[Secure-testing-commits] r27073 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Fri May 30 21:14:09 UTC 2014
Author: joeyh
Date: 2014-05-30 21:14:09 +0000 (Fri, 30 May 2014)
New Revision: 27073
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-05-30 13:13:27 UTC (rev 27072)
+++ data/CVE/list 2014-05-30 21:14:09 UTC (rev 27073)
@@ -1,19 +1,174 @@
+CVE-2014-3920
+ RESERVED
+CVE-2014-3919
+ RESERVED
+CVE-2014-3918
+ RESERVED
+CVE-2014-3916
+ RESERVED
+CVE-2014-3915
+ RESERVED
+CVE-2014-3914
+ RESERVED
+CVE-2014-3913
+ RESERVED
+CVE-2014-3912
+ RESERVED
+CVE-2014-3911
+ RESERVED
+CVE-2014-3910
+ RESERVED
+CVE-2014-3909
+ RESERVED
+CVE-2014-3908
+ RESERVED
+CVE-2014-3907
+ RESERVED
+CVE-2014-3906
+ RESERVED
+CVE-2014-3905
+ RESERVED
+CVE-2014-3904
+ RESERVED
+CVE-2014-3903
+ RESERVED
+CVE-2014-3902
+ RESERVED
+CVE-2014-3901
+ RESERVED
+CVE-2014-3900
+ RESERVED
+CVE-2014-3899
+ RESERVED
+CVE-2014-3898
+ RESERVED
+CVE-2014-3897
+ RESERVED
+CVE-2014-3896
+ RESERVED
+CVE-2014-3895
+ RESERVED
+CVE-2014-3894
+ RESERVED
+CVE-2014-3893
+ RESERVED
+CVE-2014-3892
+ RESERVED
+CVE-2014-3891
+ RESERVED
+CVE-2014-3890
+ RESERVED
+CVE-2014-3889
+ RESERVED
+CVE-2014-3888
+ RESERVED
+CVE-2014-3887
+ RESERVED
+CVE-2014-3886
+ RESERVED
+CVE-2014-3885
+ RESERVED
+CVE-2014-3884
+ RESERVED
+CVE-2014-3883
+ RESERVED
+CVE-2014-3882
+ RESERVED
+CVE-2014-3881
+ RESERVED
+CVE-2014-3880
+ RESERVED
+CVE-2014-3879
+ RESERVED
+CVE-2014-3878
+ RESERVED
+CVE-2014-3877
+ RESERVED
+CVE-2014-3876
+ RESERVED
+CVE-2014-3875
+ RESERVED
+CVE-2014-3874
+ RESERVED
+CVE-2014-3873
+ RESERVED
+CVE-2014-3872 (Multiple SQL injection vulnerabilities in the administration login ...)
+ TODO: check
+CVE-2014-3871 (Multiple SQL injection vulnerabilities in register.php in Geodesic ...)
+ TODO: check
+CVE-2014-3869
+ RESERVED
+CVE-2014-3868
+ RESERVED
+CVE-2014-3867 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
+ TODO: check
+CVE-2014-3863
+ RESERVED
+CVE-2014-3862
+ RESERVED
+CVE-2014-3861
+ RESERVED
+CVE-2014-3860
+ RESERVED
+CVE-2014-3859
+ RESERVED
+CVE-2014-3858
+ RESERVED
+CVE-2014-3857
+ RESERVED
+CVE-2014-3856
+ RESERVED
+CVE-2014-3855
+ RESERVED
+CVE-2014-3854
+ RESERVED
+CVE-2014-3853
+ RESERVED
+CVE-2014-3852
+ RESERVED
+CVE-2014-3851
+ RESERVED
+CVE-2014-3850
+ RESERVED
+CVE-2014-3849 (The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not ...)
+ TODO: check
+CVE-2014-3848 (The iMember360 plugin before 3.9.001 for WordPress does not properly ...)
+ TODO: check
+CVE-2014-3847
+ RESERVED
+CVE-2014-3845 (Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color ...)
+ TODO: check
+CVE-2014-3844 (The TinyMCE Color Picker plugin before 1.2 for WordPress does not ...)
+ TODO: check
+CVE-2014-3843 (Cross-site request forgery (CSRF) vulnerability in the Search ...)
+ TODO: check
+CVE-2014-3842 (Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 ...)
+ TODO: check
+CVE-2014-3841 (Cross-site scripting (XSS) vulnerability in the Contact Bank plugin ...)
+ TODO: check
+CVE-2012-6648 (gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as ...)
+ TODO: check
+CVE-2010-5299 (Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote ...)
+ TODO: check
CVE-2014-XXXX [TYPO3-CORE-SA-2014-001]
- typo3-src 4.5.34+dfsg1-1 (bug #749215)
- [squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-3917 [linux: DoS with syscall auditing]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: http://article.gmane.org/gmane.linux.kernel/1713179
CVE-2014-3865
+ RESERVED
- dpkg <unfixed> (bug #749183)
CVE-2014-3864
+ RESERVED
- dpkg <unfixed> (bug #746498)
-CVE-2014-3870
+CVE-2014-3870 (Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 ...)
NOT-FOR-US: WordPress plugin bib2html
-CVE-2014-3866
+CVE-2014-3866 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: userCake
-CVE-2014-3846
+CVE-2014-3846 (Cross-site scripting (XSS) vulnerability in Flying Cart allows remote ...)
NOT-FOR-US: Flying Cart
CVE-2014-3839
RESERVED
@@ -32,7 +187,7 @@
CVE-2014-3832
RESERVED
CVE-2014-3831
- RESERVED
+ REJECTED
CVE-2014-3830
RESERVED
CVE-2014-3829
@@ -112,21 +267,19 @@
NOT-FOR-US: Easy File Sharing
CVE-2014-3790
RESERVED
-CVE-2014-3789
- RESERVED
-CVE-2014-3788
- RESERVED
+CVE-2014-3789 (GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before ...)
+ TODO: check
+CVE-2014-3788 (Heap-based buffer overflow in the Web Server in Cogent Real-Time ...)
+ TODO: check
CVE-2014-3787 (SAP NetWeaver 7.20 and earlier allows remote attackers to read ...)
NOT-FOR-US: SAP NetWeaver
CVE-2013-7385 (LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator ...)
NOT-FOR-US: LiveZilla
CVE-2013-7384 (UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a ...)
- unrealircd <itp> (bug #515130)
-CVE-2014-3840 [Persistent XSS]
- RESERVED
+CVE-2014-3840 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- mayan <itp> (bug #718580)
-CVE-2014-3801 [Heat template URL information leakage]
- RESERVED
+CVE-2014-3801 (OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, ...)
- heat 2014.1-4 (bug #748824)
NOTE: https://launchpad.net/bugs/1311223
CVE-2014-3786
@@ -135,8 +288,7 @@
RESERVED
CVE-2014-3784
RESERVED
-CVE-2014-3783 [SQL Injection Vulnerability]
- RESERVED
+CVE-2014-3783 (SQL injection vulnerability in admin/categories.php in Dotclear before ...)
- dotclear 2.6.3+dfsg-1
CVE-2014-3782 [(Media Manager) Unrestricted File Upload Vulnerability]
RESERVED
@@ -212,7 +364,7 @@
RESERVED
CVE-2014-3736
RESERVED
-CVE-2014-3735 (ir41_32.ax 4.51.16.3 for Intel Ideo Video 4.5 allows remote attackers ...)
+CVE-2014-3735 (ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers ...)
NOT-FOR-US: Intel Ideo Video
CVE-2014-3734
RESERVED
@@ -755,7 +907,7 @@
CVE-2014-3464
RESERVED
CVE-2014-3463
- RESERVED
+ REJECTED
CVE-2013-7382 (VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and ...)
NOT-FOR-US: VICIDIAL
CVE-2013-7381
@@ -840,8 +992,8 @@
RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
- [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://article.gmane.org/gmane.comp.emulators.qemu/272322
CVE-2014-3460 (Directory traversal vulnerability in the DumpToFile method in the ...)
NOT-FOR-US: NetIQ Sentinel
@@ -861,8 +1013,7 @@
NOT-FOR-US: K-lite Codec
CVE-2014-3451
RESERVED
-CVE-2014-3450
- RESERVED
+CVE-2014-3450 (Unspecified vulnerability in Panda Gold Protection and Global ...)
NOT-FOR-US: Panda
CVE-2014-3449
RESERVED
@@ -897,8 +1048,8 @@
NOT-FOR-US: RealNetworks RealPlayer
CVE-2014-3443 (JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to ...)
