[Secure-testing-commits] r23746 - data/CVE
Author: fgeek-guest Date: 2013-09-20 06:07:57 + (Fri, 20 Sep 2013) New Revision: 23746 Modified: data/CVE/list Log: NFU CVE-2013-4815 Modified: data/CVE/list === --- data/CVE/list 2013-09-20 05:55:10 UTC (rev 23745) +++ data/CVE/list 2013-09-20 06:07:57 UTC (rev 23746) @@ -2398,7 +2398,7 @@ CVE-2013-4816 RESERVED CVE-2013-4815 - RESERVED + NOT-FOR-US: HP CVE-2013-4814 RESERVED CVE-2013-4813 (The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23747 - data/CVE
Author: fgeek-guest Date: 2013-09-20 06:09:42 + (Fri, 20 Sep 2013) New Revision: 23747 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-09-20 06:07:57 UTC (rev 23746) +++ data/CVE/list 2013-09-20 06:09:42 UTC (rev 23747) @@ -2389,12 +2389,16 @@ RESERVED CVE-2013-4820 RESERVED + NOT-FOR-US: HP CVE-2013-4819 RESERVED + NOT-FOR-US: HP CVE-2013-4818 RESERVED + NOT-FOR-US: HP CVE-2013-4817 RESERVED + NOT-FOR-US: HP CVE-2013-4816 RESERVED CVE-2013-4815 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23751 - data/CVE
Author: fgeek-guest Date: 2013-09-20 09:51:17 + (Fri, 20 Sep 2013) New Revision: 23751 Modified: data/CVE/list Log: glpi CVE-2013-5696 723837 Modified: data/CVE/list === --- data/CVE/list 2013-09-20 09:14:24 UTC (rev 23750) +++ data/CVE/list 2013-09-20 09:51:17 UTC (rev 23751) @@ -456,6 +456,8 @@ RESERVED CVE-2013-5696 RESERVED + - glpi (bug #723837) + NOTE: CVE split pending CVE-2013-5695 RESERVED CVE-2013-5694 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23752 - data/CVE
Author: fgeek-guest Date: 2013-09-20 19:40:12 + (Fri, 20 Sep 2013) New Revision: 23752 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-09-20 09:51:17 UTC (rev 23751) +++ data/CVE/list 2013-09-20 19:40:12 UTC (rev 23752) @@ -946,8 +946,10 @@ RESERVED CVE-2013-5501 RESERVED + NOT-FOR-US: Cisco MediaSense CVE-2013-5500 RESERVED + NOT-FOR-US: Cisco MediaSense CVE-2013-5499 RESERVED CVE-2013-5498 @@ -2672,12 +2674,15 @@ RESERVED CVE-2013-4709 RESERVED + NOT-FOR-US: PPP Access Concentrator CVE-2013-4708 RESERVED CVE-2013-4707 RESERVED + NOT-FOR-US: D-Link CVE-2013-4706 RESERVED + NOT-FOR-US: D-Link CVE-2013-4705 (Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows ...) NOT-FOR-US: Opera CVE-2013-4704 (Cross-site scripting (XSS) vulnerability in ChamaNet ChamaCargo 7. ...) @@ -4405,6 +4410,7 @@ RESERVED CVE-2013-4068 RESERVED + NOT-FOR-US: IBM CVE-2013-4067 RESERVED CVE-2013-4066 @@ -5722,6 +5728,7 @@ NOT-FOR-US: Cisco CVE-2013-3473 RESERVED + NOT-FOR-US: Cisco CVE-2013-3472 (Cross-site request forgery (CSRF) vulnerability in the Enterprise ...) NOT-FOR-US: Cisco CVE-2013-3471 (The captive portal application in Cisco Identity Services Engine (ISE) ...) @@ -11405,6 +11412,8 @@ NOT-FOR-US: w-CMS 2.01 CVE-2011-5255 (Multiple cross-site scripting (XSS) vulnerabilities in admin/login in ...) NOT-FOR-US: X3 CMS +CVE-2010-5290 + NOT-FOR-US: Adobe ColdFusion CVE-2010-5287 (SQL injection vulnerability in default.php in Cornerstone Technologies ...) NOT-FOR-US: Cornerstone Technologies webConductor CVE-2013-1581 (The dissect_pft_fec_detailed function in ...) @@ -12245,6 +12254,7 @@ NOT-FOR-US: Cisco