[Secure-testing-commits] r22336 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu May 23 09:14:28 UTC 2013 

Author: joeyh
Date: 2013-05-23 09:14:28 +0000 (Thu, 23 May 2013)
New Revision: 22336

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-05-23 08:00:05 UTC (rev 22335)
+++ data/CVE/list	2013-05-23 09:14:28 UTC (rev 22336)
@@ -1,3 +1,197 @@
+CVE-2013-3659
+	RESERVED
+CVE-2013-3658
+	RESERVED
+CVE-2013-3657
+	RESERVED
+CVE-2013-3656
+	RESERVED
+CVE-2013-3655
+	RESERVED
+CVE-2013-3654
+	RESERVED
+CVE-2013-3653
+	RESERVED
+CVE-2013-3652
+	RESERVED
+CVE-2013-3651
+	RESERVED
+CVE-2013-3650
+	RESERVED
+CVE-2013-3649
+	RESERVED
+CVE-2013-3648
+	RESERVED
+CVE-2013-3647
+	RESERVED
+CVE-2013-3646
+	RESERVED
+CVE-2013-3645
+	RESERVED
+CVE-2013-3644
+	RESERVED
+CVE-2013-3643
+	RESERVED
+CVE-2013-3642
+	RESERVED
+CVE-2013-3641
+	RESERVED
+CVE-2013-3640
+	RESERVED
+CVE-2013-3639
+	RESERVED
+CVE-2013-3638
+	RESERVED
+CVE-2013-3637
+	RESERVED
+CVE-2013-3636
+	RESERVED
+CVE-2013-3635
+	RESERVED
+CVE-2013-3634
+	RESERVED
+CVE-2013-3633
+	RESERVED
+CVE-2013-3632
+	RESERVED
+CVE-2013-3631
+	RESERVED
+CVE-2013-3630
+	RESERVED
+CVE-2013-3629
+	RESERVED
+CVE-2013-3628
+	RESERVED
+CVE-2013-3627
+	RESERVED
+CVE-2013-3626
+	RESERVED
+CVE-2013-3625
+	RESERVED
+CVE-2013-3624
+	RESERVED
+CVE-2013-3623
+	RESERVED
+CVE-2013-3622
+	RESERVED
+CVE-2013-3621
+	RESERVED
+CVE-2013-3620
+	RESERVED
+CVE-2013-3619
+	RESERVED
+CVE-2013-3618
+	RESERVED
+CVE-2013-3617
+	RESERVED
+CVE-2013-3616
+	RESERVED
+CVE-2013-3615
+	RESERVED
+CVE-2013-3614
+	RESERVED
+CVE-2013-3613
+	RESERVED
+CVE-2013-3612
+	RESERVED
+CVE-2013-3611
+	RESERVED
+CVE-2013-3610
+	RESERVED
+CVE-2013-3609
+	RESERVED
+CVE-2013-3608
+	RESERVED
+CVE-2013-3607
+	RESERVED
+CVE-2013-3606
+	RESERVED
+CVE-2013-3605
+	RESERVED
+CVE-2013-3604
+	RESERVED
+CVE-2013-3603
+	RESERVED
+CVE-2013-3602
+	RESERVED
+CVE-2013-3601
+	RESERVED
+CVE-2013-3600
+	RESERVED
+CVE-2013-3599
+	RESERVED
+CVE-2013-3598
+	RESERVED
+CVE-2013-3597
+	RESERVED
+CVE-2013-3596
+	RESERVED
+CVE-2013-3595
+	RESERVED
+CVE-2013-3594
+	RESERVED
+CVE-2013-3593
+	RESERVED
+CVE-2013-3592
+	RESERVED
+CVE-2013-3591
+	RESERVED
+CVE-2013-3590
+	RESERVED
+CVE-2013-3589
+	RESERVED
+CVE-2013-3588
+	RESERVED
+CVE-2013-3587
+	RESERVED
+CVE-2013-3586
+	RESERVED
+CVE-2013-3585
+	RESERVED
+CVE-2013-3584
+	RESERVED
+CVE-2013-3583
+	RESERVED
+CVE-2013-3582
+	RESERVED
+CVE-2013-3581
+	RESERVED
+CVE-2013-3580
+	RESERVED
+CVE-2013-3579
+	RESERVED
+CVE-2013-3578
+	RESERVED
+CVE-2013-3577
+	RESERVED
+CVE-2013-3576
+	RESERVED
+CVE-2013-3575
+	RESERVED
+CVE-2013-3574
+	RESERVED
+CVE-2013-3573
+	RESERVED
+CVE-2013-3572
+	RESERVED
+CVE-2013-3571
+	RESERVED
+CVE-2013-3570
+	RESERVED
+CVE-2013-3569
+	RESERVED
+CVE-2013-3568
+	RESERVED
+CVE-2013-3567
+	RESERVED
+CVE-2013-3566
+	RESERVED
+CVE-2013-3565
+	RESERVED
+CVE-2013-3564
+	RESERVED
+CVE-2013-3563
+	RESERVED
 CVE-2013-XXXX [mediawiki chunked uploads allow arbitrary data to be dropped on the server]
 	- mediawiki <unfixed>
 	[squeeze] - mediawiki <not-affected> (Vulnerable code not present)
@@ -2,2 +196,3 @@
 CVE-2013-3562 [wireshark: Websocket dissector crash]
+	RESERVED
 	- wireshark <unfixed> (bug #709167)
@@ -7,29 +202,36 @@
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8499
