[Secure-testing-commits] r24353 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Nov 20 13:48:20 UTC 2013
Author: carnil
Date: 2013-11-20 13:48:20 +0000 (Wed, 20 Nov 2013)
New Revision: 24353
Modified:
data/CVE/list
Log:
Simulate an 'automatic update'
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-11-20 13:46:37 UTC (rev 24352)
+++ data/CVE/list 2013-11-20 13:48:20 UTC (rev 24353)
@@ -1,6 +1,364 @@
+CVE-2013-6807
+ RESERVED
+CVE-2013-6806
+ RESERVED
+CVE-2013-6805
+ RESERVED
+CVE-2013-6804
+ RESERVED
+CVE-2013-6803
+ RESERVED
+CVE-2013-6802 (Google Chrome before 31.0.1650.57 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2013-6801 (Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote ...)
+ TODO: check
+CVE-2013-6800 (An unspecified third-party database module for the Key Distribution ...)
+ TODO: check
+CVE-2013-6799 (Apple Mac OS X 10.9 allows local users to cause a denial of service ...)
+ TODO: check
+CVE-2013-6798 (BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 ...)
+ TODO: check
+CVE-2013-6797 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2013-6796
+ RESERVED
+CVE-2013-6795
+ RESERVED
+CVE-2013-6794 (Cross-site scripting (XSS) vulnerability in the Calendar module in ...)
+ TODO: check
+CVE-2013-6793 (Multiple cross-site scripting (XSS) vulnerabilities in the Calendar ...)
+ TODO: check
+CVE-2013-6792
+ RESERVED
+CVE-2013-6791
+ RESERVED
+CVE-2013-6790
+ RESERVED
+CVE-2013-6789 (security/MemberLoginForm.php in SilverStripe 3.0.3 supports ...)
+ TODO: check
+CVE-2013-6788
+ RESERVED
+CVE-2013-6787
+ RESERVED
+CVE-2013-6786
+ RESERVED
+CVE-2013-6785
+ RESERVED
+CVE-2013-6784
+ RESERVED
+CVE-2013-6783
+ RESERVED
+CVE-2013-6782
+ RESERVED
+CVE-2013-6781
+ RESERVED
+CVE-2013-6780 (Cross-site scripting (XSS) vulnerability in uploader.swf in the ...)
+ TODO: check
+CVE-2013-6779
+ RESERVED
+CVE-2013-6778
+ RESERVED
+CVE-2013-6777
+ RESERVED
+CVE-2013-6776
+ RESERVED
+CVE-2013-6775
+ RESERVED
+CVE-2013-6774
+ RESERVED
+CVE-2013-6773
+ RESERVED
+CVE-2013-6772
+ RESERVED
+CVE-2013-6771
+ RESERVED
+CVE-2013-6770
+ RESERVED
+CVE-2013-6769
+ RESERVED
+CVE-2013-6768
+ RESERVED
+CVE-2013-6767
+ RESERVED
+CVE-2013-6764
+ RESERVED
+CVE-2013-6763 (The uio_mmap_physical function in drivers/uio/uio.c in the Linux ...)
+ TODO: check
+CVE-2013-6762
+ RESERVED
+CVE-2013-6761
+ RESERVED
+CVE-2013-6760
+ RESERVED
+CVE-2013-6759
+ RESERVED
+CVE-2013-6758
+ RESERVED
+CVE-2013-6757
+ RESERVED
+CVE-2013-6756
+ RESERVED
+CVE-2013-6755
+ RESERVED
+CVE-2013-6754
+ RESERVED
+CVE-2013-6753
+ RESERVED
+CVE-2013-6752
+ RESERVED
+CVE-2013-6751
+ RESERVED
+CVE-2013-6750
+ RESERVED
+CVE-2013-6749
+ RESERVED
+CVE-2013-6748
+ RESERVED
+CVE-2013-6747
+ RESERVED
+CVE-2013-6746
+ RESERVED
+CVE-2013-6745
+ RESERVED
+CVE-2013-6744
+ RESERVED
+CVE-2013-6743
+ RESERVED
+CVE-2013-6742
+ RESERVED
+CVE-2013-6741
+ RESERVED
+CVE-2013-6740
+ RESERVED
+CVE-2013-6739
+ RESERVED
+CVE-2013-6738
+ RESERVED
+CVE-2013-6737
+ RESERVED
+CVE-2013-6736
+ RESERVED
+CVE-2013-6735
+ RESERVED
+CVE-2013-6734
+ RESERVED
+CVE-2013-6733
+ RESERVED
+CVE-2013-6732
+ RESERVED
+CVE-2013-6731
+ RESERVED
+CVE-2013-6730
+ RESERVED
+CVE-2013-6729
+ RESERVED
+CVE-2013-6728
+ RESERVED
+CVE-2013-6727
+ RESERVED
+CVE-2013-6726
+ RESERVED
+CVE-2013-6725
+ RESERVED
+CVE-2013-6724
+ RESERVED
+CVE-2013-6723
+ RESERVED
+CVE-2013-6722
+ RESERVED
+CVE-2013-6721
+ RESERVED
+CVE-2013-6720
+ RESERVED
+CVE-2013-6719
+ RESERVED
+CVE-2013-6718
+ RESERVED
+CVE-2013-6717
+ RESERVED
+CVE-2013-6716
+ RESERVED
+CVE-2013-6715
+ RESERVED
+CVE-2013-6714
+ RESERVED
+CVE-2013-6713
+ RESERVED
+CVE-2013-6712
+ RESERVED
+CVE-2013-6711
+ RESERVED
+CVE-2013-6710
+ RESERVED
+CVE-2013-6709
+ RESERVED
+CVE-2013-6708
+ RESERVED
+CVE-2013-6707
+ RESERVED
+CVE-2013-6706
+ RESERVED
+CVE-2013-6705
+ RESERVED
+CVE-2013-6704
+ RESERVED
+CVE-2013-6703
+ RESERVED
+CVE-2013-6702
+ RESERVED
+CVE-2013-6701
+ RESERVED
+CVE-2013-6700
+ RESERVED
+CVE-2013-6699
+ RESERVED
+CVE-2013-6698
+ RESERVED
+CVE-2013-6697
+ RESERVED
+CVE-2013-6696
+ RESERVED
+CVE-2013-6695
+ RESERVED
+CVE-2013-6694
+ RESERVED
+CVE-2013-6693
+ RESERVED
+CVE-2013-6692
+ RESERVED
+CVE-2013-6691
+ RESERVED
+CVE-2013-6690
+ RESERVED
+CVE-2013-6689 (Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier ...)
+ TODO: check
+CVE-2013-6688 (Directory traversal vulnerability in the license-upload interface in ...)
+ TODO: check
+CVE-2013-6687
+ RESERVED
+CVE-2013-6686 (The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows ...)
+ TODO: check
+CVE-2013-6685 (The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak ...)
+ TODO: check
+CVE-2013-6684 (The web framework on Cisco Wireless LAN Controller (WLC) devices does ...)
+ TODO: check
+CVE-2013-6683 (The IPv6 implementation in Cisco NX-OS does not properly handle ...)
+ TODO: check
+CVE-2013-6682 (The phone-proxy implementation in Cisco Adaptive Security Appliance ...)
