[Secure-testing-commits] r23835 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Sep 30 21:14:34 UTC 2013 

Author: joeyh
Date: 2013-09-30 21:14:34 +0000 (Mon, 30 Sep 2013)
New Revision: 23835

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-09-30 14:40:25 UTC (rev 23834)
+++ data/CVE/list	2013-09-30 21:14:34 UTC (rev 23835)
@@ -1,4 +1,36 @@
-CVE-2013-5959
+CVE-2013-5960 (The authenticated-encryption feature in the symmetric-encryption ...)
+	TODO: check
+CVE-2013-5958
+	RESERVED
+CVE-2013-5957
+	RESERVED
+CVE-2013-5956
+	RESERVED
+CVE-2013-5955
+	RESERVED
+CVE-2013-5954
+	RESERVED
+CVE-2013-5953
+	RESERVED
+CVE-2013-5952
+	RESERVED
+CVE-2013-5951
+	RESERVED
+CVE-2013-5950
+	RESERVED
+CVE-2013-5949
+	RESERVED
+CVE-2013-5948
+	RESERVED
+CVE-2013-5947
+	RESERVED
+CVE-2013-5946
+	RESERVED
+CVE-2013-5945
+	RESERVED
+CVE-2013-5944
+	RESERVED
+CVE-2013-5959 (Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 ...)
 	NOT-FOR-US: Blue Coat ProxySG
 CVE-2013-5943 (Multiple cross-site scripting (XSS) vulnerabilities in Graphite before ...)
 	- graphite-web 0.9.12+debian-1
@@ -557,8 +589,8 @@
 	RESERVED
 CVE-2013-5680
 	RESERVED
-CVE-2013-5679
-	RESERVED
+CVE-2013-5679 (The authenticated-encryption feature in the symmetric-encryption ...)
+	TODO: check
 CVE-2013-5678
 	RESERVED
 CVE-2013-5677
@@ -1005,10 +1037,10 @@
 	RESERVED
 CVE-2013-5506
 	RESERVED
-CVE-2013-5505
-	RESERVED
-CVE-2013-5504
-	RESERVED
+CVE-2013-5505 (Cross-site scripting (XSS) vulnerability in an administration page in ...)
+	TODO: check
+CVE-2013-5504 (Cross-site scripting (XSS) vulnerability in the Mobile Device ...)
+	TODO: check
 CVE-2013-5503
 	RESERVED
 CVE-2013-5502 (The web interface in Cisco MediaSense does not properly protect the ...)
@@ -1019,8 +1051,7 @@
 	NOT-FOR-US: Cisco MediaSense
 CVE-2013-5499
 	RESERVED
-CVE-2013-5498
-	RESERVED
+CVE-2013-5498 (The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ...)
 	NOT-FOR-US: Cisco IOS XR
 CVE-2013-5497 (The authentication manager process in the web framework in Cisco ...)
 	NOT-FOR-US: Cisco Intrusion Prevention System
@@ -1210,8 +1241,7 @@
 	RESERVED
 CVE-2013-5404
 	RESERVED
-CVE-2013-5403
-	RESERVED
+CVE-2013-5403 (Unspecified vulnerability on the IBM WebSphere DataPower XC10 ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2013-5402
 	RESERVED
@@ -1699,11 +1729,9 @@
 	RESERVED
 CVE-2013-5162
 	RESERVED
-CVE-2013-5161
-	RESERVED
+CVE-2013-5161 (Passcode Lock in Apple iOS before 7.0.2 does not properly manage the ...)
 	NOT-FOR-US: Apple iOS
-CVE-2013-5160
-	RESERVED
+CVE-2013-5160 (Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows ...)
 	NOT-FOR-US: Apple iOS
 CVE-2013-5159 (WebKit in Apple iOS before 7 allows remote attackers to bypass the ...)
 	NOT-FOR-US: Apple iOS
@@ -3780,8 +3808,7 @@
 	[squeeze] - subversion <no-dsa> (Minor issue, PID file not created by default)
 	[wheezy] - subversion <no-dsa> (Minor issue, PID file not created by default)
 	NOTE: http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
-CVE-2013-4276 [liblcms1 buffer overflows]
-	RESERVED
+CVE-2013-4276 (Multiple stack-based buffer overflows in LittleCMS (aka lcms or ...)
