[Secure-testing-commits] r21608 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Mar 13 21:14:29 UTC 2013
Author: joeyh
Date: 2013-03-13 21:14:29 +0000 (Wed, 13 Mar 2013)
New Revision: 21608
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-03-13 16:00:10 UTC (rev 21607)
+++ data/CVE/list 2013-03-13 21:14:29 UTC (rev 21608)
@@ -1,3 +1,5 @@
+CVE-2013-2558 (Unspecified vulnerability in Microsoft Windows 8 allows remote ...)
+ TODO: check
CVE-2013-2557 (The sandbox protection mechanism in Microsoft Internet Explorer 9 ...)
TODO: check
CVE-2013-2556 (Unspecified vulnerability in Microsoft Windows 7 allows attackers to ...)
@@ -1632,12 +1634,10 @@
RESERVED
CVE-2013-1796
RESERVED
-CVE-2013-1795 [Buffer overflow in OpenAFS ptserver]
- RESERVED
+CVE-2013-1795 (Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote ...)
{DSA-2638-1}
- openafs 1.6.1-3
-CVE-2013-1794 [Buffer overflows in OpenAFS fileserver]
- RESERVED
+CVE-2013-1794 (Buffer overflow in certain client utilities in OpenAFS before 1.6.2 ...)
{DSA-2638-1}
- openafs 1.6.1-3
CVE-2013-1793
@@ -1933,8 +1933,7 @@
RESERVED
CVE-2013-1668
RESERVED
-CVE-2013-1667 [rehashing flaw]
- RESERVED
+CVE-2013-1667 (The rehash mechanism in Perl 5.8.2 through 5.16.x allows ...)
{DSA-2641-1}
- perl 5.14.2-19 (bug #702296)
NOTE: http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
@@ -2468,8 +2467,7 @@
RESERVED
- piwigo <removed>
NOTE: https://www.htbridge.com/advisory/HTB23144
-CVE-2013-1468 [Cross-Site Request Forgery in Piwigo]
- RESERVED
+CVE-2013-1468 (Cross-site request forgery (CSRF) vulnerability in the LocalFiles ...)
- piwigo <removed>
NOTE: https://www.htbridge.com/advisory/HTB23144
CVE-2013-1467
@@ -2563,8 +2561,7 @@
- ldap-git-backup 1.0.4-1 (bug #699227)
CVE-2013-1424
RESERVED
-CVE-2013-1423
- RESERVED
+CVE-2013-1423 ((1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) ...)
{DSA-2633-1}
- fusionforge 5.2.1+20130227-1
CVE-2013-1422
@@ -2712,8 +2709,7 @@
RESERVED
CVE-2013-1376
RESERVED
-CVE-2013-1375
- RESERVED
+CVE-2013-1375 (Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1374 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...)
NOT-FOR-US: Adobe Flash Plugin
@@ -2721,8 +2717,7 @@
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1372 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-1371
- RESERVED
+CVE-2013-1371 (Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1370 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
@@ -2896,14 +2891,14 @@
RESERVED
CVE-2013-1289
RESERVED
-CVE-2013-1288
- RESERVED
-CVE-2013-1287
- RESERVED
-CVE-2013-1286
- RESERVED
-CVE-2013-1285
- RESERVED
+CVE-2013-1288 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...)
+ TODO: check
+CVE-2013-1287 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, ...)
+ TODO: check
+CVE-2013-1286 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, ...)
+ TODO: check
+CVE-2013-1285 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, ...)
+ TODO: check
CVE-2013-1284
RESERVED
CVE-2013-1283
@@ -3388,8 +3383,7 @@
RESERVED
CVE-2013-1050 (The default configuration in gnome-screensaver 3.5.4 through 3.6.0 ...)
- gnome-screensaver <not-affected> (Ubuntu-specific Unity patch)
-CVE-2013-1049 [remotely-exploitable buffer overflow in cfingerd's rfc1413 (ident) client]
- RESERVED
+CVE-2013-1049 (Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 ...)
{DSA-2635-1}
- cfingerd 1.4.3-3.1 (bug #700098)
NOTE: https://bugs.launchpad.net/ubuntu/+source/cfingerd/+bug/1104425
@@ -4452,8 +4446,7 @@
RESERVED
CVE-2012-6429
RESERVED
-CVE-2013-0650
- RESERVED
+CVE-2013-0650 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0649 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...)
NOT-FOR-US: Adobe Flash Plugin
@@ -4461,8 +4454,7 @@
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0647 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-0646
- RESERVED
+CVE-2013-0646 (Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0645 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
@@ -5573,8 +5565,7 @@
- rails 2.3.14.1
NOTE: Starting with 2.3.14.1 rails is a transition package
NOTE: The fix for 3.2 is present in ruby-activemodel-3.2, not ruby-activerecord-3.2
-CVE-2013-0275 [ganglia: XSS]
- RESERVED
+CVE-2013-0275 (Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web ...)
