[Secure-testing-commits] r21649 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Mar 15 21:14:28 UTC 2013
Author: joeyh
Date: 2013-03-15 21:14:28 +0000 (Fri, 15 Mar 2013)
New Revision: 21649
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-03-15 20:06:57 UTC (rev 21648)
+++ data/CVE/list 2013-03-15 21:14:28 UTC (rev 21649)
@@ -1,43 +1,45 @@
-CVE-2012-6549 [Linux kernel isofs info leak]
+CVE-2013-2566 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, has ...)
+ TODO: check
+CVE-2012-6549 (The isofs_export_encode_fh function in fs/isofs/export.c in the Linux ...)
- linux <unfixed> (low)
- linux-2.6 <removed> (low)
-CVE-2012-6548 [Linux kernel udf info leak]
+CVE-2012-6548 (The udf_encode_fh function in fs/udf/namei.c in the Linux kernel ...)
- linux <unfixed> (low)
- linux-2.6 <removed> (low)
-CVE-2012-6547 [Linux kernel tun info leak]
+CVE-2012-6547 (The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel ...)
- linux 3.2.29-1 (low)
- linux-2.6 <removed> (low)
-CVE-2012-6546 [Linux kernel atm info leak]
+CVE-2012-6546 (The ATM implementation in the Linux kernel before 3.6 does not ...)
- linux 3.2.30-1 (low)
- linux-2.6 <removed> (low)
-CVE-2012-6545 [Linux kernel bluetooth rfcomm info leak]
+CVE-2012-6545 (The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 ...)
- linux 3.2.30-1 (low)
- linux-2.6 <removed> (low)
-CVE-2012-6544 [Linux kernel bluetooth info leak]
+CVE-2012-6544 (The Bluetooth protocol stack in the Linux kernel before 3.6 does not ...)
- linux 3.2.30-1 (low)
- linux-2.6 <removed> (low)
-CVE-2012-6543 [Linux kernel l2tp info leak]
+CVE-2012-6543 (The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux ...)
- linux <not-affected> (Affected code introduced in 3.5)
- linux-2.6 <not-affected> (Affected code introduced in 3.5)
-CVE-2012-6542 [Linux kernel dccp info leak]
+CVE-2012-6542 (The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel ...)
- linux 3.2.30-1 (low)
- linux-2.6 <removed> (low)
-CVE-2012-6541 [Linux kernel dccp info leak]
+CVE-2012-6541 (The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the ...)
- linux 3.2.30-1 (low)
- linux-2.6 <removed> (low)
-CVE-2012-6540 [Linux kernel ipvs info leak]
+CVE-2012-6540 (The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the ...)
- linux 3.2.30-1 (low)
- linux-2.6 <removed> (low)
-CVE-2012-6539 [Linux kernel socket info leak]
+CVE-2012-6539 (The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 ...)
- linux 3.2.30-1 (low)
- linux-2.6 <removed> (low)
-CVE-2012-6538 [Linux kernel another xfrm_user copy_to_user info leak]
+CVE-2012-6538 (The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux ...)
- linux 3.2.32-1 (low)
- linux-2.6 <removed> (low)
-CVE-2012-6537 [Linux kernel xfrm_user copy_to_user info leak]
+CVE-2012-6537 (net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not ...)
- linux 3.2.32-1 (low)
- linux-2.6 <removed> (low)
-CVE-2012-6536 [Linux kernel xfrm_user info leak]
+CVE-2012-6536 (net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify ...)
- linux 3.2.32-1 (low)
- linux-2.6 <removed> (low)
CVE-2012-XXXX [null pointer dereference]
@@ -54,8 +56,8 @@
RESERVED
CVE-2013-2561
RESERVED
-CVE-2013-2560
- RESERVED
+CVE-2013-2560 (Directory traversal vulnerability in the web interface on Foscam ...)
+ TODO: check
CVE-2013-2559
RESERVED
CVE-2013-2558 (Unspecified vulnerability in Microsoft Windows 8 allows remote ...)
@@ -78,16 +80,13 @@
NOT-FOR-US: Adobe Reader
CVE-2013-2549 (Unspecified vulnerability in Adobe Reader 11.0.02 allows remote ...)
NOT-FOR-US: Adobe Reader
-CVE-2013-2548
- RESERVED
+CVE-2013-2548 (The crypto_report_one function in crypto/crypto_user.c in the report ...)
- linux <unfixed> (low)
- linux-2.6 <removed> (low)
-CVE-2013-2547
- RESERVED
+CVE-2013-2547 (The crypto_report_one function in crypto/crypto_user.c in the report ...)