+ TODO: check
+CVE-2013-6681
+ RESERVED
+CVE-2013-6680
+ RESERVED
+CVE-2013-6679
+ RESERVED
+CVE-2013-6678
+ RESERVED
+CVE-2013-6677
+ RESERVED
+CVE-2013-6676
+ RESERVED
+CVE-2013-6675
+ RESERVED
+CVE-2013-6674
+ RESERVED
+CVE-2013-6673
+ RESERVED
+CVE-2013-6672
+ RESERVED
+CVE-2013-6671
+ RESERVED
+CVE-2013-6670
+ RESERVED
+CVE-2013-6669
+ RESERVED
+CVE-2013-6668
+ RESERVED
+CVE-2013-6667
+ RESERVED
+CVE-2013-6666
+ RESERVED
+CVE-2013-6665
+ RESERVED
+CVE-2013-6664
+ RESERVED
+CVE-2013-6663
+ RESERVED
+CVE-2013-6662
+ RESERVED
+CVE-2013-6661
+ RESERVED
+CVE-2013-6660
+ RESERVED
+CVE-2013-6659
+ RESERVED
+CVE-2013-6658
+ RESERVED
+CVE-2013-6657
+ RESERVED
+CVE-2013-6656
+ RESERVED
+CVE-2013-6655
+ RESERVED
+CVE-2013-6654
+ RESERVED
+CVE-2013-6653
+ RESERVED
+CVE-2013-6652
+ RESERVED
+CVE-2013-6651
+ RESERVED
+CVE-2013-6650
+ RESERVED
+CVE-2013-6649
+ RESERVED
+CVE-2013-6648
+ RESERVED
+CVE-2013-6647
+ RESERVED
+CVE-2013-6646
+ RESERVED
+CVE-2013-6645
+ RESERVED
+CVE-2013-6644
+ RESERVED
+CVE-2013-6643
+ RESERVED
+CVE-2013-6642
+ RESERVED
+CVE-2013-6641
+ RESERVED
+CVE-2013-6640
+ RESERVED
+CVE-2013-6639
+ RESERVED
+CVE-2013-6638
+ RESERVED
+CVE-2013-6637
+ RESERVED
+CVE-2013-6636
+ RESERVED
+CVE-2013-6635
+ RESERVED
+CVE-2013-6634
+ RESERVED
+CVE-2013-6633
+ RESERVED
+CVE-2013-6620
+ RESERVED
+CVE-2013-6619
+ RESERVED
+CVE-2013-6618 (jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 ...)
+ TODO: check
+CVE-2013-6617 (The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not ...)
+ TODO: check
+CVE-2011-5267 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2013-6766
+ RESERVED
NOT-FOR-US: OpenVAS Administrator (only uploaded to exp 2.5 years ago)
CVE-2013-6765
+ RESERVED
NOT-FOR-US: OpenVAS Manager (only uploaded to experimental 2.5 years ago)
CVE-2013-XXXX [binutils-h8300-hms buffer overflow]
- binutils-h8300-hms <unfixed> (low; bug #729274)
@@ -10,13 +368,13 @@
- staden-io-lib <unfixed> (low; bug #729276)
[squeeze] - staden-io-lib <no-dsa> (Minor issue)
[wheezy] - staden-io-lib <no-dsa> (Minor issue)
-CVE-2013-6632
+CVE-2013-6632 (Integer overflow in Google Chrome before 31.0.1650.57 allows remote ...)
- chromium-browser 31.0.1650.57-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6631
+CVE-2013-6631 (Use-after-free vulnerability in the Channel::SendRTCPPacket function ...)
- chromium-browser 31.0.1650.57-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6630
+CVE-2013-6630 (The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as ...)
- chromium-browser 31.0.1650.57-1
[squeeze] - chromium-browser <end-of-life>
- libjpeg-turbo <unfixed> (low; bug #729873)
@@ -27,7 +385,7 @@
[squeeze] - libjpeg8 <no-dsa> (Minor issue)
[wheezy] - libjpeg8 <no-dsa> (Minor issue)
NOTE: http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html
-CVE-2013-6629
+CVE-2013-6629 (The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) ...)
- chromium-browser 31.0.1650.57-1
[squeeze] - chromium-browser <end-of-life>
- libjpeg-turbo <unfixed> (low; bug #729873)
@@ -38,28 +396,28 @@
[squeeze] - libjpeg8 <no-dsa> (Minor issue)
[wheezy] - libjpeg8 <no-dsa> (Minor issue)
NOTE: http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html
-CVE-2013-6628
+CVE-2013-6628 (net/socket/ssl_client_socket_nss.cc in the TLS implementation in ...)
- chromium-browser 31.0.1650.57-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6627
+CVE-2013-6627 (net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 ...)
- chromium-browser 31.0.1650.57-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6626
+CVE-2013-6626 (The WebContentsImpl::AttachInterstitialPage function in ...)
- chromium-browser 31.0.1650.57-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6625
+CVE-2013-6625 (Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, ...)
- chromium-browser 31.0.1650.57-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6624
+CVE-2013-6624 (Use-after-free vulnerability in Google Chrome before 31.0.1650.48 ...)
- chromium-browser 31.0.1650.57-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6623
+CVE-2013-6623 (The SVG implementation in Blink, as used in Google Chrome before ...)
- chromium-browser 31.0.1650.57-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6622
+CVE-2013-6622 (Use-after-free vulnerability in the ...)
- chromium-browser 31.0.1650.57-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6621
+CVE-2013-6621 (Use-after-free vulnerability in Google Chrome before 31.0.1650.48 ...)
- chromium-browser 31.0.1650.57-1
[squeeze] - chromium-browser <end-of-life>
CVE-2013-6616
@@ -574,8 +932,8 @@
RESERVED
CVE-2013-6358
RESERVED
-CVE-2013-6357
- RESERVED
+CVE-2013-6357 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the ...)
+ TODO: check
CVE-2013-6356
RESERVED
CVE-2013-6355
@@ -863,8 +1221,7 @@
RESERVED
CVE-2013-6231
RESERVED
-CVE-2013-6230 [A Winsock API Bug Can Cause a Side-Effect Affecting BIND ACLs]
- RESERVED
+CVE-2013-6230 (The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ...)
- bind9 <not-affected> (Affects only Windows systems)
NOTE: https://kb.isc.org/article/AA-01062
CVE-2013-6229
@@ -873,8 +1230,7 @@
RESERVED
CVE-2013-6227
RESERVED
-CVE-2013-6226
- RESERVED
+CVE-2013-6226 (Directory traversal vulnerability in ...)
NOT-FOR-US: Pydio (AjaXplorer) Zoho Editor plugin
CVE-2013-6225
RESERVED
@@ -982,8 +1338,7 @@
RESERVED
CVE-2013-6173
RESERVED
-CVE-2013-6172 [vulnerability in handling _session argument of utils/save-prefs]
- RESERVED
+CVE-2013-6172 (steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x ...)
{DSA-2787-1}
- roundcube 0.9.4-1.1 (bug #727668)
[squeeze] - roundcube <not-affected> (Vulnerable code not present)
@@ -997,15 +1352,13 @@
CVE-2013-6169 (The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) ...)
{DSA-2775-1}
- ejabberd 2.1.11-1 (bug #722105)
-CVE-2013-6168
- RESERVED
+CVE-2013-6168 (Cross-site scripting (XSS) vulnerability in Zikula Application ...)
+ TODO: check
CVE-2013-6165
RESERVED
-CVE-2013-6164
- RESERVED
+CVE-2013-6164 (SQL injection vulnerability in view/objectDetail.php in Project'Or RIA ...)
