[Secure-testing-commits] r23858 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Oct 2 21:14:47 UTC 2013


Author: joeyh
Date: 2013-10-02 21:14:47 +0000 (Wed, 02 Oct 2013)
New Revision: 23858

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-10-02 16:14:49 UTC (rev 23857)
+++ data/CVE/list	2013-10-02 21:14:47 UTC (rev 23858)
@@ -1,3 +1,21 @@
+CVE-2013-5976 (Cross-site scripting (XSS) vulnerability in the access policy logout ...)
+	TODO: check
+CVE-2013-5975 (The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 ...)
+	TODO: check
+CVE-2013-5974
+	RESERVED
+CVE-2013-5973
+	RESERVED
+CVE-2013-5972
+	RESERVED
+CVE-2013-5971
+	RESERVED
+CVE-2013-5970
+	RESERVED
+CVE-2013-5969
+	RESERVED
+CVE-2013-5968
+	RESERVED
 CVE-2013-5967
 	RESERVED
 CVE-2013-5966
@@ -456,8 +474,7 @@
 CVE-2013-XXXX [poppler / JPEG error handler]
 	- poppler 0.16.3-1 (bug #722705)
 	NOTE: CVE request: http://article.gmane.org/gmane.comp.security.oss.general/11132
-CVE-2013-5745 [Persistent DoS Vulnerability in Vino VNC Server]
-	RESERVED
+CVE-2013-5745 (The vino_server_client_data_pending function in vino-server.c in GNOME ...)
 	- vino <unfixed> (low; bug #724545)
 	[wheezy] - vino <no-dsa> (Minor issue)
 	[squeeze] - vino <no-dsa> (Minor issue)
@@ -915,8 +932,7 @@
 	NOTE: patch for 4.0.13: https://github.com/bestpractical/rt/compare/rt-4.0.12...rt-4.0.13
 	NOTE: still not clear why the split was done, but confirmed by upstream that this issue
 	NOTE: is covered by the fixes applied for CVE-2013-3371
-CVE-2013-5580 [denial of service (server crash)]
-	RESERVED
+CVE-2013-5580 (The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in ...)
 	- ngircd <not-affected> (only affects 20, 20.1, and 20.2)
 	NOTE: http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000652.html
 CVE-2013-5576 [Joomla unauthorised uploads]
@@ -2781,8 +2797,8 @@
 	RESERVED
 CVE-2013-4709 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...)
 	NOT-FOR-US: PPP Access Concentrator
-CVE-2013-4708
-	RESERVED
+CVE-2013-4708 (The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. ...)
+	TODO: check
 CVE-2013-4707 (The SSH implementation on D-Link Japan DES-3810 devices with firmware ...)
 	NOT-FOR-US: D-Link
 CVE-2013-4706 (The SSH implementation on the D-Link Japan DWL-2100AP with firmware ...)
@@ -3542,8 +3558,7 @@
 	{DSA-2765-1}
 	- davfs2 1.4.7-3 (bug #723034)
 	NOTE: http://savannah.nongnu.org/bugs/?40034
-CVE-2013-4361 [Information leak through fbld instruction emulation]
-	RESERVED
+CVE-2013-4361 (The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use ...)
 	- xen <unfixed>
 CVE-2013-4360
 	RESERVED
@@ -3566,8 +3581,7 @@
 	- xen <unfixed>
 	[wheezy] - xen <not-affected> (Only affects 4.3+)
 	[squeeze] - xen <not-affected> (Only affects 4.3+)
-CVE-2013-4355 [Information leaks through I/O instruction emulation]
-	RESERVED
+CVE-2013-4355 (Xen 4.3.x and earlier does not properly handle certain errors, which ...)
 	- xen <unfixed>
 CVE-2013-4354 [Glance image creation in other tenant accounts]
 	RESERVED
@@ -4055,8 +4069,7 @@
 CVE-2013-4211
 	RESERVED
 	NOT-FOR-US: OpenX
-CVE-2013-4210
-	RESERVED
+CVE-2013-4210 (The org.jboss.remoting.transport.socket.ServerThread class in Red Hat ...)
 	NOT-FOR-US: JBoss Remoting
 CVE-2013-4209 [ABRT: (substantially) limited leak of unauthorized information]
 	RESERVED
@@ -4276,7 +4289,7 @@
 	NOT-FOR-US: xlockmore
 	NOTE: http://openwall.com/lists/oss-security/2013/07/16/8
 CVE-2013-4142
-	RESERVED
+	REJECTED
 	NOTE: Should be REJECTED, see CVE-2013-3969
 CVE-2013-4141
 	REJECTED
@@ -4611,8 +4624,8 @@
 	RESERVED
 CVE-2013-4033 (IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through ...)
 	NOT-FOR-US: IBM DB2
-CVE-2013-4032
-	RESERVED
+CVE-2013-4032 (The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server ...)
+	TODO: check
 CVE-2013-4031 (The Intelligent Platform Management Interface (IPMI) implementation in ...)
