[Secure-testing-commits] r21577 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Mar 11 21:14:26 UTC 2013
Author: joeyh
Date: 2013-03-11 21:14:26 +0000 (Mon, 11 Mar 2013)
New Revision: 21577
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-03-11 08:13:59 UTC (rev 21576)
+++ data/CVE/list 2013-03-11 21:14:26 UTC (rev 21577)
@@ -1,3 +1,109 @@
+CVE-2013-2557 (The sandbox protection mechanism in Microsoft Internet Explorer 9 ...)
+ TODO: check
+CVE-2013-2556 (Unspecified vulnerability in Microsoft Windows 7 allows attackers to ...)
+ TODO: check
+CVE-2013-2555 (Adobe Flash Player 11.6.602.171 on Windows allows remote attackers to ...)
+ TODO: check
+CVE-2013-2554 (Unspecified vulnerability in Microsoft Windows 7 allows attackers to ...)
+ TODO: check
+CVE-2013-2553 (Unspecified vulnerability in the kernel in Microsoft Windows 7 allows ...)
+ TODO: check
+CVE-2013-2552 (Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows ...)
+ TODO: check
+CVE-2013-2551 (Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows ...)
+ TODO: check
+CVE-2013-2550 (Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to ...)
+ TODO: check
+CVE-2013-2549 (Unspecified vulnerability in Adobe Reader 11.0.02 allows remote ...)
+ TODO: check
+CVE-2013-2548
+ RESERVED
+CVE-2013-2547
+ RESERVED
+CVE-2013-2546
+ RESERVED
+CVE-2013-2545
+ RESERVED
+CVE-2013-2544
+ RESERVED
+CVE-2013-2543
+ RESERVED
+CVE-2013-2542
+ RESERVED
+CVE-2013-2541
+ RESERVED
+CVE-2013-2540
+ RESERVED
+CVE-2013-2539
+ RESERVED
+CVE-2013-2538
+ RESERVED
+CVE-2013-2537
+ RESERVED
+CVE-2013-2536
+ RESERVED
+CVE-2013-2535
+ RESERVED
+CVE-2013-2534
+ RESERVED
+CVE-2013-2533
+ RESERVED
+CVE-2013-2532
+ RESERVED
+CVE-2013-2531
+ RESERVED
+CVE-2013-2530
+ RESERVED
+CVE-2013-2529
+ RESERVED
+CVE-2013-2528
+ RESERVED
+CVE-2013-2527
+ RESERVED
+CVE-2013-2526
+ RESERVED
+CVE-2013-2525
+ RESERVED
+CVE-2013-2524
+ RESERVED
+CVE-2013-2523
+ RESERVED
+CVE-2013-2522
+ RESERVED
+CVE-2013-2521
+ RESERVED
+CVE-2013-2520
+ RESERVED
+CVE-2013-2519
+ RESERVED
+CVE-2013-2518
+ RESERVED
+CVE-2013-2517
+ RESERVED
+CVE-2013-2516
+ RESERVED
+CVE-2013-2515
+ RESERVED
+CVE-2013-2514
+ RESERVED
+CVE-2013-2513
+ RESERVED
+CVE-2013-2512
+ RESERVED
+CVE-2013-2511
+ RESERVED
+CVE-2013-2510
+ RESERVED
+CVE-2013-2509
+ RESERVED
+CVE-2013-2508
+ RESERVED
+CVE-2013-2507
+ RESERVED
+CVE-2013-2506 (app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before ...)
+ TODO: check
+CVE-2012-6535
+ RESERVED
CVE-2013-XXXX
- typo3-src 4.5.19+dfsg1-5 (bug #702574)
CVE-2013-2505
@@ -18,10 +124,10 @@
RESERVED
CVE-2013-2497
RESERVED
-CVE-2013-2496
- RESERVED
-CVE-2013-2495
- RESERVED
+CVE-2013-2496 (The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in ...)
+ TODO: check
+CVE-2013-2495 (The iff_read_header function in iff.c in libavformat in FFmpeg through ...)
+ TODO: check
CVE-2013-2494
RESERVED
CVE-2013-2493 (The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in ...)
@@ -1615,8 +1721,7 @@
CVE-2013-1763 (Array index error in the __sock_diag_rcv_msg function in ...)
- linux <not-affected> (Introduced in 3.3)
NOTE: 3.6.9 and 3.7.8 in experimental are affected, 3.8 will be fixed.
-CVE-2013-1762
- RESERVED
+CVE-2013-1762 (stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM ...)
- stunnel4 <unfixed> (bug #702267)
CVE-2013-1761
RESERVED
@@ -1868,8 +1973,8 @@
NOT-FOR-US: WordPress theme
CVE-2011-5256 (Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey ...)