- linux <unfixed> (low)
- linux-2.6 <removed> (low)
-CVE-2013-2546
- RESERVED
+CVE-2013-2546 (The report API in the crypto user configuration API in the Linux ...)
- linux <unfixed> (low)
- linux-2.6 <removed> (low)
CVE-2013-2545
@@ -204,6 +203,7 @@
NOT-FOR-US: Google Chrome Frame plugin for Internet Explorer
CVE-2013-2492 [Request Processing Buffer Overflow Vulnerability]
RESERVED
+ {DSA-2648-1 DSA-2647-1}
- firebird2.1 <unfixed> (bug #702735)
- firebird2.5 <unfixed> (bug #702736)
NOTE: http://tracker.firebirdsql.org/browse/CORE-4058
@@ -1600,9 +1600,11 @@
- piwik <itp> (bug #506933)
CVE-2013-1843 [Typo3 Access tracking mechanism Open Redirection]
RESERVED
+ {DSA-2646-1}
- typo3-src 4.5.19+dfsg1-5 (bug #702574)
CVE-2013-1842 [Typo3 Extbase Framework SQL Injection]
RESERVED
+ {DSA-2646-1}
- typo3-src 4.5.19+dfsg1-5 (bug #702574)
CVE-2013-1841 [Reverse lookup issue in Net::Server]
RESERVED
@@ -1652,7 +1654,7 @@
- linux <unfixed> (low)
- linux-2.6 <removed> (low)
CVE-2013-1825
- RESERVED
+ REJECTED
CVE-2013-1824
RESERVED
CVE-2013-1823
@@ -3643,28 +3645,28 @@
RESERVED
CVE-2013-0977
RESERVED
-CVE-2013-0976
- RESERVED
+CVE-2013-0976 (IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote ...)
+ TODO: check
CVE-2013-0975
RESERVED
CVE-2013-0974 (StoreKit in Apple iOS before 6.1 does not properly handle the ...)
NOT-FOR-US: Apple StoreKit
-CVE-2013-0973
- RESERVED
+CVE-2013-0973 (Software Update in Apple Mac OS X through 10.7.5 does not prevent ...)
+ TODO: check
CVE-2013-0972
RESERVED
-CVE-2013-0971
- RESERVED
-CVE-2013-0970
- RESERVED
-CVE-2013-0969
- RESERVED
+CVE-2013-0971 (Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 ...)
+ TODO: check
+CVE-2013-0970 (Messages in Apple Mac OS X before 10.8.3 allows remote attackers to ...)
+ TODO: check
+CVE-2013-0969 (Login Window in Apple Mac OS X before 10.8.3 does not prevent ...)
+ TODO: check
CVE-2013-0968 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
- webkit <undetermined> (bug #700164)
-CVE-2013-0967
- RESERVED
-CVE-2013-0966
- RESERVED
+CVE-2013-0967 (CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the ...)
+ TODO: check
+CVE-2013-0966 (The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac ...)
+ TODO: check
CVE-2013-0965
RESERVED
CVE-2013-0964 (The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not ...)
@@ -3673,10 +3675,10 @@
NOT-FOR-US: Identity Services in Apple iOS
CVE-2013-0962 (Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before ...)
- webkit <undetermined> (bug #700164)
-CVE-2013-0961
- RESERVED
-CVE-2013-0960
- RESERVED
+CVE-2013-0961 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute ...)
+ TODO: check
+CVE-2013-0960 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute ...)
+ TODO: check
CVE-2013-0959 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
- webkit <undetermined> (bug #700164)
CVE-2013-0958 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
@@ -5768,8 +5770,8 @@
- curl 7.29.0-1 (bug #700002)
[squeeze] - curl <not-affected> (Only affects 7.26.0 to 7.28.1)
[wheezy] - curl 7.26.0-1+wheezy1
-CVE-2013-0248
- RESERVED
+CVE-2013-0248 (The default configuration of javax.servlet.context.tempdir in Apache ...)
+ TODO: check
CVE-2013-0247 (OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and ...)
- keystone 2012.1.1-12 (bug #699835)
CVE-2013-0246 [Access bypass Image module - Drupal 7]
@@ -6587,7 +6589,7 @@
CVE-2012-6139
RESERVED
CVE-2012-6138
- RESERVED
+ REJECTED
CVE-2012-6137
RESERVED
CVE-2012-6136
@@ -8491,6 +8493,7 @@
- pcp <unfixed> (bug #698735; low)
[squeeze] - pcp <no-dsa> (Minor issue)
CVE-2012-5529 (TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, ...)
+ {DSA-2648-1}
- firebird2.5 <unfixed> (low; bug #693210)
- firebird2.1 <not-affected> (Only affects 2.5.x)
CVE-2012-5528
More information about the Secure-testing-commits
mailing list