Small Business Wireless Access Points CVE-2013-1130 RESERVED + NOT-FOR-US: Cisco CVE-2013-1129 (Memory leak in Cisco Unity Connection 9.x allows remote attackers to ...) NOT-FOR-US: Cisco CVE-2013-1128 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) @@ -21814,6 +21824,7 @@ RESERVED CVE-2012-4093 RESERVED + NOT-FOR-US: Cisco Unified Computing System CVE-2012-4092 RESERVED CVE-2012-4091 @@ -21834,10 +21845,13 @@ RESERVED CVE-2012-4083 RESERVED + NOT-FOR-US: Cisco Unified Computing System CVE-2012-4082 RESERVED + NOT-FOR-US: Cisco CVE-2012-4081 RESERVED + NOT-FOR-US: Cisco CVE-2012-4080 RESERVED CVE-2012-4079 @@ -21852,10 +21866,13 @@ RESERVED CVE-2012-4074 RESERVED + NOT-FOR-US: Cisco Unified Computing System CVE-2012-4073 RESERVED + NOT-FOR-US: Cisco Unified Computing System CVE-2012-4072 RESERVED + NOT-FOR-US: Cisco Unified Computing System CVE-2012-4071 (Cross-site scripting (XSS) vulnerability in the comments module in the ...) NOT-FOR-US: Joomla addon CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in Dir2web ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23754 - data/CVE
Author: fgeek-guest Date: 2013-09-20 21:39:15 + (Fri, 20 Sep 2013) New Revision: 23754 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-09-20 21:14:26 UTC (rev 23753) +++ data/CVE/list 2013-09-20 21:39:15 UTC (rev 23754) @@ -971,7 +971,7 @@ CVE-2013-5498 RESERVED CVE-2013-5497 (The authentication manager process in the web framework in Cisco ...) - TODO: check + NOT-FOR-US: Cisco Intrusion Prevention System CVE-2013-5496 (Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote ...) NOT-FOR-US: Cisco NX-OS CVE-2013-5495 (Cross-site scripting (XSS) vulnerability in the web framework in the ...) @@ -12288,7 +12288,7 @@ CVE-2013-1122 (Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport ...) NOT-FOR-US: Cisco NX-OS CVE-2013-1121 (The regex engine in the BGP implementation in Cisco NX-OS, when a ...) - TODO: check + NOT-FOR-US: Cisco NX-OS CVE-2013-1120 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...) NOT-FOR-US: Cisco Unity Express CVE-2013-1119 (Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23755 - data/CVE
Author: fgeek-guest Date: 2013-09-20 21:40:47 + (Fri, 20 Sep 2013) New Revision: 23755 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-09-20 21:39:15 UTC (rev 23754) +++ data/CVE/list 2013-09-20 21:40:47 UTC (rev 23755) @@ -2426,6 +2426,7 @@ NOT-FOR-US: HP CVE-2013-4814 RESERVED + NOT-FOR-US: HP CVE-2013-4813 (The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) ...) NOT-FOR-US: HP CVE-2013-4812 (UpdateCertificatesServlet in the SNAC registration server in HP ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23759 - data/CVE
Author: fgeek-guest
Date: 2013-09-21 11:08:47 + (Sat, 21 Sep 2013)
New Revision: 23759
Modified:
data/CVE/list
Log:
NFU CVE-2013-5210
Modified: data/CVE/list
===
--- data/CVE/list 2013-09-21 05:39:57 UTC (rev 23758)
+++ data/CVE/list 2013-09-21 11:08:47 UTC (rev 23759)
@@ -1546,6 +1546,7 @@
RESERVED
CVE-2013-5210
RESERVED
+ NOT-FOR-US: Adtran Netvanta
CVE-2013-5209 (The sctp_send_initiate_ack function in
sys/netinet/sctp_output.c in ...)
