[Secure-testing-commits] r23783 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Sep 25 21:14:33 UTC 2013 

Author: joeyh
Date: 2013-09-25 21:14:33 +0000 (Wed, 25 Sep 2013)
New Revision: 23783

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-09-25 21:06:10 UTC (rev 23782)
+++ data/CVE/list	2013-09-25 21:14:33 UTC (rev 23783)
@@ -1,3 +1,11 @@
+CVE-2013-5936 (The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before ...)
+	TODO: check
+CVE-2013-5935 (The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before ...)
+	TODO: check
+CVE-2013-5934 (Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before ...)
+	TODO: check
+CVE-2013-5933 (Stack-based buffer overflow in the sub_E110 function in init in a ...)
+	TODO: check
 CVE-2013-5932 (Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro ...)
 	NOT-FOR-US: Sophos UTM
 CVE-2013-5931 (SQL injection vulnerability in property_listings_detail.php in Real ...)
@@ -362,8 +370,8 @@
 	RESERVED
 CVE-2013-5751 (Directory traversal vulnerability in SAP NetWeaver 7.x allows remote ...)
 	NOT-FOR-US: SAP NetWeaver 7.x
-CVE-2013-5750
-	RESERVED
+CVE-2013-5750 (The login form in the FriendsOfSymfony FOSUserBundle bundle before ...)
+	TODO: check
 CVE-2013-5749
 	RESERVED
 CVE-2013-5748
@@ -772,8 +780,7 @@
 	RESERVED
 CVE-2013-5590
 	RESERVED
-CVE-2013-5634
-	RESERVED
+CVE-2013-5634 (arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM ...)
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (KVM for arm introduced in 3.9)
 	- linux-2.6 <not-affected> (KVM for arm introduced in 3.9)
@@ -1240,8 +1247,8 @@
 	RESERVED
 CVE-2013-5374
 	RESERVED
-CVE-2013-5373
-	RESERVED
+CVE-2013-5373 (The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through ...)
+	TODO: check
 CVE-2013-5372
 	RESERVED
 CVE-2013-5371
@@ -1590,8 +1597,7 @@
 	RESERVED
 CVE-2013-5201
 	RESERVED
-CVE-2013-5200
-	RESERVED
+CVE-2013-5200 (The (1) REST and (2) memcache interfaces in the Hazelcast cluster API ...)
 	- open-xchange <itp> (bug #269329)
 CVE-2013-5199
 	RESERVED
@@ -1759,8 +1765,8 @@
 	NOT-FOR-US: PHPFox
 CVE-2013-5119 (Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows ...)
 	NOT-FOR-US: Zimbra Collaboration Suite
-CVE-2013-5118
-	RESERVED
+CVE-2013-5118 (Cross-site scripting (XSS) vulnerability in the Good for Enterprise ...)
+	TODO: check
 CVE-2013-5117
 	RESERVED
 CVE-2013-5116
@@ -2515,8 +2521,8 @@
 	NOT-FOR-US: Siemens Enterprise OpenScape
 CVE-2013-4778 (core/getLog.php on the Siemens Enterprise OpenScape Branch appliance ...)
 	NOT-FOR-US: Siemens Enterprise OpenScape
-CVE-2013-4777
-	RESERVED
+CVE-2013-4777 (A certain configuration of Android 2.3.7 on the Motorola Defy XT phone ...)
+	TODO: check
 CVE-2013-4776
 	RESERVED
 CVE-2013-4775
@@ -3479,8 +3485,7 @@
 	- gnupg2 <unfixed> (low; bug #722724)
 	[squeeze] - gnupg2 <no-dsa> (Minor issue)
 	[wheezy] - gnupg2 <no-dsa> (Minor issue)
-CVE-2013-4350 [net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit]
-	RESERVED
+CVE-2013-4350 (The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel ...)
 	- linux-2.6 <removed>
 	- linux <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2013/09/13/2
@@ -3510,8 +3515,7 @@
 	- linux <unfixed>
 CVE-2013-4344
 	RESERVED
-CVE-2013-4343
-	RESERVED
+CVE-2013-4343 (Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel ...)
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (Introduced in 3.8)
 	- linux-2.6 <not-affected> (Introduced in 3.8)
@@ -3643,8 +3647,7 @@
 	- mediawiki 1:1.19.8+dfsg-1 (unimportant)
 	NOTE: Full path disclosure irrelevant in Debian
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=46332
-CVE-2013-4300
-	RESERVED
+CVE-2013-4300 (The scm_check_creds function in net/core/scm.c in the Linux kernel ...)
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (Not exploitable by unprivileged users in 3.2)
 	- linux-2.6 <not-affected> (Not exploitable by unprivileged users in 2.6.32)
@@ -3660,6 +3663,7 @@
 	NOTE: Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a, 1.0.6
 CVE-2013-4296 [libvirt remote crash]
 	RESERVED
+	{DSA-2764-1}
 	- libvirt <unfixed>
 	[squeeze] - libvirt <not-affected> (Vulnerable code not present, introduced by commit 158ba8730e44b7dd07a21ab90499996c5dec080a)
 	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=158ba8730e44b7dd07a21ab90499996c5dec080a
@@ -4531,14 +4535,14 @@
 	RESERVED
 CVE-2013-4026
 	RESERVED
-CVE-2013-4025
-	RESERVED
-CVE-2013-4024
-	RESERVED
+CVE-2013-4025 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager ...)
+	TODO: check
+CVE-2013-4024 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager ...)
+	TODO: check
 CVE-2013-4023
 	RESERVED
-CVE-2013-4022
-	RESERVED
+CVE-2013-4022 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager ...)
+	TODO: check
 CVE-2013-4021
 	RESERVED
 CVE-2013-4020
@@ -9134,8 +9138,7 @@
 CVE-2013-2141 (The do_tkill function in kernel/signal.c in the Linux kernel before ...)
 	- linux-2.6 <removed>
 	- linux 3.9.4-1
-CVE-2013-2140 [xen/blkback: Check device permissions before allowing OP_DISCARD]
-	RESERVED
+CVE-2013-2140 (The dispatch_discard_io function in ...)
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 	- linux 3.10.1-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -10701,6 +10704,7 @@
 	- icedove <not-affected> (Windows-specific)
 	- iceape <not-affected> (Windows-specific)
 CVE-2013-1705 (Heap-based buffer underflow in the cryptojs_interpret_key_gen_type ...)
+	{DSA-2762-1}
 	- iceweasel 23.0-1
 	- iceape <unfixed>
 	TODO: check
@@ -12438,8 +12442,8 @@
 	NOT-FOR-US: ubuntu-system-service
 CVE-2013-1061
 	RESERVED
-CVE-2013-1060
-	RESERVED
+CVE-2013-1060 (A certain Ubuntu build procedure for perf, as distributed in the Linux ...)
+	TODO: check
 CVE-2013-1059 (net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote ...)
 	{DSA-2745-1}
 	- linux 3.10.1-1 (low)
@@ -21876,10 +21880,10 @@
 	TODO: check
 CVE-2012-4088
 	RESERVED
-CVE-2012-4087 (A setup script for fabric interconnect devices in Cisco Unified ...)
+CVE-2012-4087 (A cluster setup script for fabric interconnect devices in Cisco ...)
 	TODO: check
-CVE-2012-4086
-	RESERVED
+CVE-2012-4086 (A setup script for fabric interconnect devices in Cisco Unified ...)
+	TODO: check
 CVE-2012-4085 (The Intelligent Platform Management Interface (IPMI) implementation in ...)
 	TODO: check
 CVE-2012-4084

More information about the Secure-testing-commits mailing list