[Secure-testing-commits] r22158 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri May 3 21:14:32 UTC 2013
Author: joeyh
Date: 2013-05-03 21:14:32 +0000 (Fri, 03 May 2013)
New Revision: 22158
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-05-03 20:46:40 UTC (rev 22157)
+++ data/CVE/list 2013-05-03 21:14:32 UTC (rev 22158)
@@ -1,3 +1,11 @@
+CVE-2013-3322
+ RESERVED
+CVE-2013-3321
+ RESERVED
+CVE-2013-3320
+ RESERVED
+CVE-2013-3319
+ RESERVED
CVE-2013-3318
RESERVED
CVE-2013-3317
@@ -111,8 +119,7 @@
NOT-FOR-US: Cybozu Office
CVE-2013-3268 (Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after ...)
NOT-FOR-US: Novell iManager
-CVE-2013-3267
- RESERVED
+CVE-2013-3267 (Cross-site scripting (XSS) vulnerability in the highlighter plugin in ...)
- joomla <itp> (bug #571794)
CVE-2013-3266 (The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the ...)
- kfreebsd-9 9.0-11 (bug #706414)
@@ -164,8 +171,7 @@
RESERVED
CVE-2013-3243
RESERVED
-CVE-2013-3242
- RESERVED
+CVE-2013-3242 (plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 ...)
- joomla <itp> (bug #571794)
CVE-2013-3241 (export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 ...)
- phpmyadmin <not-affected> (Vulnerable code not present)
@@ -564,17 +570,13 @@
NOT-FOR-US: SAP
CVE-2013-3060 (The web console in Apache ActiveMQ before 5.8.0 does not require ...)
- activemq <not-affected> (Web console not provided in Debian package, see #702670)
-CVE-2013-3059
- RESERVED
+CVE-2013-3059 (Cross-site scripting (XSS) vulnerability in the Voting plugin in ...)
- joomla <itp> (bug #571794)
-CVE-2013-3058
- RESERVED
+CVE-2013-3058 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before ...)
- joomla <itp> (bug #571794)
-CVE-2013-3057
- RESERVED
+CVE-2013-3057 (Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote ...)
- joomla <itp> (bug #571794)
-CVE-2013-3056
- RESERVED
+CVE-2013-3056 (Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote ...)
- joomla <itp> (bug #571794)
CVE-2013-3055 (Lexmark Markvision Enterprise before 1.8 provides a diagnostic ...)
NOT-FOR-US: Lexmark Markvision Enterprise
@@ -798,8 +800,7 @@
RESERVED
CVE-2013-2945
RESERVED
-CVE-2013-2944
- RESERVED
+CVE-2013-2944 (strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ...)
{DSA-2665-1}
- strongswan 4.6.4-7
CVE-2013-2943
@@ -2888,8 +2889,7 @@
[squeeze] - boinc <not-affected> (Vulnerable code not present)
[wheezy] - boinc <no-dsa> (Minor issue)
NOTE: server-maker not shipped in squeeze
-CVE-2013-2017 [linux: veth: double-free in case of congestion]
- RESERVED
+CVE-2013-2017 (The veth (aka virtual Ethernet) driver in the Linux kernel before ...)
- linux 2.6.34-1
- linux-2.6 2.6.34-1
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
@@ -2991,8 +2991,7 @@
CVE-2013-1980
RESERVED
- xmp <unfixed> (bug #706667)
-CVE-2013-1979
- RESERVED
+CVE-2013-1979 (The scm_set_cred function in include/net/scm.h in the Linux kernel ...)
- linux <unfixed>
- linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2013-1978
@@ -3048,8 +3047,7 @@
CVE-2013-1960 [libtiff-tools: Heap-based buffer overflow in t2_process_jpeg_strip]
RESERVED
- tiff <unfixed> (bug #706675)
-CVE-2013-1959
- RESERVED
+CVE-2013-1959 (kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have ...)
