[Secure-testing-commits] r23858 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Oct 2 21:14:47 UTC 2013
Author: joeyh
Date: 2013-10-02 21:14:47 +0000 (Wed, 02 Oct 2013)
New Revision: 23858
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-02 16:14:49 UTC (rev 23857)
+++ data/CVE/list 2013-10-02 21:14:47 UTC (rev 23858)
@@ -1,3 +1,21 @@
+CVE-2013-5976 (Cross-site scripting (XSS) vulnerability in the access policy logout ...)
+ TODO: check
+CVE-2013-5975 (The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 ...)
+ TODO: check
+CVE-2013-5974
+ RESERVED
+CVE-2013-5973
+ RESERVED
+CVE-2013-5972
+ RESERVED
+CVE-2013-5971
+ RESERVED
+CVE-2013-5970
+ RESERVED
+CVE-2013-5969
+ RESERVED
+CVE-2013-5968
+ RESERVED
CVE-2013-5967
RESERVED
CVE-2013-5966
@@ -456,8 +474,7 @@
CVE-2013-XXXX [poppler / JPEG error handler]
- poppler 0.16.3-1 (bug #722705)
NOTE: CVE request: http://article.gmane.org/gmane.comp.security.oss.general/11132
-CVE-2013-5745 [Persistent DoS Vulnerability in Vino VNC Server]
- RESERVED
+CVE-2013-5745 (The vino_server_client_data_pending function in vino-server.c in GNOME ...)
- vino <unfixed> (low; bug #724545)
[wheezy] - vino <no-dsa> (Minor issue)
[squeeze] - vino <no-dsa> (Minor issue)
@@ -915,8 +932,7 @@
NOTE: patch for 4.0.13: https://github.com/bestpractical/rt/compare/rt-4.0.12...rt-4.0.13
NOTE: still not clear why the split was done, but confirmed by upstream that this issue
NOTE: is covered by the fixes applied for CVE-2013-3371
-CVE-2013-5580 [denial of service (server crash)]
- RESERVED
+CVE-2013-5580 (The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in ...)
- ngircd <not-affected> (only affects 20, 20.1, and 20.2)
NOTE: http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000652.html
CVE-2013-5576 [Joomla unauthorised uploads]
@@ -2781,8 +2797,8 @@
RESERVED
CVE-2013-4709 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...)
NOT-FOR-US: PPP Access Concentrator
-CVE-2013-4708
- RESERVED
+CVE-2013-4708 (The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. ...)
+ TODO: check
CVE-2013-4707 (The SSH implementation on D-Link Japan DES-3810 devices with firmware ...)
NOT-FOR-US: D-Link
CVE-2013-4706 (The SSH implementation on the D-Link Japan DWL-2100AP with firmware ...)
@@ -3542,8 +3558,7 @@
{DSA-2765-1}
- davfs2 1.4.7-3 (bug #723034)
NOTE: http://savannah.nongnu.org/bugs/?40034
-CVE-2013-4361 [Information leak through fbld instruction emulation]
- RESERVED
+CVE-2013-4361 (The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use ...)
- xen <unfixed>
CVE-2013-4360
RESERVED
@@ -3566,8 +3581,7 @@
- xen <unfixed>
[wheezy] - xen <not-affected> (Only affects 4.3+)
[squeeze] - xen <not-affected> (Only affects 4.3+)
-CVE-2013-4355 [Information leaks through I/O instruction emulation]
- RESERVED
+CVE-2013-4355 (Xen 4.3.x and earlier does not properly handle certain errors, which ...)
- xen <unfixed>
CVE-2013-4354 [Glance image creation in other tenant accounts]
RESERVED
@@ -4055,8 +4069,7 @@
CVE-2013-4211
RESERVED
NOT-FOR-US: OpenX
-CVE-2013-4210
- RESERVED
+CVE-2013-4210 (The org.jboss.remoting.transport.socket.ServerThread class in Red Hat ...)
NOT-FOR-US: JBoss Remoting
CVE-2013-4209 [ABRT: (substantially) limited leak of unauthorized information]
RESERVED
@@ -4276,7 +4289,7 @@
NOT-FOR-US: xlockmore
NOTE: http://openwall.com/lists/oss-security/2013/07/16/8
CVE-2013-4142
- RESERVED
+ REJECTED
NOTE: Should be REJECTED, see CVE-2013-3969
CVE-2013-4141
REJECTED
@@ -4611,8 +4624,8 @@
RESERVED
CVE-2013-4033 (IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through ...)
NOT-FOR-US: IBM DB2
-CVE-2013-4032
- RESERVED
+CVE-2013-4032 (The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server ...)
+ TODO: check
CVE-2013-4031 (The Intelligent Platform Management Interface (IPMI) implementation in ...)
