[Secure-testing-commits] r29694 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Mon Oct 27 21:14:15 UTC 2014
Author: joeyh
Date: 2014-10-27 21:14:15 +0000 (Mon, 27 Oct 2014)
New Revision: 29694
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-27 18:55:48 UTC (rev 29693)
+++ data/CVE/list 2014-10-27 21:14:15 UTC (rev 29694)
@@ -1,3 +1,37 @@
+CVE-2014-8489
+ RESERVED
+CVE-2014-8488
+ RESERVED
+CVE-2014-8487
+ RESERVED
+CVE-2014-8486
+ RESERVED
+CVE-2014-8482
+ RESERVED
+CVE-2014-8479
+ RESERVED
+CVE-2014-8478
+ RESERVED
+CVE-2014-8477
+ RESERVED
+CVE-2014-8476
+ RESERVED
+CVE-2014-8475
+ RESERVED
+CVE-2014-8474
+ RESERVED
+CVE-2014-8473
+ RESERVED
+CVE-2014-8472
+ RESERVED
+CVE-2014-8471
+ RESERVED
+CVE-2014-8470
+ RESERVED
+CVE-2014-8469
+ RESERVED
+CVE-2013-7408 (F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session ...)
+ TODO: check
CVE-2014-XXXX [unsafe use of flag file in /tmp]
- kexec-tools <unfixed> (bug #766772)
[wheezy] - kexec-tools <no-dsa> (Minor issue)
@@ -9,27 +43,32 @@
CVE-2014-7401
RESERVED
CVE-2014-8483 [out-of-bounds read on a heap-allocated array]
+ RESERVED
- quassel <unfixed> (bug #766962)
NOTE: https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138
NOTE: http://bugs.quassel-irc.org/issues/1314
- konversation <unfixed>
NOTE: https://bugs.kde.org/show_bug.cgi?id=210792
CVE-2014-8481 [Incomplete fix for CVE-2014-8480]
+ RESERVED
- linux <not-affected> (Present in 3.17 with incomplete fix)
- linux-2.6 <not-affected> (Present in 3.17 with incomplete fix)
NOTE: Fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=a430c9166312e1aa3d80bce32374233bdbfeba32
TODO: double-check
CVE-2014-8480 [NULL pointer dereference]
+ RESERVED
- linux <not-affected> (Introduced in 3.17)
- linux-2.6 <not-affected> (Introduced in 3.17)
NOTE: The NULL pointer dereference was introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1)
NOTE: Fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3f6f1480d86bf9fc16c160d803ab1d006e3058d5
TODO: double-check
CVE-2014-8485
+ RESERVED
- binutils <unfixed>
NOTE: http://lcamtuf.blogspot.com.au/2014/10/psa-dont-run-strings-on-untrusted-files.html
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510
CVE-2014-8484
+ RESERVED
- binutils <unfixed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17509
NOTE: http://openwall.com/lists/oss-security/2014/10/23/5
@@ -277,8 +316,8 @@
RESERVED
CVE-2014-8347
RESERVED
-CVE-2014-8346
- RESERVED
+CVE-2014-8346 (The Remote Controls feature on Samsung mobile devices does not ...)
+ TODO: check
CVE-2014-8345
RESERVED
CVE-2014-8344
@@ -421,8 +460,7 @@
- dokuwiki 0.0.20140505.a+dfsg-1 (bug #766545)
CVE-2014-8761 (inc/template.php in DokuWiki before 2014-05-05a only checks for access ...)
- dokuwiki 0.0.20140505.a+dfsg-1 (bug #766545)
-CVE-2014-8760 [ejabberd: compression allows cirucumvention of encryption despite starttls_required]
- RESERVED
+CVE-2014-8760 (ejabberd before 2.1.13 does not enforce the starttls_required setting ...)
- ejabberd <unfixed>
NOTE: http://mail.jabber.org/pipermail/operators/2014-October/002438.html
NOTE: Patch https://github.com/processone/ejabberd/commit/7bdc1151b
@@ -917,12 +955,12 @@
NOTE: http://framework.zend.com/security/advisory/ZF2014-05
CVE-2014-8074 (Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 ...)
NOT-FOR-US: Foxit PDF SDK
-CVE-2014-8073
- RESERVED
-CVE-2014-8072
- RESERVED
-CVE-2014-8071
- RESERVED
+CVE-2014-8073 (Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 ...)
+ TODO: check
+CVE-2014-8072 (The administration module in OpenMRS 2.1 Standalone Edition allows ...)