NOT-FOR-US: JetAudio
-CVE-2014-3442
- RESERVED
+CVE-2014-3442 (Winamp 5.666 and earlier allows remote attackers to cause a denial of ...)
+ TODO: check
CVE-2014-3441 (codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows ...)
- vlc <not-affected> (VLC in Debian uses the system version of libpng which handles the malformed file correctly as invalid)
NOTE: http://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html
@@ -934,14 +1085,14 @@
RESERVED
CVE-2014-3418
RESERVED
-CVE-2014-3417
- RESERVED
-CVE-2014-3416
- RESERVED
-CVE-2014-3415
- RESERVED
-CVE-2014-3414
- RESERVED
+CVE-2014-3417 (uPortal before 4.0.13.1 does not properly check the CONFIG permission, ...)
+ TODO: check
+CVE-2014-3416 (uPortal before 4.0.13.1 does not properly check the MANAGE ...)
+ TODO: check
+CVE-2014-3415 (SQL injection vulnerability in Sharetronix before 3.4 allows remote ...)
+ TODO: check
+CVE-2014-3414 (Cross-site request forgery (CSRF) vulnerability in Sharetronix before ...)
+ TODO: check
CVE-2014-3413
RESERVED
CVE-2014-3412 (Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when ...)
@@ -1198,34 +1349,34 @@
RESERVED
CVE-2014-3286
RESERVED
-CVE-2014-3285
- RESERVED
-CVE-2014-3284
- RESERVED
-CVE-2014-3283
- RESERVED
-CVE-2014-3282
- RESERVED
+CVE-2014-3285 (Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when ...)
+ TODO: check
+CVE-2014-3284 (Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, ...)
+ TODO: check
+CVE-2014-3283 (Open redirect vulnerability in Self-Care Client Portal applications in ...)
+ TODO: check
+CVE-2014-3282 (The Administration GUI in the web framework in VOSS in Cisco Unified ...)
+ TODO: check
CVE-2014-3281
RESERVED
CVE-2014-3280
RESERVED
-CVE-2014-3279
- RESERVED
+CVE-2014-3279 (The Administration GUI in the web framework in VOSS in Cisco Unified ...)
+ TODO: check
CVE-2014-3278
RESERVED
-CVE-2014-3277
- RESERVED
-CVE-2014-3276
- RESERVED
-CVE-2014-3275
- RESERVED
-CVE-2014-3274
- RESERVED
+CVE-2014-3277 (The Administration GUI in the web framework in VOSS in Cisco Unified ...)
+ TODO: check
+CVE-2014-3276 (Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does ...)
+ TODO: check
+CVE-2014-3275 (SQL injection vulnerability in the web framework in Cisco Identity ...)
+ TODO: check
+CVE-2014-3274 (Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to ...)
+ TODO: check
CVE-2014-3273 (The LLDP implementation in Cisco IOS allows remote attackers to cause ...)
NOT-FOR-US: Cisco IOS
-CVE-2014-3272
- RESERVED
+CVE-2014-3272 (The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier ...)
+ TODO: check
CVE-2014-3271 (The DHCPv6 implementation in Cisco IOS XR allows remote attackers to ...)
NOT-FOR-US: Cisco IOS XR
CVE-2014-3270 (The DHCPv6 implementation in Cisco IOS XR allows remote attackers to ...)
@@ -1234,10 +1385,10 @@
NOT-FOR-US: Cisco IOS XE
CVE-2014-3268 (Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices ...)
NOT-FOR-US: Cisco Unified Border Element
-CVE-2014-3267
- RESERVED
-CVE-2014-3266
- RESERVED
+CVE-2014-3267 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
+ TODO: check
+CVE-2014-3266 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
+ TODO: check
CVE-2014-3265 (Cross-site scripting (XSS) vulnerability in the Auto Update Server ...)
NOT-FOR-US: Cisco Security Manager
CVE-2014-3264 (Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier ...)
@@ -1246,8 +1397,8 @@
NOT-FOR-US: Cisco IOS
CVE-2014-3262 (The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS ...)
NOT-FOR-US: Cisco IOS
-CVE-2014-3261
- RESERVED
+CVE-2014-3261 (Buffer overflow in the Smart Call Home implementation in Cisco NX-OS ...)
+ TODO: check
CVE-2014-3260
RESERVED
CVE-2014-3259
@@ -1410,8 +1561,8 @@
RESERVED
CVE-2014-3211
RESERVED
-CVE-2014-3210
- RESERVED
+CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Booking ...)
+ TODO: check
CVE-2014-3208
RESERVED
CVE-2014-3206
@@ -1526,7 +1677,7 @@
- chromium-browser 35.0.1916.114-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-3151
RESERVED
@@ -1817,10 +1968,10 @@
RESERVED
CVE-2014-3016
RESERVED
-CVE-2014-3015
- RESERVED
-CVE-2014-3014
- RESERVED
+CVE-2014-3015 (Cross-site request forgery (CSRF) vulnerability in the Web player in ...)
+ TODO: check
+CVE-2014-3014 (Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM ...)
+ TODO: check
CVE-2014-3013
RESERVED
CVE-2014-3012
@@ -1853,7 +2004,7 @@
- kfreebsd-10 10.0-5 (bug #746949)
- kfreebsd-9 <unfixed> (bug #746951)
- kfreebsd-8 <removed> (bug #746952)
- [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-2999
RESERVED
CVE-2014-2998
@@ -1987,10 +2138,10 @@
RESERVED
CVE-2014-2949
RESERVED
-CVE-2014-2948
- RESERVED
-CVE-2014-2947
- RESERVED
+CVE-2014-2948 (SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM ...)
+ TODO: check
+CVE-2014-2947 (Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM ...)
+ TODO: check
CVE-2014-2946
RESERVED
CVE-2014-2945
@@ -2007,8 +2158,8 @@
RESERVED
CVE-2014-2939
RESERVED
-CVE-2014-2938
- RESERVED
+CVE-2014-2938 (Hanvon FaceID before 1.007.110 does not require authentication, which ...)
+ TODO: check
CVE-2014-2937
RESERVED
CVE-2014-2936 (The directory manager in Caldera 9.20 allows remote attackers to ...)
@@ -2109,8 +2260,7 @@
RESERVED
CVE-2013-7369 (SQL injection vulnerability in an unspecified DLL in the FSDBCom ...)
NOT-FOR-US: F-Secure Anti-Virus
-CVE-2012-6647 [forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference]
- RESERVED
+CVE-2012-6647 (The futex_wait_requeue_pi function in kernel/futex.c in the Linux ...)
- linux 3.2.29-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/linus/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef
@@ -2601,8 +2751,8 @@
RESERVED
CVE-2014-2721
RESERVED
-CVE-2014-2720
- RESERVED
+CVE-2014-2720 (IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's ...)
+ TODO: check
CVE-2014-2719 (Advanced_System_Content.asp in the ASUS RT series routers with ...)
NOT-FOR-US: ASUS RT series routers
CVE-2014-2718
@@ -2911,8 +3061,7 @@
RESERVED
CVE-2014-2608
RESERVED
-CVE-2014-2607
- RESERVED
+CVE-2014-2607 (Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13 ...)
NOT-FOR-US: HP Operations Manager
CVE-2014-2606
RESERVED
@@ -3096,8 +3245,7 @@
RESERVED
CVE-2014-2505
RESERVED
-CVE-2014-2504
- RESERVED
+CVE-2014-2504 (EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, ...)
NOT-FOR-US: EMC Documentum D2
CVE-2014-2503
RESERVED
@@ -3585,10 +3733,10 @@
RESERVED
CVE-2014-2351 (SQL injection vulnerability in the LiveData service in CSWorks before ...)
NOT-FOR-US: CSWorks
-CVE-2014-2350
- RESERVED
-CVE-2014-2349
- RESERVED
+CVE-2014-2350 (Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded ...)
+ TODO: check
+CVE-2014-2349 (Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to ...)
+ TODO: check
CVE-2014-2348
RESERVED
CVE-2014-2347 (Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage ...)
@@ -3932,10 +4080,9 @@
RESERVED
CVE-2014-2202
RESERVED
-CVE-2014-2201
- RESERVED
-CVE-2014-2200
- RESERVED
+CVE-2014-2201 (The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS ...)
+ TODO: check
+CVE-2014-2200 (Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local ...)
NOT-FOR-US: Cisco
CVE-2014-2199 (meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, ...)
NOT-FOR-US: Cisco WebEx
@@ -3943,8 +4090,7 @@
RESERVED
CVE-2014-2197
RESERVED
-CVE-2014-2196
- RESERVED
+CVE-2014-2196 (Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when ...)
