[Secure-testing-commits] r21698 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Mar 20 21:14:33 UTC 2013 

Author: joeyh
Date: 2013-03-20 21:14:33 +0000 (Wed, 20 Mar 2013)
New Revision: 21698

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-03-20 18:36:55 UTC (rev 21697)
+++ data/CVE/list	2013-03-20 21:14:33 UTC (rev 21698)
@@ -1,3 +1,15 @@
+CVE-2013-2631
+	RESERVED
+CVE-2013-2630
+	RESERVED
+CVE-2013-2629
+	RESERVED
+CVE-2013-2628
+	RESERVED
+CVE-2013-2627
+	RESERVED
+CVE-2013-2626
+	RESERVED
 CVE-2013-2625
 	RESERVED
 CVE-2013-2624
@@ -171,12 +183,16 @@
 	NOTE: http://seclists.org/fulldisclosure/2013/Mar/134
 	NOTE: full disclosure post dosn't make it clear if a CVE was assigned for this or not, but it is fixed in the above version
 CVE-2013-2565
+	RESERVED
 	NOT-FOR-US: Mambo CMS
 CVE-2013-2564
+	RESERVED
 	NOT-FOR-US: Mambo CMS
 CVE-2013-2563
+	RESERVED
 	NOT-FOR-US: Mambo CMS
 CVE-2013-2562
+	RESERVED
 	NOT-FOR-US: Mambo CMS
 CVE-2013-2561
 	RESERVED
@@ -869,8 +885,8 @@
 	RESERVED
 CVE-2013-2264
 	RESERVED
-CVE-2013-2263
-	RESERVED
+CVE-2013-2263 (Unspecified vulnerability in Citrix Access Gateway Standard Edition ...)
+	TODO: check
 CVE-2013-2262
 	RESERVED
 CVE-2013-2261
@@ -1640,11 +1656,11 @@
 CVE-2013-1879
 	RESERVED
 CVE-2013-1878
-	REJECTED
+	RESERVED
 CVE-2013-1877
-	REJECTED
+	RESERVED
 CVE-2013-1876
-	REJECTED
+	RESERVED
 CVE-2013-1875 [ruby gem command_wrap arbitrary command execution]
 	RESERVED
 	TODO: check
@@ -1686,8 +1702,7 @@
 	RESERVED
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/15/6
 	TODO: check
-CVE-2013-1863 [AD DC files (initially) created as world-writable if additional CIFS file shares are created on the AD DC]
-	RESERVED
+CVE-2013-1863 (Samba 4.x before 4.0.4, when configured as an Active Directory domain ...)
 	- samba4 <not-affected> (Debian package only uses ntvfs, see #679678)
 	NOTE: http://www.samba.org/samba/history/samba-4.0.4.html
 	NOTE: http://www.samba.org/samba/security/CVE-2013-1863
@@ -1710,26 +1725,22 @@
 	- linux <not-affected> (Only exploitable starting with 3.7)
 	- linux-2.6 <not-affected> (Only exploitable starting with 3.7)
 	NOTE: http://stealth.openwall.net/xSports/clown-newuser.c
-CVE-2013-1857
-	RESERVED
+CVE-2013-1857 (The sanitize helper in ...)
 	- ruby-actionpack-3.2 3.2.6-6 (bug #703349)
 	- ruby-actionpack-2.3 2.3.14-5
 	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
-CVE-2013-1856
-	RESERVED
+CVE-2013-1856 (The ActiveSupport::XmlMini_JDOM backend in ...)
 	- ruby-activesupport-2.3 <not-affected> (Only affects 3.x and later)
 	- ruby-activesupport-3.2 3.2.6-6 (bug #703350)
 	- rails <not-affected> (Only affects 3.x and later)
 	NOTE: Starting with 2.3.14.1 rails is a transition package
-CVE-2013-1855
-	RESERVED
+CVE-2013-1855 (The sanitize_css method in ...)
 	- ruby-actionpack-3.2 3.2.6-6 (bug #703349)
 	- ruby-actionpack-2.3 2.3.14-5
 	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
-CVE-2013-1854
-	RESERVED
+CVE-2013-1854 (The Active Record component in Ruby on Rails 2.3.x before 2.3.18, ...)
 	- ruby-activerecord-3.2 3.2.6-5 (bug #703348)
 	- ruby-activerecord-2.3 2.3.14-6
 	- ruby-activesupport-2.3 2.3.14-7
@@ -4531,8 +4542,8 @@
 	RESERVED
 CVE-2013-0718
 	RESERVED
-CVE-2013-0717
-	RESERVED
+CVE-2013-0717 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
 CVE-2013-0716
 	RESERVED
 CVE-2013-0715
@@ -5052,10 +5063,10 @@
 	RESERVED
 CVE-2013-0507
 	RESERVED
-CVE-2013-0506
-	RESERVED
-CVE-2013-0505
-	RESERVED
+CVE-2013-0506 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order ...)
+	TODO: check
