[Secure-testing-commits] r21705 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Mar 21 21:14:30 UTC 2013
Author: joeyh
Date: 2013-03-21 21:14:30 +0000 (Thu, 21 Mar 2013)
New Revision: 21705
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-03-21 16:45:31 UTC (rev 21704)
+++ data/CVE/list 2013-03-21 21:14:30 UTC (rev 21705)
@@ -26,16 +26,13 @@
RESERVED
CVE-2013-2618
RESERVED
-CVE-2013-2617 [ruby curl gem command execution]
- RESERVED
+CVE-2013-2617 (lib/curl.rb in the Curl Gem for Ruby allows remote attackers to ...)
TODO: check
NOTE: http://www.osvdb.org/91230
-CVE-2013-2616 [ruby minimagic gem command execution]
- RESERVED
+CVE-2013-2616 (lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote ...)
TODO: check
NOTE: http://www.osvdb.org/91231
-CVE-2013-2615 [ruby fastreader gem command execution]
- RESERVED
+CVE-2013-2615 (lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows ...)
TODO: check
NOTE: http://www.osvdb.org/91232
CVE-2013-2614
@@ -852,12 +849,10 @@
CVE-2013-2276 (The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg ...)
- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
-CVE-2013-2275 [puppet incorrect default report ACL vulnerability]
- RESERVED
+CVE-2013-2275 (The default configuration for puppet masters 0.25.0 and later in ...)
{DSA-2643-1}
- puppet 2.7.18-3
-CVE-2013-2274 [puppet remote code execution]
- RESERVED
+CVE-2013-2274 (Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 ...)
{DSA-2643-1}
- puppet 2.7-1
NOTE: Only affects puppet 2.6.x
@@ -1656,13 +1651,12 @@
CVE-2013-1879
RESERVED
CVE-2013-1878
- RESERVED
+ REJECTED
CVE-2013-1877
- RESERVED
+ REJECTED
CVE-2013-1876
- RESERVED
-CVE-2013-1875 [ruby gem command_wrap arbitrary command execution]
- RESERVED
+ REJECTED
+CVE-2013-1875 (command_wrap.rb in the command_wrap Gem for Ruby allows remote ...)
NOT-FOR-US: ruby gem command_wrap
CVE-2013-1874 [Chicken Scheme: code execution]
RESERVED
@@ -1778,12 +1772,10 @@
CVE-2013-1844 [Unspecified XSS vulnerability]
RESERVED
- piwik <itp> (bug #506933)
-CVE-2013-1843 [Typo3 Access tracking mechanism Open Redirection]
- RESERVED
+CVE-2013-1843 (Open redirect vulnerability in the Access tracking mechanism in TYPO3 ...)
{DSA-2646-1}
- typo3-src 4.5.19+dfsg1-5 (bug #702574)
-CVE-2013-1842 [Typo3 Extbase Framework SQL Injection]
- RESERVED
+CVE-2013-1842 (SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x ...)
{DSA-2646-1}
- typo3-src 4.5.19+dfsg1-5 (bug #702574)
CVE-2013-1841 [Reverse lookup issue in Net::Server]
@@ -2027,8 +2019,7 @@
CVE-2013-1767 (Use-after-free vulnerability in the shmem_remount_fs function in ...)
- linux <unfixed>
- linux-2.6 <removed>
-CVE-2013-1766 [libvirtd changes permissions of devices to libvirt-qemu:kvm]
- RESERVED
+CVE-2013-1766 (libvirt 1.0.2 and earlier sets the group owner to kvm for device ...)
{DSA-2650-1}
- libvirt 0.9.12-8 (bug #701649)
CVE-2013-1765
@@ -2065,8 +2056,8 @@
RESERVED
- twiki <removed>
NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751
-CVE-2013-1750
- RESERVED
+CVE-2013-1750 (Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 ...)
+ TODO: check
CVE-2013-1749
RESERVED
CVE-2013-1748
@@ -2292,20 +2283,16 @@
- limesurvey <itp> (bug #472802)
CVE-2013-1656 (Spree Commerce 1.0.x through 1.3.2 allow remote authenticated ...)
NOT-FOR-US: Spree
-CVE-2013-1655 [puppet unauthenticated client remote code execution]
- RESERVED
+CVE-2013-1655 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby ...)