NOT-FOR-US: Project'Or RIA
-CVE-2013-6163
- RESERVED
+CVE-2013-6163 (Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr ...)
NOT-FOR-US: Project'Or RIA
CVE-2013-6162
RESERVED
@@ -1085,8 +1438,7 @@
RESERVED
CVE-2013-6123
RESERVED
-CVE-2013-6122
- RESERVED
+CVE-2013-6122 (goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux ...)
NOT-FOR-US: Goodix gt915 Android touchscreen driver
CVE-2013-6121
RESERVED
@@ -1176,8 +1528,8 @@
NOT-FOR-US: MostGear Soft Easy LAN Folder Share
CVE-2013-6078
RESERVED
-CVE-2013-6077
- RESERVED
+CVE-2013-6077 (Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not ...)
+ TODO: check
CVE-2013-6076 (strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a ...)
- strongswan 5.1.0-3
[squeeze] - strongswan <not-affected> (Vulnerable Code not present, introduced by upstream commit 30216000d3752026127c2f91470ce165ab3d3926)
@@ -1235,8 +1587,7 @@
RESERVED
CVE-2013-6059
RESERVED
-CVE-2013-6058
- RESERVED
+CVE-2013-6058 (SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows ...)
NOT-FOR-US: appRain CMS
CVE-2013-6057
RESERVED
@@ -1274,8 +1625,8 @@
- python-django 1.5.2-1
CVE-2013-6043
RESERVED
-CVE-2013-6042
- RESERVED
+CVE-2013-6042 (Cross-site scripting (XSS) vulnerability in filemanager/login.php in ...)
+ TODO: check
CVE-2013-6041
RESERVED
CVE-2013-6040
@@ -1378,8 +1729,8 @@
RESERVED
CVE-2013-5991
RESERVED
-CVE-2013-5990
- RESERVED
+CVE-2013-5990 (Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; ...)
+ TODO: check
CVE-2013-5989
RESERVED
CVE-2013-5988
@@ -1416,8 +1767,8 @@
RESERVED
CVE-2013-5973
RESERVED
-CVE-2013-5972
- RESERVED
+CVE-2013-5972 (VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 ...)
+ TODO: check
CVE-2013-5971 (Session fixation vulnerability in the vSphere Web Client Server in ...)
NOT-FOR-US: VMware vSphere
CVE-2013-5970 (hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 ...)
@@ -1991,8 +2342,7 @@
RESERVED
CVE-2013-5727
RESERVED
-CVE-2013-5726
- RESERVED
+CVE-2013-5726 (Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not ...)
NOT-FOR-US: Tweetbot for iOS and Mac
CVE-2013-5725 (The Metaclassy Byword app 2.x before 2.1 for iOS does not require ...)
NOT-FOR-US: Byword for iOS
@@ -2074,11 +2424,9 @@
- glpi 0.84.2-1 (unimportant; bug #723837)
NOTE: Only supported behind an authenticated HTTP zone
NOTE: CVE split pending
-CVE-2013-5695
- RESERVED
+CVE-2013-5695 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview before ...)
NOT-FOR-US: Ops View
-CVE-2013-5694
- RESERVED
+CVE-2013-5694 (SQL injection vulnerability in status/service/acknowledge in Opsview ...)
NOT-FOR-US: Ops View
CVE-2013-5693 (Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 ...)
NOT-FOR-US: X2CRM
@@ -2183,10 +2531,9 @@
CVE-2012-6590 (The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2013-5689 [Arbitrary File Upload]
- RESERVED
+ REJECTED
- ajaxplorer <itp> (bug #668381)
-CVE-2013-5688 [Path Traversal]
- RESERVED
+CVE-2013-5688 (Multiple directory traversal vulnerabilities in index.php in ...)
- ajaxplorer <itp> (bug #668381)
CVE-2013-5675
RESERVED
@@ -2202,8 +2549,7 @@
CVE-2013-5671 [Remote Command Injection]
RESERVED
NOT-FOR-US: fog-dragonfly Ruby Gem
-CVE-2013-5670 [XSS]
- RESERVED
+CVE-2013-5670 (Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php ...)
- serendipity <not-affected> (Spellcheck plugin not included in 1.5.x)
CVE-2013-5653
RESERVED
@@ -2320,14 +2666,12 @@
CVE-2013-5607
RESERVED
- nspr 2:4.10.2-1
-CVE-2013-5606
- RESERVED
+CVE-2013-5606 (The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla ...)
- nss 2:3.15.3-1
-CVE-2013-5605
- RESERVED
+CVE-2013-5605 (Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 ...)
- nss 2:3.15.3-1
CVE-2013-5604 (The txXPathNodeUtils::getBaseURI function in the XSLT processor in ...)
- {DSA-2788-1}
+ {DSA-2797-1 DSA-2788-1}
- iceweasel 24.1.0esr-1
[squeeze] - iceweasel <end-of-life>
- icedove 17.0.10-1
@@ -2341,7 +2685,7 @@
- icedove <not-affected> (Only affects Firefox > 17)
- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-5602 (The Worker::SetEventListener function in the Web workers ...)
- {DSA-2788-1}
+ {DSA-2797-1 DSA-2788-1}
- iceweasel 24.1.0esr-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
@@ -2349,13 +2693,13 @@
- icedove 17.0.10-1
- iceape <unfixed>
CVE-2013-5601 (Use-after-free vulnerability in the ...)
- {DSA-2788-1}
+ {DSA-2797-1 DSA-2788-1}
- iceweasel 24.1.0esr-1
[squeeze] - iceweasel <end-of-life>
- icedove 17.0.10-1
- iceape <unfixed>
CVE-2013-5600 (Use-after-free vulnerability in the ...)
- {DSA-2788-1}
+ {DSA-2797-1 DSA-2788-1}
- iceweasel 24.1.0esr-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
@@ -2363,7 +2707,7 @@
- icedove 17.0.10-1
- iceape <unfixed>
CVE-2013-5599 (Use-after-free vulnerability in the nsIPresShell::GetPresContext ...)
- {DSA-2788-1}
+ {DSA-2797-1 DSA-2788-1}
- iceweasel 24.1.0esr-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
@@ -2377,7 +2721,7 @@
- icedove <not-affected> (Only affects Firefox >=24)
- iceape <not-affected> (Only affects Firefox >=24)
CVE-2013-5597 (Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad ...)
- {DSA-2788-1}
+ {DSA-2797-1 DSA-2788-1}
- iceweasel 24.1.0esr-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
@@ -2391,7 +2735,7 @@
- icedove <not-affected> (Only affects Firefox > 17)
- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-5595 (The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x ...)
- {DSA-2788-1}
+ {DSA-2797-1 DSA-2788-1}
- iceweasel 24.1.0esr-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
@@ -2419,7 +2763,7 @@
- icedove <not-affected> (Only affects Firefox >=24)
- iceape <not-affected> (Only affects Firefox >=24)
CVE-2013-5590 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- {DSA-2788-1}
+ {DSA-2797-1 DSA-2788-1}
- iceweasel 24.1.0esr-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
@@ -2502,42 +2846,40 @@
CVE-2013-5575 [integer overflow]
REJECTED
NOTE: Non-issue, to be rejected
-CVE-2013-5568
- RESERVED
+CVE-2013-5568 (The auto-update implementation in Cisco Adaptive Security Appliance ...)