{DSA-2743-1}
- kfreebsd-8 (bug #720476)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23791 - data/CVE
Author: fgeek-guest Date: 2013-09-26 16:15:29 + (Thu, 26 Sep 2013) New Revision: 23791 Modified: data/CVE/list Log: NFU CVE-2013-3278 Modified: data/CVE/list === --- data/CVE/list 2013-09-26 14:52:07 UTC (rev 23790) +++ data/CVE/list 2013-09-26 16:15:29 UTC (rev 23791) @@ -6178,7 +6178,7 @@ CVE-2013-3279 RESERVED CVE-2013-3278 - RESERVED + NOT-FOR-US: EMC CVE-2013-3277 (Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 ...) NOT-FOR-US: EMC CVE-2013-3276 (EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23808 - data/CVE
Author: fgeek-guest Date: 2013-09-27 14:35:26 + (Fri, 27 Sep 2013) New Revision: 23808 Modified: data/CVE/list Log: NFU: Drupal contributed modules Modified: data/CVE/list === --- data/CVE/list 2013-09-27 14:16:01 UTC (rev 23807) +++ data/CVE/list 2013-09-27 14:35:26 UTC (rev 23808) @@ -3415,16 +3415,22 @@ NOTE: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26 CVE-2013-4384 RESERVED + NOT-FOR-US: Drupal module CVE-2013-4383 RESERVED + NOT-FOR-US: Drupal module CVE-2013-4382 RESERVED + NOT-FOR-US: Drupal module CVE-2013-4381 RESERVED + NOT-FOR-US: Drupal module CVE-2013-4380 RESERVED + NOT-FOR-US: Drupal module CVE-2013-4379 RESERVED + NOT-FOR-US: Drupal module CVE-2013-4378 [blind XSS through X-Forwarded-For header] RESERVED NOT-FOR-US: Javamelody ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23818 - data/CVE
Author: fgeek-guest Date: 2013-09-29 06:06:33 + (Sun, 29 Sep 2013) New Revision: 23818 Modified: data/CVE/list Log: CVE-2013-4387 Modified: data/CVE/list === --- data/CVE/list 2013-09-28 15:41:10 UTC (rev 23817) +++ data/CVE/list 2013-09-29 06:06:33 UTC (rev 23818) @@ -3404,6 +3404,8 @@ RESERVED CVE-2013-4387 RESERVED + NOTE: http://www.openwall.com/lists/oss-security/2013/09/29/1 + TODO: check CVE-2013-4386 RESERVED CVE-2013-4385 [Buffer overrun] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23819 - data/CVE
Author: fgeek-guest Date: 2013-09-29 08:21:41 + (Sun, 29 Sep 2013) New Revision: 23819 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-09-29 06:06:33 UTC (rev 23818) +++ data/CVE/list 2013-09-29 08:21:41 UTC (rev 23819) @@ -1,3 +1,5 @@ +CVE-2013-5959 + NOT-FOR-US: Blue Coat ProxySG CVE-2013-5943 (Multiple cross-site scripting (XSS) vulnerabilities in Graphite before ...) - graphite-web 0.9.12+debian-1 CVE-2013-5942 (Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, ...) @@ -1017,6 +1019,7 @@ RESERVED CVE-2013-5498 RESERVED + NOT-FOR-US: Cisco IOS XR CVE-2013-5497 (The authentication manager process in the web framework in Cisco ...) NOT-FOR-US: Cisco Intrusion Prevention System CVE-2013-5496 (Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote ...) @@ -1207,6 +1210,7 @@ RESERVED CVE-2013-5403 RESERVED + NOT-FOR-US: IBM WebSphere CVE-2013-5402 RESERVED CVE-2013-5401 @@ -1695,8 +1699,10 @@ RESERVED CVE-2013-5161 RESERVED + NOT-FOR-US: Apple iOS CVE-2013-5160 RESERVED + NOT-FOR-US: Apple iOS CVE-2013-5159 (WebKit in Apple iOS before 7 allows remote attackers to bypass the ...) NOT-FOR-US: Apple iOS CVE-2013-5158 (The Social subsystem in Apple iOS before 7 does not properly restrict ...) @@ -13982,6 +13988,7 @@ NOT-FOR-US: IBM CVE-2013-0598 RESERVED + NOT-FOR-US: IBM Rational ClearQuest CVE-2013-0597 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0596 (Cross-site scripting (XSS) vulnerability in the Administrative console ...) @@ -28875,6 +28882,7 @@ NOT-FOR-US: Cisco IOS CVE-2012-1313 RESERVED + NOT-FOR-US: Cisco Unified Computing System CVE-2012-1312 (The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to ...) NOT-FOR-US: Cisco IOS CVE-2012-1311 (The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23820 - data/CVE
