[Secure-testing-commits] r23851 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Oct 1 21:14:38 UTC 2013
Author: joeyh
Date: 2013-10-01 21:14:37 +0000 (Tue, 01 Oct 2013)
New Revision: 23851
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-01 20:13:22 UTC (rev 23850)
+++ data/CVE/list 2013-10-01 21:14:37 UTC (rev 23851)
@@ -1,3 +1,17 @@
+CVE-2013-5967
+ RESERVED
+CVE-2013-5966
+ RESERVED
+CVE-2013-5965 (The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal ...)
+ TODO: check
+CVE-2013-5964 (Cross-site scripting (XSS) vulnerability in the administration page in ...)
+ TODO: check
+CVE-2013-5963 (Unrestricted file upload vulnerability in multi.php in Simple Dropbox ...)
+ TODO: check
+CVE-2013-5962 (Unrestricted file upload vulnerability in frames/upload-images.php in ...)
+ TODO: check
+CVE-2013-5961 (Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO ...)
+ TODO: check
CVE-2013-5960 (The authenticated-encryption feature in the symmetric-encryption ...)
NOT-FOR-US: OWASP Enterprise Security API for Java
CVE-2013-5958
@@ -480,8 +494,7 @@
RESERVED
CVE-2013-5726
RESERVED
-CVE-2013-5725
- RESERVED
+CVE-2013-5725 (The Metaclassy Byword app 2.x before 2.1 for iOS does not require ...)
NOT-FOR-US: Byword for iOS
CVE-2013-5724 (Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable ...)
{DSA-2752-1}
@@ -555,8 +568,7 @@
RESERVED
CVE-2013-5698 (Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and ...)
- open-xchange <itp> (bug #269329)
-CVE-2013-5697 [Blind SQL Injection]
- RESERVED
+CVE-2013-5697 (SQL injection vulnerability in mod_accounting.c in the mod_accounting ...)
- libapache-mod-acct <removed>
CVE-2013-5696 (inc/central.class.php in GLPI before 0.84.2 does not attempt to make ...)
- glpi <unfixed> (bug #723837)
@@ -565,11 +577,9 @@
RESERVED
CVE-2013-5694
RESERVED
-CVE-2013-5693 [Cross-Site Scripting]
- RESERVED
+CVE-2013-5693 (Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 ...)
NOT-FOR-US: X2CRM
-CVE-2013-5692 [PHP File Inclusion]
- RESERVED
+CVE-2013-5692 (Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows ...)
NOT-FOR-US: X2CRM
CVE-2013-5691 (The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in ...)
- kfreebsd-9 9.2~svn255465-1 (bug #722338)
@@ -705,8 +715,7 @@
CVE-2013-5654
RESERVED
NOT-FOR-US: YingZhi Python for iOS
-CVE-2013-5651 [virBitmapParse out-of-bounds read access]
- RESERVED
+CVE-2013-5651 (The virBitmapParse function in util/virbitmap.c in libvirt before ...)
- libvirt 1.1.2~rc1-1
[squeeze] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
[wheezy] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
@@ -864,8 +873,7 @@
RESERVED
CVE-2013-5573
RESERVED
-CVE-2013-5572 [password leak]
- RESERVED
+CVE-2013-5572 (Zabbix 2.0.5 allows remote authenticated users to discover the LDAP ...)
- zabbix <unfixed> (unimportant)
NOTE: http://seclists.org/fulldisclosure/2013/Sep/151
NOTE: Non-issue
@@ -1021,8 +1029,8 @@
RESERVED
CVE-2013-5517
RESERVED
-CVE-2013-5516
- RESERVED
+CVE-2013-5516 (The Media Snapshot implementation on Cisco TelePresence Multipoint ...)