+ TODO: check
CVE-2013-5567
RESERVED
-CVE-2013-5566
- RESERVED
-CVE-2013-5565
- RESERVED
+CVE-2013-5566 (Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote ...)
+ TODO: check
+CVE-2013-5565 (The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers ...)
+ TODO: check
CVE-2013-5564 (The Java process in the Impact server in Cisco Prime Central for ...)
NOT-FOR-US: Cisco Prime Central for Hosted Collaboration Solution
-CVE-2013-5563
- RESERVED
+CVE-2013-5563 (Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp ...)
NOT-FOR-US: Cisco CS-MARS
-CVE-2013-5562
- RESERVED
+CVE-2013-5562 (The ITM web server in Cisco Prime Central for Hosted Collaboration ...)
+ TODO: check
CVE-2013-5561 (The Safe Search enforcement feature in Cisco Adaptive Security ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
-CVE-2013-5560
- RESERVED
+CVE-2013-5560 (The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) ...)
+ TODO: check
CVE-2013-5559 (Buffer overflow in the Active Template Library (ATL) framework in the ...)
NOT-FOR-US: Cisco AnyConnect Secure Mobility Client
-CVE-2013-5558
- RESERVED
+CVE-2013-5558 (The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 ...)
+ TODO: check
CVE-2013-5557
RESERVED
-CVE-2013-5556
- RESERVED
+CVE-2013-5556 (The license-installation module on the Cisco Nexus 1000V switch ...)
+ TODO: check
CVE-2013-5555 (Cisco Unified Communications Manager (aka CUCM or Unified CM) allows ...)
NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2013-5554
- RESERVED
+CVE-2013-5554 (Directory traversal vulnerability in the web-management interface in ...)
NOT-FOR-US: Cisco Wide Area Application Services
-CVE-2013-5553
- RESERVED
-CVE-2013-5552
- RESERVED
+CVE-2013-5553 (Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote ...)
+ TODO: check
+CVE-2013-5552 (Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) ...)
+ TODO: check
CVE-2013-5551 (Cisco Adaptive Security Appliance (ASA) Software, when certain ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5550 (The fabric-interconnect component in Cisco Unified Computing System ...)
@@ -2735,16 +3077,16 @@
NOT-FOR-US: IBM JDK
CVE-2013-5455
RESERVED
-CVE-2013-5454
- RESERVED
-CVE-2013-5453
- RESERVED
+CVE-2013-5454 (IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, ...)
+ TODO: check
+CVE-2013-5453 (IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote ...)
+ TODO: check
CVE-2013-5452
RESERVED
CVE-2013-5451
RESERVED
-CVE-2013-5450
- RESERVED
+CVE-2013-5450 (IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz ...)
+ TODO: check
CVE-2013-5449
RESERVED
CVE-2013-5448
@@ -2759,8 +3101,8 @@
RESERVED
CVE-2013-5443
RESERVED
-CVE-2013-5442
- RESERVED
+CVE-2013-5442 (Cross-site scripting (XSS) vulnerability in the Local Management ...)
+ TODO: check
CVE-2013-5441
RESERVED
CVE-2013-5440
@@ -2793,8 +3135,8 @@
RESERVED
CVE-2013-5426
RESERVED
-CVE-2013-5425
- RESERVED
+CVE-2013-5425 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
+ TODO: check
CVE-2013-5424 (IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass ...)
NOT-FOR-US: IBM Flex System Manager
CVE-2013-5423
@@ -2807,16 +3149,16 @@
RESERVED
CVE-2013-5419 (Multiple buffer overflows in (1) mkque and (2) mkquedev in ...)
NOT-FOR-US: IBM AIX
-CVE-2013-5418
- RESERVED
-CVE-2013-5417
- RESERVED
+CVE-2013-5418 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
+ TODO: check
+CVE-2013-5417 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
+ TODO: check
CVE-2013-5416
RESERVED
CVE-2013-5415
RESERVED
-CVE-2013-5414
- RESERVED
+CVE-2013-5414 (The migration functionality in IBM WebSphere Application Server (WAS) ...)
+ TODO: check
CVE-2013-5413
RESERVED
CVE-2013-5412
@@ -2869,8 +3211,8 @@
NOT-FOR-US: IBM Domino
CVE-2013-5388 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 ...)
NOT-FOR-US: IBM Domino
-CVE-2013-5387
- RESERVED
+CVE-2013-5387 (Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows ...)
+ TODO: check
CVE-2013-5386
RESERVED
CVE-2013-5385
@@ -2885,10 +3227,10 @@
NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5380 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
NOT-FOR-US: IBM Maximo Asset Management
-CVE-2013-5379
- RESERVED
-CVE-2013-5378
- RESERVED
+CVE-2013-5379 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x ...)
+ TODO: check
+CVE-2013-5378 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x ...)
+ TODO: check
CVE-2013-5377
RESERVED
CVE-2013-5376 (Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified ...)
@@ -2984,18 +3326,16 @@
RESERVED
CVE-2013-5331
RESERVED
-CVE-2013-5330
- RESERVED
+CVE-2013-5330 (Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2013-5329
- RESERVED
+CVE-2013-5329 (Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2013-5328
- RESERVED
+CVE-2013-5328 (Adobe ColdFusion 10 before Update 12 allows remote attackers to read ...)
+ TODO: check
CVE-2013-5327 (MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute arbitrary ...)
NOT-FOR-US: Adobe RoboHelp
-CVE-2013-5326
- RESERVED
+CVE-2013-5326 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 ...)
+ TODO: check
CVE-2013-5325 (Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote ...)
NOT-FOR-US: Adobe
CVE-2013-5324 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 ...)
@@ -3202,8 +3542,8 @@
RESERVED
CVE-2013-5224
RESERVED
-CVE-2013-5223
- RESERVED
+CVE-2013-5223 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link ...)
+ TODO: check
CVE-2013-5222
RESERVED
CVE-2013-5221 (The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 ...)
@@ -3266,8 +3606,8 @@
RESERVED
CVE-2013-5194
RESERVED
-CVE-2013-5193
- RESERVED
+CVE-2013-5193 (The App Store component in Apple iOS before 7.0.4 does not properly ...)
+ TODO: check
CVE-2013-5192 (The USB hub controller in Apple Mac OS X before 10.9 allows local ...)
NOT-FOR-US: Apple Mac OS X
CVE-2013-5191 (The syslog implementation in Apple Mac OS X before 10.9 allows local ...)
@@ -3674,8 +4014,7 @@
RESERVED
CVE-2013-4988
RESERVED
-CVE-2013-4987
- RESERVED
+CVE-2013-4987 (PineApp Mail-SeCure before 3.70 allows remote authenticated users to ...)
NOT-FOR-US: PinApp
CVE-2013-4986 (Stack-based buffer overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 ...)
NOT-FOR-US: PDFCool
@@ -4043,10 +4382,10 @@
RESERVED
CVE-2013-4844
RESERVED
-CVE-2013-4843
- RESERVED
-CVE-2013-4842
- RESERVED
+CVE-2013-4843 (Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with ...)
+ TODO: check
+CVE-2013-4842 (Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 ...)
+ TODO: check
CVE-2013-4841
RESERVED
CVE-2013-4840
@@ -4263,8 +4602,7 @@
NOT-FOR-US: SurgeFTP
CVE-2013-4741
RESERVED
-CVE-2013-4740
- RESERVED
+CVE-2013-4740 (goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux ...)