 	NOT-FOR-US: IBM BladeCenter
 CVE-2013-4030
@@ -4737,8 +4750,7 @@
 	TODO: check
 CVE-2013-3970 (Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS ...)
 	NOT-FOR-US: Juniper Junos Pulse Secure Access Service
-CVE-2013-3969
-	RESERVED
+CVE-2013-3969 (The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through ...)
 	- mongodb 1:2.4.5-1 (bug #715007; bug #717173)
 	[squeeze] - mongodb <not-affected> (Only affects 2.4.x)
 	[wheezy] - mongodb <not-affected> (Only affects 2.4.x)
@@ -4751,12 +4763,12 @@
 	RESERVED
 CVE-2013-3965
 	RESERVED
-CVE-2013-3964
-	RESERVED
-CVE-2013-3963
-	RESERVED
-CVE-2013-3962
-	RESERVED
+CVE-2013-3964 (Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, ...)
+	TODO: check
+CVE-2013-3963 (Cross-site request forgery (CSRF) vulnerability in goform/usermanage ...)
+	TODO: check
+CVE-2013-3962 (Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, ...)
+	TODO: check
 CVE-2013-3961
 	RESERVED
 CVE-2013-3960
@@ -5358,12 +5370,12 @@
 	NOT-FOR-US: Blackberry OS
 CVE-2013-3691
 	RESERVED
-CVE-2013-3690
-	RESERVED
+CVE-2013-3690 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi ...)
+	TODO: check
 CVE-2013-3689
 	RESERVED
-CVE-2013-3688
-	RESERVED
+CVE-2013-3688 (The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, ...)
+	TODO: check
 CVE-2013-3687
 	RESERVED
 CVE-2013-3686
@@ -5722,8 +5734,8 @@
 	RESERVED
 CVE-2013-3540
 	RESERVED
-CVE-2013-3539
-	RESERVED
+CVE-2013-3539 (Cross-site request forgery (CSRF) vulnerability in the ...)
+	TODO: check
 CVE-2013-3538 (Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php ...)
 	NOT-FOR-US: Todoo Forum
 CVE-2013-3537 (Multiple SQL injection vulnerabilities in todooforum.php in Todoo ...)
@@ -7042,64 +7054,47 @@
 	RESERVED
 CVE-2013-2925
 	RESERVED
-CVE-2013-2924
-	RESERVED
-CVE-2013-2923
-	RESERVED
-CVE-2013-2922
-	RESERVED
+CVE-2013-2924 (Use-after-free vulnerability in International Components for Unicode ...)
+	TODO: check
+CVE-2013-2923 (Multiple unspecified vulnerabilities in Google Chrome before ...)
+	TODO: check
+CVE-2013-2922 (Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in ...)
 	- chromium-browser <unfixed>
-CVE-2013-2921
-	RESERVED
+CVE-2013-2921 (Double free vulnerability in the ResourceFetcher::didLoadResource ...)
 	- chromium-browser <unfixed>
-CVE-2013-2920
-	RESERVED
+CVE-2013-2920 (The DoResolveRelativeHost function in url/url_canon_relative.cc in ...)
 	- chromium-browser <unfixed>
-CVE-2013-2919
-	RESERVED
+CVE-2013-2919 (Google V8, as used in Google Chrome before 30.0.1599.66, allows remote ...)
 	- chromium-browser <unfixed>
 	- libv8 <unfixed>
 	- libv8-3.14 <unfixed>
-CVE-2013-2918
-	RESERVED
+CVE-2013-2918 (Use-after-free vulnerability in the ...)
 	- chromium-browser <unfixed>
-CVE-2013-2917
-	RESERVED
+CVE-2013-2917 (The ReverbConvolverStage::ReverbConvolverStage function in ...)
 	- chromium-browser <unfixed>
-CVE-2013-2916
-	RESERVED
+CVE-2013-2916 (Blink, as used in Google Chrome before 30.0.1599.66, allows remote ...)
 	- chromium-browser <unfixed>
-CVE-2013-2915
-	RESERVED
+CVE-2013-2915 (Google Chrome before 30.0.1599.66 preserves pending NavigationEntry ...)
 	- chromium-browser <unfixed>
-CVE-2013-2914
-	RESERVED
+CVE-2013-2914 (Use-after-free vulnerability in the color-chooser dialog in Google ...)
 	- chromium-browser <unfixed>
-CVE-2013-2913
-	RESERVED
+CVE-2013-2913 (Use-after-free vulnerability in the XMLDocumentParser::append function ...)
 	- chromium-browser <unfixed>
 	TODO: Might affect libxml2
-CVE-2013-2912
-	RESERVED
+CVE-2013-2912 (Use-after-free vulnerability in the PepperInProcessRouter::SendToHost ...)
 	- chromium-browser <unfixed>
-CVE-2013-2911
-	RESERVED
+CVE-2013-2911 (Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet ...)
 	- chromium-browser <unfixed>
 	TODO: Might affect libxslt
-CVE-2013-2910
-	RESERVED
+CVE-2013-2910 (Use-after-free vulnerability in ...)