NOT-FOR-US: Cisco Wide Area Application Services
CVE-2014-2195 (Cisco AsyncOS on Email Security Appliance (ESA) and Content Security ...)
NOT-FOR-US: Cisco AsyncOS
@@ -5265,14 +5411,14 @@
- chromium-browser 34.0.1847.132-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1735 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, ...)
{DSA-2920-1}
- chromium-browser 34.0.1847.132-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1734 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-2920-1}
@@ -5295,14 +5441,14 @@
- chromium-browser 34.0.1847.132-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1729 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, ...)
{DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1728 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-2905-1}
@@ -5357,14 +5503,14 @@
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1716 (Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype ...)
{DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1715 (Directory traversal vulnerability in Google Chrome before ...)
{DSA-2883-1}
@@ -5395,14 +5541,14 @@
- chromium-browser 33.0.1750.152-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1704 (Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, ...)
{DSA-2883-1}
- chromium-browser 33.0.1750.152-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1703 (Use-after-free vulnerability in the ...)
{DSA-2883-1}
@@ -5476,7 +5622,7 @@
NOTE: path disclosure not an issue
CVE-2014-1685 (The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and ...)
- zabbix 1:2.2.2+dfsg-1
- [squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-1684 (The ASF_ReadObject_file_properties function in ...)
- vlc 2.1.4-1 (unimportant; bug #743033)
NOTE: Crash in enduser application, no security impact
@@ -5484,7 +5630,7 @@
NOT-FOR-US: SkyBlueCanvas CMS
CVE-2014-1682 (The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x ...)
- zabbix 1:2.2.2+dfsg-1 (bug #737818)
- [squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://support.zabbix.com/browse/ZBX-7703
CVE-2014-1681 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-2811-1}
@@ -5652,11 +5798,11 @@
[squeeze] - mediawiki <end-of-life>
CVE-2014-1609 (Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow ...)
- mantis <removed>
- [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f
CVE-2014-1608 (SQL injection vulnerability in the mci_file_get function in ...)
- mantis <removed>
- [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102
CVE-2014-1607 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in the ...)
NOT-FOR-US: Drupal EventCalendar
@@ -6170,7 +6316,7 @@
RESERVED
CVE-2014-1453 (The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not ...)
- kfreebsd-8 <removed>
- [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
- kfreebsd-9 <unfixed> (bug #743984)
- kfreebsd-10 10.0-4
NOTE: kfreebsd-8 might be affected but NFS implementation isn't the one used there by default
@@ -6315,7 +6461,7 @@
CVE-2014-1447 (Race condition in the virNetServerClientStartKeepAlive function in ...)
{DSA-2846-1}
- libvirt 1.2.1-1 (bug #735676)
- [squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1047577
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef6c18bc1faf8b3e10787b39796a7a06cc0
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=173c2914734eb5c32df6d35a82bf503e12261bcf
@@ -6427,72 +6573,53 @@
RESERVED
CVE-2014-1347 (Apple iTunes before 11.2.1 on OS X sets world-writable permissions for ...)
NOT-FOR-US: Apple iTunes
-CVE-2014-1346
- RESERVED
+CVE-2014-1346 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1345
RESERVED
-CVE-2014-1344
- RESERVED
+CVE-2014-1344 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1343
- RESERVED
+CVE-2014-1343 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1342
- RESERVED
+CVE-2014-1342 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1341
- RESERVED
+CVE-2014-1341 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1340
RESERVED
-CVE-2014-1339
- RESERVED
+CVE-2014-1339 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1338
- RESERVED
+CVE-2014-1338 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1337
- RESERVED
+CVE-2014-1337 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1336
- RESERVED
+CVE-2014-1336 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1335
- RESERVED
+CVE-2014-1335 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1334
- RESERVED
+CVE-2014-1334 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1333
- RESERVED
+CVE-2014-1333 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1332
RESERVED
-CVE-2014-1331
- RESERVED
+CVE-2014-1331 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1330
- RESERVED
+CVE-2014-1330 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1329
- RESERVED
+CVE-2014-1329 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1328
RESERVED
-CVE-2014-1327
- RESERVED
+CVE-2014-1327 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1326
- RESERVED
+CVE-2014-1326 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1325
RESERVED
-CVE-2014-1324
- RESERVED
+CVE-2014-1324 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1323
- RESERVED
+CVE-2014-1323 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1322 (The kernel in Apple OS X through 10.9.2 places a kernel pointer into ...)
NOT-FOR-US: Apple
@@ -6944,8 +7071,8 @@
NOT-FOR-US: IBM
CVE-2014-0944 (Cross-site request forgery (CSRF) vulnerability in the RES Console in ...)
NOT-FOR-US: IBM
-CVE-2014-0943
- RESERVED
+CVE-2014-0943 (IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, ...)
+ TODO: check
CVE-2014-0942 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: IBM Netcool
CVE-2014-0941 (Cross-site scripting (XSS) vulnerability in ...)
@@ -7018,8 +7145,8 @@
NOT-FOR-US: IBM Business Process Manager
CVE-2014-0907
RESERVED
-CVE-2014-0906
- RESERVED
+CVE-2014-0906 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
+ TODO: check
CVE-2014-0905
RESERVED
CVE-2014-0904 (The update process in IBM Security AppScan Standard 7.9 through 8.8 ...)
@@ -7044,8 +7171,8 @@
NOT-FOR-US: IBM SPSS
CVE-2014-0894
RESERVED
-CVE-2014-0893
- RESERVED
+CVE-2014-0893 (Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM ...)
+ TODO: check
CVE-2014-0892 (IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 ...)
NOT-FOR-US: IBM
CVE-2014-0891
@@ -7074,8 +7201,7 @@
NOT-FOR-US: IBM SAN Volume Controller
CVE-2014-0879 (Stack-based buffer overflow in the Taskmaster Capture ActiveX control ...)
NOT-FOR-US: IBM Datacap Taskmaster Capture
-CVE-2014-0878
- RESERVED
+CVE-2014-0878 (The IBMSecureRandom component in the IBMJCE and IBMSecureRandom ...)
NOT-FOR-US: IBM JDK
CVE-2014-0877
RESERVED
@@ -7133,8 +7259,8 @@
RESERVED
CVE-2014-0850 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
NOT-FOR-US: IBM InfoSphere
-CVE-2014-0849
- RESERVED
+CVE-2014-0849 (IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud ...)
+ TODO: check
CVE-2014-0848 (The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server ...)
NOT-FOR-US: IBM Netezza Performance Portal
CVE-2014-0847
@@ -7181,10 +7307,10 @@
NOT-FOR-US: IBM InfoSphere
CVE-2014-0826
RESERVED
-CVE-2014-0825
- RESERVED
-CVE-2014-0824
- RESERVED
+CVE-2014-0825 (Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM ...)
+ TODO: check
+CVE-2014-0824 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
+ TODO: check
CVE-2014-0823 (IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0822 (The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x ...)
@@ -7261,7 +7387,7 @@
NOTE: initial patch: https://fisheye.codehaus.org/changelog/xstream?cs=2210
CVE-2013-7284 (The PlRPC module, possibly 0.2020 and earlier, for Perl uses the ...)
- libplrpc-perl <removed> (high; bug #734789)
- [squeeze] - libplrpc-perl <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libplrpc-perl <end-of-life> (Unsupported in squeeze-lts)
NOTE: Upstream appears dead.
CVE-2013-7273 (GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list ...)
- gdm3 3.8.3-1 (low; bug #683338)
@@ -7625,8 +7751,7 @@
RESERVED
CVE-2014-0640
RESERVED
-CVE-2014-0639
- RESERVED
+CVE-2014-0639 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...)
NOT-FOR-US: RSA Archer
CVE-2014-0638 (Cross-site scripting (XSS) vulnerability in RSA Adaptive ...)
NOT-FOR-US: RSA Adaptive Authentication
@@ -9494,8 +9619,7 @@
RESERVED
CVE-2014-0247
RESERVED
-CVE-2014-0246
- RESERVED
+CVE-2014-0246 (SOSreport stores the md5 hash of the GRUB bootloader password in an ...)
- sosreport <unfixed> (bug #749568)
CVE-2014-0245
RESERVED
@@ -9512,14 +9636,12 @@
NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/b0a149c1f5e569932325972e2e20176a42e43517
CVE-2014-0241
RESERVED
-CVE-2014-0240 [local privilege escalation when using daemon mode]
- RESERVED
+CVE-2014-0240 (The mod_wsgi module before 3.5 for Apache, when daemon mode is ...)