- limesurvey <itp> (bug #472802)
-CVE-2013-1656
- RESERVED
+CVE-2013-1656 (Spree Commerce 1.0.x through 1.3.2 allow remote authenticated ...)
+ TODO: check
CVE-2013-1655
RESERVED
CVE-2013-1654
@@ -2215,16 +2320,16 @@
- openjdk-7 <unfixed>
CVE-2013-1492
RESERVED
-CVE-2013-1491
- RESERVED
+CVE-2013-1491 (Oracle Java 7 Update 17, and possibly other versions, allows remote ...)
+ TODO: check
CVE-2013-1490 (Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE ...)
- openjdk-6 <not-affected> (Not exploitable in OpenJDK6)
- openjdk-7 <unfixed>
CVE-2013-1489 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- openjdk-6 <not-affected> (Only affects Java7)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-1488
- RESERVED
+CVE-2013-1488 (Oracle Java 7 Update 17, and possibly other versions, allows remote ...)
+ TODO: check
CVE-2013-1487 (Unspecified vulnerability in the Java Runtime Environment component in ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
@@ -3245,8 +3350,7 @@
RESERVED
CVE-2013-1051
RESERVED
-CVE-2013-1050
- RESERVED
+CVE-2013-1050 (The default configuration in gnome-screensaver 3.5.4 through 3.6.0 ...)
- gnome-screensaver <not-affected> (Ubuntu-specific Unity patch)
CVE-2013-1049 [remotely-exploitable buffer overflow in cfingerd's rfc1413 (ident) client]
RESERVED
@@ -3526,8 +3630,7 @@
RESERVED
CVE-2013-0913
RESERVED
-CVE-2013-0912
- RESERVED
+CVE-2013-0912 (WebKit in Google Chrome before 25.0.1364.160 allows remote attackers ...)
- chromium-browser 25.0.1364.160-1
CVE-2013-0911 (Directory traversal vulnerability in Google Chrome before ...)
- chromium-browser 25.0.1364.152-1
@@ -3798,8 +3901,7 @@
RESERVED
CVE-2013-0788
RESERVED
-CVE-2013-0787
- RESERVED
+CVE-2013-0787 (Use-after-free vulnerability in the nsEditor::IsPreformatted function ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
@@ -5064,10 +5166,10 @@
RESERVED
CVE-2013-0403
RESERVED
-CVE-2013-0402
- RESERVED
-CVE-2013-0401
- RESERVED
+CVE-2013-0402 (Heap-based buffer overflow in Oracle Java 7 Update 17, and possibly ...)
+ TODO: check
+CVE-2013-0401 (Oracle Java 7 Update 17, and possibly other versions, allows remote ...)
+ TODO: check
CVE-2013-0400 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local ...)
NOT-FOR-US: Solaris
CVE-2013-0399 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local ...)
@@ -5308,8 +5410,7 @@
CVE-2013-0309 (arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when ...)
- linux <unfixed>
- linux-2.6 <not-affected> (THP not in Squeeze)
-CVE-2013-0308 [Incorrect IMAP server's SSL x509.v3 certificate validation in git-imap-send command]
- RESERVED
+CVE-2013-0308 (The imap-send command in GIT before 1.8.1.4 does not verify that the ...)
- git <not-affected> (OpenSSL support is not enabled in Debian, see bug #701586)
NOTE: http://marc.info/?l=git&m=136134619013145&w=2
NOTE: Further reference about SSL support in imap-send #434599 needs to be adressed first
@@ -5459,8 +5560,7 @@
- linux-2.6 <removed>
CVE-2013-0267
RESERVED
-CVE-2013-0266
- RESERVED
+CVE-2013-0266 (manifests/base.pp in the puppetlabs-cinder module, as used in ...)
NOT-FOR-US: Openstack Packstack
CVE-2013-0265 (The redirect_stderr function in xnbd_common.c in xnbd-server and ...)
- xnbd 0.1.0-pre-hg20-e75b93a47722-3 (low)
@@ -5477,8 +5577,7 @@
- ruby-rack 1.4.1-2.1 (bug #700173)
- librack-ruby <not-affected> (Introduced in 1.4.0, see #700226)
NOTE: Patches in git, commit 6f237e4c9fab649d3750482514f0fde76c56ab30
-CVE-2013-0261
- RESERVED
+CVE-2013-0261 ((1) installer/basedefs.py and (2) modules/ospluginutils.py in ...)