NOT-FOR-US: IBM BladeCenter
CVE-2013-4030
@@ -4737,8 +4750,7 @@
TODO: check
CVE-2013-3970 (Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS ...)
NOT-FOR-US: Juniper Junos Pulse Secure Access Service
-CVE-2013-3969
- RESERVED
+CVE-2013-3969 (The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through ...)
- mongodb 1:2.4.5-1 (bug #715007; bug #717173)
[squeeze] - mongodb <not-affected> (Only affects 2.4.x)
[wheezy] - mongodb <not-affected> (Only affects 2.4.x)
@@ -4751,12 +4763,12 @@
RESERVED
CVE-2013-3965
RESERVED
-CVE-2013-3964
- RESERVED
-CVE-2013-3963
- RESERVED
-CVE-2013-3962
- RESERVED
+CVE-2013-3964 (Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, ...)
+ TODO: check
+CVE-2013-3963 (Cross-site request forgery (CSRF) vulnerability in goform/usermanage ...)
+ TODO: check
+CVE-2013-3962 (Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, ...)
+ TODO: check
CVE-2013-3961
RESERVED
CVE-2013-3960
@@ -5358,12 +5370,12 @@
NOT-FOR-US: Blackberry OS
CVE-2013-3691
RESERVED
-CVE-2013-3690
- RESERVED
+CVE-2013-3690 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi ...)
+ TODO: check
CVE-2013-3689
RESERVED
-CVE-2013-3688
- RESERVED
+CVE-2013-3688 (The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, ...)
+ TODO: check
CVE-2013-3687
RESERVED
CVE-2013-3686
@@ -5722,8 +5734,8 @@
RESERVED
CVE-2013-3540
RESERVED
-CVE-2013-3539
- RESERVED
+CVE-2013-3539 (Cross-site request forgery (CSRF) vulnerability in the ...)
+ TODO: check
CVE-2013-3538 (Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php ...)
NOT-FOR-US: Todoo Forum
CVE-2013-3537 (Multiple SQL injection vulnerabilities in todooforum.php in Todoo ...)
@@ -7042,64 +7054,47 @@
RESERVED
CVE-2013-2925
RESERVED
-CVE-2013-2924
- RESERVED
-CVE-2013-2923
- RESERVED
-CVE-2013-2922
- RESERVED
+CVE-2013-2924 (Use-after-free vulnerability in International Components for Unicode ...)
+ TODO: check
+CVE-2013-2923 (Multiple unspecified vulnerabilities in Google Chrome before ...)
+ TODO: check
+CVE-2013-2922 (Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in ...)
- chromium-browser <unfixed>
-CVE-2013-2921
- RESERVED
+CVE-2013-2921 (Double free vulnerability in the ResourceFetcher::didLoadResource ...)
- chromium-browser <unfixed>
-CVE-2013-2920
- RESERVED
+CVE-2013-2920 (The DoResolveRelativeHost function in url/url_canon_relative.cc in ...)
- chromium-browser <unfixed>
-CVE-2013-2919
- RESERVED
+CVE-2013-2919 (Google V8, as used in Google Chrome before 30.0.1599.66, allows remote ...)
- chromium-browser <unfixed>
- libv8 <unfixed>
- libv8-3.14 <unfixed>
-CVE-2013-2918
- RESERVED
+CVE-2013-2918 (Use-after-free vulnerability in the ...)
- chromium-browser <unfixed>
-CVE-2013-2917
- RESERVED
+CVE-2013-2917 (The ReverbConvolverStage::ReverbConvolverStage function in ...)
- chromium-browser <unfixed>
-CVE-2013-2916
- RESERVED
+CVE-2013-2916 (Blink, as used in Google Chrome before 30.0.1599.66, allows remote ...)
- chromium-browser <unfixed>
-CVE-2013-2915
- RESERVED
+CVE-2013-2915 (Google Chrome before 30.0.1599.66 preserves pending NavigationEntry ...)
- chromium-browser <unfixed>
-CVE-2013-2914
- RESERVED
+CVE-2013-2914 (Use-after-free vulnerability in the color-chooser dialog in Google ...)
- chromium-browser <unfixed>
-CVE-2013-2913
- RESERVED
+CVE-2013-2913 (Use-after-free vulnerability in the XMLDocumentParser::append function ...)
- chromium-browser <unfixed>
TODO: Might affect libxml2
-CVE-2013-2912
- RESERVED
+CVE-2013-2912 (Use-after-free vulnerability in the PepperInProcessRouter::SendToHost ...)
- chromium-browser <unfixed>
-CVE-2013-2911
- RESERVED
+CVE-2013-2911 (Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet ...)
- chromium-browser <unfixed>
TODO: Might affect libxslt
-CVE-2013-2910
- RESERVED
+CVE-2013-2910 (Use-after-free vulnerability in ...)
