[Secure-testing-commits] r21555 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Mar 8 21:14:32 UTC 2013 

Author: joeyh
Date: 2013-03-08 21:14:32 +0000 (Fri, 08 Mar 2013)
New Revision: 21555

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-03-08 16:17:14 UTC (rev 21554)
+++ data/CVE/list	2013-03-08 21:14:32 UTC (rev 21555)
@@ -1,3 +1,29 @@
+CVE-2013-2505
+	RESERVED
+CVE-2013-2504
+	RESERVED
+CVE-2013-2503
+	RESERVED
+CVE-2013-2502
+	RESERVED
+CVE-2013-2501
+	RESERVED
+CVE-2013-2500
+	RESERVED
+CVE-2013-2499
+	RESERVED
+CVE-2013-2498
+	RESERVED
+CVE-2013-2497
+	RESERVED
+CVE-2013-2496
+	RESERVED
+CVE-2013-2495
+	RESERVED
+CVE-2013-2494
+	RESERVED
+CVE-2013-2493 (The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in ...)
+	TODO: check
 CVE-2013-2492
 	RESERVED
 CVE-2013-2491
@@ -6,100 +32,86 @@
 	RESERVED
 CVE-2013-2489
 	RESERVED
-CVE-2013-2488 [DTLS dissector crash]
-	RESERVED
+CVE-2013-2488 (The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before ...)
 	- wireshark <unfixed>
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-22.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8380
 	NOTE: Versions affected: 1.8.0 to 1.8.X, 1.6.0 to 1.6.X
 	TODO: squeeze version 1.2.x affected also?
-CVE-2013-2487 [RELOAD dissector infinite loop]
-	RESERVED
+CVE-2013-2487 (epan/dissectors/packet-reload.c in the REsource LOcation And Discovery ...)
 	- wireshark <unfixed> (unimportant)
 	[squeeze] - wireshark <not-affected> (only 1.8.x series)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-21.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364
 	NOTE: Versions affected: 1.8.0 to 1.8.5
 	NOTE: Not suitable for code injection
-CVE-2013-2486 [RELOAD dissector infinite loop]
-	RESERVED
+CVE-2013-2486 (The dissect_diagnosticrequest function in ...)
 	- wireshark <unfixed> (unimportant)
 	[squeeze] - wireshark <not-affected> (only 1.8.x series)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-21.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364
 	NOTE: Versions affected: 1.8.0 to 1.8.5
 	NOTE: Not suitable for code injection
-CVE-2013-2485 [CSP dissector infinite loop]
-	RESERVED
+CVE-2013-2485 (The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before ...)
 	- wireshark <unfixed> (unimportant)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-20.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8359
 	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
 	NOTE: Not suitable for code injection
-CVE-2013-2484 [CIMD dissector crash]
-	RESERVED
+CVE-2013-2484 (The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before ...)
 	- wireshark <unfixed>
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-19.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8346
 	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
-CVE-2013-2483 [ACN dissector divide by zero]
-	RESERVED
+CVE-2013-2483 (The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ...)
 	- wireshark <unfixed> (unimportant)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-18.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8340
 	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
 	NOTE: Not suitable for code injection
-CVE-2013-2482 [AMPQ dissector infinite loop]
-	RESERVED
+CVE-2013-2482 (The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before ...)
 	- wireshark <unfixed> (unimportant)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-17.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8337
 	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
 	NOTE: Not suitable for code injection
-CVE-2013-2481 [Mount dissector crash]
-	RESERVED
+CVE-2013-2481 (Integer signedness error in the dissect_mount_dirpath_call function in ...)
 	- wireshark <unfixed> (unimportant)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-16.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8335
 	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
 	NOTE: Not suitable for code injection
-CVE-2013-2480 [RTPS and RTPS2 dissector crash]
-	RESERVED
+CVE-2013-2480 (The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and ...)
 	- wireshark <unfixed>
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-15.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8332
 	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
-CVE-2013-2479 [MPLS Echo dissector infinite loop]
-	RESERVED
+CVE-2013-2479 (The dissect_mpls_echo_tlv_dd_map function in ...)
 	- wireshark <unfixed> (unimportant)
 	[squeeze] - wireshark <not-affected> (only affecting 1.8.x)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-14.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8039
 	NOTE: Versions affected: 1.8.0 to 1.8.5
 	NOTE: Not suitable for code injection
-CVE-2013-2478 [MS-MMS dissector crash]
-	RESERVED
+CVE-2013-2478 (The dissect_server_info function in epan/dissectors/packet-ms-mms.c in ...)
 	- wireshark <unfixed>
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-13.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8382
 	NOTE: announce mentions: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
-CVE-2013-2477 [CSN.1 dissector crash]
-	RESERVED
+CVE-2013-2477 (The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly ...)
 	- wireshark <unfixed>
 	[squeeze] - wireshark <not-affected> (only affecting 1.8.x)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-12.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8383
 	NOTE: Versions affected: 1.8.0 to 1.8.5
-CVE-2013-2476 [The HART/IP dissectory could go into an infinite loop]
-	RESERVED
+CVE-2013-2476 (The dissect_hartip function in epan/dissectors/packet-hartip.c in the ...)
 	- wireshark <unfixed> (unimportant)
 	[squeeze] - wireshark <not-affected> (only affecting 1.8.x)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-11.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8360
 	NOTE: Versions affected: 1.8.0 to 1.8.5
 	NOTE: Not suitable for code injection
-CVE-2013-2475 [TCP dissector crash]
-	RESERVED
+CVE-2013-2475 (The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote ...)
 	- wireshark <unfixed>
 	[squeeze] - wireshark <not-affected> (only affecting 1.8.x)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-10.html
@@ -3020,10 +3032,10 @@
 	RESERVED
 CVE-2013-1155
 	RESERVED
-CVE-2013-1154
-	RESERVED
-CVE-2013-1153
-	RESERVED
+CVE-2013-1154 (The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, ...)
+	TODO: check
+CVE-2013-1153 (Cross-site request forgery (CSRF) vulnerability in the web interface ...)
+	TODO: check
 CVE-2013-1152
 	RESERVED
 CVE-2013-1151
@@ -16398,8 +16410,7 @@
 CVE-2010-5108 [Trac Ticket Modification Workflow Permission Restriction Bypass]
 	RESERVED
 	- trac 0.11.7-1 (bug #573260)
-CVE-2010-5107 [openssh: DoS]
-	RESERVED
+CVE-2010-5107 (The default configuration of OpenSSH through 6.1 enforces a fixed time ...)
 	- openssh 1:6.0p1-4 (low; bug #700102)
 	[squeeze] - openssh 1:5.5p1-6+squeeze3
 CVE-2010-5106 (The XML-RPC remote publishing interface in xmlrpc.php in WordPress ...)

More information about the Secure-testing-commits mailing list