+ TODO: check
CVE-2013-5515
RESERVED
CVE-2013-5514
@@ -1263,8 +1271,8 @@
RESERVED
CVE-2013-5396
RESERVED
-CVE-2013-5395
- RESERVED
+CVE-2013-5395 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
+ TODO: check
CVE-2013-5394
RESERVED
CVE-2013-5393
@@ -1287,14 +1295,14 @@
RESERVED
CVE-2013-5384
RESERVED
-CVE-2013-5383
- RESERVED
-CVE-2013-5382
- RESERVED
-CVE-2013-5381
- RESERVED
-CVE-2013-5380
- RESERVED
+CVE-2013-5383 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
+ TODO: check
+CVE-2013-5382 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
+ TODO: check
+CVE-2013-5381 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, ...)
+ TODO: check
+CVE-2013-5380 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
+ TODO: check
CVE-2013-5379
RESERVED
CVE-2013-5378
@@ -1313,8 +1321,8 @@
RESERVED
CVE-2013-5371
RESERVED
-CVE-2013-5370
- RESERVED
+CVE-2013-5370 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment ...)
+ TODO: check
CVE-2013-5369 (IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before ...)
NOT-FOR-US: IBM SPSS Analytical Decision Management
CVE-2013-5368
@@ -2960,8 +2968,7 @@
NOT-FOR-US: WordPress plugin Duplicator
CVE-2013-4624
RESERVED
-CVE-2013-4623 [polarssl: DoS through Certificate message during handshake]
- RESERVED
+CVE-2013-4623 (The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 ...)
- polarssl 1.2.8-1 (low; bug #719954)
[squeeze] - polarssl <no-dsa> (Minor issue)
[wheezy] - polarssl <no-dsa> (Minor issue)
@@ -3431,15 +3438,19 @@
RESERVED
NOT-FOR-US: Simple Machines Forum
CVE-2013-4394 [systemd: Improper sanitization of invalid XKB layouts descriptions]
+ RESERVED
- systemd <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862324
CVE-2013-4393 [systemd: Possibility of denial of logging service by processing native messages from file]
+ RESERVED
- systemd <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859104
CVE-2013-4392 [systemd: TOCTOU race condition when updating file permissions and SELinux security contexts]
+ RESERVED
- systemd <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859060
CVE-2013-4391 [systemd: Integer overflow, leading to heap-based buffer overflow by processing native messages]
+ RESERVED
- systemd <unfixed>
[wheezy] - systemd <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859051
@@ -3481,8 +3492,7 @@
CVE-2013-4379
RESERVED
NOT-FOR-US: Drupal module
-CVE-2013-4378 [blind XSS through X-Forwarded-For header]
- RESERVED
+CVE-2013-4378 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Javamelody
CVE-2013-4377 [qemu host crash from within guest]
RESERVED
@@ -3500,8 +3510,7 @@
RESERVED
CVE-2013-4373
RESERVED
-CVE-2013-4372
- RESERVED
+CVE-2013-4372 (Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management ...)
NOT-FOR-US: JBoss Fuse
CVE-2013-4371
RESERVED
@@ -3527,8 +3536,7 @@
NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
NOTE: it a potential elevated CPU consumption doesn't add any extra harm
NOTE: CVE for incomplete fix for CVE-2013-4287
-CVE-2013-4362 [Insecure use of system]
- RESERVED
+CVE-2013-4362 (WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users ...)
{DSA-2765-1}
- davfs2 1.4.7-3 (bug #723034)
NOTE: http://savannah.nongnu.org/bugs/?40034
@@ -3537,8 +3545,7 @@
- xen <unfixed>
CVE-2013-4360
RESERVED
-CVE-2013-4359 [mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication]
- RESERVED
+CVE-2013-4359 (Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 ...)
{DSA-2767-1}
- proftpd-dfsg <unfixed> (bug #723179)
CVE-2013-4358
@@ -3685,15 +3692,13 @@
NOTE: http://www.openwall.com/lists/oss-security/2013/09/09/9
CVE-2013-4317
RESERVED
-CVE-2013-4316
- RESERVED
+CVE-2013-4316 (Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation ...)
- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.15.1)
NOTE: http://struts.apache.org/release/2.3.x/docs/s2-019.html
CVE-2013-4315 (Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x ...)