Author: fgeek-guest Date: 2013-09-29 08:46:23 + (Sun, 29 Sep 2013) New Revision: 23820 Modified: data/CVE/list Log: NFU CVE-2013-5916 Modified: data/CVE/list === --- data/CVE/list 2013-09-29 08:21:41 UTC (rev 23819) +++ data/CVE/list 2013-09-29 08:46:23 UTC (rev 23820) @@ -56,6 +56,7 @@ NOT-FOR-US: NOSpam PTIa plugin for Wordpress CVE-2013-5916 RESERVED + NOT-FOR-US: WordPress plugin wp-e-commerce CVE-2013-5915 RESERVED CVE-2013-5914 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23840 - data/CVE
Author: fgeek-guest Date: 2013-10-01 05:24:07 + (Tue, 01 Oct 2013) New Revision: 23840 Modified: data/CVE/list Log: NFU: SimpleRisk Modified: data/CVE/list === --- data/CVE/list 2013-10-01 05:20:28 UTC (rev 23839) +++ data/CVE/list 2013-10-01 05:24:07 UTC (rev 23840) @@ -423,8 +423,10 @@ NOT-FOR-US: FriendsOfSymfony FOSUserBundle CVE-2013-5749 RESERVED + NOT-FOR-US: SimpleRisk CVE-2013-5748 RESERVED + NOT-FOR-US: SimpleRisk CVE-2013-5747 RESERVED CVE-2013-5746 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23861 - data/CVE
Author: fgeek-guest Date: 2013-10-03 05:35:22 + (Thu, 03 Oct 2013) New Revision: 23861 Modified: data/CVE/list Log: CVE-2013-4344 needs checking Modified: data/CVE/list === --- data/CVE/list 2013-10-02 21:19:57 UTC (rev 23860) +++ data/CVE/list 2013-10-03 05:35:22 UTC (rev 23861) @@ -3629,6 +3629,8 @@ - linux CVE-2013-4344 RESERVED + - xen + TODO: check CVE-2013-4343 (Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel ...) - linux [wheezy] - linux (Introduced in 3.8) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23864 - data/CVE
Author: fgeek-guest Date: 2013-10-03 17:21:16 + (Thu, 03 Oct 2013) New Revision: 23864 Modified: data/CVE/list Log: NFU: Gnew Modified: data/CVE/list === --- data/CVE/list 2013-10-03 08:21:58 UTC (rev 23863) +++ data/CVE/list 2013-10-03 17:21:16 UTC (rev 23864) @@ -754,8 +754,10 @@ RESERVED CVE-2013-5640 RESERVED + NOT-FOR-US: Gnew CVE-2013-5639 RESERVED + NOT-FOR-US: Gnew CVE-2013-5648 (Absolute path traversal vulnerability in the handleStartDataFile ...) - libdigidoc (bug #658300) CVE-2013-5647 (lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23866 - data/CVE
Author: fgeek-guest Date: 2013-10-03 21:18:50 + (Thu, 03 Oct 2013) New Revision: 23866 Modified: data/CVE/list Log: NFU HPSBPI02892 Modified: data/CVE/list === --- data/CVE/list 2013-10-03 21:14:25 UTC (rev 23865) +++ data/CVE/list 2013-10-03 21:18:50 UTC (rev 23866) @@ -2528,8 +2528,10 @@ RESERVED CVE-2013-4829 RESERVED + NOT-FOR-US: HP CVE-2013-4828 RESERVED + NOT-FOR-US: HP CVE-2013-4827 RESERVED CVE-2013-4826 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23867 - data/CVE
