[Secure-testing-commits] r21715 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Mar 22 21:14:34 UTC 2013 

Author: joeyh
Date: 2013-03-22 21:14:34 +0000 (Fri, 22 Mar 2013)
New Revision: 21715

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-03-22 20:05:34 UTC (rev 21714)
+++ data/CVE/list	2013-03-22 21:14:34 UTC (rev 21715)
@@ -1,3 +1,13 @@
+CVE-2013-2636 (net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not ...)
+	TODO: check
+CVE-2013-2635 (The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux ...)
+	TODO: check
+CVE-2013-2634 (net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize ...)
+	TODO: check
+CVE-2013-2633 (Piwik before 1.11 accepts input from a POST request instead of a GET ...)
+	TODO: check
+CVE-2013-2632 (Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, ...)
+	TODO: check
 CVE-2013-2631
 	RESERVED
 CVE-2013-2630
@@ -836,8 +846,8 @@
 	RESERVED
 CVE-2013-2280
 	RESERVED
-CVE-2013-2279
-	RESERVED
+CVE-2013-2279 (CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation ...)
+	TODO: check
 CVE-2013-2278
 	RESERVED
 CVE-2013-2277 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in ...)
@@ -1664,7 +1674,7 @@
 	[wheezy] - chicken <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/19/11
 CVE-2013-1873 [linux kernel kernel stack memory disclosure]
-	RESERVED
+	REJECTED
 	- linux <unfixed>
 	- linux-2.6 <removed>
 CVE-2013-1872
@@ -1703,8 +1713,7 @@
 	- mysql-5.1 <removed>
 	NOTE: https://mariadb.atlassian.net/browse/MDEV-4252
 	TODO: Report to BTS
-CVE-2013-1860
-	RESERVED
+CVE-2013-1860 (Heap-based buffer overflow in the wdm_in_callback function in ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 CVE-2013-1859
@@ -1754,8 +1763,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
 CVE-2013-1849
 	RESERVED
-CVE-2013-1848 [linux kernel ext3 format string issues]
-	RESERVED
+CVE-2013-1848 (fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
@@ -1766,8 +1774,7 @@
 	RESERVED
 CVE-2013-1845
 	RESERVED
-CVE-2013-1844 [Unspecified XSS vulnerability]
-	RESERVED
+CVE-2013-1844 (Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows ...)
 	- piwik <itp> (bug #506933)
 CVE-2013-1843 (Open redirect vulnerability in the Access tracking mechanism in TYPO3 ...)
 	{DSA-2646-1}
@@ -1809,17 +1816,14 @@
 	RESERVED
 CVE-2013-1829
 	RESERVED
-CVE-2013-1828
-	RESERVED
+CVE-2013-1828 (The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the ...)
 	- linux <not-affected> (Introduced in 3.8)
 	- linux-2.6 <not-affected> (Introduced in 3.8)
-CVE-2013-1827
-	RESERVED
+CVE-2013-1827 (net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to ...)
 	- linux 3.2.29-1
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 2.6.32-47
-CVE-2013-1826
-	RESERVED
+CVE-2013-1826 (The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux ...)
 	- linux <unfixed> (low)
 	- linux-2.6 <removed> (low)
 CVE-2013-1825
@@ -1908,18 +1912,15 @@
 	- ruby-crack <itp> (bug #623900)
 CVE-2013-1799
 	RESERVED
-CVE-2013-1798 [linux kernel kvm]
-	RESERVED
+CVE-2013-1798 (The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
-CVE-2013-1797 [linux kernel kvm]
-	RESERVED
+CVE-2013-1797 (Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
-CVE-2013-1796 [linux kernel kvm]
-	RESERVED
+CVE-2013-1796 (The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
@@ -1931,8 +1932,7 @@
 	- openafs 1.6.1-3
 CVE-2013-1793
 	RESERVED
-CVE-2013-1792
-	RESERVED
+CVE-2013-1792 (Race condition in the install_user_keyrings function in ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 CVE-2013-1791
@@ -2848,8 +2848,7 @@
 	RESERVED
 CVE-2013-1428
 	RESERVED
-CVE-2013-1427
-	RESERVED
+CVE-2013-1427 (The configuration file for the FastCGI PHP support for lighthttpd ...)
 	{DSA-2649-1}
 	- lighttpd 1.4.31-4
 CVE-2013-1426
@@ -3676,11 +3675,9 @@
 	RESERVED
 CVE-2013-1053
 	RESERVED
-CVE-2013-1052
-	RESERVED
+CVE-2013-1052 (pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the ...)
 	NOT-FOR-US: pam-xdg-support (Ubuntu-specific package)
-CVE-2013-1051
-	RESERVED
+CVE-2013-1051 (apt 0.8.16, 0.9.7, and possibly other versions does not properly ...)
 	- apt 0.9.7.8
 	[squeeze] - apt <not-affected> (InRelease support not used)
 CVE-2013-1050 (The default configuration in gnome-screensaver 3.5.4 through 3.6.0 ...)
