[Secure-testing-commits] r22263 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue May 14 21:14:24 UTC 2013
Author: joeyh
Date: 2013-05-14 21:14:24 +0000 (Tue, 14 May 2013)
New Revision: 22263
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-05-14 20:34:24 UTC (rev 22262)
+++ data/CVE/list 2013-05-14 21:14:24 UTC (rev 22263)
@@ -1,3 +1,37 @@
+CVE-2013-3550
+ RESERVED
+CVE-2013-3549
+ RESERVED
+CVE-2013-3548
+ RESERVED
+CVE-2013-3547
+ RESERVED
+CVE-2013-3546
+ RESERVED
+CVE-2013-3545
+ RESERVED
+CVE-2013-3544
+ RESERVED
+CVE-2013-3543
+ RESERVED
+CVE-2013-3542
+ RESERVED
+CVE-2013-3541
+ RESERVED
+CVE-2013-3540
+ RESERVED
+CVE-2013-3539
+ RESERVED
+CVE-2013-3538 (Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php ...)
+ TODO: check
+CVE-2013-3537 (Multiple SQL injection vulnerabilities in todooforum.php in Todoo ...)
+ TODO: check
+CVE-2013-3536 (SQL injection vulnerability in the gp_LoadUserFromHash function in ...)
+ TODO: check
+CVE-2013-3535 (Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 ...)
+ TODO: check
+CVE-2013-3534 (Cross-site scripting (XSS) vulnerability in the aiContactSafe ...)
+ TODO: check
CVE-2013-XXXX [owncloud: oC-SA-2013-026]
- owncloud <unfixed>
TODO: check
@@ -622,9 +656,11 @@
- linux-2.6 <not-affected> (VM Sockets only introduced in 3.9-rc1)
- linux <not-affected> (VM Sockets introduced in 3.9-rc1)
CVE-2013-3235 (net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not ...)
+ {DSA-2668-1}
- linux-2.6 <removed> (low)
- linux 3.8.11-1 (low)
CVE-2013-3234 (The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel ...)
+ {DSA-2668-1}
- linux-2.6 <unfixed> (low)
- linux 3.8.11-1 (low)
CVE-2013-3233 (The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux ...)
@@ -634,15 +670,18 @@
- linux-2.6 <not-affected> (Introduced and fixed during 3.9 cycle)
- linux <not-affected> (Introduced and fixed during 3.9 cycle)
CVE-2013-3231 (The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel ...)
+ {DSA-2668-1}
- linux-2.6 <removed> (low)
- linux 3.8.11-1 (low)
CVE-2013-3230 (The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux ...)
- linux-2.6 <not-affected> (net/l2tp/l2tp_ip6.c not present)
- linux <not-affected> (net/l2tp/l2tp_ip6.c introduced in 3.5)
CVE-2013-3229 (The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux ...)
+ {DSA-2668-1}
- linux-2.6 <removed> (low)
- linux 3.8.11-1 (low)
CVE-2013-3228 (The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux ...)
+ {DSA-2668-1}
- linux-2.6 <removed> (low)
- linux 3.8.11-1 (low)
CVE-2013-3227 (The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the ...)
@@ -653,15 +692,19 @@
- linux <not-affected> (Vulnerable code not yet present)
NOTE: sco_sock_recvmsg only introduced with v3.8, bt_sock_recvmsg has its own CVE ID
CVE-2013-3225 (The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the ...)
+ {DSA-2668-1}
- linux-2.6 <removed> (low)
- linux 3.8.11-1 (low)
CVE-2013-3224 (The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the ...)
+ {DSA-2668-1}
- linux-2.6 <removed> (low)
- linux 3.8.11-1 (low)
CVE-2013-3223 (The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel ...)
+ {DSA-2668-1}
- linux-2.6 <removed> (low)
- linux 3.8.11-1 (low)
CVE-2013-3222 (The vcc_recvmsg function in net/atm/common.c in the Linux kernel ...)
+ {DSA-2668-1}
- linux-2.6 <removed> (low)
- linux 3.8.11-1 (low)
CVE-2013-3221 (The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and ...)
