Author: joeyh
Date: 2012-05-11 21:14:23 +0000 (Fri, 11 May 2012)
New Revision: 19224
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-05-11 20:57:59 UTC (rev 19223)
+++ data/CVE/list 2012-05-11 21:14:23 UTC (rev 19224)
@@ -1,3 +1,217 @@
+CVE-2012-2623
+ RESERVED
+CVE-2012-2622
+ RESERVED
+CVE-2012-2621
+ RESERVED
+CVE-2012-2620
+ RESERVED
+CVE-2012-2619
+ RESERVED
+CVE-2012-2618
+ RESERVED
+CVE-2012-2617
+ RESERVED
+CVE-2012-2616
+ RESERVED
+CVE-2012-2615
+ RESERVED
+CVE-2012-2614
+ RESERVED
+CVE-2012-2613
+ RESERVED
+CVE-2012-2612
+ RESERVED
+CVE-2012-2611
+ RESERVED
+CVE-2012-2610
+ RESERVED
+CVE-2012-2609
+ RESERVED
+CVE-2012-2608
+ RESERVED
+CVE-2012-2607
+ RESERVED
+CVE-2012-2606
+ RESERVED
+CVE-2012-2605
+ RESERVED
+CVE-2012-2604
+ RESERVED
+CVE-2012-2603
+ RESERVED
+CVE-2012-2602
+ RESERVED
+CVE-2012-2601
+ RESERVED
+CVE-2012-2600
+ RESERVED
+CVE-2012-2599
+ RESERVED
+CVE-2012-2598
+ RESERVED
+CVE-2012-2597
+ RESERVED
+CVE-2012-2596
+ RESERVED
+CVE-2012-2595
+ RESERVED
+CVE-2012-2594
+ RESERVED
+CVE-2012-2593
+ RESERVED
+CVE-2012-2592
+ RESERVED
+CVE-2012-2591
+ RESERVED
+CVE-2012-2590
+ RESERVED
+CVE-2012-2589
+ RESERVED
+CVE-2012-2588
+ RESERVED
+CVE-2012-2587
+ RESERVED
+CVE-2012-2586
+ RESERVED
+CVE-2012-2585
+ RESERVED
+CVE-2012-2584
+ RESERVED
+CVE-2012-2583
+ RESERVED
+CVE-2012-2582
+ RESERVED
+CVE-2012-2581
+ RESERVED
+CVE-2012-2580
+ RESERVED
+CVE-2012-2579
+ RESERVED
+CVE-2012-2578
+ RESERVED
+CVE-2012-2577
+ RESERVED
+CVE-2012-2576
+ RESERVED
+CVE-2012-2575
+ RESERVED
+CVE-2012-2574
+ RESERVED
+CVE-2012-2573
+ RESERVED
+CVE-2012-2572
+ RESERVED
+CVE-2012-2571
+ RESERVED
+CVE-2012-2570
+ RESERVED
+CVE-2012-2569
+ RESERVED
+CVE-2012-2568
+ RESERVED
+CVE-2012-2567
+ RESERVED
+CVE-2012-2566
+ RESERVED
+CVE-2012-2565
+ RESERVED
+CVE-2012-2564
+ RESERVED
+CVE-2012-2563
+ RESERVED
+CVE-2012-2562
+ RESERVED
+CVE-2012-2561
+ RESERVED
+CVE-2012-2560
+ RESERVED
+CVE-2012-2559
+ RESERVED
+CVE-2012-2558
+ RESERVED
+CVE-2012-2557
+ RESERVED
+CVE-2012-2556
+ RESERVED
+CVE-2012-2555
+ RESERVED
+CVE-2012-2554
+ RESERVED
+CVE-2012-2553
+ RESERVED
+CVE-2012-2552
+ RESERVED
+CVE-2012-2551
+ RESERVED
+CVE-2012-2550
+ RESERVED
+CVE-2012-2549
+ RESERVED
+CVE-2012-2548
+ RESERVED
+CVE-2012-2547
+ RESERVED
+CVE-2012-2546
+ RESERVED
+CVE-2012-2545
+ RESERVED
+CVE-2012-2544
+ RESERVED
+CVE-2012-2543
+ RESERVED
+CVE-2012-2542
+ RESERVED
+CVE-2012-2541
+ RESERVED
+CVE-2012-2540
+ RESERVED
+CVE-2012-2539
+ RESERVED
+CVE-2012-2538
+ RESERVED
+CVE-2012-2537
+ RESERVED
+CVE-2012-2536
+ RESERVED
+CVE-2012-2535
+ RESERVED
+CVE-2012-2534
+ RESERVED
+CVE-2012-2533
+ RESERVED
+CVE-2012-2532
+ RESERVED
+CVE-2012-2531
+ RESERVED
+CVE-2012-2530
+ RESERVED
+CVE-2012-2529
+ RESERVED
+CVE-2012-2528
+ RESERVED
+CVE-2012-2527
+ RESERVED
+CVE-2012-2526
+ RESERVED
+CVE-2012-2525
+ RESERVED
+CVE-2012-2524
+ RESERVED
+CVE-2012-2523
+ RESERVED
+CVE-2012-2522
+ RESERVED
+CVE-2012-2521
+ RESERVED
+CVE-2012-2520
+ RESERVED
+CVE-2012-2519
+ RESERVED
+CVE-2012-2518
+ RESERVED
+CVE-2012-2517
+ RESERVED
CVE-2012-2516
RESERVED
CVE-2012-2515
@@ -221,16 +435,22 @@
CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly
implement ...)