- linux <unfixed>
- linux-2.6 <not-affected>
CVE-2013-1958 (The scm_check_creds function in net/core/scm.c in the Linux kernel ...)
@@ -3294,8 +3292,7 @@
RESERVED
CVE-2013-1885
RESERVED
-CVE-2013-1884 [DoS (crash) via malformed log REPORT requests]
- RESERVED
+CVE-2013-1884 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through ...)
- subversion 1.7.9-1 (bug #704940)
[wheezy] - subversion <not-affected> (Subversion HTTPD servers 1.7.0 through 1.7.8 (inclusive))
[squeeze] - subversion <not-affected> (Subversion HTTPD servers 1.7.0 through 1.7.8 (inclusive))
@@ -3419,8 +3416,7 @@
- owncloud 4.0.8debian-1.6 (bug #703094)
NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-009/
NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
-CVE-2013-1849 [Subversion (mod_dav_svn): DoS (crash) via PROPFIND request made against activity URLs]
- RESERVED
+CVE-2013-1849 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through ...)
- subversion 1.7.9-1 (bug #704940)
[wheezy] - subversion 1.6.17dfsg-4+deb7u2
NOTE: http://seclists.org/fulldisclosure/2013/Mar/56
@@ -3429,18 +3425,15 @@
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/8
-CVE-2013-1847 [DoS (crash) via LOCK requests against a non-existent URL]
- RESERVED
+CVE-2013-1847 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through ...)
- subversion 1.7.9-1 (bug #704940)
[wheezy] - subversion 1.6.17dfsg-4+deb7u2
NOTE: http://subversion.apache.org/security/CVE-2013-1847-advisory.txt
-CVE-2013-1846 [DoS (crash) via LOCK requests against an activity URL]
- RESERVED
+CVE-2013-1846 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before ...)
- subversion 1.7.9-1 (bug #704940)
[wheezy] - subversion 1.6.17dfsg-4+deb7u2
NOTE: http://subversion.apache.org/security/CVE-2013-1846-advisory.txt
-CVE-2013-1845 [DoS (excessive memory use) when large number of properties are set or deleted]
- RESERVED
+CVE-2013-1845 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before ...)
- subversion 1.7.9-1 (bug #704940)
[wheezy] - subversion 1.6.17dfsg-4+deb7u2
NOTE: http://subversion.apache.org/security/CVE-2013-1845-advisory.txt
@@ -5001,14 +4994,14 @@
RESERVED
CVE-2013-1235
RESERVED
-CVE-2013-1234
- RESERVED
+CVE-2013-1234 (The SNMP module in Cisco IOS XR allows remote authenticated users to ...)
+ TODO: check
CVE-2013-1233
RESERVED
CVE-2013-1232
RESERVED
-CVE-2013-1231
- RESERVED
+CVE-2013-1231 (The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings ...)
+ TODO: check
CVE-2013-1230 (Cisco Unified Communications Domain Manager allows remote attackers to ...)
NOT-FOR-US: Cisco
CVE-2013-1229 (TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence ...)
@@ -5287,8 +5280,8 @@
RESERVED
CVE-2013-1092
RESERVED
-CVE-2013-1091
- RESERVED
+CVE-2013-1091 (Stack-based buffer overflow in Novell iPrint Client before 5.90 allows ...)
+ TODO: check
CVE-2013-1090
RESERVED
CVE-2013-1089
@@ -5583,18 +5576,18 @@
RESERVED
CVE-2013-0946
RESERVED
-CVE-2013-0945
- RESERVED
-CVE-2013-0944
- RESERVED
+CVE-2013-0945 (EMC Avamar Client before 6.1.101-89 does not verify that the server ...)
+ TODO: check
+CVE-2013-0944 (The web-based file-restore interface in EMC Avamar Server before 6.1.0 ...)
+ TODO: check
CVE-2013-0943
RESERVED
CVE-2013-0942
RESERVED
CVE-2013-0941
RESERVED
-CVE-2013-0940
- RESERVED
+CVE-2013-0940 (The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and ...)