NOT-FOR-US: Goodix gt915 Android touchscreen driver
CVE-2013-4739
RESERVED
@@ -4351,12 +4689,12 @@
NOT-FOR-US: Drupal module Exposed Filter Data
CVE-2012-6574 (Cross-site scripting (XSS) vulnerability in the Fonecta verify module ...)
NOT-FOR-US: Drupal module Fonecta verify
-CVE-2013-4716
- RESERVED
-CVE-2013-4715
- RESERVED
-CVE-2013-4714
- RESERVED
+CVE-2013-4716 (Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and ...)
+ TODO: check
+CVE-2013-4715 (SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before ...)
+ TODO: check
+CVE-2013-4714 (Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 ...)
+ TODO: check
CVE-2013-4713 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk ...)
NOT-FOR-US: I-O DATA DEVICE RockDisk
CVE-2013-4712 (I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and ...)
@@ -4666,8 +5004,8 @@
RESERVED
- gitlab <itp> (bug #651606)
CVE-2013-4582 [Local file inclusion vulnerability]
+ RESERVED
- gitlab <itp> (bug #651606)
- RESERVED
CVE-2013-4581 [Remote code execution vulnerability via Git SSH access]
RESERVED
- gitlab <itp> (bug #651606)
@@ -4734,20 +5072,19 @@
RESERVED
CVE-2013-4560 [use-after-free in fam]
RESERVED
+ {DSA-2795-1}
- lighttpd 1.4.33-1+nmu1 (bug #729453)
CVE-2013-4559 [setuid privilege escalation issue]
RESERVED
+ {DSA-2795-1}
- lighttpd 1.4.33-1+nmu1 (bug #729453)
CVE-2013-4558
RESERVED
-CVE-2013-4557
- RESERVED
+CVE-2013-4557 (The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 ...)
- spip 2.1.24-1 (bug #729172)
-CVE-2013-4556
- RESERVED
+CVE-2013-4556 (Cross-site scripting (XSS) vulnerability in the author page ...)
- spip 2.1.24-1 (bug #729172)
-CVE-2013-4555
- RESERVED
+CVE-2013-4555 (Cross-site request forgery (CSRF) vulnerability in ...)
- spip 2.1.24-1 (bug #729172)
CVE-2013-4554
RESERVED
@@ -4756,23 +5093,21 @@
CVE-2013-4552
RESERVED
NOT-FOR-US: drupalauth module for simpleSAMLphp
-CVE-2013-4551 [Host crash due to guest VMX instruction execution]
- RESERVED
+CVE-2013-4551 (Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (Only affects 4.2.x and later)
[squeeze] - xen <not-affected> (Only affects 4.2.x and later)
CVE-2013-4550 [denial of service via resource leak]
+ RESERVED
- xen <unfixed>
[wheezy] - xen <not-affected> (affects only Xen 4.2.x and later)
[squeeze] - xen <not-affected> (affects only Xen 4.2.x and later)
- RESERVED
- bip 0.8.9-1
NOTE: Upstream commit: https://projects.duckcorp.org/projects/bip/repository/revisions/df45c4c2d6f892e3e1dec23ce0ed2575b53a7d8c
NOTE: https://projects.duckcorp.org/issues/261
CVE-2013-4549
RESERVED
-CVE-2013-4548 [openssh AES_GCM memory corruption]
- RESERVED
+CVE-2013-4548 (The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH ...)
- openssh 1:6.4p1-1 (bug #729029)
[wheezy] - openssh <not-affected> (AES-GCM support introduced in 6.2)
[squeeze] - openssh <not-affected> (AES-GCM support introduced in 6.2)
@@ -4784,6 +5119,7 @@
- gitlab <itp> (bug #651606)
CVE-2013-4545
RESERVED
+ {DSA-2798-1}
- curl 7.33.0-1
CVE-2013-4544
RESERVED
@@ -4836,51 +5172,43 @@
CVE-2013-4520
RESERVED
- libxslt <not-affected> (The versions in wheezy and squeeze contain the full patch)
-CVE-2013-4519 [XSS vulnerabilities]
- RESERVED
+CVE-2013-4519 (Multiple cross-site scripting (XSS) vulnerabilities in Review Board ...)
- reviewboard <itp> (bug #653113)
CVE-2013-4518
RESERVED
CVE-2013-4517
RESERVED
-CVE-2013-4516 [kernel memory disclosure via uninitialized structure members]
- RESERVED
+CVE-2013-4516 (The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the ...)
- linux 3.12-1 (unimportant)
[wheezy] - linux <not-affected> (Affected code not present yet)
- linux-2.6 <not-affected> (Affected code not present yet)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a8b33654b1e3b0c74d4a1fed041c9aae50b3c427
NOTE: Not enabled in Debian kernels; staging drivers are not supported
-CVE-2013-4515 [bcm: kernel memory disclosure via uninitialized structure members]
- RESERVED
+CVE-2013-4515 (The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the ...)
- linux 3.12-1 (unimportant)
- linux-2.6 <not-affected> (Affected code not present yet)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d1e72250c847fa96498ec029891de4dc638a5ba
NOTE: Not enabled in Debian kernels; staging drivers are not supported
-CVE-2013-4514 [buffer overflow when setting station name]
- RESERVED
+CVE-2013-4514 (Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in ...)
- linux 3.12-1 (unimportant)
- linux-2.6 <not-affected> (Affected code not present yet)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5e2f339865fb443107e5b10603e53bbc92dc054
NOTE: Not enabled in Debian kernels; staging drivers are not supported
-CVE-2013-4513 [ozwpan: buffer overflow in write syscall]
- RESERVED
+CVE-2013-4513 (Buffer overflow in the oz_cdev_write function in ...)
- linux 3.12-1 (unimportant)
[wheezy] - linux <not-affected> (Affected code not present yet)
- linux-2.6 <not-affected> (Affected code not present yet)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2c65cd2e14ada6de44cb527e7f1990bede24e15
NOTE: Not enabled in Debian kernels; staging drivers are not supported
-CVE-2013-4512 [buffer overflow in proc code]
- RESERVED
+CVE-2013-4512 (Buffer overflow in the exitcode_proc_write function in ...)
- linux <unfixed> (low)
- linux-2.6 <removed> (low)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=201f99f170df14ba52ea4c52847779042b7a623b
-CVE-2013-4511
- RESERVED
+CVE-2013-4511 (Multiple integer overflows in Alchemy LCD frame-buffer drivers in the ...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7314e613d
-CVE-2013-4510 [File extension not santized]
- RESERVED
+CVE-2013-4510 (Directory traversal vulnerability in the client in Tryton 3.0.0, as ...)
{DSA-2791-1}
- tryton-client 2.8.4-1
NOTE: https://bugs.tryton.org/issue3446
@@ -4891,8 +5219,8 @@
NOTE: This is rather a bug in the various IBus engines not in ibus itself, asked maintainers to investigate affected engines,
NOTE: can be assigned to affected engines once more info is available
NOTE: Introduced in 1.5, so stable/oldstable not affected
-CVE-2013-4508 [ssl.cipher-list not inherited into SNI]
- RESERVED
+CVE-2013-4508 (lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ...)