+ TODO: check
+CVE-2014-8071 (Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 ...)
+ TODO: check
CVE-2014-8070 (Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows ...)
NOT-FOR-US: YOOtheme Pagekit CMS
CVE-2014-8069 (Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme ...)
@@ -2484,8 +2522,8 @@
RESERVED
CVE-2014-7299 (Unspecified vulnerability in administrative interfaces in ArubaOS ...)
NOT-FOR-US: Aruba ArubaOS
-CVE-2014-7298
- RESERVED
+CVE-2014-7298 (adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify ...)
+ TODO: check
CVE-2014-7297 (Unspecified vulnerability in the folder framework in the Enfold theme ...)
NOT-FOR-US: folder framework in the Enfold theme for WordPress
CVE-2014-7296 (The default configuration in the accessibility engine in SpagoBI 5.0.0 ...)
@@ -2494,8 +2532,8 @@
RESERVED
CVE-2014-7293
RESERVED
-CVE-2014-7292
- RESERVED
+CVE-2014-7292 (Open redirect vulnerability in the Click-Through feature in ...)
+ TODO: check
CVE-2014-7291
RESERVED
CVE-2014-7290
@@ -2512,8 +2550,8 @@
RESERVED
CVE-2014-7282
RESERVED
-CVE-2014-7281
- RESERVED
+CVE-2014-7281 (Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda ...)
+ TODO: check
CVE-2014-7280 (Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 ...)
NOT-FOR-US: Nessus Web UI
CVE-2014-7279
@@ -2786,8 +2824,7 @@
NOT-FOR-US: WP Google Maps plugin for WordPress
CVE-2014-7181 (Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons ...)
NOT-FOR-US: Max Foundry MaxButtons plugin for WordPress
-CVE-2014-7180
- RESERVED
+CVE-2014-7180 (Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 ...)
NOT-FOR-US: ElectricCommander
CVE-2014-7179
RESERVED
@@ -3922,8 +3959,8 @@
NOT-FOR-US: Facebook Facts (aka com.wFacebookFacts) application for Android
CVE-2014-6636 (The LG Telepresence (aka com.rsupport.rtc.lge) application 2.0.12 ...)
NOT-FOR-US: LG Telepresence (aka com.rsupport.rtc.lge) application for Android
-CVE-2014-6635
- RESERVED
+CVE-2014-6635 (Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows ...)
+ TODO: check
CVE-2014-6634
RESERVED
CVE-2014-6633
@@ -3973,8 +4010,8 @@
RESERVED
CVE-2014-6612
RESERVED
-CVE-2014-6611
- RESERVED
+CVE-2014-6611 (The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, ...)
+ TODO: check
CVE-2014-6609
RESERVED
CVE-2014-6608
@@ -4969,8 +5006,7 @@
- xen 4.4.1-3
[wheezy] - xen <not-affected> (Affects only Xen 4.4 onwards)
[squeeze] - xen <not-affected> (Affects only Xen 4.4 onwards)
-CVE-2014-6251
- RESERVED
+CVE-2014-6251 (Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote ...)
- cgminer <undetermined>
TODO: check
CVE-2014-6250
@@ -4991,8 +5027,8 @@
NOT-FOR-US: WordPress plugin EWWW Image Optimizer
CVE-2014-6242 (Multiple SQL injection vulnerabilities in the All In One WP Security & ...)
NOT-FOR-US: WordPress plugin All In One WP Security
-CVE-2014-6230
- RESERVED
+CVE-2014-6230 (WP-Ban plugin before 1.6.4 for WordPress, when running in certain ...)
+ TODO: check
CVE-2014-6229
RESERVED
CVE-2014-6228
@@ -5176,10 +5212,10 @@
RESERVED
CVE-2014-6153
RESERVED
-CVE-2014-6152
- RESERVED
-CVE-2014-6151
- RESERVED
+CVE-2014-6152 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
+ TODO: check
+CVE-2014-6151 (CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) ...)
+ TODO: check
CVE-2014-6150
RESERVED
CVE-2014-6149
@@ -5214,8 +5250,8 @@
RESERVED
CVE-2014-6134
RESERVED
-CVE-2014-6133
- RESERVED
+CVE-2014-6133 (IBM API Management 3.x before 3.0.1.0 allows local users to obtain ...)
+ TODO: check
CVE-2014-6132
RESERVED
CVE-2014-6131
@@ -5282,8 +5318,8 @@
RESERVED
CVE-2014-6100 (Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli ...)