{DSA-2937-1}
- mod-wsgi 3.5-1 (bug #748910)
NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/d9d5fea585b23991f76532a9b07de7fcd3b649f4
NOTE: only when running with linux >= 2.6.0 and < 3.1.0
-CVE-2014-0239
- RESERVED
+CVE-2014-0239 (The internal DNS server in Samba 4.x before 4.0.18 does not check the ...)
- samba <unfixed>
- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
[squeeze] - samba <not-affected> (AD feature not present)
@@ -9561,15 +9683,15 @@
RESERVED
- qemu 2.0.0+dfsg-6
- qemu-kvm <removed>
- [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html
CVE-2014-0222 [qcow1: Validate L2 table size]
RESERVED
- qemu 2.0.0+dfsg-6
- qemu-kvm <removed>
- [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
CVE-2014-0221
RESERVED
@@ -9577,33 +9699,27 @@
RESERVED
CVE-2014-0219
RESERVED
-CVE-2014-0218
- RESERVED
+CVE-2014-0218 (Cross-site scripting (XSS) vulnerability in the URL downloader ...)
- moodle 2.6.3-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332
-CVE-2014-0217
- RESERVED
+CVE-2014-0217 (enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the ...)
- moodle 2.6.3-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45126
-CVE-2014-0216
- RESERVED
+CVE-2014-0216 (The My Home implementation in the block_html_pluginfile function in ...)
- moodle 2.6.3-1
[squeeze] - moodle <no-dsa> (Minor issue)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877
-CVE-2014-0215
- RESERVED
+CVE-2014-0215 (The blind-marking implementation in Moodle through 2.3.11, 2.4.x ...)
- moodle 2.6.3-1
[squeeze] - moodle <no-dsa> (Minor issue)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44750
-CVE-2014-0214
- RESERVED
+CVE-2014-0214 (login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x ...)
- moodle 2.6.3-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43119
-CVE-2014-0213
- RESERVED
+CVE-2014-0213 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- moodle 2.6.3-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44606
@@ -9639,14 +9755,11 @@
CVE-2014-0202
RESERVED
NOT-FOR-US: ovirt / RHEV
-CVE-2014-0201
- RESERVED
+CVE-2014-0201 (ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization ...)
NOT-FOR-US: ovirt / RHEV
-CVE-2014-0200
- RESERVED
+CVE-2014-0200 (The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) ...)
NOT-FOR-US: ovirt / RHEV
-CVE-2014-0199
- RESERVED
+CVE-2014-0199 (The setup script in ovirt-engine-reports, as used in the Red Hat ...)
NOT-FOR-US: ovirt / RHEV
CVE-2014-0198 (The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, ...)
{DSA-2931-1}
@@ -9697,8 +9810,8 @@
RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
- [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0181 (The Netlink implementation in the Linux kernel through 3.14.1 does not ...)
- linux <unfixed> (bug #746738)
- linux-2.6 <removed>
@@ -9708,15 +9821,13 @@
RESERVED
- libvirt 1.2.4-1 (unimportant)
NOTE: no ACL mechanism in squeeze and wheezy and all access is root-equivalent
-CVE-2014-0178
- RESERVED
+CVE-2014-0178 (Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before ...)
- samba <unfixed> (low)
[wheezy] - samba <no-dsa> (Minor issue)
[squeeze] - samba <not-affected> (Vulnerable code not present)
- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
NOTE: server packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
-CVE-2014-0177
- RESERVED
+CVE-2014-0177 (The am function in lib/hub/commands.rb in hub before 1.12.1 allows ...)
NOT-FOR-US: Github client
CVE-2014-0176
RESERVED
@@ -9809,38 +9920,38 @@
RESERVED
- qemu 2.0.0+dfsg-1 (bug #742730)
- qemu-kvm <removed>
- [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0146
RESERVED
- qemu 2.0.0+dfsg-1 (bug #742730)
- qemu-kvm <removed>
- [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0145
RESERVED
- qemu 2.0.0+dfsg-1 (bug #742730)
- qemu-kvm <removed>
- [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0144
RESERVED
- qemu 2.0.0+dfsg-1 (bug #742730)
- qemu-kvm <removed>
- [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0143
RESERVED
- qemu 2.0.0+dfsg-1 (bug #742730)
- qemu-kvm <removed>
- [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0142
RESERVED
- qemu 2.0.0+dfsg-1 (bug #742730)
- qemu-kvm <removed>
- [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0141
RESERVED
CVE-2014-0140
@@ -9898,7 +10009,7 @@
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656
CVE-2014-0126 (Cross-site request forgery (CSRF) vulnerability in ...)
- moodle 2.6.2-1
- [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146
CVE-2014-0125 (repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before ...)
- moodle 2.6.2-1
@@ -9910,7 +10021,7 @@
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43916
CVE-2014-0123 (The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x ...)
- moodle 2.6.2-1
- [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990
NOTE: squeeze version unaffected due to lack of fine-grained access control?
CVE-2014-0122 (mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, ...)
@@ -10054,7 +10165,7 @@
- ruby-actionpack-3.2 <removed>
- ruby-actionpack-2.3 <removed>
- rails 2.3.14.1
- [squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2014-0081 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
{DSA-2929-1}
@@ -10063,7 +10174,7 @@
- ruby-actionpack-3.2 <removed>
- ruby-actionpack-2.3 <removed>
- rails 2.3.14.1
- [squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2014-0080 (SQL injection vulnerability in ...)
- rails-4.0 <unfixed>
@@ -10683,7 +10794,7 @@
[wheezy] - yui <no-dsa> (Not backportable, doesn't build from source in oldstable/stable)
- yui3 <not-affected>
- moodle 2.5.3-1
- [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-6779
RESERVED
CVE-2013-6778
@@ -10757,8 +10868,8 @@
NOT-FOR-US: IBM Sametime
CVE-2013-6742 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x ...)
NOT-FOR-US: IBM Sametime
-CVE-2013-6741
- RESERVED
+CVE-2013-6741 (IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and ...)
+ TODO: check
CVE-2013-6740
RESERVED
CVE-2013-6739
@@ -10811,10 +10922,10 @@
RESERVED
CVE-2013-6715
RESERVED
-CVE-2013-6714
- RESERVED
-CVE-2013-6713
- RESERVED
+CVE-2013-6714 (The FlashCopy Manager for VMware component in IBM Tivoli Storage ...)
+ TODO: check
+CVE-2013-6713 (The Data Protection for VMware component in IBM Tivoli Storage Manager ...)
+ TODO: check
CVE-2013-6712 (The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...)
{DSA-2816-1}
- php5 5.5.6+dfsg-2 (bug #731112)
@@ -10926,7 +11037,7 @@
- chromium-browser 33.0.1750.152-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2013-6667 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-2883-1}
@@ -10995,14 +11106,14 @@
- chromium-browser 32.0.1700.123-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2013-6649 (Use-after-free vulnerability in the RenderSVGImage::paint function in ...)
{DSA-2862-1}
- chromium-browser 32.0.1700.123-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2013-6648
RESERVED
@@ -11033,21 +11144,21 @@
CVE-2013-6640 (The DehoistArrayIndex function in hydrogen-dehoist.cc (aka ...)
{DSA-2811-1}
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 3.14.5.8-5
- chromium-browser 31.0.1650.63-1
[squeeze] - chromium-browser <end-of-life>
CVE-2013-6639 (The DehoistArrayIndex function in hydrogen-dehoist.cc (aka ...)
{DSA-2811-1}
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 3.14.5.8-5
- chromium-browser 31.0.1650.63-1
[squeeze] - chromium-browser <end-of-life>
CVE-2013-6638 (Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, ...)
{DSA-2811-1}
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
- chromium-browser 31.0.1650.63-1
[squeeze] - chromium-browser <end-of-life>
@@ -11539,7 +11650,7 @@
CVE-2013-6458 (Multiple race conditions in the (1) virDomainBlockStats, (2) ...)
{DSA-2846-1}
- libvirt 1.2.1-1 (bug #734556)
- [squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://www.redhat.com/archives/libvir-list/2013-December/msg01202.html
NOTE: upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad
CVE-2013-6457 (The libxlDomainGetNumaParameters function in the libxl driver ...)
@@ -12096,7 +12207,7 @@
NOT-FOR-US: Financial Services module for SAP ERP Central Component
CVE-2013-6283 (VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to ...)
- vlc 2.1.0-2
- [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: User-assisted DoS for X session (freezes window manager) in 2.0.3-5
NOTE: Potential code execution
CVE-2013-6282 (The (1) get_user and (2) put_user API functions in the Linux kernel ...)