- gallery2 <undetermined>
CVE-2012-2404 (wp-comments-post.php in WordPress before 3.3.2 supports offsite
...)
+ {DSA-2670-1}
- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2403 (wp-includes/formatting.php in WordPress before 3.3.2 attempts
to ...)
+ {DSA-2670-1}
- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2402 (wp-admin/plugins.php in WordPress before 3.3.2 allows remote
...)
+ {DSA-2670-1}
- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2401 (Plupload before 1.5.4, as used in wp-includes/js/plupload/ in
...)
+ {DSA-2670-1}
- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2400 (Unspecified vulnerability in wp-includes/js/swfobject.js in
WordPress ...)
+ {DSA-2670-1}
- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2399 (Unspecified vulnerability in
wp-includes/js/swfupload/swfupload.swf in ...)
+ {DSA-2670-1}
- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2010-5136
RESERVED
@@ -486,12 +706,10 @@
RESERVED
CVE-2012-2337
RESERVED
-CVE-2012-2336
- RESERVED
+CVE-2012-2336 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before
5.4.3, when ...)
- php5 5.4.3 (unimportant)
NOTE: Rather harmless bug
-CVE-2012-2335
- RESERVED
+CVE-2012-2335 (php-wrapper.fcgi does not properly handle command-line
arguments, ...)
NOT-FOR-US: Incomplete wrapper provided by PHP as workaround for
CVE-2012-1823/CVE-2012-2311
CVE-2012-2334
RESERVED
@@ -517,8 +735,7 @@
- nodejs 0.6.17~dfsg1-1
NOTE:
http://blog.nodejs.org/2012/05/07/http-server-security-vulnerability-please-upgrade-to-0-6-17/
NOTE: https://github.com/joyent/node/commit/c9a231d
-CVE-2012-2329 [buffer overflow vulnerability in the apache_request_headers()]
- RESERVED
+CVE-2012-2329 (Buffer overflow in the apache_request_headers function in ...)
- php5 5.4.3-1
[squeeze] - php5 <not-affected> (Vulnerable code not present)
NOTE: 5.4.x only
@@ -567,8 +784,7 @@
CVE-2012-2312
RESERVED
- jbossas4 <not-affected> (Only affects JBoss 7)
-CVE-2012-2311 [PHP-CGI query string parameter vulnerability]
- RESERVED
+CVE-2012-2311 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before
5.4.3, when ...)
{DSA-2465-1}
- php5 5.4.3-1 (bug #671880)
NOTE: This CVE ID is for the initial incomplete fix for CVE-2012-1823
@@ -1734,8 +1950,7 @@
RESERVED
CVE-2012-1824
RESERVED
-CVE-2012-1823 [PHP-CGI query string parameter vulnerability]
- RESERVED
+CVE-2012-1823 (sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before
5.4.2, when ...)
{DSA-2465-1}
- php5 5.4.3-1
NOTE: http://ompldr.org/vZGxxaQ https://bugs.php.net/bug.php?id=61910
@@ -4545,10 +4760,10 @@
RESERVED
CVE-2012-0677
RESERVED
-CVE-2012-0676
- RESERVED
-CVE-2012-0675
- RESERVED
+CVE-2012-0676 (WebKit in Apple Safari before 5.1.7 does not properly track
state ...)
+ TODO: check
+CVE-2012-0675 (Time Machine in Apple Mac OS X before 10.7.4 does not require
...)
+ TODO: check
CVE-2012-0674 (Safari in Apple iOS before 5.1.1 allows remote attackers to
spoof the ...)
TODO: check
CVE-2012-0673
@@ -4573,34 +4788,34 @@
RESERVED
CVE-2012-0663
RESERVED
-CVE-2012-0662
- RESERVED
-CVE-2012-0661
- RESERVED
-CVE-2012-0660
- RESERVED
-CVE-2012-0659
- RESERVED
-CVE-2012-0658
- RESERVED
-CVE-2012-0657
- RESERVED
-CVE-2012-0656
- RESERVED
-CVE-2012-0655
- RESERVED
-CVE-2012-0654
- RESERVED
+CVE-2012-0662 (Integer overflow in the Security Framework in Apple Mac OS X
before ...)