+ {DSA-2795-1}
- lighttpd 1.4.33-1+nmu1 (bug #729453)
NOTE: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt
NOTE: http://redmine.lighttpd.net/issues/2525
@@ -4924,8 +5252,7 @@
CVE-2013-4498
RESERVED
NOT-FOR-US: Drupal contrib module
-CVE-2013-4497 [XenAPI security groups not kept through migrate or resize]
- RESERVED
+CVE-2013-4497 (The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and ...)
- nova 2013.2-1
NOTE: https://bugs.launchpad.net/nova/+bug/1073306
NOTE: https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80
@@ -4935,6 +5262,7 @@
RESERVED
CVE-2013-4495 [remote command execution]
RESERVED
+ {DSA-2796-1}
- torque 2.4.16+dfsg-1.3 (bug #729333)
CVE-2013-4494 (Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock ...)
- xen <unfixed>
@@ -4974,8 +5302,8 @@
RESERVED
CVE-2013-4481
RESERVED
-CVE-2013-4480
- RESERVED
+CVE-2013-4480 (Red Hat Satellite 5.6 and earlier does not disable the web interface ...)
+ TODO: check
CVE-2013-4479 [prevent remote command injection in content_type]
RESERVED
- sup-mail <unfixed> (bug #728232)
@@ -4988,14 +5316,12 @@
CVE-2013-4477 (The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, ...)
- keystone 2013.2-2 (bug #728233)
NOTE: https://bugs.launchpad.net/keystone/+bug/1242855
-CVE-2013-4476
- RESERVED
+CVE-2013-4476 (Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is ...)
- samba 2:4.0.11+dfsg-1 (low)
[wheezy] - samba <not-affected> (Doesn't provide AD functionality)
[squeeze] - samba <not-affected> (Doesn't provide AD functionality)
- samba4 <removed> (low)
-CVE-2013-4475 [no ACL checks for alternate data streams in Samba]
- RESERVED
+CVE-2013-4475 (Samba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, ...)
- samba 2:4.0.11+dfsg-1 (low)
[wheezy] - samba <no-dsa> (Minor issue)
[squeeze] - samba <no-dsa> (Minor issue)
@@ -5075,8 +5401,7 @@
CVE-2013-4454
RESERVED
NOT-FOR-US: WordPress plugin
-CVE-2013-4453 [XSS]
- RESERVED
+CVE-2013-4453 (Cross-site scripting (XSS) vulnerability in templates/login.php in ...)
- ldap-account-manager <unfixed> (medium; bug #726976)
[wheezy] - ldap-account-manager <no-dsa> (Minor issue)
[squeeze] - ldap-account-manager <no-dsa> (Minor issue)
@@ -5120,20 +5445,15 @@
CVE-2013-4440 [non-tty passwords are trivially weak by default]
RESERVED
- pwgen <unfixed> (bug #726578)
-CVE-2013-4439
- RESERVED
+CVE-2013-4439 (Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote ...)
- salt 0.17.1+dfsg-1 (bug #726480)
-CVE-2013-4438
- RESERVED
+CVE-2013-4438 (Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute ...)
- salt 0.17.1+dfsg-1 (bug #726480)
-CVE-2013-4437
- RESERVED
+CVE-2013-4437 (Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 ...)
- salt 0.17.1+dfsg-1 (bug #726480)
-CVE-2013-4436
- RESERVED
+CVE-2013-4436 (The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 ...)
- salt 0.17.1+dfsg-1 (bug #726480)
-CVE-2013-4435
- RESERVED
+CVE-2013-4435 (Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated ...)
- salt 0.17.1+dfsg-1 (bug #726480)
CVE-2013-4434 (Dropbear SSH Server before 2013.59 generates error messages for a ...)
- dropbear 2012.55-1.4 (low; bug #726118)
@@ -5173,8 +5493,7 @@
CVE-2013-4426 [pyxtrlock mis-spelled variable name]
RESERVED
NOT-FOR-US: pyxtrlock
-CVE-2013-4425
- RESERVED
+CVE-2013-4425 (The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when ...)
NOT-FOR-US: Osirix
CVE-2013-4424
RESERVED
@@ -5190,8 +5509,7 @@
CVE-2013-4420 [tar_extract_glob and tar_extract_all path prefix directory traversal]
RESERVED
- libtar <unfixed>
-CVE-2013-4419 [insecure temporary directory handling for guestfish's network socket]
- RESERVED
+CVE-2013-4419 (The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when ...)
- libguestfs 1:1.22.7-1
CVE-2013-4418
RESERVED
@@ -5938,8 +6256,7 @@
- linux 3.10.7-1
[wheezy] - linux <not-affected> (Introduced in 3.8)
- linux-2.6 <not-affected> (Introduced in 3.8)
-CVE-2013-4204 [Google Web Toolkit XSS]
- RESERVED
+CVE-2013-4204 (Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files ...)
- gwt <removed> (low)
[squeeze] - gwt <no-dsa> (Minor issue)
NOTE: http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1
@@ -6142,12 +6459,10 @@
- ruby-passenger 3.0.13debian-1.2 (low; bug #717176)
[squeeze] - passenger <no-dsa> (minor, local, issue)
[wheezy] - ruby-passenger <no-dsa> (minor, local, issue)
-CVE-2013-4135
- RESERVED
+CVE-2013-4135 (The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt ...)
{DSA-2729-1}
- openafs 1.6.5-1
-CVE-2013-4134
- RESERVED
+CVE-2013-4134 (OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 ...)
{DSA-2729-1}
- openafs 1.6.5-1
CVE-2013-4133 [memory leak]
@@ -6414,19 +6729,18 @@
RESERVED
CVE-2013-4056 (Cross-site request forgery (CSRF) vulnerability in the Data Quality ...)
NOT-FOR-US: IBM
-CVE-2013-4055
- RESERVED
+CVE-2013-4055 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web ...)
+ TODO: check
CVE-2013-4054
RESERVED
CVE-2013-4053 (The WS-Security implementation in IBM WebSphere Application Server ...)
NOT-FOR-US: WebSphere
CVE-2013-4052 (Cross-site scripting (XSS) vulnerability in the UDDI Administrative ...)
NOT-FOR-US: WebSphere
-CVE-2013-4051
- RESERVED
+CVE-2013-4051 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web ...)
NOT-FOR-US: IBM Domino
-CVE-2013-4050
- RESERVED
+CVE-2013-4050 (Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in ...)
+ TODO: check
CVE-2013-4049 (Unrestricted file upload vulnerability in IBM SPSS Analytical Decision ...)
NOT-FOR-US: IBM SPSS
CVE-2013-4048 (Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical ...)
@@ -6458,8 +6772,8 @@
RESERVED
CVE-2013-4035
RESERVED
-CVE-2013-4034
- RESERVED
+CVE-2013-4034 (IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, ...)
+ TODO: check
CVE-2013-4033 (IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through ...)
NOT-FOR-US: IBM DB2
CVE-2013-4032 (The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server ...)
@@ -6514,8 +6828,8 @@
RESERVED
CVE-2013-4007 (Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced ...)
NOT-FOR-US: IBM
-CVE-2013-4006
- RESERVED
+CVE-2013-4006 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before ...)
+ TODO: check
CVE-2013-4005 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
NOT-FOR-US: IBM WebSphere
CVE-2013-4004 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
@@ -6555,10 +6869,10 @@
RESERVED
CVE-2013-3987
RESERVED
-CVE-2013-3986
- RESERVED
-CVE-2013-3985
- RESERVED
+CVE-2013-3986 (IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause ...)