@@ -13438,7 +13549,7 @@
{DSA-2769-1}
- kfreebsd-9 9.2~svn255465-1 (bug #722337)
- kfreebsd-8 <removed>
- [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
[wheezy] - kfreebsd-8 8.3-6+deb7u1
CVE-2013-5709 (The authentication implementation in the web server on Siemens ...)
NOT-FOR-US: Siemens SCALANCE X-200
@@ -13486,7 +13597,7 @@
{DSA-2769-1}
- kfreebsd-9 9.2~svn255465-1 (bug #722338)
- kfreebsd-8 <removed>
- [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
[wheezy] - kfreebsd-8 8.3-6+deb7u1
CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...)
- open-xchange <itp> (bug #269329)
@@ -14171,18 +14282,18 @@
RESERVED
CVE-2013-5466 (The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the ...)
NOT-FOR-US: IBM DB2 and DB2 Connect
-CVE-2013-5465
- RESERVED
-CVE-2013-5464
- RESERVED
+CVE-2013-5465 (IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, ...)
+ TODO: check
+CVE-2013-5464 (IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 ...)
+ TODO: check
CVE-2013-5463 (The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 ...)
NOT-FOR-US: IBM Security QRadar SIEM
CVE-2013-5462 (IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM ...)
NOT-FOR-US: IBM
CVE-2013-5461
RESERVED
-CVE-2013-5460
- RESERVED
+CVE-2013-5460 (IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control ...)
+ TODO: check
CVE-2013-5459 (Unspecified vulnerability in IBM Rational Software Architect (RSA) ...)
NOT-FOR-US: IBM
CVE-2013-5458 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows ...)
@@ -14483,7 +14594,7 @@
NOT-FOR-US: Drupal module
CVE-2013-5314 (Cross-site scripting (XSS) vulnerability in ...)
- serendipity <removed>
- [squeeze] - serendipity <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - serendipity <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-5310 (SQL injection vulnerability in the DB Integration (wfqbe) extension ...)
NOT-FOR-US: TYPO3 extension
CVE-2013-5309 (Cross-site scripting (XSS) vulnerability in ...)
@@ -14694,7 +14805,7 @@
{DSA-2743-1}
- kfreebsd-8 <removed> (bug #720476)
[wheezy] - kfreebsd-8 8.3-6+deb7u1
- [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
- kfreebsd-9 9.2~svn254368-2 (bug #720475)
- kfreebsd-10 10.0~svn254663-1 (bug #720478)
CVE-2013-5208 (HR Systems Strategies info:HR HRIS 7.9 does not properly protect the ...)
@@ -15047,8 +15158,8 @@
NOT-FOR-US: HOT HOTBOX router
CVE-2013-5037 (The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of ...)
NOT-FOR-US: HOT HOTBOX router
-CVE-2013-5036
- RESERVED
+CVE-2013-5036 (The Square Squash allows remote attackers to execute arbitrary code ...)
+ TODO: check
CVE-2013-5035 (Multiple race conditions in HtmlCleaner before 2.6, as used in ...)
- open-xchange <itp> (bug #269329)
CVE-2013-5034 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before ...)
@@ -16070,8 +16181,8 @@
NOT-FOR-US: Alkacon OpenCms
CVE-2013-4599
RESERVED
-CVE-2013-4598
- RESERVED
+CVE-2013-4598 (The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for ...)
+ TODO: check
CVE-2013-4597
RESERVED
CVE-2013-4596
@@ -16222,7 +16333,7 @@
- xen <not-affected> (Doesn't affect Linux)
CVE-2013-4553 (The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x ...)
- xen <unfixed>
- [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4552 (lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for ...)
NOT-FOR-US: drupalauth module for simpleSAMLphp
CVE-2013-4551 (Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not ...)
@@ -16402,7 +16513,7 @@
[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4523 (Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle ...)
- moodle 2.5.3-1
- [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4522 (lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x ...)
- moodle 2.5.3-1 (low)
[squeeze] - moodle <not-affected> (Vulnerable code not present)
@@ -16517,7 +16628,7 @@
- torque 2.4.16+dfsg-1.3 (bug #729333)
CVE-2013-4494 (Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock ...)
- xen <unfixed>
- [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4493
RESERVED
CVE-2013-4492 (Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n ...)
@@ -16874,7 +16985,7 @@
NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-4388 (Buffer overflow in the mp4a packetizer ...)
- vlc 2.1.0-1 (bug #726528)
- [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not ...)
- linux-2.6 <removed>
@@ -16943,7 +17054,7 @@
[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
CVE-2013-4368 (The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and ...)
- xen <unfixed>
- [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4367
RESERVED
NOT-FOR-US: ovirt
@@ -16966,7 +17077,7 @@
NOTE: http://savannah.nongnu.org/bugs/?40034
CVE-2013-4361 (The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use ...)
- xen <unfixed>
- [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4360
RESERVED
CVE-2013-4359 (Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 ...)
@@ -16987,7 +17098,7 @@
[squeeze] - xen <not-affected> (Only affects 4.3+)
CVE-2013-4355 (Xen 4.3.x and earlier does not properly handle certain errors, which ...)
- xen <unfixed>
- [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4354 (The API before 2.1 in OpenStack Image Registry and Delivery Service ...)
- glance <unfixed> (unimportant)
NOTE: https://bugs.launchpad.net/glance/+bug/1226078
@@ -17033,7 +17144,7 @@
CVE-2013-4344 (Buffer overflow in the SCSI implementation in QEMU, as used in Xen, ...)
{DSA-2933-1 DSA-2932-1}
- xen 4.2-1
- [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
- qemu 1.6.0+dfsg-2 (unimportant; bug #725944)
- qemu-kvm <removed> (unimportant)
- xen-qemu-dm-4.0 <removed>
@@ -17051,7 +17162,7 @@
[squeeze] - xinetd <no-dsa> (Minor issue)
CVE-2013-4341 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle through ...)
- moodle 2.5.2-1
- [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4340 (wp-admin/includes/post.php in WordPress before 3.6.1 allows remote ...)
{DSA-2757-1}
- wordpress 3.6.1+dfsg-1 (bug #722537)
@@ -17450,8 +17561,7 @@
CVE-2013-4224
RESERVED
NOTE: Dublicate of CVE-2013-4187, thus rejected
-CVE-2013-4223 [nullmailer world readable /etc/nullmailer/remotes]
- RESERVED
+CVE-2013-4223 (The Gentoo Nullmailer package before 1.11-r2 uses world-readable ...)
- nullmailer 1:1.11-2 (low; bug #684619)
[squeeze] - nullmailer <no-dsa> (Minor issue)
NOTE: CVE request originally for /etc/nullmailer/remotes permissions in gentoo, but Debian
@@ -17581,11 +17691,9 @@
- nova 2013.1.3-1
[wheezy] - nova <not-affected> (Vulnerable code not present)
NOTE: CVE for incomplete fix applied for CVE-2013-1664
-CVE-2013-4178
- RESERVED
+CVE-2013-4178 (The Google Authenticator login module 6.x-1.x before 6.x-1.2 and ...)
NOT-FOR-US: GA Login Drupal contributed module
-CVE-2013-4177
- RESERVED
+CVE-2013-4177 (The Google Authenticator login module 6.x-1.x before 6.x-1.2 and ...)
NOT-FOR-US: GA Login Drupal contributed module
CVE-2013-4176 [information disclosure]
RESERVED
@@ -18088,8 +18196,8 @@
NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4017 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 before ...)
NOT-FOR-US: IBM Maximo Asset Management
-CVE-2013-4016
- RESERVED
+CVE-2013-4016 (SQL injection vulnerability in IBM Maximo Asset Management 7.x before ...)
+ TODO: check
CVE-2013-4015 (Microsoft Internet Explorer 6 through 10 allows local users to bypass ...)
NOT-FOR-US: MS IE
CVE-2013-4014 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
@@ -18153,26 +18261,26 @@
NOT-FOR-US: IBM
CVE-2013-3985 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...)
NOT-FOR-US: IBM
-CVE-2013-3984
- RESERVED
+CVE-2013-3984 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
+ TODO: check
CVE-2013-3983 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x ...)
NOT-FOR-US: IBM Sametime
-CVE-2013-3982
- RESERVED
-CVE-2013-3981
- RESERVED
-CVE-2013-3980
- RESERVED
+CVE-2013-3982 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
+ TODO: check
+CVE-2013-3981 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
+ TODO: check
+CVE-2013-3980 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
+ TODO: check
CVE-2013-3979 (Multiple cross-site scripting (XSS) vulnerabilities in the help pages ...)
NOT-FOR-US: IBM Cognos Command Center
CVE-2013-3978 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x ...)
NOT-FOR-US: IBM Sametime
-CVE-2013-3977
- RESERVED
+CVE-2013-3977 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
+ TODO: check
CVE-2013-3976 (The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and ...)