+ TODO: check
+CVE-2012-0661 (Use-after-free vulnerability in QuickTime in Apple Mac OS X
10.7.x ...)
+ TODO: check
+CVE-2012-0660 (Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4
allows ...)
+ TODO: check
+CVE-2012-0659 (Integer overflow in QuickTime in Apple Mac OS X before 10.7.4
allows ...)
+ TODO: check
+CVE-2012-0658 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4
allows ...)
+ TODO: check
+CVE-2012-0657 (Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS
...)
+ TODO: check
+CVE-2012-0656 (Race condition in LoginUIFramework in Apple Mac OS X 10.7.x
before ...)
+ TODO: check
+CVE-2012-0655 (libsecurity in Apple Mac OS X before 10.7.4 does not properly
restrict ...)
+ TODO: check
+CVE-2012-0654 (libsecurity in Apple Mac OS X before 10.7.4 accesses
uninitialized ...)
+ TODO: check
CVE-2012-0653
RESERVED
-CVE-2012-0652
- RESERVED
-CVE-2012-0651
- RESERVED
+CVE-2012-0652 (Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault
or ...)
+ TODO: check
+CVE-2012-0651 (The directory server in Directory Service in Apple Mac OS X
10.6.8 ...)
+ TODO: check
CVE-2012-0650
RESERVED
-CVE-2012-0649
- RESERVED
+CVE-2012-0649 (Race condition in the initialization routine in blued in
Bluetooth in ...)
+ TODO: check
CVE-2012-0648 (WebKit, as used in Apple iTunes before 10.6, allows
man-in-the-middle ...)
- webkit <undetermined>
CVE-2012-0647 (WebKit in Apple Safari before 5.1.4 does not properly handle
redirects ...)
@@ -5881,9 +6096,11 @@
NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4957
RESERVED
+ {DSA-2670-1}
- wordpress 3.2.1+dfsg-1
CVE-2011-4956
RESERVED
+ {DSA-2670-1}
- wordpress 3.2.1+dfsg-1
CVE-2011-4955
RESERVED
@@ -12069,21 +12286,27 @@
RESERVED
- xen 4.1.2-1
CVE-2011-3130 (wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2
before ...)
+ {DSA-2670-1}
- wordpress 3.2.1+dfsg-1
NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release
announce
CVE-2011-3129 (The file upload functionality WordPress 3.1 before 3.1.3 and
3.2 ...)
+ {DSA-2670-1}
- wordpress 3.2.1+dfsg-1
NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release
announce
CVE-2011-3128 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats
unattached ...)
+ {DSA-2670-1}
- wordpress 3.2.1+dfsg-1
NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release
announce
CVE-2011-3127 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not
prevent ...)
+ {DSA-2670-1}
- wordpress 3.2.1+dfsg-1
NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release
announce
CVE-2011-3126 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote
...)
+ {DSA-2670-1}
- wordpress 3.2.1+dfsg-1
NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release
announce
CVE-2011-3125 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2
before ...)
+ {DSA-2670-1}
- wordpress 3.2.1+dfsg-1
NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release
announce
CVE-2011-3124 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and
Linux, ...)
@@ -12091,6 +12314,7 @@
CVE-2011-3123 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and
Linux, ...)
NOT-FOR-US: InfoSphere
CVE-2011-3122 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2
before ...)
+ {DSA-2670-1}
- wordpress 3.2.1+dfsg-1
NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release
announce
NOTE: original advisory seems to be
http://technet.microsoft.com/en-us/security/msvr/msvr11-010
@@ -107022,7 +107246,7 @@
NOT-FOR-US: MyNewsGroups
CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows
remote ...)
- monkey 0.9.2-1
- NOTE: Vulnerable code verified not be present in any Debian version
+ NOTE: Vulnerable code verified not be present in any Debian version
CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to
execute ...)
NOT-FOR-US: WS_FTP Pro
CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and
possibly ...)
@@ -118761,9 +118985,9 @@
CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in
cleartext in ...)
{DSA-335}
- mantis 0.17.5-6
-CVE-2003-0498 (CachÃ© Database 5.x installs the
/cachesys/csp directory with insecure ...)
+CVE-2003-0498 (Caché Database 5.x installs the /cachesys/csp directory
with insecure ...)
NOT-FOR-US: Intersystems Cache database
-CVE-2003-0497 (CachÃ© Database 5.x installs
/cachesys/bin/cache with world-writable ...)
+CVE-2003-0497 (Caché Database 5.x installs /cachesys/bin/cache with
world-writable ...)
NOT-FOR-US: Intersystems Cache database
CVE-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users
to ...)
NOT-FOR-US: Microsoft
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