- ganglia <unfixed> (low; bug #700158)
[squeeze] - ganglia <no-dsa> (Minor issue)
[wheezy] - ganglia <no-dsa> (Minor issue)
@@ -5648,8 +5639,7 @@
CVE-2013-0253
RESERVED
- maven <unfixed> (bug #701991)
-CVE-2013-0252 [boost utf-8 validation issues]
- RESERVED
+CVE-2013-0252 (boost::locale::utf::utf_traits in the Boost.Locale library in Boost ...)
- boost1.50 <unfixed> (bug #699650)
- boost1.49 1.49.0-3.2 (bug #699649)
- boost1.42 <not-affected> (Boost.Locale was not part of boost until 1.48.0, bug #699719)
@@ -5696,8 +5686,7 @@
CVE-2013-0240 [Does not check SSL certificates when creating Windows Live or Facebook accounts]
RESERVED
- gnome-online-accounts 3.4.2-2 (bug #699825)
-CVE-2013-0239
- RESERVED
+CVE-2013-0239 (Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2013-0238 (The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before ...)
{DSA-2618-1}
@@ -5950,8 +5939,7 @@
- openjdk-7 7u3-2.1.6-1
- openjdk-6 6b27-1.12.3-1
NOTE: http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
-CVE-2013-0168
- RESERVED
+CVE-2013-0168 (The MoveDisk command in Red Hat Enterprise Virtualization Manager ...)
NOTE: RHEV management tool
CVE-2013-0167
RESERVED
@@ -6556,16 +6544,13 @@
CVE-2012-6119
RESERVED
NOTE: Candlepin
-CVE-2012-6118
- RESERVED
+CVE-2012-6118 (The Administer tab in Aeolus Conductor allows remote authenticated ...)
NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
-CVE-2012-6117
- RESERVED
+CVE-2012-6117 (Aeolus Configuration Server, as used in Red Hat CloudForms Cloud ...)
NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
CVE-2012-6116 (modules/certs/manifests/config.pp in katello-configure before ...)
NOTE: Candlepin
-CVE-2012-6115
- RESERVED
+CVE-2012-6115 (The domain management tool (rhevm-manage-domains) in Red Hat ...)
NOTE: RHEV management tool
CVE-2012-6114 [temp file vulnerability in git-extras]
RESERVED
@@ -6726,8 +6711,7 @@
RESERVED
NOT-FOR-US: W3 Total Cache
NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
-CVE-2012-6076 [inkscape reads .eps files from /tmp instead of the current directory]
- RESERVED
+CVE-2012-6076 (Inkscape before 0.48.4 reads .eps files from /tmp instead of the ...)
- inkscape 0.48.3.1-1.3 (low; bug #654341)
[squeeze] - inkscape <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/inkscape/+bug/911146
@@ -6834,40 +6818,40 @@
RESERVED
CVE-2013-0096
RESERVED
-CVE-2013-0095
- RESERVED
-CVE-2013-0094
- RESERVED
-CVE-2013-0093
- RESERVED
-CVE-2013-0092
- RESERVED
-CVE-2013-0091
- RESERVED
-CVE-2013-0090
- RESERVED
-CVE-2013-0089
- RESERVED
-CVE-2013-0088
- RESERVED
-CVE-2013-0087
- RESERVED
-CVE-2013-0086
- RESERVED
-CVE-2013-0085
- RESERVED
-CVE-2013-0084
- RESERVED
-CVE-2013-0083
- RESERVED
+CVE-2013-0095 (Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for ...)
+ TODO: check
+CVE-2013-0094 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+ TODO: check
+CVE-2013-0093 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+ TODO: check
+CVE-2013-0092 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+ TODO: check
+CVE-2013-0091 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...)
+ TODO: check
+CVE-2013-0090 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+ TODO: check
+CVE-2013-0089 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+ TODO: check
+CVE-2013-0088 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+ TODO: check
+CVE-2013-0087 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
+ TODO: check
+CVE-2013-0086 (Microsoft OneNote 2010 SP1 does not properly determine buffer sizes ...)
+ TODO: check
+CVE-2013-0085 (Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint ...)
+ TODO: check
+CVE-2013-0084 (Directory traversal vulnerability in Microsoft SharePoint Server 2010 ...)
+ TODO: check
+CVE-2013-0083 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
+ TODO: check
CVE-2013-0082
RESERVED
CVE-2013-0081
RESERVED
-CVE-2013-0080
- RESERVED
-CVE-2013-0079
- RESERVED
+CVE-2013-0080 (Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 ...)
+ TODO: check
+CVE-2013-0079 (Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute ...)
+ TODO: check
CVE-2013-0078
RESERVED
CVE-2013-0077 (Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server ...)