NOT-FOR-US: IBM Tivoli Directory Server
-CVE-2014-6099
- RESERVED
+CVE-2014-6099 (The Change Password feature in IBM Sterling B2B Integrator 5.2.x ...)
+ TODO: check
CVE-2014-6098
RESERVED
CVE-2014-6097
@@ -5417,8 +5453,8 @@
RESERVED
CVE-2014-6038
RESERVED
-CVE-2014-6037
- RESERVED
+CVE-2014-6037 (Directory traversal vulnerability in the agentUpload servlet in ZOHO ...)
+ TODO: check
CVE-2014-6036
RESERVED
CVE-2014-6035
@@ -6444,8 +6480,8 @@
REJECTED
CVE-2014-5521 (plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows ...)
NOT-FOR-US: XRMS CRM
-CVE-2014-5520
- RESERVED
+CVE-2014-5520 (SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows ...)
+ TODO: check
CVE-2014-5518
RESERVED
CVE-2014-5517
@@ -7478,8 +7514,7 @@
- xen <unfixed>
[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport)
[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
-CVE-2014-5148 [XSA-103]
- RESERVED
+CVE-2014-5148 (Xen 4.4.x, when running on an ARM system and "handling an unknown ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (Vulnerable code not present)
[squeeze] - xen <not-affected> (Vulnerable code not present)
@@ -7631,8 +7666,7 @@
RESERVED
CVE-2014-5076 (The La Banque Postale application before 3.2.6 for Android does not ...)
NOT-FOR-US: La Banque Postale application
-CVE-2014-5075 [MitM vulnerability]
- RESERVED
+CVE-2014-5075 (The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x ...)
- libsmack-java <itp> (bug #640873)
CVE-2014-5074 (Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow ...)
NOT-FOR-US: Siemens SIMATIC S7-1500 CPU devices
@@ -8280,8 +8314,8 @@
RESERVED
CVE-2014-4813
RESERVED
-CVE-2014-4812
- RESERVED
+CVE-2014-4812 (The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 ...)
+ TODO: check
CVE-2014-4811 (IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume ...)
NOT-FOR-US: IBM
CVE-2014-4810
@@ -8784,18 +8818,15 @@
RESERVED
CVE-2014-4625
RESERVED
-CVE-2014-4624
- RESERVED
+CVE-2014-4624 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and ...)
NOT-FOR-US: EMC Avamar
-CVE-2014-4623
- RESERVED
+CVE-2014-4623 (EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) ...)
NOT-FOR-US: EMC Avamar
CVE-2014-4622 (EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and ...)
NOT-FOR-US: EMC Documentum Content Server
CVE-2014-4621 (EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and ...)
NOT-FOR-US: EMC Documentum Content Server
-CVE-2014-4620
- RESERVED
+CVE-2014-4620 (The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 ...)
NOT-FOR-US: EMC NetWorker
CVE-2014-4619 (EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 ...)
NOT-FOR-US: EMC RSA Identity Management and Governance
@@ -10994,6 +11025,7 @@
RESERVED
CVE-2014-3684 [non-root users able to kill any process on any node in a job]
RESERVED
+ {DSA-3058-1 DLA-78-1}
- torque 2.4.16+dfsg-1.5 (bug #763922)
NOTE: https://github.com/adaptivecomputing/torque/commit/967cdc80150690459a47a35a658abeee0ca6e5cb
NOTE: https://github.com/adaptivecomputing/torque/commit/f2f4c950f3d461a249111c8826da3beaafccace9
@@ -11147,8 +11179,7 @@
{DSA-3026-1}
- dbus 1.8.8-1
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80559
-CVE-2014-3636
- RESERVED
+CVE-2014-3636 (D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows ...)
{DSA-3026-1}
- dbus 1.8.8-1
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=82820
@@ -11271,8 +11302,7 @@
RESERVED
CVE-2014-3605
RESERVED
-CVE-2014-3604 [Hostname verification susceptible to MITM attack]
- RESERVED
+CVE-2014-3604 (Certificates.java in Not Yet Commons SSL before 0.3.15 does not ...)
- not-yet-commons-ssl 0.3.15-1 (bug #759526)
NOTE: http://lists.juliusdavies.ca/pipermail/not-yet-commons-ssl-juliusdavies.ca/2014-August/000832.html
CVE-2014-3603 [HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification]
@@ -11587,8 +11617,7 @@
NOTE: https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
CVE-2014-3521 (The component in (1) /luci/homebase and (2) /luci/cluster menu in Red ...)