+CVE-2013-0505 (IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 ...)
+	TODO: check
 CVE-2013-0504 (Buffer overflow in the broker service in Adobe Flash Player before ...)
 	NOT-FOR-US: Adobe Flash Plugin
 CVE-2013-0503
@@ -5688,20 +5699,15 @@
 	RESERVED
 	{DSA-2640-1}
 	- zoneminder 1.25.0-1 (bug #700912)
-CVE-2013-0331 [Denial of Service]
-	RESERVED
+CVE-2013-0331 (CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote ...)
 	- jenkins <unfixed> (bug #700761)
-CVE-2013-0330 [Build jobs which jenkins does not have direct access to]
-	RESERVED
+CVE-2013-0330 (Unspecified vulnerability in CloudBees Jenkins before 1.502 and LTS ...)
 	- jenkins <unfixed> (bug #700761)
-CVE-2013-0329 [XSRF]
-	RESERVED
+CVE-2013-0329 (Unspecified vulnerability in CloudBees Jenkins before 1.502 and LTS ...)
 	- jenkins <unfixed> (bug #700761)
-CVE-2013-0328 [XSS vulnerability]
-	RESERVED
+CVE-2013-0328 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
 	- jenkins <unfixed> (bug #700761)
-CVE-2013-0327 [CSRF on jenkins master]
-	RESERVED
+CVE-2013-0327 (Cross-site request forgery (CSRF) vulnerability in Jenkins master in ...)
 	- jenkins <unfixed> (bug #700761)
 CVE-2013-0326
 	RESERVED
@@ -5954,8 +5960,7 @@
 	- boost1.50 <unfixed> (bug #699650)
 	- boost1.49 1.49.0-3.2 (bug #699649)
 	- boost1.42 <not-affected> (Boost.Locale was not part of boost until 1.48.0, bug #699719)
-CVE-2013-0251 [unix socket privilege escalation]
-	RESERVED
+CVE-2013-0251 (Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through ...)
 	- latd 1.31 (low; bug #699625)
 	[squeeze] - latd <no-dsa> (Minor issue)
 CVE-2013-0250 [corosync: Remote DoS due improper HMAC initialization]
@@ -6047,14 +6052,14 @@
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 2.6.32-48
 	NOTE: was actually fixed in 2.6.32-46squeeze1 but upload was done and no DSA was released for that version. 
-CVE-2013-0227
-	RESERVED
-CVE-2013-0226
-	RESERVED
-CVE-2013-0225
-	RESERVED
-CVE-2013-0224
-	RESERVED
+CVE-2013-0227 (Cross-site scripting (XSS) vulnerability in the Search API Sorts ...)
+	TODO: check
+CVE-2013-0226 (The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal ...)
+	TODO: check
+CVE-2013-0225 (Cross-site scripting (XSS) vulnerability in the User Relationships ...)
+	TODO: check
+CVE-2013-0224 (The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the ...)
+	TODO: check
 CVE-2013-0223
 	RESERVED
 	- coreutils <not-affected> (Affected patch not added to Debian package)
@@ -6101,14 +6106,11 @@
 	NOTE: Versions 5.0 or higher not affected
 CVE-2013-0208 (The boot-from-volume feature in OpenStack Compute (Nova) Folsom and ...)
 	- nova 2012.1.1-12
-CVE-2013-0207
-	RESERVED
+CVE-2013-0207 (Cross-site request forgery (CSRF) vulnerability in the Mark Complete ...)
 	NOT-FOR-US: module for Drupal
-CVE-2013-0206
-	RESERVED
+CVE-2013-0206 (Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x ...)
 	NOT-FOR-US: module for Drupal
-CVE-2013-0205
-	RESERVED
+CVE-2013-0205 (Cross-site request forgery (CSRF) vulnerability in the RESTful Web ...)
 	NOT-FOR-US: module for Drupal
 CVE-2013-0204 [Code execution in external storage]
 	RESERVED
@@ -12291,9 +12293,9 @@
 	NOTE: http://seclists.org/fulldisclosure/2012/Aug/4
 	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3140
 CVE-2012-4224
-	RESERVED
+	REJECTED
 CVE-2012-4223
-	RESERVED
+	REJECTED
 CVE-2012-4222 (drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) ...)
 	- linux <not-affected> (Android-specific drivers)
 	- linux-2.6 <not-affected> (Android-specific drivers)

More information about the Secure-testing-commits mailing list