NOT-FOR-US: IBM Tivoli
-CVE-2013-3975
- RESERVED
+CVE-2013-3975 (Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x ...)
+ TODO: check
CVE-2013-3974
RESERVED
CVE-2013-3973 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 before ...)
@@ -18969,7 +19077,7 @@
NOT-FOR-US: NAS4Free
CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators to ...)
- moodle <unfixed>
- [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://tracker.moodle.org/browse/MDL-41449
NOTE: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
TODO: check, bug is currently private
@@ -19312,8 +19420,8 @@
NOT-FOR-US: WordPress plugin ShareThis
CVE-2013-3478 (SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, ...)
NOT-FOR-US: Apptha WordPress Video Gallery
-CVE-2013-3477
- RESERVED
+CVE-2013-3477 (Cross-site request forgery (CSRF) vulnerability in the Related Posts ...)
+ TODO: check
CVE-2013-3476
RESERVED
CVE-2013-3475 (Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 ...)
@@ -20187,7 +20295,7 @@
{DSA-2743-1}
- kfreebsd-8 <removed> (bug #720470)
[wheezy] - kfreebsd-8 8.3-6+deb7u1
- [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
- kfreebsd-9 9.2~svn254368-2 (bug #720468)
- kfreebsd-10 10.0~svn254663-1 (bug #720471)
CVE-2013-3076 (The crypto API in the Linux kernel through 3.9-rc8 does not initialize ...)
@@ -20252,8 +20360,8 @@
NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3047 (IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 ...)
NOT-FOR-US: IBM Maximo Asset Management
-CVE-2013-3046
- RESERVED
+CVE-2013-3046 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
+ TODO: check
CVE-2013-3045 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...)
NOT-FOR-US: IBM
CVE-2013-3044 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...)
@@ -20348,8 +20456,8 @@
RESERVED
CVE-2013-2999
RESERVED
-CVE-2013-2998
- RESERVED
+CVE-2013-2998 (frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 ...)
+ TODO: check
CVE-2013-2997 (IBM Security AppScan Enterprise before 8.7 does not invalidate the ...)
NOT-FOR-US: IBM
CVE-2013-2996
@@ -20539,7 +20647,7 @@
- chromium-browser 30.0.1599.101-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <unfixed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2013-2918 (Use-after-free vulnerability in the ...)
{DSA-2785-1}
@@ -20692,7 +20800,7 @@
- chromium-browser 28.0.1500.95-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2013-2881 (Google Chrome before 28.0.1500.95 does not properly handle frames, ...)
{DSA-2732-1}
@@ -20863,7 +20971,7 @@
- chromium-browser 27.0.1453.93-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2013-2837 (Use-after-free vulnerability in the SVG implementation in Google ...)
{DSA-2695-1}
@@ -21034,13 +21142,11 @@
NOT-FOR-US: Groovy Media Player
CVE-2013-2759
RESERVED
-CVE-2013-2758
- RESERVED
+CVE-2013-2758 (Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform ...)
NOT-FOR-US: CloudStack
-CVE-2013-2757
- RESERVED
-CVE-2013-2756
- RESERVED
+CVE-2013-2757 (Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 ...)
+ TODO: check
+CVE-2013-2756 (Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform ...)
NOT-FOR-US: CloudStack
CVE-2013-2755
RESERVED
@@ -21140,10 +21246,10 @@
NOT-FOR-US: Drupal module search_api
CVE-2013-2714
RESERVED
-CVE-2013-2713
- RESERVED
-CVE-2013-2712
- RESERVED
+CVE-2013-2713 (Cross-site request forgery (CSRF) vulnerability in users_maint.html in ...)
+ TODO: check
+CVE-2013-2712 (Cross-site scripting (XSS) vulnerability in services/get_article.php ...)
+ TODO: check
CVE-2013-2711
RESERVED
CVE-2013-2710
@@ -21170,8 +21276,8 @@
NOT-FOR-US: WordPress plugin WP125
CVE-2013-2699 (Cross-site request forgery (CSRF) vulnerability in the ...)
NOT-FOR-US: WordPress plugin underConstruction
-CVE-2013-2698
- RESERVED
+CVE-2013-2698 (Cross-site request forgery (CSRF) vulnerability in the Calendar plugin ...)
+ TODO: check
CVE-2013-2697 (Cross-site request forgery (CSRF) vulnerability in the ...)
NOT-FOR-US: Wordpress plugin Downloadmanager
CVE-2013-2696 (Cross-site request forgery (CSRF) vulnerability in the All in One ...)
@@ -21312,7 +21418,7 @@
- piwik <itp> (bug #506933)
CVE-2013-2632 (Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, ...)
- libv8 <removed>
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2013-2631
RESERVED
@@ -22471,8 +22577,7 @@
CVE-2013-2226 (Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow ...)
- glpi 0.83.91-1 (bug #714720; unimportant)
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2013-2225
- RESERVED
+CVE-2013-2225 (inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote ...)
- glpi 0.83.91-1 (bug #714720; unimportant)
NOTE: Only supported behind an authenticated HTTP zone
CVE-2013-2224 (A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat ...)
@@ -22573,15 +22678,14 @@
NOT-FOR-US: Login Security Drupal contributed module
CVE-2013-2196 (Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen ...)
- xen 4.3.0-1
- [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-2195 (The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest ...)
- xen 4.3.0-1
- [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-2194 (Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and ...)
- xen 4.3.0-1
- [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
-CVE-2013-2193 [Apache HBase Man in the Middle Vulnerability]
- RESERVED
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
+CVE-2013-2193 (Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the ...)
NOT-FOR-US: Apache HBase
NOTE: There was the package in unstable, but never in a release, see #630821
CVE-2013-2192 (The RPC protocol implementation in Apache Hadoop 2.x before ...)
@@ -22816,12 +22920,10 @@
[squeeze] - kdegraphics <not-affected> (embedded version of kdcraw+libraw too old)
NOTE: http://www.openwall.com/lists/oss-security/2013/05/28/3
NOTE: https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6
-CVE-2013-2125 [DoS in TLS Support]
- RESERVED
+CVE-2013-2125 (OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which ...)
- opensmtpd 5.3.3p1-1
NOTE: http://www.openwall.com/lists/oss-security/2013/05/18/8
-CVE-2013-2124 [libguestfs: DoS due to a double-free when inspecting certain guest files]
- RESERVED
+CVE-2013-2124 (Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before ...)
- libguestfs 1:1.20.8-1 (bug #710290)
[wheezy] - libguestfs <not-affected> (Vulnerable code not present)
NOTE: Introduced with commit https://github.com/libguestfs/libguestfs/commit/5a3da366268825b26b470cde35658b67c1d11cd4
@@ -22861,8 +22963,7 @@
{DSA-2703-1}
- subversion 1.7.9-1+nmu2 (bug #711033)
NOTE: http://subversion.apache.org/security/CVE-2013-2112-advisory.txt
-CVE-2013-2111 [DoS (daemon hang) when parsing invalid IMAP APPEND command parameters]
- RESERVED
+CVE-2013-2111 (The IMAP functionality in Dovecot before 2.2.2 allows remote attackers ...)
- dovecot <not-affected> (vulnerable code appeared in 2.2)
[squeeze] - dovecot <not-affected> (vulnerable code appeared in 2.2)
[wheezy] - dovecot <not-affected> (vulnerable code appeared in 2.2)
@@ -22878,8 +22979,7 @@
CVE-2013-2108
RESERVED
NOT-FOR-US: WordPress plugin wp-cleanfix
-CVE-2013-2107
- RESERVED
+CVE-2013-2107 (Cross-site request forgery (CSRF) vulnerability in the Mail On Update ...)
NOT-FOR-US: WordPress plugin mail-on-update
CVE-2013-2106 [Authentication credential disclosure]
RESERVED
@@ -22949,8 +23049,7 @@
CVE-2013-2091
RESERVED
- dolibarr 3.3.4-1
-CVE-2013-2090 [Remote command Injection]
- RESERVED
+CVE-2013-2090 (The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche ...)
NOT-FOR-US: Creme Fraiche Ruby Gem
CVE-2013-2089 (Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows ...)
- owncloud <not-affected> (Only affects 5.0.x)
@@ -22990,11 +23089,11 @@
NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00000.html
CVE-2013-2077 (Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of ...)
- xen 4.2.2-1
- [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00001.html
CVE-2013-2076 (Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only ...)
- xen 4.2.2-1
- [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
CVE-2013-2075
RESERVED
@@ -23397,7 +23496,7 @@
NOT-FOR-US: Easy PHP Calendar
CVE-2013-1954 (The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player ...)