Author: fgeek-guest Date: 2013-10-03 21:20:43 + (Thu, 03 Oct 2013) New Revision: 23867 Modified: data/CVE/list Log: NFU APPLE-SA-2013-10-03-1 Modified: data/CVE/list === --- data/CVE/list 2013-10-03 21:18:50 UTC (rev 23866) +++ data/CVE/list 2013-10-03 21:20:43 UTC (rev 23867) @@ -1781,6 +1781,7 @@ RESERVED CVE-2013-5163 RESERVED + NOT-FOR-US: Apple OS X CVE-2013-5162 RESERVED CVE-2013-5161 (Passcode Lock in Apple iOS before 7.0.2 does not properly manage the ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23868 - data/CVE
Author: fgeek-guest Date: 2013-10-03 21:25:20 + (Thu, 03 Oct 2013) New Revision: 23868 Modified: data/CVE/list Log: NFU ESA-2013-062 Modified: data/CVE/list === --- data/CVE/list 2013-10-03 21:20:43 UTC (rev 23867) +++ data/CVE/list 2013-10-03 21:25:20 UTC (rev 23868) @@ -6308,6 +6308,7 @@ RESERVED CVE-2013-3279 RESERVED + NOT-FOR-US: EMC CVE-2013-3278 (EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage ...) NOT-FOR-US: EMC CVE-2013-3277 (Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23885 - data/CVE
Author: fgeek-guest Date: 2013-10-05 08:08:48 + (Sat, 05 Oct 2013) New Revision: 23885 Modified: data/CVE/list Log: CVE-2013-2099 python-tornado fixed Modified: data/CVE/list === --- data/CVE/list 2013-10-04 21:20:10 UTC (rev 23884) +++ data/CVE/list 2013-10-05 08:08:48 UTC (rev 23885) @@ -9469,7 +9469,7 @@ [wheezy] - bzr (Minor issue) - python-urllib3 1.6-2 (low; bug #709070) [wheezy] - python-urllib3 (Minor issue) - - python-tornado (low; bug #709069) + - python-tornado 2.4.1-3 (low; bug #709069) [squeeze] - python-tornado (Minor issue) [wheezy] - python-tornado (Minor issue) - w3af 2.6.0~bzr6574-1 (low; bug #709068) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23897 - data/CVE
Author: fgeek-guest Date: 2013-10-06 17:49:02 + (Sun, 06 Oct 2013) New Revision: 23897 Modified: data/CVE/list Log: CVE-2013-5696 glpi fixed Modified: data/CVE/list === --- data/CVE/list 2013-10-06 11:40:27 UTC (rev 23896) +++ data/CVE/list 2013-10-06 17:49:02 UTC (rev 23897) @@ -615,7 +615,7 @@ CVE-2013-5697 (SQL injection vulnerability in mod_accounting.c in the mod_accounting ...) - libapache-mod-acct CVE-2013-5696 (inc/central.class.php in GLPI before 0.84.2 does not attempt to make ...) - - glpi (bug #723837) + - glpi 0.84.2-1 (bug #723837) NOTE: CVE split pending CVE-2013-5695 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23914 - data/CVE
Author: fgeek-guest
Date: 2013-10-08 14:12:39 + (Tue, 08 Oct 2013)
New Revision: 23914
Modified:
data/CVE/list
Log:
Removed libav BTS references, which was not fixed in that bug item.
Modified: data/CVE/list
===
--- data/CVE/list 2013-10-08 10:02:22 UTC (rev 23913)
+++ data/CVE/list 2013-10-08 14:12:39 UTC (rev 23914)
@@ -5465,19 +5465,19 @@
- libav (Smush codec not present in libav)
CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in
FFmpeg ...)
- ffmpeg (CD Graphics Video Decoder not present in 0.5
ffmpeg)
- - libav (bug #717009)
+ - libav
CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in
FFmpeg ...)
- ffmpeg (Doesn't affect libav, specific to current
ffmpeg)
- libav (Doesn't affect libav, specific to current
ffmpeg)
CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in
FFmpeg ...)
- ffmpeg
- - libav (bug #717009)
+ - libav
CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before
1.2.1 ...)
- ffmpeg (Doesn't affect libav, specific to current
ffmpeg)
- libav (Doesn't affect libav, specific to current
ffmpeg)
CVE-2013-3670 (The rle_unpack function in vmdav.c in libavcodec in FFmpeg git
...)
