[Secure-testing-commits] r25416 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Wed Jan 29 21:14:11 UTC 2014
Author: joeyh
Date: 2014-01-29 21:14:11 +0000 (Wed, 29 Jan 2014)
New Revision: 25416
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-29 20:49:20 UTC (rev 25415)
+++ data/CVE/list 2014-01-29 21:14:11 UTC (rev 25416)
@@ -1,3 +1,21 @@
+CVE-2014-1689
+ RESERVED
+CVE-2014-1688
+ RESERVED
+CVE-2014-1687
+ RESERVED
+CVE-2014-1686
+ RESERVED
+CVE-2014-1685
+ RESERVED
+CVE-2014-1684
+ RESERVED
+CVE-2014-1683
+ RESERVED
+CVE-2014-1682
+ RESERVED
+CVE-2014-1681 (Multiple unspecified vulnerabilities in Google Chrome before ...)
+ TODO: check
CVE-2013-XXXX [python's zipfile infinite loop on malformed files]
- python2.5 <removed> (low)
- python2.6 <removed> (low)
@@ -46,11 +64,13 @@
- otrs2 3.3.4-1
NOTE: https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/
CVE-2014-1691 [Possible remote code execution on horde3]
+ RESERVED
- horde3 <unfixed>
- php-horde-util 2.3.0-1
NOTE: https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3
NOTE: https://github.com/horde/horde/commit/acf67ab4a633037849aca9e4a7592465b999ad93 is also required
CVE-2014-1690
+ RESERVED
- linux <unfixed>
[wheezy] - linux <not-affected> (Introduced in 3.7)
- linux-2.6 <not-affected> (Introduced in 3.7)
@@ -221,7 +241,7 @@
RESERVED
- mantis <removed>
NOTE: https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102
-CVE-2014-1607 (Cross-site scripting (XSS) vulnerability in the EventCalendar module ...)
+CVE-2014-1607 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in the ...)
NOT-FOR-US: Drupal EventCalendar
CVE-2014-1606
RESERVED
@@ -526,33 +546,28 @@
[squeeze] - xen <not-affected> (Only affects 4.2 and later)
[wheezy] - xen <not-affected> (Only affects 4.2 and later)
NOTE: http://www.openwall.com/lists/oss-security/2014/01/23/2
-CVE-2014-1640
- RESERVED
+CVE-2014-1640 (axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe ...)
- axiom <unfixed> (low; bug #736358)
[squeeze] - axiom <no-dsa> (Minor issue)
[wheezy] - axiom <no-dsa> (Minor issue)
-CVE-2014-1639
- RESERVED
+CVE-2014-1639 (syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses ...)
- syncevolution <unfixed> (unimportant; bug #736357)
NOTE: Only exploitable during build time
-CVE-2014-1638
- RESERVED
+CVE-2014-1638 ((1) debian/postrm and (2) debian/localepurge.config in localepurge ...)
- localepurge 0.7.3.2 (bug #736359)
[squeeze] - localepurge <no-dsa> (Minor issue)
[wheezy] - localepurge <no-dsa> (Minor issue)
CVE-2014-1626 (XML External Entity (XXE) vulnerability in MARC::File::XML module ...)
- libmarc-xml-perl 1.0.2-1 (bug #736275)
NOTE: http://sourceforge.net/p/marcpm/code/ci/cf2d36597a56eeeffd53b38182b8557c7bf569ac/
-CVE-2014-1624 [insecure use of /tmp]
- RESERVED
+CVE-2014-1624 (Race condition in the xdg.BaseDirectory.get_runtime_dir function in ...)
- pyxdg 0.25-4 (low; bug #736247)
[squeeze] - pyxdg <not-affected> (get_runtime_dir introduced in later version)
[wheezy] - pyxdg <not-affected> (get_runtime_dir introduced in later version)
CVE-2014-1611
RESERVED
NOT-FOR-US: Drupal contrib
-CVE-2014-1604 [insecure use of /tmp]
- RESERVED
+CVE-2014-1604 (The parser cache functionality in parsergenerator.py in RPLY (aka ...)
- python-rply 0.7.1-1
NOTE: https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7cand
CVE-2014-1473 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -1598,8 +1613,8 @@
RESERVED
CVE-2014-0811
RESERVED
-CVE-2014-0810
- RESERVED
+CVE-2014-0810 (Unspecified vulnerability in JustSystems Sanshiro 2007 before update ...)
+ TODO: check
CVE-2014-0809 (Directory traversal vulnerability in the Gapless Player SimZip (aka ...)
NOT-FOR-US: Gapless Player SimZip
CVE-2014-0808 (The lfCheckError function in ...)
@@ -1989,8 +2004,7 @@
NOT-FOR-US: Cisco Secure ACS RMI
CVE-2014-0648 (The RMI interface in Cisco Secure Access Control System (ACS) 5.x ...)
NOT-FOR-US: Cisco Secure ACS RMI
-CVE-2014-0647
- RESERVED
+CVE-2014-0647 (The Starbucks 2.6.1 application for iOS stores sensitive information ...)
