[Secure-testing-commits] r21754 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Mar 26 21:14:26 UTC 2013 

Author: joeyh
Date: 2013-03-26 21:14:26 +0000 (Tue, 26 Mar 2013)
New Revision: 21754

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-03-26 19:57:32 UTC (rev 21753)
+++ data/CVE/list	2013-03-26 21:14:26 UTC (rev 21754)
@@ -1,3 +1,13 @@
+CVE-2013-2689
+	RESERVED
+CVE-2013-2688
+	RESERVED
+CVE-2013-2687
+	RESERVED
+CVE-2013-2686
+	RESERVED
+CVE-2013-2685
+	RESERVED
 CVE-2013-2684
 	RESERVED
 CVE-2013-2683
@@ -1911,36 +1921,28 @@
 	- nova 2012.1.1-15 (bug #703064)
 CVE-2013-1837
 	RESERVED
-CVE-2013-1836 [Unauthorised settings editing through WebDav repository]
-	RESERVED
+CVE-2013-1836 (Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ...)
 	- moodle <unfixed> (bug #703870)
 	[squeeze] - moodle <not-affected> (Vulnerable code not present)
-CVE-2013-1835 [Personal information leak through repositories]
-	RESERVED
+CVE-2013-1835 (Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ...)
 	- moodle <unfixed> (bug #703870)
 	[squeeze] - moodle <not-affected> (Vulnerable code not present)
-CVE-2013-1834 [Form manipulation issue in notes]
-	RESERVED
+CVE-2013-1834 (notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, ...)
 	- moodle <unfixed> (low; bug #703870)
 	[squeeze] - moodle <no-dsa> (Minor issue)
-CVE-2013-1833 [Cross-site scripting issue in Filepicker]
-	RESERVED
+CVE-2013-1833 (Multiple cross-site scripting (XSS) vulnerabilities in the File Picker ...)
 	- moodle <unfixed> (bug #703870)
 	[squeeze] - moodle <not-affected> (Vulnerable code not present)
-CVE-2013-1832 [Password revealed in WebDav repository]
-	RESERVED
+CVE-2013-1832 (repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before ...)
 	- moodle <unfixed> (bug #703870)
 	[squeeze] - moodle <not-affected> (Vulnerable code not present)
-CVE-2013-1831 [Server information revealed through exception messages]
-	RESERVED
+CVE-2013-1831 (lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x ...)
 	- moodle <unfixed> (low; bug #703870)
 	[squeeze] - moodle <no-dsa> (Minor issue)
-CVE-2013-1830 [Information leak in course profiles]
-	RESERVED
+CVE-2013-1830 (user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x ...)
 	- moodle <unfixed> (low; bug #703870)
 	[squeeze] - moodle <no-dsa> (Minor issue)
-CVE-2013-1829 [Calendar subscription capability issue]
-	RESERVED
+CVE-2013-1829 (calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not ...)
 	- moodle <not-affected> (Only in 2.4 to 2.4.1)
 CVE-2013-1828 (The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the ...)
 	- linux <not-affected> (Introduced in 3.8)
@@ -3581,10 +3583,10 @@
 	RESERVED
 CVE-2013-1163
 	RESERVED
-CVE-2013-1162
-	RESERVED
-CVE-2013-1161
-	RESERVED
+CVE-2013-1162 (The traffic engineering (TE) processing subsystem in Cisco IOS XR ...)
+	TODO: check
+CVE-2013-1161 (The XML parser in the Cisco Jabber IM application for Android allows ...)
+	TODO: check
 CVE-2013-1160
 	RESERVED
 CVE-2013-1159
@@ -5973,12 +5975,12 @@
 CVE-2013-0278
 	RESERVED
 	NOTE: To be rejected
-CVE-2013-0277 (Active Record in Ruby on Rails 3.x before 3.1.0 and 2.3.x before ...)
+CVE-2013-0277 (ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 ...)
 	{DSA-2620-1}
 	- ruby-activerecord-2.3 2.3.14-5
 	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
-CVE-2013-0276 (ActiveRecord in Ruby on Rails 3.2.x before 3.2.12, 3.1.x before ...)
+CVE-2013-0276 (ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and ...)
 	{DSA-2620-1}
 	- ruby-activemodel-3.2 3.2.6-3
 	- ruby-activerecord-2.3 2.3.14-5
@@ -6008,7 +6010,7 @@
 	RESERVED
 	NOTE: Duplicate of CVE-2013-0247, see bug #700240
 	NOTE: https://bugs.launchpad.net/keystone/+bug/1099025
-CVE-2013-0269 (The JSON gem 1.7.x before 1.7.7, 1.6.x before 1.6.8, and 1.5.x before ...)
+CVE-2013-0269 (The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 ...)
 	- ruby-json 1.7.3-3 (bug #700436)
 	- libjson-ruby <removed>
 	- ruby1.9.1 1.9.3.194-7 (bug #700436)
@@ -7046,7 +7048,7 @@
 	NOTE: Only present in experimental
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=786096
 CVE-2012-6096 (Multiple stack-based buffer overflows in the get_history function in ...)
-	{DSA-2616-1}
+	{DSA-2653-1 DSA-2616-1}
 	- icinga 1.7.1-5 (bug #697931)
 	- nagios3 3.4.1-3 (bug #697930)
 CVE-2012-6095 (ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows ...)

More information about the Secure-testing-commits mailing list