- vlc 2.0.6-1 (bug #705136)
- [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.videolan.org/security/sa1302.html
CVE-2013-1953 (Integer underflow in the input_bmp_reader function in input-bmp.c in ...)
- autotrace <unfixed> (low; bug #742873)
@@ -23637,8 +23736,7 @@
[squeeze] - subversion <not-affected> (Subversion HTTPD servers 1.7.0 through 1.7.8 (inclusive))
NOTE: http://bugs.debian.org/704940#32
NOTE: http://subversion.apache.org/security/CVE-2013-1884-advisory.txt
-CVE-2013-1883 [mantis: remote DoS]
- RESERVED
+CVE-2013-1883 (Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote ...)
- mantis <not-affected> (only affects 1.2.12 to 1.2.14)
NOTE: http://www.openwall.com/lists/oss-security/2013/03/21/3
CVE-2013-1882
@@ -23681,7 +23779,7 @@
NOT-FOR-US: Red Hat Satellite
CVE-2013-1868 (Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and ...)
- vlc 2.0.5-1
- [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.videolan.org/security/sa1301.html
CVE-2013-1867
RESERVED
@@ -23690,8 +23788,7 @@
CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform ...)
- keystone <not-affected> (only affects folsom)
NOTE: fixed in experimental with keystone/2012.2.3-2
-CVE-2013-1864 [Ekiga billion laughs flaw in ptlib]
- RESERVED
+CVE-2013-1864 (The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga ...)
NOTE: http://www.openwall.com/lists/oss-security/2013/03/15/6
- ekiga <unfixed> (low; bug #704133)
[wheezy] - ekiga <no-dsa> (Minor issue)
@@ -24561,8 +24658,8 @@
- iceweasel <not-affected> (Only affects Firefox 20)
- icedove <not-affected> (Only affects Firefox 20)
- iceape <not-affected> (Only affects Firefox 20)
-CVE-2013-1668
- RESERVED
+CVE-2013-1668 (The uploadFile function in upload/index.php in CosCMS before 1.822 ...)
+ TODO: check
CVE-2013-1667 (The rehash mechanism in Perl 5.8.2 through 5.16.x allows ...)
{DSA-2641-1}
- perl 5.14.2-19 (bug #702296)
@@ -25223,7 +25320,7 @@
- python-django 1.5.4-1 (bug #723043)
CVE-2013-1442 (Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not ...)
- xen <unfixed>
- [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
TODO: check, see NOTE
NOTE: advisory say: In Xen 4.0.2 through 4.0.4 as well as in Xen 4.1.x XSAVE support is disabled by default
CVE-2013-1441 (econvert in ExactImage 0.8.9 and earlier does not properly initialize ...)
@@ -25285,7 +25382,7 @@
RESERVED
CVE-2013-1432 (Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not ...)
- xen 4.3.0-1
- [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
NOTE: All Xen versions having the XSA-45/CVE-2013-1918 fixes applied are vulnerable
CVE-2013-1431 (The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before ...)
{DSA-2702-1}
@@ -25855,8 +25952,7 @@
NOT-FOR-US: Cisco
CVE-2013-1192 (The JAR files on Cisco Device Manager for Cisco MDS 9000 devices ...)
NOT-FOR-US: Cisco Device Manager
-CVE-2013-1191
- RESERVED
+CVE-2013-1191 (Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local ...)
NOT-FOR-US: Cisco
CVE-2013-1190 (The C-Series Rack Server component 1.4 in Cisco Unified Computing ...)
NOT-FOR-US: Cisco
@@ -27210,8 +27306,8 @@
NOT-FOR-US: ERDAS ER Viewer
CVE-2013-0725
RESERVED
-CVE-2013-0724
- RESERVED
+CVE-2013-0724 (PHP remote file inclusion vulnerability in includes/generate-pdf.php ...)
+ TODO: check
CVE-2013-0723 (Multiple heap-based buffer overflows in etxrw.dll in Kingsoft ...)
NOT-FOR-US: Kingsoft Spreadsheets
CVE-2013-0722 (Stack-based buffer overflow in the scan_load_hosts function in ...)
@@ -27351,8 +27447,8 @@
RESERVED
CVE-2012-6454
RESERVED
-CVE-2012-6452
- RESERVED
+CVE-2012-6452 (Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway ...)
+ TODO: check
CVE-2012-6451
RESERVED
CVE-2012-6450
@@ -28553,8 +28649,7 @@
CVE-2013-0290 (The __skb_recv_datagram function in net/core/datagram.c in the Linux ...)
- linux <not-affected> (Introduced in 3.4, fixed in 3.8)
- linux-2.6 <not-affected> (Introduced in 3.4)
-CVE-2013-0289 [missing SSL subject verification]
- RESERVED
+CVE-2013-0289 (Isync 0.4 before 1.0.6, does not verify that the server hostname ...)
- isync 1.0.4-2.2 (low; bug #701052)
[squeeze] - isync <no-dsa> (Minor issue)
NOTE: http://isync.git.sourceforge.net/git/gitweb.cgi?p=isync/isync;a=patch;h=914ede18664980925628a9ed2a73ad05f85aeedb
@@ -28850,8 +28945,7 @@
{DSA-2829-1}
- hplip 3.12.6-3.1 (low; bug #701185)
[squeeze] - hplip <no-dsa> (Minor issue)
-CVE-2013-0199
- RESERVED
+CVE-2013-0199 (The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict ...)
NOT-FOR-US: FreeIPA
CVE-2013-0198 (Dnsmasq before 2.66test2, when used with certain libvirt ...)
- dnsmasq 2.66-1 (low)
@@ -31090,8 +31184,7 @@
RESERVED
NOT-FOR-US: Isearch
NOTE: http://www.openwall.com/lists/oss-security/2012/12/21/1
-CVE-2012-5662
- RESERVED
+CVE-2012-5662 (x3270 before 3.3.12ga12 does not verify that the server hostname ...)
- ibm-3270 <unfixed> (bug #706547)
[wheezy] - ibm-3270 <no-dsa> (Non-free not supported)
[squeeze] - ibm-3270 <no-dsa> (Non-free not supported)
@@ -31134,8 +31227,7 @@
CVE-2012-5650 (Cross-site scripting (XSS) vulnerability in the Futon UI in Apache ...)
- couchdb 1.2.0-5 (bug #698439)
[squeeze] - couchdb <end-of-life> (Unsupported in squeeze-lts)
-CVE-2012-5649 [JSONP arbitrary code execution with Adobe Flash]
- RESERVED
+CVE-2012-5649 (Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before ...)
- couchdb 1.2.0-5 (bug #698439)
[squeeze] - couchdb <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-5648 (Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow ...)
@@ -33018,8 +33110,8 @@
NOT-FOR-US: The TripAdvisor app 6.6 for iOS
CVE-2012-4916
RESERVED
-CVE-2012-4915
- RESERVED
+CVE-2012-4915 (Directory traversal vulnerability in the Google Doc Embedder plugin ...)
+ TODO: check
CVE-2012-4914 (Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows ...)
NOT-FOR-US: CoolPDF
CVE-2012-4913
@@ -34576,7 +34668,7 @@
- smarty3 3.1.10-2 (bug #688153)
- smarty <removed> (bug #702710)
[squeeze] - smarty 2.6.26-0.2+squeeze1
- [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.openwall.com/lists/oss-security/2012/09/19/1
NOTE: http://secunia.com/advisories/50589/
NOTE: http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt
@@ -35043,8 +35135,8 @@
CVE-2012-4277 (Cross-site scripting (XSS) vulnerability in the ...)
- smarty3 3.1.10-1
- smarty <removed> (low)
- [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-4276 (Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 ...)
NOT-FOR-US: Hitachi IT Operations Director
CVE-2012-4275 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations ...)
@@ -37406,7 +37498,7 @@
- at-spi2-atk 2.5.3-1 (bug #678026)
CVE-2012-3377 (Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG ...)
- vlc 2.0.2-1 (bug #680665)
- [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
NOTE: http://securitytracker.com/id/1027224
CVE-2012-3376 (DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens ...)
@@ -37543,8 +37635,8 @@
RESERVED
CVE-2012-3334 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 ...)
NOT-FOR-US: IBM Informix Dynamic Server
-CVE-2012-3333
- RESERVED
+CVE-2012-3333 (CRLF injection vulnerability in IBM Maximo Asset Management 7.x before ...)
+ TODO: check
CVE-2012-3332
RESERVED
CVE-2012-3331
@@ -41463,10 +41555,10 @@
NOT-FOR-US: F5 Firepass
CVE-2012-1776 (Multiple heap-based buffer overflows in VideoLAN VLC media player ...)
