[Secure-testing-commits] r20717 - data/CVE

Joey Hess Thu, 27 Dec 2012 13:14:49 -0800

Author: joeyh
Date: 2012-12-27 21:14:41 +0000 (Thu, 27 Dec 2012)
New Revision: 20717


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2012-12-27 18:10:32 UTC (rev 20716)
+++ data/CVE/list       2012-12-27 21:14:41 UTC (rev 20717)
@@ -118,10 +118,10 @@
        RESERVED
 CVE-2013-0651
        RESERVED
-CVE-2012-6432
-       RESERVED
-CVE-2012-6431
-       RESERVED
+CVE-2012-6432 (Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, 
when the ...)
+       TODO: check
+CVE-2012-6431 (Symfony 2.0.x before 2.0.20 does not process URL encoded data 
...)
+       TODO: check
 CVE-2012-6430
        RESERVED
 CVE-2012-6429
@@ -1464,8 +1464,8 @@
        RESERVED
 CVE-2012-6315
        RESERVED
-CVE-2012-6314
-       RESERVED
+CVE-2012-6314 (Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 
5.6.200, ...)
+       TODO: check
 CVE-2012-6313 (simple-gmail-login.php in the Simple Gmail Login plugin before 
1.1.4 ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2012-6312 (Cross-site scripting (XSS) vulnerability in the Video Lead Form 
plugin ...)
@@ -1498,10 +1498,10 @@
        NOT-FOR-US: Android browser
 CVE-2012-6300
        RESERVED
-CVE-2012-6299
-       RESERVED
-CVE-2012-6298
-       RESERVED
+CVE-2012-6299 (Unspecified vulnerability in CA IdentityMinder r12.0 through 
CR16, ...)
+       TODO: check
+CVE-2012-6298 (Unspecified vulnerability in CA IdentityMinder r12.0 through 
CR16, ...)
+       TODO: check
 CVE-2012-6297
        RESERVED
 CVE-2012-6296
@@ -1955,12 +1955,14 @@
 CVE-2012-6072
        RESERVED
 CVE-2012-6071 [libnusoap-php: Curl insecure usage]
-    - nusoap 0.7.3-5 (low; bug #696707)
-    [squeeze] - nusoap <no-dsa> (Minor issue)
-    NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1
+       RESERVED
+       - nusoap 0.7.3-5 (low; bug #696707)
+       [squeeze] - nusoap <no-dsa> (Minor issue)
+       NOTE: CVE request 
http://www.openwall.com/lists/oss-security/2012/12/26/1
 CVE-2012-6070 [falconpl: Curl insecure usage]
-    - falconpl 0.9.6.9-git20120606-2 (bug #696681)
-    NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1
+       RESERVED
+       - falconpl 0.9.6.9-git20120606-2 (bug #696681)
+       NOTE: CVE request 
http://www.openwall.com/lists/oss-security/2012/12/26/1
 CVE-2011-5250
        RESERVED
 CVE-2011-5249
@@ -2459,8 +2461,8 @@
        RESERVED
 CVE-2012-5952
        RESERVED
-CVE-2012-5951
-       RESERVED
+CVE-2012-5951 (Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 
through 5.4, ...)
+       TODO: check
 CVE-2012-5950
        RESERVED
 CVE-2012-5949
@@ -2643,8 +2645,8 @@
        RESERVED
 CVE-2012-5869
        RESERVED
-CVE-2012-5868
-       RESERVED
+CVE-2012-5868 (WordPress 3.4.2 does not invalidate a wordpress_sec session 
cookie ...)
+       TODO: check
 CVE-2012-5867
        RESERVED
 CVE-2012-5866
@@ -3189,8 +3191,8 @@
 CVE-2012-5665 [Auth bypass in user_webdavauth and user_ldap]
        RESERVED
        - owncloud <unfixed> (bug #696574)
-CVE-2012-5664
-       RESERVED
+CVE-2012-5664 (SQL injection vulnerability in the Authlogic gem for Ruby on 
Rails ...)
+       TODO: check
 CVE-2012-5663
        RESERVED
 CVE-2012-5662
@@ -3290,8 +3292,7 @@
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=883719
 CVE-2012-5626
        RESERVED
-CVE-2012-5625
-       RESERVED
+CVE-2012-5625 (OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, 
when ...)
        - nova <not-affected> (Only affects OpenStack Folsom, bug #695830)
 CVE-2012-5624 [qt QML XmlHttpRequest insecure redirection]
        RESERVED
@@ -3397,22 +3398,22 @@
        REJECTED
 CVE-2012-5592
        REJECTED
-CVE-2012-5591
-       RESERVED
-CVE-2012-5590
-       RESERVED
-CVE-2012-5589
-       RESERVED
-CVE-2012-5588
-       RESERVED
-CVE-2012-5587