+ TODO: check
+CVE-2013-3985 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...)
+ TODO: check
CVE-2013-3984
RESERVED
CVE-2013-3983
@@ -6650,8 +6964,8 @@
RESERVED
CVE-2013-3941
RESERVED
-CVE-2013-3940
- RESERVED
+CVE-2013-3940 (Integer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
+ TODO: check
CVE-2013-3939
RESERVED
CVE-2013-3938
@@ -6692,34 +7006,34 @@
RESERVED
CVE-2013-3920
RESERVED
-CVE-2013-3918
- RESERVED
-CVE-2013-3917
- RESERVED
-CVE-2013-3916
- RESERVED
-CVE-2013-3915
- RESERVED
-CVE-2013-3914
- RESERVED
+CVE-2013-3918 (The InformationCardSigninHelper Class ActiveX control in icardie.dll ...)
+ TODO: check
+CVE-2013-3917 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2013-3916 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2013-3915 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2013-3914 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2013-3913
RESERVED
-CVE-2013-3912
- RESERVED
-CVE-2013-3911
- RESERVED
-CVE-2013-3910
- RESERVED
-CVE-2013-3909
- RESERVED
-CVE-2013-3908
- RESERVED
+CVE-2013-3912 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2013-3911 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
+ TODO: check
+CVE-2013-3910 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
+ TODO: check
+CVE-2013-3909 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
+ TODO: check
+CVE-2013-3908 (Microsoft Internet Explorer 6 through 10 allows user-assisted remote ...)
+ TODO: check
CVE-2013-3907
RESERVED
-CVE-2013-3906
- RESERVED
-CVE-2013-3905
- RESERVED
+CVE-2013-3906 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 ...)
+ TODO: check
+CVE-2013-3905 (Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does ...)
+ TODO: check
CVE-2013-3904
RESERVED
CVE-2013-3903
@@ -6732,8 +7046,8 @@
RESERVED
CVE-2013-3899
RESERVED
-CVE-2013-3898
- RESERVED
+CVE-2013-3898 (Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, ...)
+ TODO: check
CVE-2013-3897 (Use-after-free vulnerability in the CDisplayPointer class in ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3896 (Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate ...)
@@ -6754,8 +7068,8 @@
NOT-FOR-US: Microsoft
CVE-2013-3888 (dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...)
NOT-FOR-US: Microsoft Windows
-CVE-2013-3887
- RESERVED
+CVE-2013-3887 (The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode ...)
+ TODO: check
CVE-2013-3886 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3885 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
@@ -6776,8 +7090,8 @@
RESERVED
CVE-2013-3877
RESERVED
-CVE-2013-3876
- RESERVED
+CVE-2013-3876 (DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...)
+ TODO: check
CVE-2013-3875 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3874 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
@@ -6790,8 +7104,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3870 (Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 ...)
NOT-FOR-US: Microsoft Outlook
-CVE-2013-3869
- RESERVED
+CVE-2013-3869 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows ...)
+ TODO: check
CVE-2013-3868 (Microsoft Active Directory Lightweight Directory Service (AD LDS) on ...)
NOT-FOR-US: Microsoft
CVE-2013-3867
@@ -7207,8 +7521,8 @@
RESERVED
CVE-2013-3695
RESERVED
-CVE-2013-3694
- RESERVED
+CVE-2013-3694 (BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 ...)
+ TODO: check
CVE-2013-3693 (The BlackBerry Universal Device Service in BlackBerry Enterprise ...)
NOT-FOR-US: BlackBerry
CVE-2013-3692 (BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses ...)
@@ -7378,8 +7692,8 @@
RESERVED
CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee Managed ...)
NOT-FOR-US: McAfee
-CVE-2013-3626
- RESERVED
+CVE-2013-3626 (Directory traversal vulnerability in the Session Server in Attachmate ...)
+ TODO: check
CVE-2013-3625 (An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 ...)
NOT-FOR-US: Baramundi Management Suite
CVE-2013-3624 (The OS deployment feature in Baramundi Management Suite 7.5 through ...)
@@ -7854,10 +8168,10 @@
NOT-FOR-US: Cisco
CVE-2013-3408 (The firmware on Cisco Virtualization Experience Client 6000 devices ...)
NOT-FOR-US: Cisco
-CVE-2013-3407
- RESERVED
-CVE-2013-3406
- RESERVED
+CVE-2013-3407 (The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 ...)
+ TODO: check
+CVE-2013-3406 (The "Files Available for Download" implementation in the Cisco ...)
+ TODO: check
CVE-2013-3405 (The web portal in TC software on Cisco TelePresence endpoints does not ...)
NOT-FOR-US: Cisco
CVE-2013-3404 (SQL injection vulnerability in Cisco Unified Communications Manager ...)
@@ -8113,8 +8427,7 @@
RESERVED
CVE-2013-3287 (EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level ...)
NOT-FOR-US: EMC Unisphere for VMAX
-CVE-2013-3286
- RESERVED
+CVE-2013-3286 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...)
NOT-FOR-US: EMC Documentum
CVE-2013-3285 (The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before ...)
NOT-FOR-US: EMC NetWorker
@@ -8124,8 +8437,7 @@
RESERVED
CVE-2013-3282
RESERVED
-CVE-2013-3281
- RESERVED
+CVE-2013-3281 (Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop ...)
NOT-FOR-US: EMC Documentum
CVE-2013-3280 (EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet ...)
NOT-FOR-US: RSA Authentication Agent for Web for Internet Information Services
@@ -8174,10 +8486,10 @@
NOTE: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:05.nfsserver.asc
CVE-2013-3265
RESERVED
-CVE-2013-3264
- RESERVED
-CVE-2013-3263
- RESERVED
+CVE-2013-3264 (The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for ...)
+ TODO: check
+CVE-2013-3263 (Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate ...)
+ TODO: check
CVE-2013-3262 (Cross-site scripting (XSS) vulnerability in admin/admin.php in the ...)
NOT-FOR-US: WordPress plugin download-monitor
CVE-2013-3261 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the ...)
@@ -8665,10 +8977,10 @@
NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3046
RESERVED
-CVE-2013-3045
- RESERVED
-CVE-2013-3044
- RESERVED
+CVE-2013-3045 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...)
+ TODO: check
+CVE-2013-3044 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...)
+ TODO: check
CVE-2013-3043
RESERVED
CVE-2013-3042
@@ -8695,8 +9007,8 @@
NOT-FOR-US: IBM Domino
CVE-2013-3031 (A SQL stored procedure in the Universal Cache component in IBM solidDB ...)
NOT-FOR-US: IBM
-CVE-2013-3030
- RESERVED
+CVE-2013-3030 (The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before ...)
+ TODO: check
CVE-2013-3029 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...)
NOT-FOR-US: IBM WebSphere
CVE-2013-3028 (Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x ...)
@@ -8894,8 +9206,7 @@
NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2932
RESERVED
-CVE-2013-2931
- RESERVED
+CVE-2013-2931 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser 31.0.1650.57-1
[squeeze] - chromium-browser <end-of-life>
CVE-2013-2930
@@ -9663,8 +9974,7 @@
RESERVED
CVE-2013-2654
RESERVED
-CVE-2013-2653 [Information Exposure Through Query Strings in GET Request]
- RESERVED
+CVE-2013-2653 (security/MemberLoginForm.php in SilverStripe 3.0.3 supports login ...)