@@ -3958,8 +3955,7 @@
 	RESERVED
 CVE-2013-0915 (The GPU process in Google Chrome OS before 25.0.1364.173 allows ...)
 	NOT-FOR-US: Overflow in Chrome-specific libs
-CVE-2013-0914
-	RESERVED
+CVE-2013-0914 (The flush_signal_handlers function in kernel/signal.c in the Linux ...)
 	- linux <unfixed> (low)
 	- linux-2.6 <removed> (low)
 CVE-2013-0913 (Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the ...)
@@ -4683,36 +4679,36 @@
 	RESERVED
 CVE-2013-0680
 	RESERVED
-CVE-2013-0679
-	RESERVED
-CVE-2013-0678
-	RESERVED
-CVE-2013-0677
-	RESERVED
-CVE-2013-0676
-	RESERVED
-CVE-2013-0675
-	RESERVED
-CVE-2013-0674
-	RESERVED
+CVE-2013-0679 (Directory traversal vulnerability in the web server in Siemens WinCC ...)
+	TODO: check
+CVE-2013-0678 (Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and ...)
+	TODO: check
+CVE-2013-0677 (The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 ...)
+	TODO: check
+CVE-2013-0676 (Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and ...)
+	TODO: check
+CVE-2013-0675 (Buffer overflow in CCEServer (aka the central communications ...)
+	TODO: check
+CVE-2013-0674 (Buffer overflow in the RegReader ActiveX control in Siemens WinCC ...)
+	TODO: check
 CVE-2013-0673
 	RESERVED
-CVE-2013-0672
-	RESERVED
-CVE-2013-0671
-	RESERVED
-CVE-2013-0670
-	RESERVED
-CVE-2013-0669
-	RESERVED
-CVE-2013-0668
-	RESERVED
-CVE-2013-0667
-	RESERVED
+CVE-2013-0672 (Cross-site scripting (XSS) vulnerability in the HMI web application in ...)
+	TODO: check
+CVE-2013-0671 (Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 ...)
+	TODO: check
+CVE-2013-0670 (CRLF injection vulnerability in the HMI web application in Siemens ...)
+	TODO: check
+CVE-2013-0669 (The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote ...)
+	TODO: check
+CVE-2013-0668 (Multiple cross-site scripting (XSS) vulnerabilities in the HMI web ...)
+	TODO: check
+CVE-2013-0667 (Cross-site scripting (XSS) vulnerability in the HMI web application in ...)
+	TODO: check
 CVE-2013-0666
 	RESERVED
-CVE-2013-0665
-	RESERVED
+CVE-2013-0665 (Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before ...)
+	TODO: check
 CVE-2013-0664
 	RESERVED
 CVE-2013-0663
@@ -5151,8 +5147,8 @@
 	RESERVED
 CVE-2013-0454
 	RESERVED
-CVE-2013-0453
-	RESERVED
+CVE-2013-0453 (Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli ...)
+	TODO: check
 CVE-2013-0452
 	RESERVED
 CVE-2013-0451
@@ -5820,8 +5816,7 @@
 CVE-2013-0288 (nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows ...)
 	{DSA-2628-1}
 	- nss-pam-ldapd 0.8.10-3 (bug #690319)
-CVE-2013-0287 [sssd: simple access provider flaw prevents intended ACL use when client to an AD provider]
-	RESERVED
+CVE-2013-0287 (The Simple Access Provider in System Security Services Daemon (SSSD) ...)
 	- sssd <not-affected> (Introduced in 1.9.0)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12
 CVE-2013-0286
@@ -6341,14 +6336,14 @@
 	RESERVED
 CVE-2013-0127
 	RESERVED
-CVE-2013-0126
-	RESERVED
+CVE-2013-0126 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
 CVE-2013-0125
 	RESERVED
-CVE-2013-0124
-	RESERVED
-CVE-2013-0123
-	RESERVED
+CVE-2013-0124 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
+CVE-2013-0123 (Multiple SQL injection vulnerabilities in the administration interface ...)
+	TODO: check
 CVE-2013-0122
 	RESERVED
 CVE-2013-0121
@@ -8037,8 +8032,8 @@
 	NOT-FOR-US: Websphere
 CVE-2012-5758 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...)
 	NOT-FOR-US: Websphere
-CVE-2012-5757
-	RESERVED
+CVE-2012-5757 (Cross-site scripting (XSS) vulnerability in the Web Client in IBM ...)
+	TODO: check
 CVE-2012-5756 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...)
 	NOT-FOR-US: Websphere
 CVE-2012-5755
@@ -24367,8 +24362,8 @@
 	- jasper 1.900.1-13 (bug #652649)
 	- ghostscript 8.64~dfsg-2
 	NOTE: ghostscript using system jasper since this version
-CVE-2011-4515
-	RESERVED
+CVE-2011-4515 (Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing ...)
+	TODO: check
 CVE-2011-4514 (The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and ...)
 	NOT-FOR-US: Siemens WinCC
 CVE-2011-4513 (Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA ...)

More information about the Secure-testing-commits mailing list