[Secure-testing-commits] r21515 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Mar 4 21:14:26 UTC 2013 

Author: joeyh
Date: 2013-03-04 21:14:26 +0000 (Mon, 04 Mar 2013)
New Revision: 21515

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-03-04 21:01:50 UTC (rev 21514)
+++ data/CVE/list	2013-03-04 21:14:26 UTC (rev 21515)
@@ -1,3 +1,11 @@
+CVE-2013-2297
+	RESERVED
+CVE-2013-2296
+	RESERVED
+CVE-2013-2295
+	RESERVED
+CVE-2013-2294
+	RESERVED
 CVE-2013-2293
 	RESERVED
 CVE-2013-2292
@@ -1942,8 +1950,7 @@
 	RESERVED
 CVE-2013-1416
 	RESERVED
-CVE-2013-1415 [KDC null pointer dereference with PKINIT]
-	RESERVED
+CVE-2013-1415 (The pkinit_check_kdc_pkid function in ...)
 	- krb5 1.10.1+dfsg-4 (low)
 	[squeeze] - krb5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/krb5/krb5/commit/c773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed
@@ -2755,6 +2762,7 @@
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/cfingerd/+bug/1104425
 CVE-2013-1048
 	RESERVED
+	{DSA-2637-1}
 CVE-2013-1047
 	RESERVED
 CVE-2013-1046
@@ -3593,8 +3601,8 @@
 	RESERVED
 CVE-2013-0711
 	RESERVED
-CVE-2013-0710
-	RESERVED
+CVE-2013-0710 (Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows ...)
+	TODO: check
 CVE-2013-0709 (Cross-site scripting (XSS) vulnerability in dopvSTAR* 0091 allows ...)
 	TODO: check
 CVE-2013-0708 (Cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b allows ...)
@@ -6459,8 +6467,8 @@
 	RESERVED
 CVE-2012-6027
 	RESERVED
-CVE-2012-6026
-	RESERVED
+CVE-2012-6026 (The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 ...)
+	TODO: check
 CVE-2012-6025
 	RESERVED
 CVE-2012-6024
@@ -9378,8 +9386,8 @@
 	RESERVED
 CVE-2012-4859 (Unspecified vulnerability in IBM Tivoli Storage Manager for Space ...)
 	NOT-FOR-US: IBM Tivoli Storage Manager
-CVE-2012-4858
-	RESERVED
+CVE-2012-4858 (IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before ...)
+	TODO: check
 CVE-2012-4857 (Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 ...)
 	NOT-FOR-US: IBM Informix
 CVE-2012-4856 (The Service Processor in the IBM Power 5 91##-### and 940#-### before ...)
@@ -9414,18 +9422,18 @@
 	TODO: check
 CVE-2012-4841 (Unspecified vulnerability in Tivoli Endpoint Manager for Remote ...)
 	NOT-FOR-US: Tivoli
-CVE-2012-4840
-	RESERVED
+CVE-2012-4840 (IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before ...)
+	TODO: check
 CVE-2012-4839 (The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ...)
 	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2012-4838 (IBM Flex System Chassis Management Module (CMM) and Integrated ...)
 	NOT-FOR-US: IBM Flex
-CVE-2012-4837
-	RESERVED
-CVE-2012-4836
-	RESERVED
-CVE-2012-4835
-	RESERVED
+CVE-2012-4837 (IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before ...)
+	TODO: check
+CVE-2012-4836 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business ...)
+	TODO: check
+CVE-2012-4835 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business ...)
+	TODO: check
 CVE-2012-4834 (Directory traversal vulnerability in LayerLoader.jsp in the theme ...)
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2012-4833 (fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not ...)
@@ -10428,6 +10436,7 @@
 	{DSA-2577-1}
 	- libssh 0.5.3-1
 CVE-2012-4558 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	{DSA-2637-1}
 	- apache2 <unfixed> (low)
 CVE-2012-4557 (The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through ...)
 	{DSA-2579-1}
@@ -13159,6 +13168,7 @@
 	{DSA-2549-1}
 	- devscripts 2.12.2
 CVE-2012-3499 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP ...)
+	{DSA-2637-1}
 	- apache2 <unfixed> (low)
 CVE-2012-3498 (PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and ...)
 	- xen 4.1.3-2 (bug #686764)
@@ -16521,8 +16531,8 @@
 	RESERVED
 CVE-2012-2194 (Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored ...)
 	NOT-FOR-US: IBM DB2
-CVE-2012-2193
-	RESERVED
+CVE-2012-2193 (Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos ...)
+	TODO: check
 CVE-2012-2192 (The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS ...)
 	NOT-FOR-US: AIX
 CVE-2012-2191 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM ...)
@@ -16554,8 +16564,8 @@
 	NOT-FOR-US: AIX
 CVE-2012-2178
 	RESERVED
-CVE-2012-2177
-	RESERVED
+CVE-2012-2177 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business ...)
+	TODO: check
 CVE-2012-2176 (Multiple stack-based buffer overflows in a certain ActiveX control in ...)
 	NOT-FOR-US: IBM Lotus Quickr
 CVE-2012-2175 (Buffer overflow in the Attachment_Times method in a certain ActiveX ...)
@@ -19358,8 +19368,8 @@
 CVE-2012-1017 (Multiple SQL injection vulnerabilities in base_qry_main.php in Basic ...)
 	- acidbase <unfixed> (low; bug #659287)
 	[squeeze] - acidbase <no-dsa> (Minor issue)
-CVE-2012-1016
-	RESERVED
+CVE-2012-1016 (The pkinit_server_return_padata function in ...)
+	TODO: check
 CVE-2012-1015 (The kdc_handle_protected_negotiation function in the Key Distribution ...)
 	{DSA-2518-1}
 	- krb5 1.10.1+dfsg-2 (bug #683429)

More information about the Secure-testing-commits mailing list