{DSA-2755-1}
- python-django 1.5.3-1 (bug #722605)
-CVE-2013-4314 [hostname check bypassing vulnerability]
- RESERVED
+CVE-2013-4314 (The X509Extension in pyOpenSSL before 0.13.1 does not properly handle ...)
{DSA-2763-1}
- pyopenssl 0.13-2.1 (bug #722055)
CVE-2013-4313 (Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and ...)
@@ -3705,8 +3710,7 @@
RESERVED
- libvirt <unfixed> (unimportant)
NOTE: polkit support not activated in Debian build, will be fixed in point update
-CVE-2013-4310
- RESERVED
+CVE-2013-4310 (Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass ...)
- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.15.1)
NOTE: http://struts.apache.org/release/2.3.x/docs/s2-018.html
CVE-2013-4309
@@ -3746,16 +3750,14 @@
- linux-2.6 <not-affected> (Not exploitable by unprivileged users in 2.6.32)
CVE-2013-4299
RESERVED
-CVE-2013-4297
- RESERVED
+CVE-2013-4297 (The virFileNBDDeviceAssociate function in util/virfile.c in libvirt ...)
- libvirt 1.1.2-2
[jessie] - libvirt <not-affected> (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a)
[wheezy] - libvirt <not-affected> (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a)
[squeeze] - libvirt <not-affected> (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a)
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=2dba0323ff0cec31bdcea9dd3b2428af297401f2
NOTE: Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a, 1.0.6
-CVE-2013-4296 [libvirt remote crash]
- RESERVED
+CVE-2013-4296 (The remoteDispatchDomainMemoryStats function in daemon/remote.c in ...)
{DSA-2764-1}
- libvirt <unfixed>
[squeeze] - libvirt <not-affected> (Vulnerable code not present, introduced by commit 158ba8730e44b7dd07a21ab90499996c5dec080a)
@@ -3768,14 +3770,12 @@
[wheezy] - keystone <not-affected> (only affects Folsom release and above)
CVE-2013-4293
RESERVED
-CVE-2013-4292 [unbounded RPC arrays in remote protocol]
- RESERVED
+CVE-2013-4292 (libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of ...)
- libvirt 1.1.2~rc2-1 (bug #721325)
[squeeze] - libvirt <not-affected> (Introduced with 1.1.0)
[wheezy] - libvirt <not-affected> (Introduced with 1.1.0)
[jessie] - libvirt <not-affected> (Introduced with 1.1.0)
-CVE-2013-4291
- RESERVED
+CVE-2013-4291 (The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, ...)
- libvirt 1.1.2-2
[squeeze] - libvirt <not-affected> (vulnerable code not introduced, introduced in 1.1.1)
[wheezy] - libvirt <not-affected> (vulnerable code not introduced, introduced in 1.1.1)
@@ -3943,8 +3943,7 @@
CVE-2013-4240
RESERVED
NOT-FOR-US: WordPress plugin HMS Testimonials
-CVE-2013-4239 [memory corruption in xenDaemonListDefinedDomains function]
- RESERVED
+CVE-2013-4239 (The xenDaemonListDefinedDomains function in xen/xend_internal.c in ...)
- libvirt 1.1.2~rc1-1 (bug #719533)
[wheezy] - libvirt <not-affected> (Introduced in 1.1.1)
[squeeze] - libvirt <not-affected> (Introduced in 1.1.1)
@@ -4017,8 +4016,7 @@
[squeeze] - nullmailer <no-dsa> (Minor issue)
NOTE: CVE request originally for /etc/nullmailer/remotes permissions in gentoo, but Debian
NOTE: had the same problem until 1:1.11-2
-CVE-2013-4222 [Keystone disabling a tenant does not disable a user token]
- RESERVED
+CVE-2013-4222 (OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, ...)
- keystone 2013.1.3-1 (bug #719290)
[wheezy] - keystone <not-affected> (Vulnerable code not present in Openstack Essex)
NOTE: http://lists.openstack.org/pipermail/openstack-security/2013-August/000263.html
@@ -4239,14 +4237,12 @@
CVE-2013-4155 (OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows ...)
