Author: joeyh
Date: 2012-06-05 21:14:37 +0000 (Tue, 05 Jun 2012)
New Revision: 19434
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-06-05 20:48:53 UTC (rev 19433)
+++ data/CVE/list 2012-06-05 21:14:37 UTC (rev 19434)
@@ -1,3 +1,7 @@
+CVE-2011-5093 (Best Practical Solutions RT 4.x before 4.0.6 does not properly
...)
+ TODO: check
+CVE-2011-5092 (Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before
4.0.6 ...)
+ TODO: check
CVE-2012-3103
RESERVED
CVE-2012-3102
@@ -983,8 +987,8 @@
RESERVED
CVE-2012-2631
RESERVED
-CVE-2012-2630
- RESERVED
+CVE-2012-2630 (The Puella Magi Madoka Magica iP application 1.05 and earlier
for ...)
+ TODO: check
CVE-2012-2629
RESERVED
CVE-2012-2628
@@ -3397,6 +3401,7 @@
RESERVED
CVE-2012-1667 [ Handling of zero length rdata can cause named to
terminate,unexpectedly]
RESERVED
+ {DSA-2486-1}
- bind9 <unfixed>
- isc-dhcp <unfixed>
[squeeze] - isc-dhcp <not-affected> (isc-dhcp started embedding bind
with version 4.2.x and later)
@@ -4338,18 +4343,18 @@
NOTE: Negligable local information disclosure
CVE-2012-1256 (The single sign-on (SSO) implementation in EasyVista before ...)
NOT-FOR-US: EasyVista
-CVE-2012-1255
- RESERVED
-CVE-2012-1254
- RESERVED
-CVE-2012-1253
- RESERVED
-CVE-2012-1252
- RESERVED
-CVE-2012-1251
- RESERVED
-CVE-2012-1250
- RESERVED
+CVE-2012-1255 (SQL injection vulnerability in Segue 2.2.10.2 and earlier
allows ...)
+ TODO: check
+CVE-2012-1254 (Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and
earlier ...)
+ TODO: check
+CVE-2012-1253 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail
before ...)
+ TODO: check
+CVE-2012-1252 (Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1
allows ...)
+ TODO: check
+CVE-2012-1251 (Opera before 9.63 does not properly verify X.509 certificates
from SSL ...)
+ TODO: check
+CVE-2012-1250 (Logitec LAN-W300N/R routers with firmware before 2.27 do not
properly ...)
+ TODO: check
CVE-2012-1249 (The iLunascape application 1.0.4.0 and earlier for Android does
not ...)
NOT-FOR-US: iLunascape
CVE-2012-1248 (app/config/core.php in baserCMS 1.6.15 and earlier does not
properly ...)
@@ -4543,8 +4548,7 @@
CVE-2012-1174 [systemd: TOCTOU race condition by removing user session]
RESERVED
- systemd 44-1 (bug #664364)
-CVE-2012-1173
- RESERVED
+CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4
allow ...)
{DSA-2447-1}
- tiff3 3.9.6-2
- tiff 4.0.1-2
@@ -5162,8 +5166,7 @@
[squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1
CVE-2012-0945
RESERVED
-CVE-2012-0944
- RESERVED
+CVE-2012-0944 (Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04
LTS does ...)
- aptdaemon 0.43+bzr790-1
[squeeze] - aptdaemon <not-affected> (Vulnerable code not present)
CVE-2012-0943
@@ -5379,8 +5382,7 @@
CVE-2012-0863 (Mumble 1.2.3 and earlier uses world-readable permissions for
...)
{DSA-2411-1}
- mumble 1.2.3-3 (bug #659039)
-CVE-2012-0862 [xinetd enables unintentional services over tcpmux port]
- RESERVED
+CVE-2012-0862 (builtins.c in Xinetd before 2.3.15 does not check the service
type ...)
- xinetd 1:2.3.14-7.1 (bug #672381)
[squeeze] - xinetd <no-dsa> (Minor issue)
CVE-2012-0861
@@ -5525,8 +5527,7 @@
[lenny] - samba <not-affected> (Only affects 3.6.x)
CVE-2012-0816
RESERVED
-CVE-2012-0815
- RESERVED
+CVE-2012-0815 (The headerVerifyInfo function in lib/header.c in RPM before
4.9.1.3 ...)
- rpm 4.9.1.3-1 (bug #667031)
CVE-2012-0814 (The auth_parse_options function in auth-options.c in sshd in
OpenSSH ...)
- openssh 1:5.6p1-1 (low; bug #657445)
@@ -8424,11 +8425,9 @@
CVE-2012-0062
RESERVED
NOT-FOR-US: JBoss Operations Network
-CVE-2012-0061
- RESERVED
+CVE-2012-0061 (The headerLoad function in lib/header.c in RPM before 4.9.1.3
does not ...)
- rpm 4.9.1.3-1 (bug #667031)
-CVE-2012-0060
- RESERVED
+CVE-2012-0060 (RPM before 4.9.1.3 does not properly validate region tags,
which ...)
- rpm 4.9.1.3-1 (bug #667031)
CVE-2012-0059
RESERVED
@@ -9229,16 +9228,13 @@
CVE-2011-4461 (Jetty 8.1.0.RC2 and earlier computes hash values for form
parameters ...)
- jetty 6.1.26-1
[squeeze] - jetty <no-dsa> (Minor issue)
-CVE-2011-4460
- RESERVED
+CVE-2011-4460 (SQL injection vulnerability in Best Practical Solutions RT 2.x
and 3.x ...)
{DSA-2480-1}
- request-tracker4 4.0.5-3
-CVE-2011-4459
- RESERVED
+CVE-2011-4459 (Best Practical Solutions RT 3.x before 3.8.12 and 4.x before
4.0.6 ...)
{DSA-2480-1}
- request-tracker4 4.0.5-3
-CVE-2011-4458
- RESERVED
+CVE-2011-4458 (Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before
3.8.12 and ...)
{DSA-2480-1}
- request-tracker4 4.0.5-3
CVE-2011-4457 (OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88,
when ...)
@@ -16545,20 +16541,16 @@
- libstruts1.2-java <undetermined>
CVE-2011-2086
RESERVED
-CVE-2011-2085
- RESERVED
+CVE-2011-2085 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Best ...)
{DSA-2480-1}
- request-tracker4 4.0.5-3
-CVE-2011-2084
- RESERVED
+CVE-2011-2084 (Best Practical Solutions RT 3.x before 3.8.12 and 4.x before
4.0.6 ...)
{DSA-2480-1}
- request-tracker4 4.0.5-3
-CVE-2011-2083
- RESERVED
+CVE-2011-2083 (Multiple cross-site scripting (XSS) vulnerabilities in Best
Practical ...)
{DSA-2480-1}
- request-tracker4 4.0.5-3
-CVE-2011-2082
- RESERVED
+CVE-2011-2082 (The vulnerable-passwords script in Best Practical Solutions RT
3.x ...)
{DSA-2480-1}
- request-tracker4 4.0.5-3
CVE-2011-2081 (MediaCAST 8 and earlier does not properly handle requests for
...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