-       RESERVED
-CVE-2012-5586
-       RESERVED
-CVE-2012-5585
-       RESERVED
-CVE-2012-5584
-       RESERVED
+CVE-2012-5591 (Cross-site scripting (XSS) vulnerability in the Zero Point 
module ...)
+       TODO: check
+CVE-2012-5590 (SQL injection vulnerability in the Webmail Plus module for 
Drupal ...)
+       TODO: check
+CVE-2012-5589 (The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 
7.x-2.7 ...)
+       TODO: check
+CVE-2012-5588 (The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when 
using a ...)
+       TODO: check
+CVE-2012-5587 (Cross-site scripting (XSS) vulnerability in the Email Field 
module ...)
+       TODO: check
+CVE-2012-5586 (The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 
7.x-3.3 ...)
+       TODO: check
+CVE-2012-5585 (Cross-site scripting (XSS) vulnerability in the Mixpanel module 
...)
+       TODO: check
+CVE-2012-5584 (The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal 
does ...)
+       TODO: check
 CVE-2012-5583 [phpcas curl usage]
        RESERVED
        - php-cas 1.3.1-2
@@ -3547,8 +3548,7 @@
 CVE-2012-5533 (The http_request_split_value function in request.c in lighttpd 
1.4.32 ...)
        - lighttpd 1.4.31-2
        [squeeze] - lighttpd <not-affected> (Introduced in 1.4.31)
-CVE-2012-5532
-       RESERVED
+CVE-2012-5532 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as 
...)
        - linux <unfixed> (unimportant)
        - linux-2.6 <not-affected> (userspace daemon not yet present)
        NOTE: hyperv tools are not build in sid
@@ -3699,8 +3699,7 @@
        NOTE: https://plone.org/products/plone/security/advisories/20121106/01
 CVE-2012-5484
        RESERVED
-CVE-2012-5483
-       RESERVED
+CVE-2012-5483 (tools/sample_data.sh in OpenStack Keystone 2012.1.3, when 
access to ...)
        - keystone <not-affected> (Debian packaging enforces correct 
permissions)
 CVE-2012-5482 (The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and 
Essex ...)
        - glance 2012.1.1-3 (bug #692641)
@@ -4393,16 +4392,16 @@
        RESERVED
 CVE-2012-5184
        RESERVED
-CVE-2012-5183
-       RESERVED
-CVE-2012-5182
-       RESERVED
+CVE-2012-5183 (The Loctouch application 3.4.6 and earlier for Android allows 
...)
+       TODO: check
+CVE-2012-5182 (The Loctouch application 3.4.6 and earlier for Android does not 
...)
+       TODO: check
 CVE-2012-5181 (Cross-site scripting (XSS) vulnerability in concrete5 Japanese 
5.5.1 ...)
        TODO: check
-CVE-2012-5180
-       RESERVED
-CVE-2012-5179
-       RESERVED
+CVE-2012-5180 (The Opera Mobile application before 12.1 and Opera Mini 
application ...)
+       TODO: check
+CVE-2012-5179 (The Boat Browser application before 4.2 and Boat Browser Mini 
...)
+       TODO: check
 CVE-2012-5178 (Cross-site request forgery (CSRF) vulnerability in the Welcart 
plugin ...)
        TODO: check
 CVE-2012-5177 (Cross-site scripting (XSS) vulnerability in the Welcart plugin 
before ...)
@@ -4438,8 +4437,8 @@
        NOT-FOR-US: OSClass not in Debian
 CVE-2012-5162 (Multiple SQL injection vulnerabilities in 
oc-admin/ajax/ajax.php in ...)
        NOT-FOR-US: OSClass not in Debian
-CVE-2012-5161
-       RESERVED
+CVE-2012-5161 (The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature 
Pack 1 ...)
+       TODO: check
 CVE-2012-5160
        RESERVED
 CVE-2012-5158
@@ -5254,8 +5253,8 @@
        RESERVED
 CVE-2012-4817 (The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, 
and VIOS ...)
        NOT-FOR-US: IBM AIX, VIOS
-CVE-2012-4816
-       RESERVED
+CVE-2012-4816 (IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 
allows ...)
+       TODO: check
 CVE-2012-4815
        RESERVED
 CVE-2012-4814
@@ -5896,8 +5895,8 @@
        NOT-FOR-US: Cisco IOS
 CVE-2012-4617 (The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 
3.5.2S, ...)
        NOT-FOR-US: Cisco IOS
-CVE-2012-4616