- ffmpeg
- - libav (bug #717009)
+ - libav
CVE-2013-3669
RESERVED
CVE-2013-3668
@@ -13078,13 +13078,13 @@
CVE-2013-0868 [libavcodec/huffyuvdec.c out of array writes]
RESERVED
- ffmpeg
- - libav (bug #717009)
+ - libav
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
CVE-2013-0867 [libavcodec/h264.c out of array accesses]
RESERVED
- ffmpeg
- - libav (bug #717009)
+ - libav
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae
CVE-2013-0866 [libavcodec/aacdec.c out of array accesses]
RESERVED
@@ -13118,7 +13118,7 @@
CVE-2013-0860 [libavcodec/error_resilience.c state inconsistency and null
pointer deref]
RESERVED
- ffmpeg
- - libav (bug #717009)
+ - libav
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
CVE-2013-0859 [libavcodec/tiff.c out of array access:
6d1c5ea04af3e345232aa70c944de961061dab2d]
RESERVED
@@ -13139,7 +13139,7 @@
CVE-2013-0856 [libavcodec/alac.c]
RESERVED
- ffmpeg
- - libav (bug #717009)
+ - libav
NOTE: Fix in ffmpeg:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594
NOTE: Fix in libav:
http://git.libav.org/?p=libav.git;a=commit;h=78aa2ed620178044a227fbbe48f749c0dc86023f
CVE-2013-0855 [libavcodec/alac.c out of array accesses]
@@ -13165,13 +13165,13 @@
CVE-2013-0852 [libavcodec/pgssubdec.c out of array accesses]
RESERVED
- ffmpeg (PGS subtitle decoder not present)
- - libav (bug #717009)
+ - libav
NOTE: That change seems needed in libav
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061
CVE-2013-0851 [libavcodec/eamad.c out of array accesses]
RESERVED
- ffmpeg (Electronic Arts Madcow Video decoder not
present in ffmpeg 0.5)
- - libav (bug #717009)
+ - libav
NOTE: looks valid as "if (buf_size < 17) { ... error... }" but at least
buf[21] is used.
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d
CVE-2013-0850 [libavcodec/h264.c out of array accesses]
@@ -13190,7 +13190,7 @@
CVE-2013-0848 [libavcodec/huffyuv.c out of array accesses]
RESERVED
- ffmpeg
- - libav (bug #717009)
+ - libav
NOTE: No related changes in libav git so far
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
NOTE: Needed in ffmpeg 0.5
@@ -13209,7 +13209,7 @@
CVE-2013-0845 [libavcodec/alsdec.c]
RESERVED
- ffmpeg (MPEG-4 ALS decoder not present in ffmpeg/0.5)
- - libav (bug #717009)
+ - libav
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0ceca269b66ec12a23bf0907bd2c220513cdbf16
NOTE: No change in libav git
CVE-2013-0844 [libavcodec/adpcm.c out of array access]
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23922 - data/CVE
Author: fgeek-guest Date: 2013-10-09 13:35:08 + (Wed, 09 Oct 2013) New Revision: 23922 Modified: data/CVE/list Log: NFU HPSBGN02929, HPSBGN02930 Modified: data/CVE/list === --- data/CVE/list 2013-10-09 11:49:42 UTC (rev 23921) +++ data/CVE/list 2013-10-09 13:35:08 UTC (rev 23922) @@ -2543,16 +2543,22 @@ NOT-FOR-US: HP CVE-2013-4827 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4826 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4825 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4824 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4823 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4822 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4821 (Unspecified vulnerability in HP System Management Homepage (SMH) ...) NOT-FOR-US: HP System Management Homepage CVE-2013-4820 (Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23965 - data/CVE
Author: fgeek-guest Date: 2013-10-11 09:30:45 + (Fri, 11 Oct 2013) New Revision: 23965 Modified: data/CVE/list Log: NFU HPSBMU02901 Modified: data/CVE/list === --- data/CVE/list 2013-10-11 09:03:04 UTC (rev 23964) +++ data/CVE/list 2013-10-11 09:30:45 UTC (rev 23965) @@ -2741,6 +2741,7 @@ NOT-FOR-US: HP Integrated Lights-Out firmware CVE-2013-4804 RESERVED + NOT-FOR-US: HP Business Process Monitor CVE-2013-4803 RESERVED CVE-2013-4802 (Cross-site scripting (XSS) vulnerability in HP Application Lifecycle ...) @@ -8843,6 +8844,7 @@ NOT-FOR-US: HP SiteScope CVE-2013-2366 RESERVED + NOT-FOR-US: HP Business Process Monitor CVE-2013-2365 (HP Database and Middleware Automation (DMA) 10.x before 10.10, when ...) NOT-FOR-US: HP DMA CVE-2013-2364 (Cross-site scripting (XSS) vulnerability in HP System Management ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23979 - data/CVE
