the Linux kernel before 2.6.39 allows local users ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-2
CVE-2011-1181 [missing error handling in linux netdev]
@@ -33744,8 +33773,7 @@
CVE-2011-1020 (The proc filesystem implementation in the Linux kernel 2.6.37 and ...)
{DSA-2310-1 DSA-2303-1}
- linux-2.6 2.6.39-1
-CVE-2011-1019
- RESERVED
+CVE-2011-1019 (The dev_load function in net/core/dev.c in the Linux kernel before ...)
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.32)
- linux-2.6 2.6.38-1 (unimportant)
NOTE: We won't fix this for Squeeze. This only applies to non-standard setups with fine
More information about the Secure-testing-commits
mailing list