+ TODO: check
CVE-2013-0939
RESERVED
CVE-2013-0938
@@ -6611,8 +6604,8 @@
NOT-FOR-US: IBM InfoSphere Replication Server
CVE-2013-0583
RESERVED
-CVE-2013-0582
- RESERVED
+CVE-2013-0582 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated ...)
+ TODO: check
CVE-2013-0581
RESERVED
CVE-2013-0580
@@ -6705,8 +6698,8 @@
RESERVED
CVE-2013-0536
RESERVED
-CVE-2013-0535
- RESERVED
+CVE-2013-0535 (Multiple cross-site scripting (XSS) vulnerabilities in the Classic ...)
+ TODO: check
CVE-2013-0534
RESERVED
CVE-2013-0533 (Cross-site scripting (XSS) vulnerability in the Sametime Links server ...)
@@ -7463,12 +7456,10 @@
RESERVED
- owncloud 4.0.8debian-1.5 (bug #701115)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
-CVE-2013-0306 [Formset denial-of-service]
- RESERVED
+CVE-2013-0306 (The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and ...)
{DSA-2634-1}
- python-django 1.4.4-1 (bug #701186)
-CVE-2013-0305 [Data leakage via admin history log]
- RESERVED
+CVE-2013-0305 (The administrative interface for Django 1.3.x before 1.3.6, 1.4.x ...)
{DSA-2634-1}
- python-django 1.4.4-1 (bug #701186)
NOTE: https://www.djangoproject.com/weblog/2013/feb/19/security/
@@ -10014,8 +10005,7 @@
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2012-5658 (rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug ...)
NOT-FOR-US: OpenShift
-CVE-2012-5657 [zendframework: information disclosure flaw ZF2012-05]
- RESERVED
+CVE-2012-5657 (The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in ...)
{DSA-2602-1}
- zendframework 1.11.13-1.1 (bug #696483)
NOTE: http://www.openwall.com/lists/oss-security/2012/12/20/2
@@ -13284,8 +13274,7 @@
NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4482 (The Ubercart SecureTrading Payment Method module 6.x for Drupal does ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2012-4481
- RESERVED
+CVE-2012-4481 (The safe-level feature in Ruby 1.8.7 allows context-dependent ...)
- ruby1.8 1.8.7.358-5 (bug #689945)
CVE-2012-4480
RESERVED
@@ -22405,8 +22394,7 @@
- postgresql-8.4 8.4.11-1
CVE-2012-0865 (Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier ...)
NOT-FOR-US: CubeCart
-CVE-2012-0864 [FORTIFY_SOURCE format string protection bypass]
- RESERVED
+CVE-2012-0864 (Integer overflow in the vfprintf function in stdio-common/vfprintf.c ...)
- eglibc 2.13-31 (low; bug #660611)
[squeeze] - eglibc 2.11.3-4
CVE-2012-0863 (Mumble 1.2.3 and earlier uses world-readable permissions for ...)
@@ -25849,8 +25837,7 @@
CVE-2011-4610
RESERVED
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
-CVE-2011-4609
- RESERVED
+CVE-2011-4609 (The svc_run function in the RPC implementation in glibc before 2.15 ...)
- eglibc 2.13-33 (low; bug #671478)
[squeeze] - eglibc 2.11.3-4
CVE-2011-4608 (mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat ...)
@@ -39750,8 +39737,7 @@
NOTE: Upstream ticket http://code.google.com/p/openjpeg/issues/detail?id=5
NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/04/13/1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=812317
-CVE-2009-5029 [glibc heap overflow]
- RESERVED
+CVE-2009-5029 (Integer overflow in the __tzfile_read function in glibc before 2.15 ...)
- eglibc 2.13-24 (low; bug #656108)
[squeeze] - eglibc 2.11.3-3
- glibc <removed>
More information about the Secure-testing-commits
mailing list