NOT-FOR-US: Starbucks iOS application
CVE-2014-0646
RESERVED
@@ -2939,8 +2953,7 @@
NOT-FOR-US: Burden
CVE-2013-7136 (The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have ...)
NOT-FOR-US: Cisco
-CVE-2013-7135
- RESERVED
+CVE-2013-7135 (The Proc::Daemon module 0.14 for Perl uses world-writable permissions ...)
- libproc-daemon-perl 0.14-2 (low; bug #732283)
[wheezy] - libproc-daemon-perl <no-dsa> (Minor issue)
[squeeze] - libproc-daemon-perl <not-affected> (does not have pid_file option)
@@ -3607,10 +3620,10 @@
TODO: check
CVE-2013-6932 (Buffer overflow in IrfanView before 4.37, when a multibyte-character ...)
NOT-FOR-US: IrfanView
-CVE-2013-6931
- RESERVED
-CVE-2013-6930
- RESERVED
+CVE-2013-6931 (SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before ...)
+ TODO: check
+CVE-2013-6930 (SQL injection vulnerability in the page-navigation implementation in ...)
+ TODO: check
CVE-2013-6929 (SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier ...)
NOT-FOR-US: Cybozu Garoon
CVE-2013-6928
@@ -4237,7 +4250,7 @@
CVE-2014-0026
RESERVED
CVE-2014-0025
- RESERVED
+ REJECTED
CVE-2014-0024
RESERVED
CVE-2014-0023
@@ -4466,8 +4479,7 @@
NOT-FOR-US: Siemens COMOS
CVE-2013-6839 (SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and ...)
NOT-FOR-US: InstantCMS
-CVE-2013-6838
- RESERVED
+CVE-2013-6838 (An unspecified Enghouse Interactive Professional Services "addon ...)
NOT-FOR-US: IVR Pro/Contact Center (VIP2000)
CVE-2013-6837 (Cross-site scripting (XSS) vulnerability in the setTimeout function in ...)
- web2py <unfixed> (unimportant)
@@ -4692,12 +4704,12 @@
RESERVED
CVE-2013-6750
RESERVED
-CVE-2013-6749
- RESERVED
-CVE-2013-6748
- RESERVED
-CVE-2013-6747
- RESERVED
+CVE-2013-6749 (Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr ...)
+ TODO: check
+CVE-2013-6748 (Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr ...)
+ TODO: check
+CVE-2013-6747 (IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM ...)
+ TODO: check
CVE-2013-6746 (Cross-site scripting (XSS) vulnerability in FileNet P8 Platform ...)
TODO: check
CVE-2013-6745 (Cross-site scripting (XSS) vulnerability in the IMS server before Ifix ...)
@@ -4906,10 +4918,10 @@
RESERVED
CVE-2013-6651
RESERVED
-CVE-2013-6650
- RESERVED
-CVE-2013-6649
- RESERVED
+CVE-2013-6650 (The StoreBuffer::ExemptPopularPages function in store-buffer.cc in ...)
+ TODO: check
+CVE-2013-6649 (Use-after-free vulnerability in the RenderSVGImage::paint function in ...)
+ TODO: check
CVE-2013-6648
RESERVED
CVE-2013-6647
@@ -5442,7 +5454,7 @@
- mediawiki 1:1.19.10+dfsg-1
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58088
NOTE: Introduced by the fix for CVE-2013-4568
-CVE-2013-6450 (The DTLS retransmission implementation in OpenSSL through 0.9.8y and ...)
+CVE-2013-6450 (The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l ...)
{DSA-2833-1}
- openssl 1.0.1e-5 (low)
[squeeze] - openssl <not-affected> (Versions earlier than 1.0.0 are not affected)
@@ -8758,8 +8770,8 @@
NOT-FOR-US: Juniper Junos Space
CVE-2013-5095 (Cross-site scripting (XSS) vulnerability in the web-based interface in ...)
NOT-FOR-US: Juniper Junos Space
-CVE-2013-5094
- RESERVED
+CVE-2013-5094 (Cross-site scripting (XSS) vulnerability in index.exp in McAfee ...)
+ TODO: check
CVE-2013-5093 (The renderLocalView function in render/views.py in graphite-web in ...)
- graphite-web 0.9.12+debian-1 (bug #720454)
NOTE: http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/
@@ -14102,8 +14114,8 @@
NOT-FOR-US: IBM
CVE-2013-2975
RESERVED
-CVE-2013-2974
- RESERVED
+CVE-2013-2974 (The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager ...)
+ TODO: check
CVE-2013-2973
RESERVED
CVE-2013-2972
@@ -26050,8 +26062,8 @@
RESERVED
CVE-2012-5193
RESERVED
-CVE-2012-5192
- RESERVED
+CVE-2012-5192 (Directory traversal vulnerability in gmap/view_overlay.php in ...)
+ TODO: check
CVE-2012-5191
RESERVED
CVE-2012-5190
More information about the Secure-testing-commits
mailing list