{DSA-2737-1}
- swift 1.8.0-7 (bug #719008)
-CVE-2013-4154 [libvirt: crash of libvirtd without guest agent configuration]
- RESERVED
+CVE-2013-4154 (The qemuAgentCommand function in libvirt before 1.1.1, when a guest ...)
- libvirt 1.1.0-4 (low; bug #717355)
[squeeze] - libvirt <no-dsa> (Minor issue)
[wheezy] - libvirt <no-dsa> (Minor issue)
NOTE: http://openwall.com/lists/oss-security/2013/07/19/12
-CVE-2013-4153 [libvirt: double free of returned JSON array in qemuAgentGetVCPUs]
- RESERVED
+CVE-2013-4153 (Double free vulnerability in the qemuAgentGetVCPUs function in ...)
- libvirt 1.1.0-4 (bug #717354)
[squeeze] - libvirt <not-affected> (Introduced in 1.0.6)
[wheezy] - libvirt <not-affected> (Introduced in 1.0.6)
@@ -4290,8 +4286,7 @@
CVE-2013-4137 [SQL Injection]
RESERVED
- statusnet <itp> (bug #491723)
-CVE-2013-4136 [passenger insecure tmp files usage]
- RESERVED
+CVE-2013-4136 (ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 ...)
- passenger <removed>
- ruby-passenger 3.0.13debian-1.2 (low; bug #717176)
[squeeze] - passenger <no-dsa> (minor, local, issue)
@@ -4593,8 +4588,8 @@
RESERVED
CVE-2013-4043
RESERVED
-CVE-2013-4042
- RESERVED
+CVE-2013-4042 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment ...)
+ TODO: check
CVE-2013-4041
RESERVED
CVE-2013-4040
@@ -4623,8 +4618,8 @@
RESERVED
CVE-2013-4028
RESERVED
-CVE-2013-4027
- RESERVED
+CVE-2013-4027 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, ...)
+ TODO: check
CVE-2013-4026
RESERVED
CVE-2013-4025 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager ...)
@@ -4635,24 +4630,24 @@
RESERVED
CVE-2013-4022 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager ...)
NOT-FOR-US: IBM
-CVE-2013-4021
- RESERVED
-CVE-2013-4020
- RESERVED
-CVE-2013-4019
- RESERVED
-CVE-2013-4018
- RESERVED
-CVE-2013-4017
- RESERVED
+CVE-2013-4021 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
+ TODO: check
+CVE-2013-4020 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, ...)
+ TODO: check
+CVE-2013-4019 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
+ TODO: check
+CVE-2013-4018 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
+ TODO: check
+CVE-2013-4017 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 before ...)
+ TODO: check
CVE-2013-4016
RESERVED
CVE-2013-4015 (Microsoft Internet Explorer 6 through 10 allows local users to bypass ...)
NOT-FOR-US: MS IE
-CVE-2013-4014
- RESERVED
-CVE-2013-4013
- RESERVED
+CVE-2013-4014 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
+ TODO: check
+CVE-2013-4013 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, ...)
+ TODO: check
CVE-2013-4012
RESERVED
CVE-2013-4011 (Multiple unspecified vulnerabilities in the InfiniBand subsystem in ...)
@@ -4731,12 +4726,12 @@
RESERVED
CVE-2013-3974
RESERVED
-CVE-2013-3973
- RESERVED
-CVE-2013-3972
- RESERVED
-CVE-2013-3971
- RESERVED
+CVE-2013-3973 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 before ...)
+ TODO: check
+CVE-2013-3972 (IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 ...)
+ TODO: check
+CVE-2013-3971 (IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before ...)
+ TODO: check
CVE-2013-3970 (Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS ...)
