[Secure-testing-commits] r23624 - data/CVE

[Raphael Geissert]

Author: atomo64-guest
Date: 2013-09-11 13:16:32 +0000 (Wed, 11 Sep 2013)
New Revision: 23624

Modified:
   data/CVE/list
Log:
By-hand sync with mitre



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-09-11 11:07:17 UTC (rev 23623)
+++ data/CVE/list	2013-09-11 13:16:32 UTC (rev 23624)
@@ -1,3 +1,15 @@
+CVE-2013-5716 (Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows ...)
+	TODO: check
+CVE-2013-5715 (Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has ...)
+	TODO: check
+CVE-2013-5714 (Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php ...)
+	TODO: check
+CVE-2013-5713
+	RESERVED
+CVE-2013-5712
+	RESERVED
+CVE-2013-5711
+	RESERVED
 CVE-2013-XXXX [https://www.wireshark.org/security/wnpa-sec-2013-60.html ]
 	- wireshark 1.10.2-1
 CVE-2013-5722
@@ -44,8 +56,8 @@
 CVE-2013-5701
 	RESERVED
 	NOT-FOR-US: Watchguard Server Center
-CVE-2013-5700
-	RESERVED
+CVE-2013-5700 (The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x ...)
+	TODO: check
 CVE-2013-5699
 	RESERVED
 CVE-2013-5698 (Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and ...)
@@ -226,13 +238,11 @@
 	- libdigidoc <itp> (bug #658300)
 CVE-2013-5647 (lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote ...)
 	NOT-FOR-US: Sounder Ruby Gem
-CVE-2013-5642
-	RESERVED
+CVE-2013-5642 (The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source ...)
 	{DSA-2749-1}
 	- asterisk <unfixed> (bug #721220)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2013-005.html
-CVE-2013-5641
-	RESERVED
+CVE-2013-5641 (The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source ...)
 	{DSA-2749-1}
 	- asterisk <unfixed> (bug #721220)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2013-004.html
@@ -1579,11 +1589,9 @@
 	RESERVED
 CVE-2013-4985
 	RESERVED
-CVE-2013-4984
-	RESERVED
+CVE-2013-4984 (The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos ...)
 	NOT-FOR-US: Sophos Web Protection Appliance
-CVE-2013-4983
-	RESERVED
+CVE-2013-4983 (The get_referers function in /opt/ws/bin/sblistpack in Sophos Web ...)
 	NOT-FOR-US: Sophos Web Protection Appliance
 CVE-2013-4982
 	RESERVED
@@ -1812,11 +1820,9 @@
 	RESERVED
 CVE-2013-4901
 	RESERVED
-CVE-2013-4900
-	RESERVED
+CVE-2013-4900 (Directory traversal vulnerability in DeWeS web server 0.4.2 and ...)
 	NOT-FOR-US: DeWeS web server (Twilight CMS)
-CVE-2013-4899
-	RESERVED
+CVE-2013-4899 (Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and ...)
 	NOT-FOR-US: Twilight CMS
 CVE-2013-4898
 	RESERVED
@@ -2282,8 +2288,8 @@
 	RESERVED
 CVE-2013-4704
 	RESERVED
-CVE-2013-4703
-	RESERVED
+CVE-2013-4703 (Cross-site scripting (XSS) vulnerability in the top-page customization ...)
+	TODO: check
 CVE-2013-4702 (Multiple directory traversal vulnerabilities in the doApiAction ...)
 	NOT-FOR-US: EC-CUBE
 CVE-2013-4701 (Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows ...)
@@ -3098,6 +3104,7 @@
 	RESERVED
 CVE-2013-4315 [directory traversal with ssi template tag]
 	RESERVED
+	{DSA-2755-1}
 	- python-django <unfixed>
 CVE-2013-4314 [hostname check bypassing vulnerability]
 	RESERVED
@@ -4856,10 +4863,10 @@
 	NOT-FOR-US: Resource Hacker
 CVE-2013-3659 (The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for ...)
 	NOT-FOR-US: Android application NTT DOCOMO
-CVE-2013-3658
-	RESERVED
-CVE-2013-3657
-	RESERVED
+CVE-2013-3658 (Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ...)
+	TODO: check
+CVE-2013-3657 (Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, ...)
+	TODO: check
 CVE-2013-3656 (Cybozu Office 9.1.0 and earlier does not properly manage sessions, ...)
 	NOT-FOR-US: Cybozu Office
 CVE-2013-3655 (The Sharp AQUOS PhotoPlayer HN-PP150 with firmware before 1.04.00.04 ...)
@@ -10983,6 +10990,7 @@
 	RESERVED
 CVE-2013-1441 [exactimage crash on dcraw failures]
 	RESERVED
+	{DSA-2754-1}
 	- exactimage 0.8.9-2
 	NOTE: a different issue than CVE-2013-1438
 CVE-2013-1440