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-29.html
 CVE-2013-3561 [wireshark: Websocket dissector crash]
+	RESERVED
 	- wireshark <unfixed> (bug #709167)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-29.html
 CVE-2013-3560 [wireshark: MPEG DSM-CC dissector crash]
+	RESERVED
 	- wireshark <unfixed> (bug #709167)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-28.html
 CVE-2013-3559 [wireshark: DCP ETSI dissector crash]
+	RESERVED
 	- wireshark <unfixed> (bug #709167)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-27.html
 CVE-2013-3558 [wireshark: PPP CCP dissector crash]
+	RESERVED
 	- wireshark <unfixed> (bug #709167)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-26.html
 CVE-2013-3557 [wireshark: ASN.1 BER dissector crash]
+	RESERVED
 	- wireshark <unfixed> (bug #709167)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-25.html
 CVE-2013-3556 [wireshark: ASN.1 BER dissector crash]
+	RESERVED
 	- wireshark <not-affected> (Only affected the dev trunk)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-25.html (r48943)
 CVE-2013-3555 [wireshark: GTPv2 dissector crash]
+	RESERVED
 	- wireshark <unfixed> (bug #709167)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-24.html
@@ -153,8 +355,8 @@
 	NOT-FOR-US: Juniper
 CVE-2013-3497 (Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance ...)
 	NOT-FOR-US: Juniper
-CVE-2013-3496
-	RESERVED
+CVE-2013-3496 (Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator ...)
+	TODO: check
 CVE-2013-3495
 	RESERVED
 CVE-2013-3494
@@ -1527,48 +1729,34 @@
 	RESERVED
 CVE-2013-2850
 	RESERVED
-CVE-2013-2849
-	RESERVED
+CVE-2013-2849 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...)
 	- chromium-browser 27.0.1453.93-1
-CVE-2013-2848
-	RESERVED
+CVE-2013-2848 (The XSS Auditor in Google Chrome before 27.0.1453.93 might allow ...)
 	- chromium-browser 27.0.1453.93-1
-CVE-2013-2847
-	RESERVED
+CVE-2013-2847 (Race condition in the workers implementation in Google Chrome before ...)
 	- chromium-browser 27.0.1453.93-1
-CVE-2013-2846
-	RESERVED
+CVE-2013-2846 (Use-after-free vulnerability in the media loader in Google Chrome ...)
 	- chromium-browser 27.0.1453.93-1
-CVE-2013-2845
-	RESERVED
+CVE-2013-2845 (The Web Audio implementation in Google Chrome before 27.0.1453.93 ...)
 	- chromium-browser 27.0.1453.93-1
-CVE-2013-2844
-	RESERVED
+CVE-2013-2844 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...)
 	- chromium-browser 27.0.1453.93-1
-CVE-2013-2843
-	RESERVED
+CVE-2013-2843 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 ...)
 	- chromium-browser 27.0.1453.93-1
-CVE-2013-2842
-	RESERVED
+CVE-2013-2842 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 ...)
 	- chromium-browser 27.0.1453.93-1
-CVE-2013-2841
-	RESERVED
+CVE-2013-2841 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 ...)
 	- chromium-browser 27.0.1453.93-1
-CVE-2013-2840
-	RESERVED
+CVE-2013-2840 (Use-after-free vulnerability in the media loader in Google Chrome ...)
 	- chromium-browser 27.0.1453.93-1
-CVE-2013-2839
-	RESERVED
+CVE-2013-2839 (Google Chrome before 27.0.1453.93 does not properly perform a cast of ...)
 	- chromium-browser 27.0.1453.93-1
-CVE-2013-2838
-	RESERVED
+CVE-2013-2838 (Google V8, as used in Google Chrome before 27.0.1453.93, allows remote ...)