NOT-FOR-US: luci as included in conga
-CVE-2014-3520 [Keystone V2 trusts privilege escalation through user supplied project id]
- RESERVED
+CVE-2014-3520 (OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, ...)
- keystone 2014.1.1-3 (bug #753511)
[wheezy] - keystone <not-affected> (Vulnerable code not present)
CVE-2014-3519
@@ -12030,8 +12059,8 @@
NOT-FOR-US: Juniper NSM
CVE-2014-3410
RESERVED
-CVE-2014-3409
- RESERVED
+CVE-2014-3409 (The Ethernet Connectivity Fault Management (CFM) handling feature in ...)
+ TODO: check
CVE-2014-3408 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
NOT-FOR-US: Cisco Prime Optical
CVE-2014-3407
@@ -12803,8 +12832,7 @@
[wheezy] - sks 1.1.3-2+deb7u1
NOTE: https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=952077
-CVE-2014-3137 [JSON content-type not restrictive enough]
- RESERVED
+CVE-2014-3137 (Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before ...)
{DSA-2948-1}
- python-bottle 0.12.6-1 (bug #746322)
[squeeze] - python-bottle <not-affected> (bug affects versions 0.10.11-1 and 0.12.5-1)
@@ -13106,10 +13134,10 @@
RESERVED
CVE-2014-2989 (Cross-site request forgery (CSRF) vulnerability in Open Assessment ...)
NOT-FOR-US: Open Assessment Technologies TAO
-CVE-2014-2988
- RESERVED
-CVE-2014-2987
- RESERVED
+CVE-2014-2988 (EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware ...)
+ TODO: check
+CVE-2014-2987 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
CVE-2013-7373 (Android before 4.4 does not properly arrange for seeding of the ...)
NOT-FOR-US: Android
CVE-2013-7372 (The engineNextBytes function in ...)
@@ -15184,8 +15212,7 @@
RESERVED
CVE-2014-2231 (Cross-site scripting (XSS) vulnerability in the API in synetics i-doit ...)
NOT-FOR-US: synetics i-doit pro
-CVE-2014-2230
- RESERVED
+CVE-2014-2230 (Open redirect vulnerability in the header function in adclick.php in ...)
NOT-FOR-US: OpenX
CVE-2014-2229
RESERVED
@@ -15733,8 +15760,7 @@
NOT-FOR-US: vBulletin
CVE-2014-2022 (SQL injection vulnerability in includes/api/4/breadcrumbs_create.php ...)
NOT-FOR-US: vBulletin
-CVE-2014-2021
- RESERVED
+CVE-2014-2021 (Cross-site scripting (XSS) vulnerability in admincp/apilog.php in ...)
NOT-FOR-US: vBulletin
CVE-2014-2020 (ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ...)
- php5 5.5.9+dfsg-1
@@ -15993,8 +16019,7 @@
NOTE: https://github.com/glensc/file/commit/3c081560c23f20b2985c285338b52c7aae9fdb0f
NOTE: https://github.com/glensc/file/commit/cc9e74dfeca5265ad725acc926ef0b8d2a18ee70
- php5 5.5.10+dfsg-1 (bug #739012)
-CVE-2014-1929 [option injection through positional arguments]
- RESERVED
+CVE-2014-1929 (python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to ...)
{DSA-2946-1}
- python-gnupg 0.3.6-1 (bug #738509)
CVE-2014-1926
@@ -16129,12 +16154,10 @@
- python-imaging <removed>
[squeeze] - python-imaging <no-dsa> (Minor issue)
[wheezy] - python-imaging <no-dsa> (Minor issue)
-CVE-2014-1928 [Erroneous insertion of a \ character]
- RESERVED
+CVE-2014-1928 (The shell_quote function in python-gnupg 0.3.5 does not properly ...)
{DSA-2946-1}
- python-gnupg 0.3.6-1 (bug #738509)
-CVE-2014-1927 [Erroneous assumptions about the usability of " characters]
- RESERVED
+CVE-2014-1927 (The shell_quote function in python-gnupg 0.3.5 does not properly quote ...)
{DSA-2946-1}
- python-gnupg 0.3.6-1 (bug #738509)
CVE-2014-1925 [SQL injection]
@@ -19215,8 +19238,8 @@
NOT-FOR-US: Technicolor TC7200 STD6.01.12
CVE-2014-0620 (Multiple cross-site scripting (XSS) vulnerabilities in Technicolor ...)
