[Secure-testing-commits] r21608 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Mar 13 21:14:29 UTC 2013


Author: joeyh
Date: 2013-03-13 21:14:29 +0000 (Wed, 13 Mar 2013)
New Revision: 21608

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-03-13 16:00:10 UTC (rev 21607)
+++ data/CVE/list	2013-03-13 21:14:29 UTC (rev 21608)
@@ -1,3 +1,5 @@
+CVE-2013-2558 (Unspecified vulnerability in Microsoft Windows 8 allows remote ...)
+	TODO: check
 CVE-2013-2557 (The sandbox protection mechanism in Microsoft Internet Explorer 9 ...)
 	TODO: check
 CVE-2013-2556 (Unspecified vulnerability in Microsoft Windows 7 allows attackers to ...)
@@ -1632,12 +1634,10 @@
 	RESERVED
 CVE-2013-1796
 	RESERVED
-CVE-2013-1795 [Buffer overflow in OpenAFS ptserver]
-	RESERVED
+CVE-2013-1795 (Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote ...)
 	{DSA-2638-1}
 	- openafs 1.6.1-3
-CVE-2013-1794 [Buffer overflows in OpenAFS fileserver]
-	RESERVED
+CVE-2013-1794 (Buffer overflow in certain client utilities in OpenAFS before 1.6.2 ...)
 	{DSA-2638-1}
 	- openafs 1.6.1-3
 CVE-2013-1793
@@ -1933,8 +1933,7 @@
 	RESERVED
 CVE-2013-1668
 	RESERVED
-CVE-2013-1667 [rehashing flaw]
-	RESERVED
+CVE-2013-1667 (The rehash mechanism in Perl 5.8.2 through 5.16.x allows ...)
 	{DSA-2641-1}
 	- perl 5.14.2-19 (bug #702296)
 	NOTE: http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
@@ -2468,8 +2467,7 @@
 	RESERVED
 	- piwigo <removed>
 	NOTE: https://www.htbridge.com/advisory/HTB23144
-CVE-2013-1468 [Cross-Site Request Forgery in Piwigo]
-	RESERVED
+CVE-2013-1468 (Cross-site request forgery (CSRF) vulnerability in the LocalFiles ...)
 	- piwigo <removed>
 	NOTE: https://www.htbridge.com/advisory/HTB23144
 CVE-2013-1467
@@ -2563,8 +2561,7 @@
 	- ldap-git-backup 1.0.4-1 (bug #699227)
 CVE-2013-1424
 	RESERVED
-CVE-2013-1423
-	RESERVED
+CVE-2013-1423 ((1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) ...)
 	{DSA-2633-1}
 	- fusionforge 5.2.1+20130227-1
 CVE-2013-1422
@@ -2712,8 +2709,7 @@
 	RESERVED
 CVE-2013-1376
 	RESERVED
-CVE-2013-1375
-	RESERVED
+CVE-2013-1375 (Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 ...)
 	NOT-FOR-US: Adobe Flash Plugin
 CVE-2013-1374 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...)
 	NOT-FOR-US: Adobe Flash Plugin
@@ -2721,8 +2717,7 @@
 	NOT-FOR-US: Adobe Flash Plugin
 CVE-2013-1372 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
 	NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-1371
-	RESERVED
+CVE-2013-1371 (Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on ...)
 	NOT-FOR-US: Adobe Flash Plugin
 CVE-2013-1370 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
 	NOT-FOR-US: Adobe Flash Plugin
@@ -2896,14 +2891,14 @@
 	RESERVED
 CVE-2013-1289
 	RESERVED
-CVE-2013-1288
-	RESERVED
-CVE-2013-1287
-	RESERVED
-CVE-2013-1286
-	RESERVED
-CVE-2013-1285
-	RESERVED
+CVE-2013-1288 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...)
+	TODO: check
+CVE-2013-1287 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, ...)
+	TODO: check
+CVE-2013-1286 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, ...)