 	- chromium-browser <unfixed>
-CVE-2013-2909
-	RESERVED
+CVE-2013-2909 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
 	- chromium-browser <unfixed>
-CVE-2013-2908
-	RESERVED
+CVE-2013-2908 (Google Chrome before 30.0.1599.66 uses incorrect function calls to ...)
 	- chromium-browser <unfixed>
-CVE-2013-2907
-	RESERVED
+CVE-2013-2907 (The Window.prototype object implementation in Google Chrome before ...)
 	- chromium-browser <unfixed>
-CVE-2013-2906
-	RESERVED
+CVE-2013-2906 (Multiple race conditions in the Web Audio implementation in Blink, as ...)
 	- chromium-browser <unfixed>
 CVE-2013-2905 (The SharedMemory::Create function in memory/shared_memory_posix.cc in ...)
 	{DSA-2741-1}
@@ -8821,8 +8816,8 @@
 	RESERVED
 CVE-2013-2270
 	RESERVED
-CVE-2013-2269
-	RESERVED
+CVE-2013-2269 (The Sponsorship Confirmation functionality in Aruba Networks ClearPass ...)
+	TODO: check
 CVE-2013-2268 (Unspecified vulnerability in the MathML implementation in WebKit in ...)
 	- chromium-browser 25.0.1364.97-1
 	[squeeze] - chromium-browser <not-affected> (Vulnerable code not present)
@@ -8944,8 +8939,7 @@
 	{DSA-2766-1 DSA-2745-1}
 	- linux-2.6 <removed>
 	- linux 3.10.1-1
-CVE-2013-2231 [qemu-ga win32 service unquoted search path]
-	RESERVED
+CVE-2013-2231 (Unquoted Windows search path vulnerability in the QEMU Guest Agent ...)
 	- qemu <not-affected> (Only affects win32 build)
 CVE-2013-2230 (The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows ...)
 	- libvirt 1.1.0-3 (bug #715559)
@@ -9731,8 +9725,7 @@
 	- keystone <unfixed> (bug #708515)
 	[wheezy] - keystone <no-dsa> (Minor issue)
 	NOTE: fixed in 2013.1-1 for experimental
-CVE-2013-2013 [OpenStack keystone password disclosure on command line]
-	RESERVED
+CVE-2013-2013 (The user-password-update command in python-keystoneclient before 0.2.4 ...)
 	- python-keystoneclient 1:0.2.5-1 (bug #709535)
 	[wheezy] - python-keystoneclient <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/python-keystoneclient/+bug/938315
@@ -10133,8 +10126,7 @@
 CVE-2013-1893
 	RESERVED
 	- owncloud <not-affected> (only affecting 5.0 branch)
-CVE-2013-1892 [mongodb: SSJI to RCE]
-	RESERVED
+CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate ...)
 	- mongodb 1:2.4.1-1 (bug #704042)
 	[wheezy] - mongodb 1:2.0.6-1.1
 	[squeeze] - mongodb <no-dsa> (Minor isue, Spidermonkey in Lenny is EOLed)
@@ -17636,8 +17628,7 @@
 CVE-2012-5628
 	RESERVED
 	NOT-FOR-US: gofer component of PULP project
-CVE-2012-5627 [Insecure salt value usage when in the same mysql session]
-	RESERVED
+CVE-2012-5627 (Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and ...)
 	- mysql-5.1 <unfixed> (low)
 	- mysql-5.5 <unfixed> (low)
 	[wheezy] - mysql-5.5 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.5.x)
@@ -27006,11 +26997,9 @@
 CVE-2012-2127 (fs/proc/root.c in the procfs implementation in the Linux kernel before ...)
 	- linux-2.6 3.2-1
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 3.1)
-CVE-2012-2126
-	RESERVED
+CVE-2012-2126 (RubyGems before 1.8.23 does not verify an SSL certificate, which ...)
 	- rubygems 1.8.24-1 (bug #670228)
-CVE-2012-2125
-	RESERVED
+CVE-2012-2125 (RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which ...)
 	- rubygems 1.8.24-1 (bug #670228)
 CVE-2012-2124 (functions/imap_general.php in SquirrelMail, as used in Red Hat ...)
 	- squirrelmail <not-affected> (Incorrect RedHat security update)
@@ -38845,8 +38834,7 @@
 	- xpdf 3.02-19 (low; bug #635849)
 	[lenny] - xpdf <no-dsa> (zxpdf script is indeed affected, but it's not associated with pdf handling by default, so not a concern for remote abuse)
 	[squeeze] - xpdf 3.02-12+squeeze1
-CVE-2011-2901 [Xen <= 3.3 DoS due to incorrect virtual address validation]
-	RESERVED
+CVE-2011-2901 (Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows ...)
 	- xen <not-affected> (Only affects Xen <= 3.3)
 	- xen-3 <removed>
 CVE-2011-2900 (Stack-based buffer overflow in the (1) put_dir function in mongoose.c ...)




More information about the Secure-testing-commits mailing list