- vlc 2.0.1-1 (low)
- [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-1775 (Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 ...)
- vlc 2.0.1-1 (low)
- [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-5083 (Unrestricted file upload vulnerability in inc/swf/swfupload.swf in ...)
- dotclear 2.5+dfsg-1 (low; bug #670227)
NOTE: Post-authentication; vulnerability is actually in admin/media.php.
@@ -43455,8 +43547,7 @@
CVE-2012-0944 (Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does ...)
- aptdaemon 0.43+bzr790-1
[squeeze] - aptdaemon <not-affected> (Vulnerable code not present)
-CVE-2012-0943
- RESERVED
+CVE-2012-0943 (debian/guest-account in Light Display Manager (lightdm) 1.0.x before ...)
- lightdm <not-affected> (Ubuntu-specific script)
CVE-2012-0942 (Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix ...)
NOT-FOR-US: RealNetworks Helix
@@ -45358,7 +45449,7 @@
NOT-FOR-US: hitAppoint (not in Debian)
CVE-2011-5037 (Google V8 computes hash values for form parameters without restricting ...)
- libv8 3.6.6.14-2 (bug #653962)
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...)
{DSA-2783-1}
- ruby-rack 1.4.0-1 (bug #653963)
@@ -46877,7 +46968,7 @@
NOTE: a DoS that requires being able to do recursive queries. Allowing recursive queries to the general public is already a security issue to begin with, so this issue can better be addressed in a point update.
CVE-2012-0023 (Double free vulnerability in the get_chunk_header function in ...)
- vlc 1.1.13-1
- [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-0022 (Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before ...)
{DSA-2401-1}
- tomcat5 <removed>
@@ -50623,7 +50714,7 @@
- cyrus-imapd-2.2 <unfixed>
- cyrus-imapd-2.4 2.4.11-1
- kolab-cyrus-imapd <removed>
- [squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3480
RESERVED
CVE-2011-3479 (Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite ...)
@@ -50951,7 +51042,7 @@
- cyrus-imapd-2.2 2.4.11-1 (medium)
- cyrus-imapd-2.4 2.4.11-1 (medium)
- kolab-cyrus-imapd <removed> (medium)
- [squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: PunBB
CVE-2011-3370
@@ -51372,7 +51463,7 @@
- cyrus-imapd-2.2 2.4.11-1 (medium)
- cyrus-imapd-2.4 2.4.11-1 (medium)
- kolab-cyrus-imapd <removed> (medium)
- [squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3207 (crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not ...)
- openssl 1.0.0e-1
[squeeze] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d)
@@ -51681,7 +51772,7 @@
[squeeze] - chromium-browser <end-of-life>
CVE-2011-3111 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...)
- libv8 3.8.9.20-2 (bug #687574)
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3110 (The PDF functionality in Google Chrome before 19.0.1084.52 allows ...)
- chromium-browser <not-affected> (PDF functionality not built)
[squeeze] - chromium-browser <end-of-life>
@@ -51844,7 +51935,7 @@
[squeeze] - chromium-browser <end-of-life>
CVE-2011-3057 (Google V8, as used in Google Chrome before 17.0.963.83, allows remote ...)
- libv8 3.8.9.20-1 (bug #687574)
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://code.google.com/p/chromium/issues/detail?id=117794
NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-3056 (Google Chrome before 17.0.963.83 allows remote attackers to bypass the ...)
@@ -52462,7 +52553,7 @@
CVE-2011-2881 (Google Chrome before 14.0.835.202 does not properly handle Google V8 ...)
- chromium-browser <not-affected> (chromium uses libv8 system copy)
- libv8 3.8.9.20-1 (bug #687574)
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://code.google.com/p/chromium/issues/detail?id=97784
NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-2880 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 ...)
@@ -52490,7 +52581,7 @@
[squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (libv8 issue)
- libv8 3.8.9.20-1 (bug #687574)
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://code.google.com/p/chromium/issues/detail?id=95920
NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-2874 (Google Chrome before 14.0.835.163 does not perform an expected pin ...)
@@ -52556,7 +52647,7 @@
[squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
- webkit <not-affected>
- libv8 3.4.14.21-1
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2855 (Google Chrome before 14.0.835.163 does not properly handle Cascading ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
@@ -52574,7 +52665,7 @@
[squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
- webkit <not-affected>
- libv8 3.4.14.21-1
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2851 (Google Chrome before 14.0.835.163 does not properly handle video, ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
@@ -53372,10 +53463,10 @@
NOT-FOR-US: UUSee 201
CVE-2011-2588 (Heap-based buffer overflow in the AVI_ChunkRead_strf function in ...)
- vlc 1.1.11-1 (bug #633675)
- [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2587 (Heap-based buffer overflow in the DemuxAudioSipr function in real.c in ...)
- vlc 1.1.11-1 (bug #633674)
- [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2586 (The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote ...)
NOT-FOR-US: Cisco IOS
CVE-2011-2585 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows ...)
@@ -54041,7 +54132,7 @@
NOTE: http://trac.webkit.org/changeset/88456
CVE-2011-2348 (Google V8, as used in Google Chrome before 12.0.742.112, performs an ...)
- libv8 3.4.14-1
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
NOTE: Fixed in V8 bleeding edge r8230, 3.2.10.17 and 3.3.10.9.
CVE-2011-2347 (Google Chrome before 12.0.742.112 does not properly handle Cascading ...)
- chromium-browser 12.0.742.112~r90304-1
@@ -54467,7 +54558,7 @@
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <end-of-life>
- libv8 3.4.14-1
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
NOTE: execScript removed in libv8 3.2 branch
CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VideoLAN VLC media ...)
{DSA-2257-1}
@@ -57010,10 +57101,10 @@
RESERVED
CVE-2011-1286 (Google V8, as used in Google Chrome before 10.0.648.127, allows remote ...)
- libv8 3.1.8.10-1 (bug #617418)
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1285 (The regular-expression functionality in Google Chrome before ...)
- libv8 3.1.8.10-1 (bug #617418)
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1284 (Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) ...)
NOT-FOR-US: MS Windows
CVE-2011-1283 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 ...)
@@ -57249,7 +57340,7 @@
NOTE: popup blocker bypass not treated as a security issue
CVE-2011-1193 (Google V8, as used in Google Chrome before 10.0.648.127, allows remote ...)
- libv8 3.1.8.10-1 (bug #617418)
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1192 (Google Chrome before 10.0.648.127 on Linux does not properly handle ...)
- chromium-browser 10.0.648.127~r76697-1
[squeeze] - chromium-browser <not-affected>
@@ -57279,7 +57370,7 @@
NOTE: http://trac.webkit.org/changeset/77142
CVE-2011-1187 (Google Chrome before 10.0.648.127 allows remote attackers to bypass ...)
- libv8 3.1.8.10-1 (bug #617418)
- [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- icedove 17.0.2-1 (low)
[wheezy] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
@@ -57849,8 +57940,8 @@
RESERVED
- smarty3 3.0.8-1
- smarty <removed>
- [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1027 (Off-by-one error in the convert_query_hexchar function in html.c in ...)
NOT-FOR-US: cgit
CVE-2011-1026 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache ...)
@@ -58634,45 +58725,45 @@
CVE-2010-4727 (Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> ...)
- smarty3 3.0~rc1-1
- smarty <removed>
- [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4726 (Unspecified vulnerability in the math plugin in Smarty before 3.0.0 ...)
- smarty3 3.0.8-1
- smarty <removed>
- [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4725 (Smarty before 3.0.0 RC3 does not properly handle an on value of the ...)
- smarty3 3.0.8-1
- smarty <removed>
- [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4724 (Multiple unspecified vulnerabilities in the parser implementation in ...)
- smarty3 3.0.8-1
- smarty <removed>
- [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4723 (Smarty before 3.0.0, when security is enabled, does not prevent access ...)
- smarty3 3.0.8-1
- smarty <removed>
- [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4722 (Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 ...)
- smarty3 3.0.8-1
- smarty <removed>
- [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
- [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2009-5054 (Smarty before 3.0.0 beta 4 does not consider the umask value when ...)
- smarty3 3.0~rc1-1
- smarty <removed>
- [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2009-5053 (Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote ...)
- smarty3 3.0~rc1-1
- smarty <removed>
- [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2009-5052 (Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 ...)
- smarty3 3.0~rc1-1
- smarty <removed>
- [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-0758 (The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager ...)
NOT-FOR-US: CA ETrust
CVE-2011-0757 (IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, ...)
More information about the Secure-testing-commits
mailing list