Author: joeyh
Date: 2012-11-16 21:14:20 +0000 (Fri, 16 Nov 2012)
New Revision: 20501
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-11-16 10:39:54 UTC (rev 20500)
+++ data/CVE/list 2012-11-16 21:14:20 UTC (rev 20501)
@@ -1,3 +1,29 @@
+CVE-2012-5884 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla
4.3.2 ...)
+ TODO: check
+CVE-2012-5883 (Cross-site scripting (XSS) vulnerability in the Flash component
...)
+ TODO: check
+CVE-2012-5882 (Cross-site scripting (XSS) vulnerability in the Flash component
...)
+ TODO: check
+CVE-2012-5881 (Cross-site scripting (XSS) vulnerability in the Flash component
...)
+ TODO: check
+CVE-2012-5880
+ RESERVED
+CVE-2012-5879
+ RESERVED
+CVE-2012-5878
+ RESERVED
+CVE-2012-5877
+ RESERVED
+CVE-2012-5876
+ RESERVED
+CVE-2012-5875
+ RESERVED
+CVE-2012-5874
+ RESERVED
+CVE-2012-5873
+ RESERVED
+CVE-2012-5872
+ RESERVED
CVE-2012-5871
RESERVED
CVE-2012-5870
@@ -210,8 +236,8 @@
RESERVED
CVE-2012-5778
RESERVED
-CVE-2012-5777
- RESERVED
+CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in
the ...)
+ TODO: check
CVE-2012-5776
RESERVED
CVE-2012-5775
@@ -774,12 +800,10 @@
CVE-2012-5524
RESERVED
- gajim <unfixed> (bug #693282)
-CVE-2012-5523 [mantis: information disclosure]
- RESERVED
+CVE-2012-5523 (core/email_api.php in MantisBT before 1.2.12 does not properly
manage ...)
- mantis <unfixed> (bug #693283)
NOTE: http://www.mantisbt.org/bugs/view.php?id=14704
-CVE-2012-5522 [mantis: information disclosure]
- RESERVED
+CVE-2012-5522 (MantisBT before 1.2.12 does not use an expected default value
during ...)
- mantis <unfixed> (bug #693283)
NOTE: http://www.mantisbt.org/bugs/view.php?id=14496
CVE-2012-5521
@@ -937,7 +961,7 @@
RESERVED
- horizon <not-affected> (File is installed with 0700 perms in Debian)
CVE-2012-5475 [YUI 2.x security issue regarding embedded SWF files]
- RESERVED
+ REJECTED
- yui <unfixed> (bug #692434)
- yui3 <not-affected>
NOTE:
http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/
@@ -3104,10 +3128,10 @@
RESERVED
CVE-2012-4614
RESERVED
-CVE-2012-4613
- RESERVED
-CVE-2012-4612
- RESERVED
+CVE-2012-4613 (EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before
3.2.1 ...)
+ TODO: check
+CVE-2012-4612 (Cross-site scripting (XSS) vulnerability in EMC RSA Data
Protection ...)
+ TODO: check
CVE-2012-4611
RESERVED
CVE-2012-4610 (EMC Avamar Client for VMware 6.1 stores the cleartext server
root ...)
@@ -4358,17 +4382,14 @@
RESERVED
CVE-2012-4200
RESERVED
-CVE-2012-4199
- RESERVED
+CVE-2012-4199 (template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x
before ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <no-dsa> (Minor issue)
- bugzilla4 <itp> (bug #669643)
-CVE-2012-4198
- RESERVED
+CVE-2012-4198 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla
3.7.x ...)
- bugzilla <not-affected> (Only affects 3.7 onwards)
- bugzilla4 <itp> (bug #669643)
-CVE-2012-4197
- RESERVED
+CVE-2012-4197 (Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and
3.x ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <no-dsa> (Minor issue)
- bugzilla4 <itp> (bug #669643)
@@ -4408,8 +4429,7 @@
- iceweasel <not-affected> (Doesn't affect ESR series)
CVE-2012-4190 (The FT2FontEntry::CreateFontEntry function in FreeType, as used
in the ...)
- iceweasel <not-affected> (Only affects Firefox Mobile)
-CVE-2012-4189
- RESERVED
+CVE-2012-4189 (Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and
4.2.x ...)
- bugzilla <not-affected> (Only affects 4.1 onwards)
- bugzilla4 <itp> (bug #669643)
CVE-2012-4188 (Heap-based buffer overflow in the Convolve3x3 function in
Mozilla ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