NOT-FOR-US: Juniper Junos Pulse Secure Access Service
CVE-2013-3969
@@ -6267,8 +6262,7 @@
RESERVED
CVE-2013-3279
RESERVED
-CVE-2013-3278
- RESERVED
+CVE-2013-3278 (EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage ...)
NOT-FOR-US: EMC
CVE-2013-3277 (Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 ...)
NOT-FOR-US: EMC
@@ -6794,12 +6788,12 @@
NOT-FOR-US: TrustZone kernel
CVE-2013-3050 (SQL injection vulnerability in ZAPms 1.41 and earlier allows remote ...)
NOT-FOR-US: ZAPms
-CVE-2013-3049
- RESERVED
-CVE-2013-3048
- RESERVED
-CVE-2013-3047
- RESERVED
+CVE-2013-3049 (IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before ...)
+ TODO: check
+CVE-2013-3048 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
+ TODO: check
+CVE-2013-3047 (IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 ...)
+ TODO: check
CVE-2013-3046
RESERVED
CVE-2013-3045
@@ -6810,8 +6804,8 @@
RESERVED
CVE-2013-3042
RESERVED
-CVE-2013-3041
- RESERVED
+CVE-2013-3041 (The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 ...)
+ TODO: check
CVE-2013-3040 (IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, ...)
NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-3039 (IBM Rational Requirements Composer before 4.0.4 does not properly ...)
@@ -8901,8 +8895,7 @@
{DSA-2766-1}
- linux-2.6 <removed> (low)
- linux <not-affected> (openvz flavour no longer included after Squeeze)
-CVE-2013-2238 [buffer overflow]
- RESERVED
+CVE-2013-2238 (Multiple buffer overflows in the switch_perform_substitution function ...)
- freeswitch <itp> (bug #389591)
CVE-2013-2237 (The key_notify_policy_flush function in net/key/af_key.c in the Linux ...)
{DSA-2766-1 DSA-2745-1}
@@ -8930,8 +8923,7 @@
CVE-2013-2231 [qemu-ga win32 service unquoted search path]
RESERVED
- qemu <not-affected> (Only affects win32 build)
-CVE-2013-2230
- RESERVED
+CVE-2013-2230 (The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows ...)
- libvirt 1.1.0-3 (bug #715559)
[squeeze] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea)
[wheezy] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea)
@@ -8977,8 +8969,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2013/06/28/2
CVE-2013-2219 (The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server ...)
- 389-ds-base <unfixed> (bug #718325)
-CVE-2013-2218 [crash when listing network interfaces with filters]
- RESERVED
+CVE-2013-2218 (Double free vulnerability in the virConnectListAllInterfaces method in ...)
- libvirt 1.1.0-1 (bug #714699)
[squeeze] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6)
[wheezy] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6)
@@ -10314,8 +10305,7 @@
NOTE: https://rt.cpan.org/Ticket/Display.html?id=83909
CVE-2013-1840 (The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and ...)
- glance 2012.1.1-5 (bug #703063)
-CVE-2013-1839 [DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc]
- RESERVED
+CVE-2013-1839 (The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x ...)
- squid3 <not-affected> (the errors were introduced in trunk rev.11496 in 3.2.0.9)
NOTE: According to http://seclists.org/bugtraq/2013/Mar/68 not affecting 3.1?
NOTE: http://bazaar.launchpad.net/~squid/squid/3.2/revision/11796
@@ -11643,16 +11633,14 @@
RESERVED
CVE-2013-1445
RESERVED
-CVE-2013-1444 [txt2man: Unsafe use of /tmp]
- RESERVED
+CVE-2013-1444 (A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, ...)
- txt2man 1.5.5-4.1 (bug #724614)
[wheezy] - txt2man <no-dsa> (Minor issue)
[squeeze] - txt2man <no-dsa> (Minor issue)
CVE-2013-1443 (The authentication framework (django.contrib.auth) in Django 1.4.x ...)
{DSA-2758-1}
- python-django 1.5.4-1 (bug #723043)
-CVE-2013-1442 [Information leak on AVX and/or LWP capable CPUs]
- RESERVED
+CVE-2013-1442 (Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not ...)