-       RESERVED
+CVE-2012-4616 (Directory traversal vulnerability in the Web UI in EMC Data 
Protection ...)
+       TODO: check
 CVE-2012-4615 (EMC Smarts Network Configuration Manager (NCM) before 9.1 uses 
a ...)
        NOT-FOR-US: EMC
 CVE-2012-4614 (The default configuration of EMC Smarts Network Configuration 
Manager ...)
@@ -10971,8 +10970,7 @@
        NOTE: http://www.securityfocus.com/archive/1/522973/30/0/threaded
        NOTE: 
http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html
        NOTE: http://www.collabtive.o-dyn.de/blog/?p=426
-CVE-2012-2669 [hyper-v daemon fails to check origin of netlink messages]
-       RESERVED
+CVE-2012-2669 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as 
...)
        - linux 3.2.23-1
        [squeeze] - linux-2.6 <not-affected> (userspace daemon not yet present)
        NOTE: https://bugzilla.novell.com/show_bug.cgi?id=761200
@@ -12075,6 +12073,7 @@
 CVE-2012-2254
        RESERVED
 CVE-2012-2253 (Cross-site scripting (XSS) vulnerability in group/members.php 
in ...)
+       {DSA-2591-1}
        - mahara 1.5.1-3.1 (bug #695789)
 CVE-2012-2252 [incorrect filtering of --rsh option]
        RESERVED
@@ -12097,20 +12096,24 @@
        [squeeze] - isc-dhcp <not-affected> (CLIENT_PATH is not correctly 
defined)
        NOTE: Debian-specific
 CVE-2012-2247 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 
1.4.5 ...)
+       {DSA-2591-1}
        - mahara 1.5.1-3
        NOTE: https://mahara.org/interaction/forum/topic.php?id=4938
        NOTE: https://bugs.launchpad.net/mahara/+bug/1061980
 CVE-2012-2246 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote 
...)
+       {DSA-2591-1}
        - mahara 1.5.1-3
        NOTE: https://mahara.org/interaction/forum/topic.php?id=493
        NOTE: https://bugs.launchpad.net/mahara/+bug/1057240
 CVE-2012-2245
        RESERVED
 CVE-2012-2244 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote 
...)
+       {DSA-2591-1}
        - mahara 1.5.1-3
        NOTE: https://mahara.org/interaction/forum/topic.php?id=4936
        NOTE: https://bugs.launchpad.net/mahara/+bug/1057238
 CVE-2012-2243 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 
1.4.5 ...)
+       {DSA-2591-1}
        - mahara 1.5.1-3
        NOTE: https://mahara.org/interaction/forum/topic.php?id=4937
        NOTE: https://bugs.launchpad.net/mahara/+bug/1055232
@@ -12125,6 +12128,7 @@
        {DSA-2549-1}
        - devscripts 2.12.3
 CVE-2012-2239 (Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote 
...)
+       {DSA-2591-1}
        - mahara 1.5.1-3
 CVE-2012-2238
        RESERVED
@@ -15147,21 +15151,19 @@
        RESERVED
 CVE-2012-0963
        RESERVED
-CVE-2012-0962
-       RESERVED
+CVE-2012-0962 (Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs 
when ...)
        - aptdaemon <unfixed> (low)
        [squeeze] - aptdaemon <not-affected> (Vulnerable code not present)
        NOTE: https://bugs.launchpad.net/software-center-agent/+bug/1052789
-CVE-2012-0961
-       RESERVED
+CVE-2012-0961 (Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, ...)
        - apt 0.9.7.7 (bug #695832)
        [squeeze] - apt <not-affected> (Logged as 0600 in Squeeze)
 CVE-2012-0960 (Unity integration extension (unity-firefox-extension) before 
2.4.1 for ...)
        NOT-FOR-US: Ubuntu Unity extension
 CVE-2012-0959 (Remote Login Service (RLS) 1.0.0 does not properly clear 
account ...)
        NOT-FOR-US: Ubuntu remote login service
-CVE-2012-0958
-       RESERVED
+CVE-2012-0958 (content/unity-api.js in the unity-firefox-extension extension 
2.4.1 ...)
+       TODO: check
 CVE-2012-0957 (The override_release function in kernel/sys.c in the Linux 
kernel ...)
        - linux 3.2.32-1
        - linux-2.6 <removed>


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r20717 - data/CVE

Reply via email to