- chromium-browser <unfixed>
-CVE-2013-2909
- RESERVED
+CVE-2013-2909 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
- chromium-browser <unfixed>
-CVE-2013-2908
- RESERVED
+CVE-2013-2908 (Google Chrome before 30.0.1599.66 uses incorrect function calls to ...)
- chromium-browser <unfixed>
-CVE-2013-2907
- RESERVED
+CVE-2013-2907 (The Window.prototype object implementation in Google Chrome before ...)
- chromium-browser <unfixed>
-CVE-2013-2906
- RESERVED
+CVE-2013-2906 (Multiple race conditions in the Web Audio implementation in Blink, as ...)
- chromium-browser <unfixed>
CVE-2013-2905 (The SharedMemory::Create function in memory/shared_memory_posix.cc in ...)
{DSA-2741-1}
@@ -8821,8 +8816,8 @@
RESERVED
CVE-2013-2270
RESERVED
-CVE-2013-2269
- RESERVED
+CVE-2013-2269 (The Sponsorship Confirmation functionality in Aruba Networks ClearPass ...)
+ TODO: check
CVE-2013-2268 (Unspecified vulnerability in the MathML implementation in WebKit in ...)
- chromium-browser 25.0.1364.97-1
[squeeze] - chromium-browser <not-affected> (Vulnerable code not present)
@@ -8944,8 +8939,7 @@
{DSA-2766-1 DSA-2745-1}
- linux-2.6 <removed>
- linux 3.10.1-1
-CVE-2013-2231 [qemu-ga win32 service unquoted search path]
- RESERVED
+CVE-2013-2231 (Unquoted Windows search path vulnerability in the QEMU Guest Agent ...)
- qemu <not-affected> (Only affects win32 build)
CVE-2013-2230 (The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows ...)
- libvirt 1.1.0-3 (bug #715559)
@@ -9731,8 +9725,7 @@
- keystone <unfixed> (bug #708515)
[wheezy] - keystone <no-dsa> (Minor issue)
NOTE: fixed in 2013.1-1 for experimental
-CVE-2013-2013 [OpenStack keystone password disclosure on command line]
- RESERVED
+CVE-2013-2013 (The user-password-update command in python-keystoneclient before 0.2.4 ...)
- python-keystoneclient 1:0.2.5-1 (bug #709535)
[wheezy] - python-keystoneclient <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/python-keystoneclient/+bug/938315
@@ -10133,8 +10126,7 @@
CVE-2013-1893
RESERVED
- owncloud <not-affected> (only affecting 5.0 branch)
-CVE-2013-1892 [mongodb: SSJI to RCE]
- RESERVED
+CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate ...)
- mongodb 1:2.4.1-1 (bug #704042)
[wheezy] - mongodb 1:2.0.6-1.1
[squeeze] - mongodb <no-dsa> (Minor isue, Spidermonkey in Lenny is EOLed)
@@ -17636,8 +17628,7 @@
CVE-2012-5628
RESERVED
NOT-FOR-US: gofer component of PULP project
-CVE-2012-5627 [Insecure salt value usage when in the same mysql session]
- RESERVED
+CVE-2012-5627 (Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and ...)
- mysql-5.1 <unfixed> (low)
- mysql-5.5 <unfixed> (low)
[wheezy] - mysql-5.5 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.5.x)
@@ -27006,11 +26997,9 @@
CVE-2012-2127 (fs/proc/root.c in the procfs implementation in the Linux kernel before ...)
- linux-2.6 3.2-1
[squeeze] - linux-2.6 <not-affected> (Introduced in 3.1)
-CVE-2012-2126
- RESERVED
+CVE-2012-2126 (RubyGems before 1.8.23 does not verify an SSL certificate, which ...)
- rubygems 1.8.24-1 (bug #670228)
-CVE-2012-2125
- RESERVED
+CVE-2012-2125 (RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which ...)
- rubygems 1.8.24-1 (bug #670228)
CVE-2012-2124 (functions/imap_general.php in SquirrelMail, as used in Red Hat ...)
- squirrelmail <not-affected> (Incorrect RedHat security update)
@@ -38845,8 +38834,7 @@
- xpdf 3.02-19 (low; bug #635849)
[lenny] - xpdf <no-dsa> (zxpdf script is indeed affected, but it's not associated with pdf handling by default, so not a concern for remote abuse)
[squeeze] - xpdf 3.02-12+squeeze1
-CVE-2011-2901 [Xen <= 3.3 DoS due to incorrect virtual address validation]
- RESERVED
+CVE-2011-2901 (Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows ...)
- xen <not-affected> (Only affects Xen <= 3.3)
- xen-3 <removed>
CVE-2011-2900 (Stack-based buffer overflow in the (1) put_dir function in mongoose.c ...)
More information about the Secure-testing-commits
mailing list