- xen <unfixed>
TODO: check, see NOTE
NOTE: advisory say: In Xen 4.0.2 through 4.0.4 as well as in Xen 4.1.x XSAVE support is disabled by default
@@ -14325,8 +14313,8 @@
NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2013-0452 (Cross-site request forgery (CSRF) vulnerability in the Software Use ...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
-CVE-2013-0451
- RESERVED
+CVE-2013-0451 (SQL injection vulnerability in IBM Maximo Asset Management 6.2 through ...)
+ TODO: check
CVE-2012-6425
RESERVED
CVE-2012-6424
@@ -15233,8 +15221,7 @@
- samba 2:3.6.6-5
CVE-2013-0212 (store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) ...)
- glance 2012.1.1-4
-CVE-2013-0211
- RESERVED
+CVE-2013-0211 (Integer signedness error in the archive_write_zip_data function in ...)
- libarchive 3.0.4-3 (bug #703957)
[squeeze] - libarchive <not-affected> (Vulnerable code not present)
CVE-2013-0210
@@ -21957,8 +21944,8 @@
RESERVED
CVE-2012-4097
RESERVED
-CVE-2012-4096
- RESERVED
+CVE-2012-4096 (The local file editor in the Baseboard Management Controller (BMC) in ...)
+ TODO: check
CVE-2012-4095
RESERVED
CVE-2012-4094 (Buffer overflow in the Smart Call Home feature in the fabric ...)
@@ -23969,8 +23956,8 @@
NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3324 (Directory traversal vulnerability in the UTL_FILE module in IBM DB2 ...)
NOT-FOR-US: IBM DB2
-CVE-2012-3323
- RESERVED
+CVE-2012-3323 (IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and ...)
+ TODO: check
CVE-2012-3322 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
NOT-FOR-US: IBM
CVE-2012-3321 (IBM SmartCloud Control Desk 7.5 allows remote authenticated users to ...)
@@ -34105,61 +34092,61 @@
CVE-2011-4403
RESERVED
CVE-2011-4402
- RESERVED
+ REJECTED
CVE-2011-4401
- RESERVED
+ REJECTED
CVE-2011-4400
- RESERVED
+ REJECTED
CVE-2011-4399
- RESERVED
+ REJECTED
CVE-2011-4398
- RESERVED
+ REJECTED
CVE-2011-4397
- RESERVED
+ REJECTED
CVE-2011-4396
- RESERVED
+ REJECTED
CVE-2011-4395
- RESERVED
+ REJECTED
CVE-2011-4394
- RESERVED
+ REJECTED
CVE-2011-4393
- RESERVED
+ REJECTED
CVE-2011-4392
- RESERVED
+ REJECTED
CVE-2011-4391
- RESERVED
+ REJECTED
CVE-2011-4390
- RESERVED
+ REJECTED
CVE-2011-4389
- RESERVED
+ REJECTED
CVE-2011-4388
- RESERVED
+ REJECTED
CVE-2011-4387
- RESERVED
+ REJECTED
CVE-2011-4386
- RESERVED
+ REJECTED
CVE-2011-4385
- RESERVED
+ REJECTED
CVE-2011-4384
- RESERVED
+ REJECTED
CVE-2011-4383
- RESERVED
+ REJECTED
CVE-2011-4382
- RESERVED
+ REJECTED
CVE-2011-4381
- RESERVED
+ REJECTED
CVE-2011-4380
- RESERVED
+ REJECTED
CVE-2011-4379
- RESERVED
+ REJECTED
CVE-2011-4378
- RESERVED
+ REJECTED
CVE-2011-4377
- RESERVED
+ REJECTED
CVE-2011-4376
- RESERVED
+ REJECTED
CVE-2011-4375
- RESERVED
+ REJECTED
CVE-2011-4374 (Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows ...)
NOT-FOR-US: Adobe Reader
CVE-2011-4373 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on ...)
More information about the Secure-testing-commits
mailing list