@@ -1862,6 +1905,7 @@
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
CVE-2013-2634 (net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize ...)
+ {DSA-2668-1}
- linux 3.2.41-2
- linux-2.6 <removed>
CVE-2013-2633 (Piwik before 1.11 accepts input from a POST request instead of a GET ...)
@@ -2006,27 +2050,33 @@
CVE-2013-2566 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, has ...)
NOTE: Generic protocol flaw in RC4
CVE-2012-6549 (The isofs_export_encode_fh function in fs/isofs/export.c in the Linux ...)
+ {DSA-2668-1}
- linux 3.2.41-1 (low)
- linux-2.6 <removed> (low)
CVE-2012-6548 (The udf_encode_fh function in fs/udf/namei.c in the Linux kernel ...)
+ {DSA-2668-1}
- linux 3.2.41-1 (low)
- linux-2.6 <removed> (low)
CVE-2012-6547 (The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel ...)
- linux 3.2.29-1 (low)
- linux-2.6 <removed> (low)
CVE-2012-6546 (The ATM implementation in the Linux kernel before 3.6 does not ...)
+ {DSA-2668-1}
- linux 3.2.30-1 (low)
- linux-2.6 <removed> (low)
CVE-2012-6545 (The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 ...)
+ {DSA-2668-1}
- linux 3.2.30-1 (low)
- linux-2.6 <removed> (low)
CVE-2012-6544 (The Bluetooth protocol stack in the Linux kernel before 3.6 does not ...)
+ {DSA-2668-1}
- linux 3.2.30-1 (low)
- linux-2.6 <removed> (low)
CVE-2012-6543 (The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux ...)
- linux <not-affected> (Affected code introduced in 3.5)
- linux-2.6 <not-affected> (Affected code introduced in 3.5)
CVE-2012-6542 (The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel ...)
+ {DSA-2668-1}
- linux 3.2.30-1 (low)
- linux-2.6 <removed> (low)
CVE-2012-6541 (The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the ...)
@@ -2034,9 +2084,11 @@
- linux-2.6 <removed> (low)
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.37)
CVE-2012-6540 (The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the ...)
+ {DSA-2668-1}
- linux 3.2.30-1 (low)
- linux-2.6 <removed> (low)
CVE-2012-6539 (The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 ...)
+ {DSA-2668-1}
- linux 3.2.30-1 (low)
- linux-2.6 <removed> (low)
CVE-2012-6538 (The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux ...)
@@ -2044,6 +2096,7 @@
- linux-2.6 <removed> (low)
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
CVE-2012-6537 (net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not ...)
+ {DSA-2668-1}
- linux 3.2.32-1 (low)
- linux-2.6 <removed> (low)
CVE-2012-6536 (net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify ...)
@@ -3382,11 +3435,9 @@
NOTE: https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373
NOTE: used for jPlayer 2.2.20 XSS
NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3
-CVE-2013-2021
- RESERVED
+CVE-2013-2021 (pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause ...)
- clamav 0.97.8+dfsg-1
-CVE-2013-2020
- RESERVED
+CVE-2013-2020 (Integer underflow in the cli_scanpe function in pe.c in ClamAV before ...)
- clamav 0.97.8+dfsg-1
CVE-2013-2019 [stack overflow vulnerabilities in the XML parser]
RESERVED
@@ -3414,6 +3465,7 @@
NOTE: Only pratically affects virtio-rng according to oss-reference (and if mmap_min_addr = 0)
TODO: check
CVE-2013-2015 (The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel ...)
+ {DSA-2668-1}
- linux <unfixed> (low)
- linux-2.6 <removed> (low)
CVE-2013-2014
@@ -3589,8 +3641,7 @@
NOTE: and fixed with 57f805a159874107c6c98065f9aa648c3634b8fd
NOTE: https://git.gnome.org/browse/gimp/commit/?h=d9c6f88141aecf956c5d7
NOTE: https://git.gnome.org/browse/gimp/commit/?h=57f805a159874107c6c98
-CVE-2013-1952 [VT-d interrupt remapping source validation flaw for bridges]
- RESERVED
+CVE-2013-1952 (Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, ...)