- silverstripe <itp> (bug #528461)
CVE-2013-2652 (CRLF injection vulnerability in help/help_language.php in WebCollab ...)
NOT-FOR-US: WebCollab
@@ -10723,8 +11033,8 @@
- bitcoin 0.8.1-1
CVE-2013-2272 (The penny-flooding protection mechanism in the CTxMemPool::accept ...)
- bitcoin 0.8.1-2 (bug #705266)
-CVE-2013-2271
- RESERVED
+CVE-2013-2271 (The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active ...)
+ TODO: check
CVE-2013-2270
RESERVED
CVE-2013-2269 (The Sponsorship Confirmation functionality in Aruba Networks ClearPass ...)
@@ -10818,8 +11128,7 @@
- gallery3 <itp> (bug #511715)
CVE-2013-2240 (lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly ...)
- gallery3 <itp> (bug #511715)
-CVE-2013-2239
- RESERVED
+CVE-2013-2239 (vzkernel before 042stab080.2 in the OpenVZ modification for the Linux ...)
{DSA-2766-1}
- linux-2.6 <removed> (low)
- linux <not-affected> (openvz flavour no longer included after Squeeze)
@@ -11248,8 +11557,7 @@
[squeeze] - gnutls26 <not-affected> (vulnerable code not backported)
CVE-2013-2115 (Apache Struts 2 before 2.3.14.2 allows remote attackers to execute ...)
- libstruts1.2-java <not-affected> (Only affects Struts 2)
-CVE-2013-2114 [mediawiki chunked uploads allow arbitrary data to be dropped on the server]
- RESERVED
+CVE-2013-2114 (Unrestricted file upload vulnerability in the chunk upload API in ...)
- mediawiki 1:1.19.7+dfsg-1
[squeeze] - mediawiki <not-affected> (Vulnerable code not present)
[wheezy] - mediawiki <no-dsa> (Minor issue)
@@ -11450,8 +11758,7 @@
CVE-2013-2062 (Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X ...)
{DSA-2685-1}
- libxp 1:1.0.1-2+deb7u1
-CVE-2013-2061 [use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt]
- RESERVED
+CVE-2013-2061 (The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, ...)
- openvpn 2.3.1-1 (low; bug #707329)
[squeeze] - openvpn 2.1.3-2+squeeze2
[wheezy] - openvpn 2.2.1-8+deb7u1
@@ -11543,14 +11850,12 @@
CVE-2013-2033 [jenkins XSS]
RESERVED
- jenkins 1.509.2+dfsg-1 (bug #706725)
-CVE-2013-2032 [Extensions can't fully block password changes]
- RESERVED
+CVE-2013-2032 (MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow ...)
- mediawiki 1:1.19.6-1 (low; bug #706601)
[wheezy] - mediawiki <no-dsa> (Minor issue)
[squeeze] - mediawiki <no-dsa> (Minor issue)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=46590
-CVE-2013-2031 [SVG JavaScript detection bypass]
- RESERVED
+CVE-2013-2031 (MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote ...)
- mediawiki 1:1.19.6-1 (bug #706601)
[wheezy] - mediawiki <no-dsa> (Minor issue)
[squeeze] - mediawiki <no-dsa> (Minor issue)
@@ -12521,8 +12826,7 @@
[squeeze] - bugzilla <no-dsa> (Minor issue)
- bugzilla4 <itp> (bug #669643)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=924802
-CVE-2013-1741
- RESERVED
+CVE-2013-1741 (Integer overflow in Mozilla Network Security Services (NSS) 3.15 ...)
- nss 2:3.15.3-1
CVE-2013-1740
RESERVED
@@ -13673,8 +13977,7 @@
RESERVED
CVE-2013-1419
RESERVED
-CVE-2013-1418 [multi-realm KDC null dereference leads to crash]
- RESERVED
+CVE-2013-1418 (The setup_server_realm function in main.c in the Key Distribution ...)
- krb5 <unfixed> (low; bug #728845)
[squeeze] - krb5 <no-dsa> (Minor issue)
[wheezy] - krb5 <no-dsa> (Minor issue)
@@ -13925,10 +14228,10 @@
NOT-FOR-US: Microsoft Publisher
CVE-2013-1326
RESERVED
-CVE-2013-1325
- RESERVED
-CVE-2013-1324
- RESERVED
+CVE-2013-1325 (Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 ...)
+ TODO: check
+CVE-2013-1324 (Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, ...)
+ TODO: check
CVE-2013-1323 (Microsoft Publisher 2003 SP3 does not properly handle NULL values for ...)
NOT-FOR-US: Microsoft Publisher
CVE-2013-1322 (Microsoft Publisher 2003 SP3 does not properly check table range data, ...)
@@ -14482,8 +14785,7 @@
CVE-2013-1058
RESERVED
NOT-FOR-US: Ubuntu MAAS
-CVE-2013-1057
- RESERVED
+CVE-2013-1057 (Untrusted search path vulnerability in maas-import-pxe-files in MAAS ...)
NOT-FOR-US: Ubuntu MAAS
CVE-2013-1056 (X.org X server 1.13.3 and earlier, when not run as root, allows local ...)
- xorg-server <not-affected> (Ubuntu-specific patch, see http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1056.html)
@@ -15542,8 +15844,8 @@
NOTE: https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
CVE-2013-0742 (Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote ...)
NOT-FOR-US: Corel PDF Fusion
-CVE-2013-0741
- RESERVED
+CVE-2013-0741 (Cross-site scripting (XSS) vulnerability in imagegen.ashx in ...)
+ TODO: check
CVE-2013-0740
RESERVED
CVE-2013-0739
@@ -16102,8 +16404,8 @@
NOT-FOR-US: IBM
CVE-2013-0538 (Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before ...)
NOT-FOR-US: IBM Lotus Notes
-CVE-2013-0537
- RESERVED
+CVE-2013-0537 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...)
+ TODO: check
CVE-2013-0536 (ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes ...)
NOT-FOR-US: IBM Notes
CVE-2013-0535 (Multiple cross-site scripting (XSS) vulnerabilities in the Classic ...)
@@ -18294,8 +18596,8 @@
NOT-FOR-US: Microsoft SharePoint
CVE-2013-0083 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
NOT-FOR-US: Microsoft SharePoint
-CVE-2013-0082
- RESERVED
+CVE-2013-0082 (Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to ...)
+ TODO: check
CVE-2013-0081 (Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 ...)
NOT-FOR-US: Microsoft
CVE-2013-0080 (Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 ...)
@@ -22779,12 +23081,10 @@
CVE-2012-4504 (Stack-based buffer overflow in the url::get_pac function in url.cpp in ...)
- libproxy <not-affected> (Vulnerable code not present)
NOTE: 0.4-only issue, fixed in newest upstream 0.4.9
-CVE-2012-4503 [Uninitialized data in command replies]
- RESERVED
+CVE-2012-4503 (cmdmon.c in Chrony before 1.29 allows remote attackers to obtain ...)
{DSA-2760-1}
- chrony <unfixed> (bug #719203)
-CVE-2012-4502 [Buffer overflow when processing crafted command packets]
- RESERVED
+CVE-2012-4502 (Multiple integer overflows in pktlength.c in Chrony before 1.29 allow ...)
{DSA-2760-1}
- chrony <unfixed> (bug #719203)
CVE-2012-4501 (Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows ...)
More information about the Secure-testing-commits
mailing list