{DSA-2643-1}
- puppet 2.7.18-3
-CVE-2013-1654 [puppet SSL downgrade vulnerability]
- RESERVED
+CVE-2013-1654 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet ...)
{DSA-2643-1}
- puppet 2.7.18-3
-CVE-2013-1653 [puppet agent remote code execution]
- RESERVED
+CVE-2013-1653 (Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and ...)
{DSA-2643-1}
- puppet 2.7.18-3
-CVE-2013-1652 [puppet insufficient input validation vulnerability and unautorised data access]
- RESERVED
+CVE-2013-1652 (Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and ...)
{DSA-2643-1}
- puppet 2.7.18-3
CVE-2013-1651
@@ -2333,8 +2320,7 @@
RESERVED
CVE-2013-1641
RESERVED
-CVE-2013-1640 [puppet remote code execution]
- RESERVED
+CVE-2013-1640 (The (1) template and (2) inline_template functions in the master ...)
{DSA-2643-1}
- puppet 2.7.18-3
CVE-2013-1639 (Opera before 12.13 does not send CORS preflight requests in all ...)
@@ -3838,16 +3824,16 @@
RESERVED
CVE-2013-0982
RESERVED
-CVE-2013-0981
- RESERVED
-CVE-2013-0980
- RESERVED
-CVE-2013-0979
- RESERVED
-CVE-2013-0978
- RESERVED
-CVE-2013-0977
- RESERVED
+CVE-2013-0981 (The IOUSBDeviceFamily driver in the USB implementation in the kernel ...)
+ TODO: check
+CVE-2013-0980 (The Passcode Lock implementation in Apple iOS before 6.1.3 does not ...)
+ TODO: check
+CVE-2013-0979 (lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly ...)
+ TODO: check
+CVE-2013-0978 (The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 ...)
+ TODO: check
+CVE-2013-0977 (dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ...)
+ TODO: check
CVE-2013-0976 (IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote ...)
NOT-FOR-US: Mac OS X
CVE-2013-0975
@@ -4540,18 +4526,18 @@
RESERVED
CVE-2013-0717 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
TODO: check
-CVE-2013-0716
- RESERVED
-CVE-2013-0715
- RESERVED
-CVE-2013-0714
- RESERVED
-CVE-2013-0713
- RESERVED
-CVE-2013-0712
- RESERVED
-CVE-2013-0711
- RESERVED
+CVE-2013-0716 (The web server in Wind River VxWorks 5.5 through 6.9 allows remote ...)
+ TODO: check
+CVE-2013-0715 (The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows ...)
+ TODO: check
+CVE-2013-0714 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 ...)
+ TODO: check
+CVE-2013-0713 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 ...)
+ TODO: check
+CVE-2013-0712 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 ...)
+ TODO: check
+CVE-2013-0711 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 ...)
+ TODO: check
CVE-2013-0710 (Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows ...)
NOT-FOR-US: Kingsoft Writer
CVE-2013-0709 (Cross-site scripting (XSS) vulnerability in dopvSTAR* 0091 allows ...)
@@ -5691,8 +5677,7 @@
- ruby-activesupport-2.3 2.3.14-6 (bug #699249)
NOTE: Starting with 2.3.14.1 rails is a transition package
NOTE: https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
-CVE-2013-0332 [local file inclusion]
- RESERVED
+CVE-2013-0332 (Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x ...)
{DSA-2640-1}
- zoneminder 1.25.0-1 (bug #700912)
CVE-2013-0331 (CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote ...)
@@ -6029,8 +6014,7 @@
CVE-2013-0233
RESERVED
- ruby-devise <itp> (bug #691525)
-CVE-2013-0232 [ZoneMinder Video Server arbitrary command execution vulnerability]
- RESERVED
+CVE-2013-0232 (includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and ...)
{DSA-2640-1}
- zoneminder 1.25.0-4 (bug #698910)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=904103
@@ -7601,8 +7585,8 @@
NOT-FOR-US: IBM
CVE-2012-5939 (Cross-site scripting (XSS) vulnerability in Welcome.do in the Data ...)
NOT-FOR-US: IBM Tivoli TADDM
-CVE-2012-5938
- RESERVED
+CVE-2012-5938 (The installation process in IBM InfoSphere Information Server 8.1, ...)
+ TODO: check
CVE-2012-5937
RESERVED
CVE-2012-5936
More information about the Secure-testing-commits
mailing list