{DSA-2666-1}
- xen 4.1.4-4
CVE-2013-1951
@@ -3630,8 +3681,7 @@
RESERVED
- owncloud <unfixed>
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-015/
-CVE-2013-1940
- RESERVED
+CVE-2013-1940 (X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly ...)
{DSA-2661-1}
- xorg-server 2:1.12.4-6
CVE-2013-1939 [Windows: Local file disclosure]
@@ -3674,9 +3724,11 @@
NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
CVE-2013-1929 [tg3 VPD firmware -> driver injection]
RESERVED
+ {DSA-2668-1}
- linux 3.8.11-1
- linux-2.6 <removed>
CVE-2013-1928 (The do_video_set_spu_palette function in fs/compat_ioctl.c in the ...)
+ {DSA-2668-1}
- linux <unfixed>
- linux-2.6 <removed>
CVE-2013-1927 (The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows ...)
@@ -3694,8 +3746,7 @@
- nfs-utils 1:1.2.8-1 (low; bug #707401)
[squeeze] - nfs-utils <no-dsa> (Minor issue)
[wheezy] - nfs-utils <no-dsa> (Minor issue)
-CVE-2013-1922 [qemu-nbd format-guessing due to missing format specification]
- RESERVED
+CVE-2013-1922 (qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw ...)
- xen <not-affected> (qemu-nbd-xen built, but not installed into the binary packages)
- qemu <unfixed> (low; bug #705544)
[squeeze] - qemu <no-dsa> (Minor issue)
@@ -3707,17 +3758,14 @@
CVE-2013-1920 (Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under ...)
- xen <not-affected> (XSM not enabled in build)
NOTE: Debian package not build with XSM_ENABLE, thus resulted binary packages not affected
-CVE-2013-1919 [Several access permission issues with IRQs for unprivileged guests]
- RESERVED
+CVE-2013-1919 (Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which ...)
{DSA-2662-1}
- xen 4.1.4-3
NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00003.html
-CVE-2013-1918 [Several long latency operations are not preemptible]
- RESERVED
+CVE-2013-1918 (Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and ...)
{DSA-2666-1}
- xen 4.1.4-4
-CVE-2013-1917 [Xen PV DoS vulnerability with SYSENTER]
- RESERVED
+CVE-2013-1917 (Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not ...)
{DSA-2662-1}
- xen 4.1.4-3
NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00005.html
@@ -3776,8 +3824,7 @@
- postgresql-9.1 9.1.9-1 (bug #704479)
CVE-2013-1898 (lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows ...)
NOT-FOR-US: Ruby gem Thumbshooter
-CVE-2013-1897 [unintended information exposure when rootdse is enabled]
- RESERVED
+CVE-2013-1897 (The do_search function in ldap/servers/slapd/search.c in 389 Directory ...)
- 389-ds-base <unfixed> (bug #704421)
NOTE: http://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11&id=5a18c828533a670e7143327893f8171a19062286
NOTE: https://fedorahosted.org/389/ticket/47308
@@ -3895,6 +3942,7 @@
[squeeze] - mysql-5.1 <unfixed> (bug #706715)
NOTE: https://mariadb.atlassian.net/browse/MDEV-4252
CVE-2013-1860 (Heap-based buffer overflow in the wdm_in_callback function in ...)
+ {DSA-2668-1}
- linux 3.2.41-1
- linux-2.6 <removed>
CVE-2013-1859 (The Node Parameter Control module 6.x-1.x for Drupal does not properly ...)
@@ -4021,6 +4069,7 @@
- linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-47
CVE-2013-1826 (The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux ...)
+ {DSA-2668-1}
- linux 3.2.32-1 (low)
- linux-2.6 <removed> (low)
NOTE: Probably gone since 3.2.32-1, but I checked 3.2.41-2
@@ -4113,6 +4162,7 @@
CVE-2013-1799 (Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before ...)
- gnome-online-accounts <undetermined>
CVE-2013-1798 (The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux ...)
+ {DSA-2668-1}
- linux 3.2.41-2
- linux-2.6 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
@@ -4121,6 +4171,7 @@
- linux-2.6 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
CVE-2013-1796 (The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux ...)