NOT-FOR-US: Openstack Packstack
CVE-2013-0260
RESERVED
@@ -5516,8 +5615,7 @@
- corosync <not-affected> (Introduced in v1.99.8-2-ge925f42; bug #699615)
NOTE: https://github.com/corosync/corosync/commit/4378915a33ab7fbbb5874f79dd7cd71b014ef44e#L0R407
NOTE: http://www.openwall.com/lists/oss-security/2013/02/01/1
-CVE-2013-0249
- RESERVED
+CVE-2013-0249 (Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message ...)
- curl 7.29.0-1 (bug #700002)
[squeeze] - curl <not-affected> (Only affects 7.26.0 to 7.28.1)
[wheezy] - curl 7.26.0-1+wheezy1
@@ -9036,38 +9134,38 @@
RESERVED
CVE-2012-5216
RESERVED
-CVE-2012-5215
- RESERVED
-CVE-2012-5214
- RESERVED
-CVE-2012-5213
- RESERVED
-CVE-2012-5212
- RESERVED
-CVE-2012-5211
- RESERVED
-CVE-2012-5210
- RESERVED
-CVE-2012-5209
- RESERVED
-CVE-2012-5208
- RESERVED
-CVE-2012-5207
- RESERVED
-CVE-2012-5206
- RESERVED
-CVE-2012-5205
- RESERVED
-CVE-2012-5204
- RESERVED
-CVE-2012-5203
- RESERVED
-CVE-2012-5202
- RESERVED
-CVE-2012-5201
- RESERVED
-CVE-2012-5200
- RESERVED
+CVE-2012-5215 (Unspecified vulnerability on the HP LaserJet Pro M1212nf, M1213nf, ...)
+ TODO: check
+CVE-2012-5214 (Unspecified vulnerability in HP ServiceCenter 6.2.8 before 6.2.8.10 ...)
+ TODO: check
+CVE-2012-5213 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
+ TODO: check
+CVE-2012-5212 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
+ TODO: check
+CVE-2012-5211 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
+ TODO: check
+CVE-2012-5210 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
+ TODO: check
+CVE-2012-5209 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
+ TODO: check
+CVE-2012-5208 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
+ TODO: check
+CVE-2012-5207 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
+ TODO: check
+CVE-2012-5206 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
+ TODO: check
+CVE-2012-5205 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
+ TODO: check
+CVE-2012-5204 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
+ TODO: check
+CVE-2012-5203 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
+ TODO: check
+CVE-2012-5202 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
+ TODO: check
+CVE-2012-5201 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
+ TODO: check
+CVE-2012-5200 (Cross-site scripting (XSS) vulnerability in HP Intelligent Management ...)
+ TODO: check
CVE-2012-5199 (Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and ...)
NOT-FOR-US: HP ArcSight Connector Appliance
CVE-2012-5198 (Unspecified vulnerability in HP ArcSight Connector Appliance before ...)
@@ -12298,8 +12396,7 @@
NOT-FOR-US: Citrix
CVE-2012-4067
RESERVED
-CVE-2012-4066
- RESERVED
+CVE-2012-4066 (The internal message protocol for Walrus in Eucalyptus 3.2.0 and ...)
- eucalyptus <unfixed> (bug #702388)
CVE-2012-4065 (Eucalyptus before 3.1.1 does not properly restrict the binding of ...)
- eucalyptus 3.1.0-9 (bug #689599)
@@ -22077,8 +22174,7 @@
RESERVED
CVE-2011-4970
RESERVED
-CVE-2011-4969 [jQuery 1.6.2 XSS]
- RESERVED
+CVE-2011-4969 (Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when ...)
- jquery 1.6.4-1 (bug #699482)
NOTE: http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/
NOTE: https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9
@@ -27921,8 +28017,7 @@
CVE-2011-3202 [Jcow CMS 4.2 <= | Cross Site Scripting]
RESERVED
NOT-FOR-US: Jcow
-CVE-2011-3201
- RESERVED
+CVE-2011-3201 (GNOME Evolution before 3.2.3 allows user-assisted remote attackers to ...)
- evolution <unfixed> (unimportant)
NOTE: Any attacks still involve quite some social engineering
CVE-2011-3200 (Stack-based buffer overflow in the parseLegacySyslogMsg function in ...)
@@ -30029,8 +30124,7 @@
{DSA-2286-1}
- phpmyadmin 4:3.4.3.1-1
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2011-2504
- RESERVED
+CVE-2011-2504 (Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf ...)
- x11-apps 7.7~1 (low)
[squeeze] - x11-apps <no-dsa> (Minor issue)
CVE-2011-2503 (The insert_module function in runtime/staprun/staprun_funcs.c in the ...)
More information about the Secure-testing-commits
mailing list