 	- chromium-browser 27.0.1453.93-1
 	- libv8 <unfixed>
-CVE-2013-2837
-	RESERVED
+CVE-2013-2837 (Use-after-free vulnerability in the SVG implementation in Google ...)
 	- chromium-browser 27.0.1453.93-1
-CVE-2013-2836
-	RESERVED
+CVE-2013-2836 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	- chromium-browser 27.0.1453.93-1
 CVE-2013-2835 (Google Chrome OS before 26.0.1410.57 does not properly enforce origin ...)
 	NOT-FOR-US: Google Chrome OS
@@ -2836,8 +3024,7 @@
 	RESERVED
 CVE-2013-2312
 	RESERVED
-CVE-2013-2311 [web2py: cross-site scripting vulnerability]
-	RESERVED
+CVE-2013-2311 (Cross-site scripting (XSS) vulnerability in static/js/share.js (aka ...)
 	- web2py <not-affected> (Vulnerable code not present)
 CVE-2013-2310
 	RESERVED
@@ -3436,8 +3623,7 @@
 CVE-2013-2060
 	RESERVED
 	NOT-FOR-US: OpenShift
-CVE-2013-2059 [Keystone: Deleted user can still create instances]
-	RESERVED
+CVE-2013-2059 (OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly ...)
 	- keystone 2013.1.1-2 (bug #707598)
 	[wheezy] - keystone <no-dsa> (Minor issue)
 	NOTE: http://lists.openstack.org/pipermail/openstack-announce/2013-May/000099.html
@@ -3622,11 +3808,9 @@
 CVE-2013-2008
 	RESERVED
 	NOT-FOR-US: WP Super Cache
-CVE-2013-2007
-	RESERVED
+CVE-2013-2007 (The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when ...)
 	- qemu <not-affected> (qemu guest agent, only from version in experimental on)
-CVE-2013-2006 [OpenStack keystone LDAP password disclosure in log files]
-	RESERVED
+CVE-2013-2006 (OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode ...)
 	- keystone <undetermined>
 	NOTE: https://review.openstack.org/#/c/26826/2/keystone/common/config.py
 	NOTE: https://bugs.launchpad.net/keystone/+bug/1172195
@@ -3692,8 +3876,7 @@
 	- linux-2.6 <not-affected> (Introduced in 2.6.36)
 CVE-2013-1978
 	RESERVED
-CVE-2013-1977
-	RESERVED
+CVE-2013-1977 (OpenStack devstack uses world-readable permissions for keystone.conf, ...)
 	- keystone <not-affected> (permissions to /etc/keystone/keystone.conf restricted in postinst)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/04/19/2
 CVE-2013-1976
@@ -3727,8 +3910,7 @@
 	RESERVED
 CVE-2013-1965
 	RESERVED
-CVE-2013-1964 [grant table hypercall acquire/release imbalance]
-	RESERVED
+CVE-2013-1964 (Xen 4.0.x and 4.1.x incorrectly releases a grant reference when ...)
 	{DSA-2666-1}
 	- xen 4.1.4-3
 	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html
@@ -6334,10 +6516,10 @@
 	NOT-FOR-US: EMC Avamar
 CVE-2013-0943
 	RESERVED
-CVE-2013-0942
-	RESERVED
-CVE-2013-0941
-	RESERVED
+CVE-2013-0942 (Cross-site scripting (XSS) vulnerability in EMC RSA Authentication ...)
+	TODO: check
+CVE-2013-0941 (EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 ...)
+	TODO: check
 CVE-2013-0940 (The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and ...)
 	NOT-FOR-US: EMC NetWorker
 CVE-2013-0939 (EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, ...)
@@ -9225,8 +9407,7 @@
 	NOTE: http://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d
 CVE-2012-6138
 	REJECTED
-CVE-2012-6137
-	RESERVED
+CVE-2012-6137 (rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does ...)
 	NOT-FOR-US: Red Hat subscription-manager
 CVE-2012-6136
 	RESERVED
@@ -25489,8 +25670,7 @@
 	RESERVED
 CVE-2007-6747
 	RESERVED
-CVE-2007-6746 [telepathy-idle does not check SSL certificates]
-	RESERVED
+CVE-2007-6746 (telepathy-idle before 0.1.15 does not verify (1) that the issuer is a ...)
 	- telepathy-idle 0.1.15-1 (low; bug #706094)
 	[wheezy] - telepathy-idle <no-dsa> (Minor issue)
 	[squeeze] - telepathy-idle <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list