+ {DSA-2668-1}
- linux 3.2.41-2
- linux-2.6 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
@@ -4133,6 +4184,7 @@
CVE-2013-1793
RESERVED
CVE-2013-1792 (Race condition in the install_user_keyrings function in ...)
+ {DSA-2668-1}
- linux 3.2.41-1
- linux-2.6 <removed>
CVE-2013-1791
@@ -4174,9 +4226,11 @@
- sudo 1.8.5p2-1+nmu1 (bug #701838)
NOTE: severity depends a lot on the environment
CVE-2013-1774 (The chase_port function in drivers/usb/serial/io_ti.c in the Linux ...)
+ {DSA-2668-1}
- linux 3.2.38-1
- linux-2.6 <removed>
CVE-2013-1773 (Buffer overflow in the VFAT filesystem implementation in the Linux ...)
+ {DSA-2668-1}
- linux 3.2.15-1
- linux-2.6 <removed>
NOTE: Probably gone since 3.2.15-1, but I checked 3.2.41-2
@@ -4202,6 +4256,7 @@
CVE-2013-1768
RESERVED
CVE-2013-1767 (Use-after-free vulnerability in the shmem_remount_fs function in ...)
+ {DSA-2668-1}
- linux 3.2.41-1
- linux-2.6 <removed>
CVE-2013-1766 (libvirt 1.0.2 and earlier sets the group owner to kvm for device ...)
@@ -6179,6 +6234,7 @@
CVE-2013-0915 (The GPU process in Google Chrome OS before 25.0.1364.173 allows ...)
NOT-FOR-US: Overflow in Chrome-specific libs
CVE-2013-0914 (The flush_signal_handlers function in kernel/signal.c in the Linux ...)
+ {DSA-2668-1}
- linux 3.2.41-1 (low)
- linux-2.6 <removed> (low)
CVE-2013-0913 (Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the ...)
@@ -7873,6 +7929,7 @@
- pktstat 1.8.5-3 (bug #701211)
[squeeze] - pktstat <not-affected> (Vulnerable code not present)
CVE-2013-0349 (The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux ...)
+ {DSA-2668-1}
- linux 3.2.39-1
- linux-2.6 <removed>
CVE-2013-0348 [sthttpd world-redable logdir]
@@ -13764,6 +13821,7 @@
CVE-2012-4509
RESERVED
CVE-2012-4508 (Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 ...)
+ {DSA-2668-1}
- linux 3.2.35-1
- linux-2.6 <removed>
CVE-2012-4507 (The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 ...)
@@ -13873,6 +13931,7 @@
CVE-2012-4462 (aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, ...)
- condor <not-affected> (This bug only affects the Aviary contrib module, which isn't built in the Debian condor package, #690556)
CVE-2012-4461 (The KVM subsystem in the Linux kernel before 3.6.9, when running on ...)
+ {DSA-2668-1}
- linux-2.6 <removed>
- linux 3.2.35-1
CVE-2012-4460 (The serializing/deserializing functions in the qpid::framing::Buffer ...)
@@ -16189,6 +16248,7 @@
CVE-2012-3554 (SQL injection vulnerability in the RSGallery2 (com_rsgallery2) ...)
NOT-FOR-US: Joomla addon
CVE-2012-3552 (Race condition in the IP implementation in the Linux kernel before 3.0 ...)
+ {DSA-2668-1}
- linux 3.0-1
- linux-2.6 <removed>
CVE-2012-3551 (Cross-site scripting (XSS) vulnerability in ...)
@@ -19922,6 +19982,7 @@
NOTE: Issue only triggered with specific optimisation in glibc enabled; no builds in Debian known to be affected.
NOTE: Fixed versions indicate application of upstream patch which prevents issue regardless of opt.settings.
CVE-2012-2121 (The KVM implementation in the Linux kernel before 3.3.4 does not ...)
+ {DSA-2668-1}
- linux-2.6 3.2.17-1
CVE-2012-2120 (latex2man in texlive-extra-utils 2011.20120322, and possibly other ...)
- texlive-extra 2012.20130315-1 (low; bug #668779)
More information about the Secure-testing-commits
mailing list