@@ -6876,8 +6860,8 @@
NOT-FOR-US: Microsoft Windows
CVE-2013-0075 (The TCP/IP implementation in Microsoft Windows Vista SP2, Windows ...)
NOT-FOR-US: Microsoft Windows
-CVE-2013-0074
- RESERVED
+CVE-2013-0074 (Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 ...)
+ TODO: check
CVE-2013-0073 (The Windows Forms (aka WinForms) component in Microsoft .NET Framework ...)
NOT-FOR-US: Microsoft .NET Framework
CVE-2013-0072
@@ -8021,11 +8005,9 @@
RESERVED
CVE-2012-5661
REJECTED
-CVE-2012-5660
- RESERVED
+CVE-2012-5660 (abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
-CVE-2012-5659
- RESERVED
+CVE-2012-5659 (Untrusted search path vulnerability in ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2012-5658 (rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug ...)
NOT-FOR-US: OpenShift
@@ -8107,8 +8089,7 @@
CVE-2012-5634 (Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, ...)
{DSA-2636-1}
- xen 4.1.3-8 (low)
-CVE-2012-5633
- RESERVED
+CVE-2012-5633 (The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-5632
RESERVED
@@ -8117,8 +8098,7 @@
NOT-FOR-US: FreeIPA
CVE-2012-5630
RESERVED
-CVE-2012-5629
- RESERVED
+CVE-2012-5629 (The default configuration of the (1) LdapLoginModule and (2) ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-5628
RESERVED
@@ -8464,8 +8444,7 @@
CVE-2012-5510 (Xen 4.x, when downgrading the grant table version, does not properly ...)
{DSA-2582-1}
- xen 4.1.3-5
-CVE-2012-5509
- RESERVED
+CVE-2012-5509 (aeolus-configserver-setup in the Aeolas Configuration Server, as used ...)
NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
CVE-2012-5508 [ Zope/Plone: PRNG isn't reseeded ]
RESERVED
@@ -11342,20 +11321,16 @@
- mc <unfixed> (low; bug #689571)
[wheezy] - mc <no-dsa> (Minor issue)
[squeeze] - mc <no-dsa> (Minor issue)
-CVE-2012-4462
- RESERVED
+CVE-2012-4462 (aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, ...)
- condor <not-affected> (This bug only affects the Aviary contrib module, which isn't built in the Debian condor package, #690556)
CVE-2012-4461 (The KVM subsystem in the Linux kernel before 3.6.9, when running on ...)
- linux-2.6 <removed>
- linux 3.2.35-1
-CVE-2012-4460
- RESERVED
+CVE-2012-4460 (The serializing/deserializing functions in the qpid::framing::Buffer ...)
- qpid-cpp <unfixed>
-CVE-2012-4459
- RESERVED
+CVE-2012-4459 (Integer overflow in the qpid::framing::Buffer::checkAvailable function ...)
- qpid-cpp <unfixed>
-CVE-2012-4458
- RESERVED
+CVE-2012-4458 (The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote ...)
- qpid-cpp <unfixed>
CVE-2012-4457 (OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 ...)
- keystone 2012.1.1-9 (bug #689210)
@@ -11392,8 +11367,7 @@
- tiff 4.0.2-4 (bug #688944)
- tiff3 3.9.6-9 (bug #688944)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=860198
-CVE-2012-4446
- RESERVED
+CVE-2012-4446 (The default configuration for Apache Qpid 0.20 and earlier, when the ...)
- qpid-cpp <unfixed>
CVE-2012-4445 (Heap-based buffer overflow in the eap_server_tls_process_fragment ...)
{DSA-2557-1}
@@ -22240,8 +22214,7 @@
CVE-2011-4967
RESERVED
NOT-FOR-US: OpenPegasus
-CVE-2011-4966
- RESERVED
+CVE-2011-4966 (modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode ...)
- freeradius 2.1.12+dfsg-1.2 (low; bug #694407)
[squeeze] - freeradius <no-dsa> (Minor issue)
CVE-2011-4965
@@ -33954,12 +33927,10 @@
{DSA-2337-1}
- xen 4.1.0-1
- xen-3 <removed>
-CVE-2011-1165
- RESERVED
+CVE-2011-1165 (Vino, possibly before 3.2, does not properly document that it opens ...)
- vino <unfixed> (unimportant)
NOTE: Mostly interface glitches
-CVE-2011-1164
- RESERVED
+CVE-2011-1164 (Vino before 2.99.4 can connect external networks contrary to the ...)
- vino <unfixed> (unimportant)
NOTE: Mostly interface glitches
CVE-2011-1163 (The osf_partition function in fs/partitions/osf.c in the Linux kernel ...)
More information about the Secure-testing-commits
mailing list