Author: joeyh Date: 2012-05-01 21:14:30 +0000 (Tue, 01 May 2012) New Revision: 19110
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2012-05-01 19:26:56 UTC (rev 19109) +++ data/CVE/list 2012-05-01 21:14:30 UTC (rev 19110) @@ -1,9 +1,199 @@ -CVE-2012-2416 [http://downloads.asterisk.org/pub/security/AST-2012-006.html] +CVE-2012-2445 + RESERVED +CVE-2012-2444 + RESERVED +CVE-2012-2443 + RESERVED +CVE-2012-2442 + RESERVED +CVE-2012-2441 (RuggedCom Rugged Operating System (ROS) before 3.3 has a factory ...) + TODO: check +CVE-2012-2440 (The default configuration of the TP-Link 8840T router enables ...) + TODO: check +CVE-2012-2439 (The default configuration of the NETGEAR ProSafe FVS318N firewall ...) + TODO: check +CVE-2012-2438 + RESERVED +CVE-2012-2437 + RESERVED +CVE-2012-2436 + RESERVED +CVE-2012-2435 + RESERVED +CVE-2012-2434 + RESERVED +CVE-2012-2433 + RESERVED +CVE-2012-2432 + RESERVED +CVE-2012-2431 + RESERVED +CVE-2012-2430 + RESERVED +CVE-2012-2429 + RESERVED +CVE-2012-2428 + RESERVED +CVE-2012-2427 + RESERVED +CVE-2012-2426 + RESERVED +CVE-2012-2425 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...) + TODO: check +CVE-2012-2424 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...) + TODO: check +CVE-2012-2423 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...) + TODO: check +CVE-2012-2422 (Intuit QuickBooks 2009 through 2012 might allow remote attackers to ...) + TODO: check +CVE-2012-2421 (Absolute path traversal vulnerability in the intu-help-qb (aka Intuit ...) + TODO: check +CVE-2012-2420 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...) + TODO: check +CVE-2012-2419 (Memory leak in the intu-help-qb (aka Intuit Help System Async ...) + TODO: check +CVE-2012-2418 (Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System ...) + TODO: check +CVE-2012-2417 + RESERVED +CVE-2012-2413 + RESERVED +CVE-2012-2412 + RESERVED +CVE-2012-2411 + RESERVED +CVE-2012-2410 + RESERVED +CVE-2012-2409 + RESERVED +CVE-2012-2408 + RESERVED +CVE-2012-2407 + RESERVED +CVE-2012-2406 + RESERVED +CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement ...) + TODO: check +CVE-2012-2404 (wp-comments-post.php in WordPress before 3.3.2 supports offsite ...) + TODO: check +CVE-2012-2403 (wp-includes/formatting.php in WordPress before 3.3.2 attempts to ...) + TODO: check +CVE-2012-2402 (wp-admin/plugins.php in WordPress before 3.3.2 allows remote ...) + TODO: check +CVE-2012-2401 (Plupload before 1.5.4, as used in wp-includes/js/plupload/ in ...) + TODO: check +CVE-2012-2400 (Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress ...) + TODO: check +CVE-2012-2399 (Unspecified vulnerability in wp-includes/js/swfupload/swfupload.swf in ...) + TODO: check +CVE-2010-5136 + RESERVED +CVE-2010-5135 + RESERVED +CVE-2010-5134 + RESERVED +CVE-2010-5133 + RESERVED +CVE-2010-5132 + RESERVED +CVE-2010-5131 + RESERVED +CVE-2010-5130 + RESERVED +CVE-2010-5129 + RESERVED +CVE-2010-5128 + RESERVED +CVE-2010-5127 + RESERVED +CVE-2010-5126 + RESERVED +CVE-2010-5125 + RESERVED +CVE-2010-5124 + RESERVED +CVE-2010-5123 + RESERVED +CVE-2010-5122 + RESERVED +CVE-2010-5121 + RESERVED +CVE-2010-5120 + RESERVED +CVE-2010-5119 + RESERVED +CVE-2010-5118 + RESERVED +CVE-2010-5117 + RESERVED +CVE-2010-5116 + RESERVED +CVE-2010-5115 + RESERVED +CVE-2010-5114 + RESERVED +CVE-2010-5113 + RESERVED +CVE-2010-5112 + RESERVED +CVE-2010-5111 + RESERVED +CVE-2010-5110 + RESERVED +CVE-2010-5109 + RESERVED +CVE-2010-5108 + RESERVED +CVE-2010-5107 + RESERVED +CVE-2010-5106 + RESERVED +CVE-2010-5105 + RESERVED +CVE-2010-5104 + RESERVED +CVE-2010-5103 + RESERVED +CVE-2010-5102 + RESERVED +CVE-2010-5101 + RESERVED +CVE-2010-5100 + RESERVED +CVE-2010-5099 + RESERVED +CVE-2010-5098 + RESERVED +CVE-2010-5097 + RESERVED +CVE-2010-5096 + RESERVED +CVE-2010-5095 + RESERVED +CVE-2010-5094 + RESERVED +CVE-2010-5093 + RESERVED +CVE-2010-5092 + RESERVED +CVE-2010-5091 + RESERVED +CVE-2010-5090 + RESERVED +CVE-2010-5089 + RESERVED +CVE-2010-5088 + RESERVED +CVE-2010-5087 + RESERVED +CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x ...) - asterisk 1:1.8.11.1~dfsg-1 (bug #670180) [squeeze] - asterisk <not-affected> (Vulnerable code not present) -CVE-2012-2415 +CVE-2012-2415 (Heap-based buffer overflow in chan_skinny.c in the Skinny channel ...) + {DSA-2460-1} - asterisk 1:1.8.11.1~dfsg-1 (bug #670180) -CVE-2012-2414 +CVE-2012-2414 (main/manager.c in the Manager Interface in Asterisk Open Source ...) + {DSA-2460-1} - asterisk 1:1.8.11.1~dfsg-1 (bug #670180) CVE-2012-2398 (Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ...) NOT-FOR-US: ownCloud @@ -341,8 +531,8 @@ NOT-FOR-US: PHP Gift Registry CVE-2012-2235 RESERVED -CVE-2012-2234 - RESERVED +CVE-2012-2234 (Cross-site scripting (XSS) vulnerability in sources/users.queries.php ...) + TODO: check CVE-2012-2233 RESERVED CVE-2012-2232 @@ -387,10 +577,10 @@ NOT-FOR-US: Novell ZENworks Configuration Management CVE-2012-2214 RESERVED -CVE-2012-2213 - RESERVED -CVE-2012-2212 - RESERVED +CVE-2012-2213 (** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the ...) + TODO: check +CVE-2012-2212 (** DISPUTED ** McAfee Web Gateway 7.0 allows remote attackers to ...) + TODO: check CVE-2012-2211 RESERVED CVE-2012-XXXX [libpng electric fence crash] @@ -539,9 +729,9 @@ CVE-2012-2142 RESERVED CVE-2012-2141 [Array index error, leading to out-of heap-based buffer read (snmpd crash)] + RESERVED - net-snmp <unfixed> NOTE: Red Hat patch: https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff - RESERVED CVE-2012-2140 RESERVED CVE-2012-2139 @@ -553,6 +743,7 @@ CVE-2012-2136 RESERVED CVE-2012-2135 [Python UTF-16 decoder crasher] + RESERVED - python3.1 <unfixed> (bug #670389) - python3.2 <unfixed> (bug #670389) - python3.3 <unfixed> @@ -565,8 +756,8 @@ RESERVED TODO: check NOTE: https://bugzilla.novell.com/show_bug.cgi?id=758431 -CVE-2012-2131 [ASN1 BIO incomplete fix] - RESERVED +CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in ...) + {DSA-2454-2} - openssl <not-affected> (only affected patch against 0.9.8) NOTE: http://marc.info/?l=openssl-dev&m=133525318514423&w=2 CVE-2012-2130 @@ -629,8 +820,7 @@ {DSA-2455-1} - typo3-src <unfixed> (bug #669158) NOTE: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/ -CVE-2012-2111 [Incorrect permission checks when granting/removing privileges] - RESERVED +CVE-2012-2111 (The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) ...) - samba <unfixed> NOTE: http://www.samba.org/samba/history/samba-3.6.5.html NOTE: According to the release notes Samba 3.4.x to 3.6.4 are affected @@ -1346,8 +1536,8 @@ NOT-FOR-US: Koyo ECOM CVE-2012-1804 RESERVED -CVE-2012-1803 - RESERVED +CVE-2012-1803 (RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a ...) + TODO: check CVE-2012-1802 (Buffer overflow in the embedded web server on the Siemens Scalance X ...) NOT-FOR-US: Siemens Scalance X CVE-2012-1801 (Multiple stack-based buffer overflows in (1) COM and (2) ActiveX ...) @@ -1358,6 +1548,7 @@ NOT-FOR-US: Siemens Scalance S CVE-2012-1798 RESERVED + {DSA-2462-1} - imagemagick 8:6.7.4.0-4 (bug #667635) CVE-2012-1797 (IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has ...) NOT-FOR-US: IBM DB2 @@ -1812,6 +2003,7 @@ - joomla <itp> (bug #571794) CVE-2012-1610 RESERVED + {DSA-2462-1} - imagemagick 8:6.7.4.0-4 (bug #667635) CVE-2012-1609 RESERVED @@ -1903,8 +2095,7 @@ - dietlibc 0.33~cvs20120325-1 (unimportant) CVE-2012-1576 RESERVED -CVE-2012-1575 - RESERVED +CVE-2012-1575 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before ...) NOT-FOR-US: cumin CVE-2012-1574 (The Kerberos/MapReduce security functionality in Apache Hadoop ...) NOT-FOR-US: Apache Hadoop @@ -2028,8 +2219,8 @@ RESERVED CVE-2012-1522 RESERVED -CVE-2012-1521 - RESERVED +CVE-2012-1521 (Use-after-free vulnerability in the XML parser in Google Chrome before ...) + TODO: check CVE-2012-1520 RESERVED CVE-2012-1519 @@ -2603,14 +2794,14 @@ RESERVED CVE-2012-1246 RESERVED -CVE-2012-1245 - RESERVED -CVE-2012-1244 - RESERVED -CVE-2012-1243 - RESERVED -CVE-2012-1242 - RESERVED +CVE-2012-1245 (Cross-site scripting (XSS) vulnerability in the cleanup_urls function ...) + TODO: check +CVE-2012-1244 (The NTT DOCOMO sp mode mail application 5400 and earlier for Android ...) + TODO: check +CVE-2012-1243 (The TwitRocker2 application before 1.0.23 for Android does not ...) + TODO: check +CVE-2012-1242 (Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, ...) + TODO: check CVE-2012-1241 (GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 ...) NOT-FOR-US: ActiveScriptRuby CVE-2012-1240 (Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo ...) @@ -2740,9 +2931,11 @@ [squeeze] - bitlbee <no-dsa> (Minor issue) CVE-2012-1186 RESERVED + {DSA-2462-1} - imagemagick 8:6.6.9.7-7 (bug #665007) CVE-2012-1185 RESERVED + {DSA-2462-1} - imagemagick 8:6.6.9.7-7 (bug #665007) CVE-2012-1184 [Asterisk: Stack Buffer Overflow in HTTP Manager] RESERVED @@ -2750,6 +2943,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10 CVE-2012-1183 [Asterisk: Remote Crash Vulnerability in Milliwatt Application] RESERVED + {DSA-2460-1} - asterisk 1:1.8.10.0~dfsg-1 (bug #664411) NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10 CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before ...) @@ -2891,80 +3085,61 @@ CVE-2012-1145 RESERVED NOT-FOR-US: RHN Satellite -CVE-2012-1144 - RESERVED +CVE-2012-1144 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) {DSA-2428-1} - freetype 2.4.9-1 (bug #662864) -CVE-2012-1143 - RESERVED +CVE-2012-1143 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only -CVE-2012-1142 - RESERVED +CVE-2012-1142 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) {DSA-2428-1} - freetype 2.4.9-1 (bug #662864) -CVE-2012-1141 - RESERVED +CVE-2012-1141 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only -CVE-2012-1140 - RESERVED +CVE-2012-1140 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only -CVE-2012-1139 - RESERVED +CVE-2012-1139 (Array index error in FreeType before 2.4.9, as used in Mozilla Firefox ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only -CVE-2012-1138 - RESERVED +CVE-2012-1138 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only -CVE-2012-1137 - RESERVED +CVE-2012-1137 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only -CVE-2012-1136 - RESERVED +CVE-2012-1136 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) {DSA-2428-1} - freetype 2.4.9-1 (bug #662864) -CVE-2012-1135 - RESERVED +CVE-2012-1135 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only -CVE-2012-1134 - RESERVED +CVE-2012-1134 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) {DSA-2428-1} - freetype 2.4.9-1 (bug #662864) -CVE-2012-1133 - RESERVED +CVE-2012-1133 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) {DSA-2428-1} - freetype 2.4.9-1 (bug #662864) -CVE-2012-1132 - RESERVED +CVE-2012-1132 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only -CVE-2012-1131 - RESERVED +CVE-2012-1131 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only -CVE-2012-1130 - RESERVED +CVE-2012-1130 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only -CVE-2012-1129 - RESERVED +CVE-2012-1129 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only -CVE-2012-1128 - RESERVED +CVE-2012-1128 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only -CVE-2012-1127 - RESERVED +CVE-2012-1127 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only -CVE-2012-1126 - RESERVED +CVE-2012-1126 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1125 @@ -3005,8 +3180,7 @@ RESERVED - phpldapadmin 1.2.2-3 (bug #662050) - ldap-account-manager 3.6-2 (bug #661904) -CVE-2012-1113 - RESERVED +CVE-2012-1113 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - gallery2 <unfixed> NOTE: see redhat link CVE-2012-1112 @@ -3415,8 +3589,7 @@ RESERVED CVE-2012-0947 RESERVED -CVE-2012-0946 - RESERVED +CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access ...) - nvidia-graphics-drivers 295.40-1 [squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) CVE-2012-0945 @@ -3492,6 +3665,7 @@ RESERVED CVE-2012-0920 RESERVED + {DSA-2456-1} - dropbear 2012.55-1 (low; bug #661150) NOTE: this is limited to authenticated users with enforced command restrictions CVE-2012-0919 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations ...) @@ -3635,8 +3809,7 @@ RESERVED - eglibc <unfixed> (low; bug #660611) [squeeze] - eglibc <no-dsa> (Hardening bypass, can be fixed in next point update) -CVE-2012-0863 [mumble info disclosure] - RESERVED +CVE-2012-0863 (Mumble 1.2.3 and earlier uses world-readable permissions for ...) {DSA-2411-1} - mumble 1.2.3-3 (bug #659039) CVE-2012-0862 @@ -3969,14 +4142,14 @@ RESERVED CVE-2012-0744 RESERVED -CVE-2012-0743 - RESERVED +CVE-2012-0743 (IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote ...) + TODO: check CVE-2012-0742 (IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and ...) NOT-FOR-US: IBM Tivoli Event Pump CVE-2012-0741 RESERVED -CVE-2012-0740 - RESERVED +CVE-2012-0740 (Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM ...) + TODO: check CVE-2012-0739 RESERVED CVE-2012-0738 @@ -4003,8 +4176,8 @@ RESERVED CVE-2012-0727 RESERVED -CVE-2012-0726 - RESERVED +CVE-2012-0726 (The default configuration of TLS in IBM Tivoli Directory Server (TDS) ...) + TODO: check CVE-2012-0725 (Adobe Flash Player before 11.2.202.229 in Google Chrome before ...) TODO: check CVE-2012-0724 (Adobe Flash Player before 11.2.202.229 in Google Chrome before ...) @@ -4039,8 +4212,8 @@ NOT-FOR-US: IBM DB2 CVE-2012-0709 (IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not ...) NOT-FOR-US: IBM DB2 -CVE-2012-0708 - RESERVED +CVE-2012-0708 (Heap-based buffer overflow in the Ole API in the CQOle ActiveX control ...) + TODO: check CVE-2012-0707 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi ...) NOT-FOR-US: IBM WebSphere CVE-2012-0706 @@ -4099,7 +4272,7 @@ - webkit <undetermined> CVE-2012-0694 RESERVED -CVE-2012-0693 (submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote ...) +CVE-2012-0693 (** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS) 5.03 ...) NOT-FOR-US: WHMCompleteSolution CVE-2012-0692 RESERVED @@ -4583,24 +4756,23 @@ NOT-FOR-US: Final Draft CVE-2011-5058 (The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 ...) NOT-FOR-US: 3S CoDeSys -CVE-2012-0479 - RESERVED +CVE-2012-0479 (Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, ...) + {DSA-2458-1 DSA-2457-1} - icedove <unfixed> [squeeze] - icedove <not-affected> (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel <not-affected> (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape <not-affected> (Vulnerable code not present) -CVE-2012-0478 - RESERVED +CVE-2012-0478 (The texImage2D implementation in the WebGL subsystem in Mozilla ...) - icedove <unfixed> [squeeze] - icedove <not-affected> (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel <not-affected> (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape <not-affected> (Vulnerable code not present) -CVE-2012-0477 - RESERVED +CVE-2012-0477 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...) + {DSA-2458-1 DSA-2457-1} - icedove <unfixed> [squeeze] - icedove <not-affected> (Vulnerable code not present) - iceweasel 10.0.4esr-1 @@ -4609,8 +4781,7 @@ [squeeze] - iceape <not-affected> (Vulnerable code not present) CVE-2012-0476 RESERVED -CVE-2012-0475 - RESERVED +CVE-2012-0475 (Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and ...) - icedove <unfixed> (low) [squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch) - iceweasel 12.0-1 (low) @@ -4618,70 +4789,63 @@ - iceape <unfixed> (low) [squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch) NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9 -CVE-2012-0474 - RESERVED +CVE-2012-0474 (Cross-site scripting (XSS) vulnerability in the docshell ...) - icedove <unfixed> [squeeze] - icedove <not-affected> (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel <not-affected> (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape <not-affected> (Vulnerable code not present) -CVE-2012-0473 - RESERVED +CVE-2012-0473 (The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x ...) - icedove <unfixed> [squeeze] - icedove <not-affected> (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel <not-affected> (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape <not-affected> (Vulnerable code not present) -CVE-2012-0472 - RESERVED +CVE-2012-0472 (The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, ...) - icedove <not-affected> (Windows-specific) - iceweasel <not-affected> (Windows-specific) - iceape <not-affected> (Windows-specific) -CVE-2012-0471 - RESERVED +CVE-2012-0471 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x ...) + {DSA-2458-1 DSA-2457-1} - icedove <unfixed> [squeeze] - icedove <not-affected> (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel <not-affected> (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape <not-affected> (Vulnerable code not present) -CVE-2012-0470 - RESERVED +CVE-2012-0470 (Heap-based buffer overflow in the ...) + {DSA-2458-1 DSA-2457-1} - icedove <unfixed> [squeeze] - icedove <not-affected> (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel <not-affected> (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape <not-affected> (Vulnerable code not present) -CVE-2012-0469 - RESERVED +CVE-2012-0469 (Use-after-free vulnerability in the ...) - icedove <unfixed> [squeeze] - icedove <not-affected> (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel <not-affected> (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape <not-affected> (Vulnerable code not present) -CVE-2012-0468 - RESERVED +CVE-2012-0468 (The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird ...) - icedove <not-affected> (Only affects Firefox 11 and above) - iceweasel <not-affected> (Only affects Firefox 11 and above) - iceape <not-affected> (Only affects Firefox 11 and above) -CVE-2012-0467 - RESERVED +CVE-2012-0467 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) + {DSA-2458-1 DSA-2457-1} - icedove <unfixed> [squeeze] - icedove <not-affected> (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel <not-affected> (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape <not-affected> (Vulnerable code not present) -CVE-2012-0466 - RESERVED +CVE-2012-0466 (template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before ...) - bugzilla <removed> (low) [squeeze] - bugzilla <no-dsa> (Minor issue) -CVE-2012-0465 - RESERVED +CVE-2012-0465 (Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, ...) - bugzilla <removed> (low) [squeeze] - bugzilla <no-dsa> (Minor issue) CVE-2012-0464 (Use-after-free vulnerability in the browser engine in Mozilla Firefox ...) @@ -4701,7 +4865,7 @@ - iceape 2.7.3-1 [squeeze] - iceape <not-affected> (Vulnerable code not present) CVE-2012-0461 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - {DSA-2437-1 DSA-2433-1} + {DSA-2458-1 DSA-2437-1 DSA-2433-1} - icedove <unfixed> - iceweasel 10.0.3esr-1 - iceape 2.7.3-1 @@ -4720,7 +4884,7 @@ - iceape 2.7.3-1 [squeeze] - iceape <not-affected> (Vulnerable code not present) CVE-2012-0458 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x ...) - {DSA-2437-1 DSA-2433-1} + {DSA-2458-1 DSA-2437-1 DSA-2433-1} - icedove <unfixed> - iceweasel 10.0.3esr-1 - iceape 2.7.3-1 @@ -4732,12 +4896,12 @@ - iceape 2.7.3-1 [squeeze] - iceape <not-affected> (Vulnerable code not present) CVE-2012-0456 (The SVG Filters implementation in Mozilla Firefox before 3.6.28 and ...) - {DSA-2437-1 DSA-2433-1} + {DSA-2458-1 DSA-2437-1 DSA-2433-1} - icedove <unfixed> - iceweasel 10.0.3esr-1 - iceape 2.7.3-1 CVE-2012-0455 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x ...) - {DSA-2437-1 DSA-2433-1} + {DSA-2458-1 DSA-2437-1 DSA-2433-1} - icedove <unfixed> - iceweasel 10.0.3esr-1 - iceape 2.7.3-1 @@ -5267,8 +5431,8 @@ - csound 1:5.16.6~dfsg-1 (bug #661197) NOTE: http://secunia.com/secunia_research/2012-3/ NOTE: http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=7d617a9551fb6c552ba16874b71266fcd90f3a6f -CVE-2012-0269 - RESERVED +CVE-2012-0269 (Buffer overflow in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 ...) + TODO: check CVE-2012-0268 (Integer overflow in the CYImage::LoadJPG method in YImage.dll in ...) NOT-FOR-US: Yahoo! Messenger CVE-2012-0267 (The StopModule method in the NTR ActiveX control before 2.0.4.8 allows ...) @@ -5693,9 +5857,11 @@ RESERVED CVE-2012-0260 RESERVED + {DSA-2462-1} - imagemagick 8:6.7.4.0-4 (bug #667635) CVE-2012-0259 RESERVED + {DSA-2462-1} - imagemagick 8:6.7.4.0-4 (bug #667635) CVE-2012-0258 (Heap-based buffer overflow in the WWCabFile ActiveX component in the ...) NOT-FOR-US: Invensys Wonderware Application Server @@ -5704,6 +5870,7 @@ CVE-2012-0256 (Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before ...) - trafficserver 3.0.4-1 CVE-2012-0255 (The BGP implementation in bgpd in Quagga before 0.99.20.1 does not ...) + {DSA-2459-1} - quagga 0.99.20.1-1 CVE-2012-0254 RESERVED @@ -5714,8 +5881,10 @@ CVE-2012-0251 RESERVED CVE-2012-0250 (Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before ...) + {DSA-2459-1} - quagga 0.99.20.1-1 CVE-2012-0249 (Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c ...) + {DSA-2459-1} - quagga 0.99.20.1-1 CVE-2012-0248 RESERVED @@ -5988,8 +6157,7 @@ RESERVED CVE-2012-0217 RESERVED -CVE-2012-0216 [apache2 insecure default config] - RESERVED +CVE-2012-0216 (The default configuration of the apache2 package in Debian GNU/Linux ...) {DSA-2452-1} - apache2 2.2.22-4 (low) CVE-2012-0215 [tryton-server privilege escalation through Many2Many editing] @@ -11757,14 +11925,14 @@ RESERVED CVE-2011-3082 RESERVED -CVE-2011-3081 - RESERVED -CVE-2011-3080 - RESERVED -CVE-2011-3079 - RESERVED -CVE-2011-3078 - RESERVED +CVE-2011-3081 (Use-after-free vulnerability in Google Chrome before 18.0.1025.168 ...) + TODO: check +CVE-2011-3080 (Race condition in the Inter-process Communication (IPC) implementation ...) + TODO: check +CVE-2011-3079 (The Inter-process Communication (IPC) implementation in Google Chrome ...) + TODO: check +CVE-2011-3078 (Use-after-free vulnerability in Google Chrome before 18.0.1025.168 ...) + TODO: check CVE-2011-3077 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 ...) - chromium-browser 18.0.1025.151~r130497-1 CVE-2011-3076 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