+	TODO: check
+CVE-2013-1285 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, ...)
+	TODO: check
 CVE-2013-1284
 	RESERVED
 CVE-2013-1283
@@ -3388,8 +3383,7 @@
 	RESERVED
 CVE-2013-1050 (The default configuration in gnome-screensaver 3.5.4 through 3.6.0 ...)
 	- gnome-screensaver <not-affected> (Ubuntu-specific Unity patch)
-CVE-2013-1049 [remotely-exploitable buffer overflow in cfingerd's rfc1413 (ident) client]
-	RESERVED
+CVE-2013-1049 (Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 ...)
 	{DSA-2635-1}
 	- cfingerd 1.4.3-3.1 (bug #700098)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/cfingerd/+bug/1104425
@@ -4452,8 +4446,7 @@
 	RESERVED
 CVE-2012-6429
 	RESERVED
-CVE-2013-0650
-	RESERVED
+CVE-2013-0650 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 ...)
 	NOT-FOR-US: Adobe Flash Plugin
 CVE-2013-0649 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...)
 	NOT-FOR-US: Adobe Flash Plugin
@@ -4461,8 +4454,7 @@
 	NOT-FOR-US: Adobe Flash Plugin
 CVE-2013-0647 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on ...)
 	NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-0646
-	RESERVED
+CVE-2013-0646 (Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x ...)
 	NOT-FOR-US: Adobe Flash Plugin
 CVE-2013-0645 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
 	NOT-FOR-US: Adobe Flash Plugin
@@ -5573,8 +5565,7 @@
 	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
 	NOTE: The fix for 3.2 is present in ruby-activemodel-3.2, not ruby-activerecord-3.2
-CVE-2013-0275 [ganglia: XSS]
-	RESERVED
+CVE-2013-0275 (Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web ...)
 	- ganglia <unfixed> (low; bug #700158)
 	[squeeze] - ganglia <no-dsa> (Minor issue)
 	[wheezy] - ganglia <no-dsa> (Minor issue)
@@ -5648,8 +5639,7 @@
 CVE-2013-0253
 	RESERVED
 	- maven <unfixed> (bug #701991)
-CVE-2013-0252 [boost utf-8 validation issues]
-	RESERVED
+CVE-2013-0252 (boost::locale::utf::utf_traits in the Boost.Locale library in Boost ...)
 	- boost1.50 <unfixed> (bug #699650)
 	- boost1.49 1.49.0-3.2 (bug #699649)
 	- boost1.42 <not-affected> (Boost.Locale was not part of boost until 1.48.0, bug #699719)
@@ -5696,8 +5686,7 @@
 CVE-2013-0240 [Does not check SSL certificates when creating Windows Live or Facebook accounts]
 	RESERVED
 	- gnome-online-accounts 3.4.2-2 (bug #699825)
-CVE-2013-0239
-	RESERVED
+CVE-2013-0239 (Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2013-0238 (The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before ...)
 	{DSA-2618-1}
@@ -5950,8 +5939,7 @@
 	- openjdk-7 7u3-2.1.6-1
 	- openjdk-6 6b27-1.12.3-1
 	NOTE: http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
-CVE-2013-0168
-	RESERVED
+CVE-2013-0168 (The MoveDisk command in Red Hat Enterprise Virtualization Manager ...)
 	NOTE: RHEV management tool
 CVE-2013-0167
 	RESERVED
@@ -6556,16 +6544,13 @@
 CVE-2012-6119
 	RESERVED
 	NOTE: Candlepin
-CVE-2012-6118
-	RESERVED
+CVE-2012-6118 (The Administer tab in Aeolus Conductor allows remote authenticated ...)
 	NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
-CVE-2012-6117
-	RESERVED
+CVE-2012-6117 (Aeolus Configuration Server, as used in Red Hat CloudForms Cloud ...)
 	NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
 CVE-2012-6116 (modules/certs/manifests/config.pp in katello-configure before ...)