NOT-FOR-US: Technicolor TC7200 STD6.01.12
-CVE-2014-0619
- RESERVED
+CVE-2014-0619 (Untrusted search path vulnerability in Hamster Free ZIP Archiver ...)
+ TODO: check
CVE-2014-0618 (Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R ...)
NOT-FOR-US: SRX Services Gateways
CVE-2014-0617 (Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before ...)
@@ -19691,8 +19714,7 @@
{DSA-2969-1 DLA-0011-1}
- libemail-address-perl 1.905-1
[squeeze] - libemail-address-perl 1.889-2+deb6u1
-CVE-2014-0476
- RESERVED
+CVE-2014-0476 (The slapper function in chkrootkit before 0.50 does not properly quote ...)
{DSA-2945-1 DLA-0002-1}
- chkrootkit 0.49-5
[squeeze] - chkrootkit 0.49-4+deb6u1
@@ -21517,8 +21539,7 @@
NOTE: http://curl.haxx.se/libcurl-bad-reuse.patch
CVE-2014-0137 (SQL injection vulnerability in the saved_report_delete action in the ...)
NOT-FOR-US: RedHat CloudForms Management Engine
-CVE-2014-0136
- RESERVED
+CVE-2014-0136 (The (1) get and (2) log methods in the AgentController in Red Hat ...)
NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0135 (Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses ...)
NOT-FOR-US: Kafo
@@ -22316,8 +22337,8 @@
NOT-FOR-US: BlackBerry Link
CVE-2013-6797 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: Wordpress plugin
-CVE-2013-6796
- RESERVED
+CVE-2013-6796 (The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to ...)
+ TODO: check
CVE-2013-6795 (The Updater in Rackspace Openstack Windows Guest Agent for XenServer ...)
NOT-FOR-US: Rackspace Windows Agent and Updater
CVE-2013-6794 (Cross-site scripting (XSS) vulnerability in the Calendar module in ...)
@@ -27784,8 +27805,8 @@
NOT-FOR-US: Drupal module Node Access Keys
CVE-2013-4595 (The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not ...)
NOT-FOR-US: Drupal module Secure Pages
-CVE-2013-4594
- RESERVED
+CVE-2013-4594 (The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does ...)
+ TODO: check
CVE-2013-4593
RESERVED
- ruby-omniauth-facebook <not-affected> (Fixed before initial release)
@@ -36422,8 +36443,8 @@
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c737b89473df9dba6742b8fc8fbf6d009bf05c36
CVE-2013-1642
RESERVED
-CVE-2013-1641
- RESERVED
+CVE-2013-1641 (Directory traversal vulnerability in the zip download functionality in ...)
+ TODO: check
CVE-2013-1640 (The (1) template and (2) inline_template functions in the master ...)
{DSA-2643-1}
- puppet 2.7.18-3
@@ -57399,8 +57420,7 @@
CVE-2011-4954
RESERVED
- cobbler <itp> (bug #545583)
-CVE-2011-4953
- RESERVED
+CVE-2011-4953 (The set_mgmt_parameters function in item.py in cobbler before 2.2.2 ...)
- cobbler <itp> (bug #545583)
CVE-2011-4952
RESERVED
@@ -60414,11 +60434,9 @@
NOT-FOR-US: wordpress plugin timthumb
CVE-2011-4105 (LightDM before 1.0.6 allows local users to change ownership of ...)
- lightdm 1.0.6-2
-CVE-2011-4104
- RESERVED
+CVE-2011-4104 (The from_yaml method in serializers.py in Django Tastypie before ...)
- django-tastypie 0.9.10-1 (bug #647314)
-CVE-2011-4103 [YAML deserialization vulnerability in Piston framework]
- RESERVED
+CVE-2011-4103 (emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 ...)
{DSA-2344-1}
- python-django-piston 0.2.2-2 (high; bug #647315)
CVE-2011-4102 (Heap-based buffer overflow in the erf_read_header function in ...)
@@ -63348,8 +63366,7 @@
NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-4821 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 ...)
NOT-FOR-US: phpMyFAQ
-CVE-2010-4820 [ghostscript split from CVE-2010-2055]
- RESERVED
+CVE-2010-4820 (Untrusted search path vulnerability in Ghostscript 8.62 allows local ...)
- ghostscript 8.71~dfsg2-6.1
[lenny] - ghostscript <no-dsa> (too risky for regressions)
CVE-2010-4819 (The ProcRenderAddGlyphs function in the Render extension ...)
More information about the Secure-testing-commits
mailing list