 	- lcms <unfixed> (low; bug #718682)
 	[squeeze] - lcms <no-dsa> (Minor issue)
 	[wheezy] - lcms <no-dsa> (Minor issue)
@@ -3884,8 +3911,7 @@
 	- subversion <not-affected> (only affects 1.8.0 and 1.8.1)
 CVE-2013-4245
 	RESERVED
-CVE-2013-4244 [gif2tiff: OOB Write in LZW decompressor]
-	RESERVED
+CVE-2013-4244 (The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier ...)
 	{DSA-2744-1}
 	- tiff 4.0.3-3
 	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
@@ -4352,8 +4378,7 @@
 CVE-2013-4113 (ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing ...)
 	{DSA-2723-1}
 	- php5 5.5.0+dfsg-15 (bug #717139)
-CVE-2013-4112
-	RESERVED
+CVE-2013-4112 (The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and ...)
 	- libjgroups-java 2.12.2.Final-4 (bug #717031) 
 	[wheezy] - libjgroups-java <no-dsa> (Minor issue)
 	[squeeze] - libjgroups-java <no-dsa> (Minor issue)
@@ -5932,8 +5957,8 @@
 	NOT-FOR-US: Cisco
 CVE-2013-3418 (Cisco Unified Communications Domain Manager does not properly allocate ...)
 	NOT-FOR-US: Cisco
-CVE-2013-3417
-	RESERVED
+CVE-2013-3417 (The administrative web interface in Cisco Video Surveillance ...)
+	TODO: check
 CVE-2013-3416 (Cross-site scripting (XSS) vulnerability in the web framework in the ...)
 	NOT-FOR-US: Cisco
 CVE-2013-3415
@@ -9476,8 +9501,7 @@
 	NOT-FOR-US: Red Hat livecd-tools
 	NOTE: http://www.openwall.com/lists/oss-security/2013/05/23/2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=964299
-CVE-2013-2068
-	RESERVED
+CVE-2013-2068 (Multiple directory traversal vulnerabilities in the AgentController in ...)
 	NOT-FOR-US: RedHat CloudForms Management Engine
 CVE-2013-2067 (java/org/apache/catalina/authenticator/FormAuthenticator.java in the ...)
 	{DSA-2725-1}
@@ -9986,8 +10010,7 @@
 	[squeeze] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- xen-qemu-dm-4.0 <not-affected> (qemu-nbd not installed by the binary package)
-CVE-2013-1921
-	RESERVED
+CVE-2013-1921 (PicketBox, as used in Red Hat JBoss Enterprise Application Platform ...)
 	NOTE: Red Hat JBoss Enterprise Application Platform (Debian's jboss only provides some classes)
 CVE-2013-1920 (Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under ...)
 	- xen <not-affected> (XSM not enabled in build)
@@ -13991,8 +14014,7 @@
 	NOT-FOR-US: IBM WebSphere DataPower XC10 Appliance devices
 CVE-2013-0599 (IBM Eclipse Help System (IEHS), as used in IBM Rational Directory ...)
 	NOT-FOR-US: IBM
-CVE-2013-0598
-	RESERVED
+CVE-2013-0598 (Cross-site request forgery (CSRF) vulnerability in the Web Client in ...)
 	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2013-0597 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
 	NOT-FOR-US: IBM WebSphere Application Server
@@ -28885,8 +28907,7 @@
 	NOT-FOR-US: Cisco IOS
 CVE-2012-1314 (The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2012-1313
-	RESERVED
+CVE-2012-1313 (The remote debug shell on the PALO adapter card in Cisco Unified ...)
 	NOT-FOR-US: Cisco Unified Computing System
 CVE-2012-1312 (The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to ...)
 	NOT-FOR-US: Cisco IOS

More information about the Secure-testing-commits mailing list