 	NOTE: Candlepin
-CVE-2012-6115
-	RESERVED
+CVE-2012-6115 (The domain management tool (rhevm-manage-domains) in Red Hat ...)
 	NOTE: RHEV management tool
 CVE-2012-6114 [temp file vulnerability in git-extras]
 	RESERVED
@@ -6726,8 +6711,7 @@
 	RESERVED
 	NOT-FOR-US: W3 Total Cache
 	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
-CVE-2012-6076 [inkscape reads .eps files from /tmp instead of the current directory]
-	RESERVED
+CVE-2012-6076 (Inkscape before 0.48.4 reads .eps files from /tmp instead of the ...)
 	- inkscape 0.48.3.1-1.3 (low; bug #654341)
 	[squeeze] - inkscape <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/inkscape/+bug/911146
@@ -6834,40 +6818,40 @@
 	RESERVED
 CVE-2013-0096
 	RESERVED
-CVE-2013-0095
-	RESERVED
-CVE-2013-0094
-	RESERVED
-CVE-2013-0093
-	RESERVED
-CVE-2013-0092
-	RESERVED
-CVE-2013-0091
-	RESERVED
-CVE-2013-0090
-	RESERVED
-CVE-2013-0089
-	RESERVED
-CVE-2013-0088
-	RESERVED
-CVE-2013-0087
-	RESERVED
-CVE-2013-0086
-	RESERVED
-CVE-2013-0085
-	RESERVED
-CVE-2013-0084
-	RESERVED
-CVE-2013-0083
-	RESERVED
+CVE-2013-0095 (Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for ...)
+	TODO: check
+CVE-2013-0094 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+	TODO: check
+CVE-2013-0093 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+	TODO: check
+CVE-2013-0092 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+	TODO: check
+CVE-2013-0091 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...)
+	TODO: check
+CVE-2013-0090 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+	TODO: check
+CVE-2013-0089 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+	TODO: check
+CVE-2013-0088 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+	TODO: check
+CVE-2013-0087 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+	TODO: check
+CVE-2013-0086 (Microsoft OneNote 2010 SP1 does not properly determine buffer sizes ...)
+	TODO: check
+CVE-2013-0085 (Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint ...)
+	TODO: check
+CVE-2013-0084 (Directory traversal vulnerability in Microsoft SharePoint Server 2010 ...)
+	TODO: check
+CVE-2013-0083 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
+	TODO: check
 CVE-2013-0082
 	RESERVED
 CVE-2013-0081
 	RESERVED
-CVE-2013-0080
-	RESERVED
-CVE-2013-0079
-	RESERVED
+CVE-2013-0080 (Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 ...)
+	TODO: check
+CVE-2013-0079 (Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute ...)
+	TODO: check
 CVE-2013-0078
 	RESERVED
 CVE-2013-0077 (Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server ...)
@@ -6876,8 +6860,8 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2013-0075 (The TCP/IP implementation in Microsoft Windows Vista SP2, Windows ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2013-0074
-	RESERVED
+CVE-2013-0074 (Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 ...)
+	TODO: check
 CVE-2013-0073 (The Windows Forms (aka WinForms) component in Microsoft .NET Framework ...)
 	NOT-FOR-US: Microsoft .NET Framework
 CVE-2013-0072
@@ -8021,11 +8005,9 @@
 	RESERVED
 CVE-2012-5661
 	REJECTED
-CVE-2012-5660
-	RESERVED
+CVE-2012-5660 (abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) ...)
 	NOT-FOR-US: abrt is Red Hat / Fedora specific
-CVE-2012-5659
-	RESERVED
+CVE-2012-5659 (Untrusted search path vulnerability in ...)
 	NOT-FOR-US: abrt is Red Hat / Fedora specific
 CVE-2012-5658 (rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug ...)
 	NOT-FOR-US: OpenShift
@@ -8107,8 +8089,7 @@
 CVE-2012-5634 (Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, ...)
 	{DSA-2636-1}
 	- xen 4.1.3-8 (low)
-CVE-2012-5633
-	RESERVED
+CVE-2012-5633 (The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2012-5632
 	RESERVED
@@ -8117,8 +8098,7 @@
 	NOT-FOR-US: FreeIPA
 CVE-2012-5630
 	RESERVED
-CVE-2012-5629
-	RESERVED
+CVE-2012-5629 (The default configuration of the (1) LdapLoginModule and (2) ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2012-5628
 	RESERVED
@@ -8464,8 +8444,7 @@
 CVE-2012-5510 (Xen 4.x, when downgrading the grant table version, does not properly ...)
 	{DSA-2582-1}
 	- xen 4.1.3-5
-CVE-2012-5509
-	RESERVED
+CVE-2012-5509 (aeolus-configserver-setup in the Aeolas Configuration Server, as used ...)
 	NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
 CVE-2012-5508 [ Zope/Plone: PRNG isn't reseeded ]
 	RESERVED
@@ -11342,20 +11321,16 @@
 	- mc <unfixed> (low; bug #689571)
 	[wheezy] - mc <no-dsa> (Minor issue)
 	[squeeze] - mc <no-dsa> (Minor issue)
-CVE-2012-4462
-	RESERVED
+CVE-2012-4462 (aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, ...)
 	- condor <not-affected> (This bug only affects the Aviary contrib module, which isn't built in the Debian condor package, #690556)
 CVE-2012-4461 (The KVM subsystem in the Linux kernel before 3.6.9, when running on ...)
 	- linux-2.6 <removed>
 	- linux 3.2.35-1
-CVE-2012-4460
-	RESERVED
+CVE-2012-4460 (The serializing/deserializing functions in the qpid::framing::Buffer ...)
 	- qpid-cpp <unfixed>
-CVE-2012-4459
-	RESERVED
+CVE-2012-4459 (Integer overflow in the qpid::framing::Buffer::checkAvailable function ...)
 	- qpid-cpp <unfixed>
-CVE-2012-4458
-	RESERVED
+CVE-2012-4458 (The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote ...)
 	- qpid-cpp <unfixed>
 CVE-2012-4457 (OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 ...)
 	- keystone 2012.1.1-9 (bug #689210)
@@ -11392,8 +11367,7 @@
 	- tiff 4.0.2-4 (bug #688944)
 	- tiff3 3.9.6-9 (bug #688944)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=860198
-CVE-2012-4446
-	RESERVED
+CVE-2012-4446 (The default configuration for Apache Qpid 0.20 and earlier, when the ...)
 	- qpid-cpp <unfixed>
 CVE-2012-4445 (Heap-based buffer overflow in the eap_server_tls_process_fragment ...)
 	{DSA-2557-1}
@@ -22240,8 +22214,7 @@
 CVE-2011-4967
 	RESERVED
 	NOT-FOR-US: OpenPegasus
-CVE-2011-4966
-	RESERVED
+CVE-2011-4966 (modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode ...)
 	- freeradius 2.1.12+dfsg-1.2 (low; bug #694407)
 	[squeeze] - freeradius <no-dsa> (Minor issue)
 CVE-2011-4965
@@ -33954,12 +33927,10 @@
 	{DSA-2337-1}
 	- xen 4.1.0-1
 	- xen-3 <removed>
-CVE-2011-1165
-	RESERVED
+CVE-2011-1165 (Vino, possibly before 3.2, does not properly document that it opens ...)
 	- vino <unfixed> (unimportant)
 	NOTE: Mostly interface glitches
-CVE-2011-1164
-	RESERVED
+CVE-2011-1164 (Vino before 2.99.4 can connect external networks contrary to the ...)
 	- vino <unfixed> (unimportant)
 	NOTE: Mostly interface glitches
 CVE-2011-1163 (The osf_partition function in fs/partitions/osf.c in the Linux kernel ...)




More information about the Secure-testing-commits mailing list