Author: fgeek-guest Date: 2013-10-12 14:07:36 + (Sat, 12 Oct 2013) New Revision: 23979 Modified: data/CVE/list Log: dropbear issue reported Modified: data/CVE/list === --- data/CVE/list 2013-10-12 09:14:25 UTC (rev 23978) +++ data/CVE/list 2013-10-12 14:07:36 UTC (rev 23979) @@ -1,3 +1,5 @@ +CVE-2013- [dropbear: avoid disclosing existence of valid users through inconsistent delays] + - dropbear (bug #726118) CVE-2013-6063 RESERVED CVE-2013-6062 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24009 - data/CVE
Author: fgeek-guest Date: 2013-10-16 05:14:27 + (Wed, 16 Oct 2013) New Revision: 24009 Modified: data/CVE/list Log: NFU HPSBMU02931 Modified: data/CVE/list === --- data/CVE/list 2013-10-16 05:13:50 UTC (rev 24008) +++ data/CVE/list 2013-10-16 05:14:27 UTC (rev 24009) @@ -2685,12 +2685,16 @@ RESERVED CVE-2013-4833 RESERVED + NOT-FOR-US: HP CVE-2013-4832 RESERVED + NOT-FOR-US: HP CVE-2013-4831 RESERVED + NOT-FOR-US: HP CVE-2013-4830 RESERVED + NOT-FOR-US: HP CVE-2013-4829 (HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet ...) NOT-FOR-US: HP CVE-2013-4828 (HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24011 - data/CVE
Author: fgeek-guest Date: 2013-10-16 05:52:38 + (Wed, 16 Oct 2013) New Revision: 24011 Modified: data/CVE/list Log: CVE-2010-5110 assigned for poppler. Modified: data/CVE/list === --- data/CVE/list 2013-10-16 05:20:46 UTC (rev 24010) +++ data/CVE/list 2013-10-16 05:52:38 UTC (rev 24011) @@ -657,9 +657,6 @@ RESERVED CVE-2013-5741 RESERVED -CVE-2013- [poppler / JPEG error handler] - - poppler 0.16.3-1 (bug #722705) - NOTE: CVE request: http://article.gmane.org/gmane.comp.security.oss.general/11132 CVE-2013-5745 (The vino_server_client_data_pending function in vino-server.c in GNOME ...) - vino (low; bug #724545) [wheezy] - vino (Minor issue) @@ -26459,8 +26456,9 @@ RESERVED CVE-2010-5111 RESERVED -CVE-2010-5110 +CVE-2010-5110 [poppler: JPEG error handler] RESERVED + - poppler 0.16.3-1 (bug #722705) CVE-2010-5109 [libytnef: buffer overflow] RESERVED - libytnef 1.5-5 (low; bug #705468) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24032 - data/CVE
Author: fgeek-guest Date: 2013-10-16 17:49:38 + (Wed, 16 Oct 2013) New Revision: 24032 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-10-16 17:44:30 UTC (rev 24031) +++ data/CVE/list 2013-10-16 17:49:38 UTC (rev 24032) @@ -623,8 +623,10 @@ NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html CVE-2013-5792 RESERVED + NOT-FOR-US: Oracle E-Business Suite CVE-2013-5791 RESERVED + NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5790 RESERVED - openjdk-6 @@ -661,12 +663,14 @@ - openjdk-7 CVE-2013-5781 RESERVED + NOT-FOR-US: Oracle PARC Enterprise CVE-2013-5780 RESERVED - openjdk-6 - openjdk-7 CVE-2013-5779 RESERVED + NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5778 RESERVED - openjdk-6 @@ -689,12 +693,14 @@ - openjdk-7 CVE-2013-5773 RESERVED + NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5772 RESERVED - openjdk-6 - openjdk-7 CVE-2013-5771 RESERVED + NOT-FOR-US: Oracle Database Server CVE-2013-5770 RESERVED - mysql-5.5 (Only affects Mysql 5.6) @@ -702,8 +708,10 @@ NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html CVE-2013-5769 RESERVED + NOT-FOR-US: Oracle Siebel CRM CVE-2013-5768 RESERVED + NOT-FOR-US: Oracle Siebel CRM CVE-2013-5767 RESERVED - mysql-5.5 (Only affects Mysql 5.6) @@ -711,16 +719,20 @@ NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html CVE-2013-5766 RESERVED + NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-5765 RESERVED + NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5764 RESERVED CVE-2013-5763 RESERVED CVE-2013-5762 RESERVED + NOT-FOR-US: Oracle Siebel CVE-2013-5761 RESERVED + NOT-FOR-US: Oracle Siebel CVE-2013-5760 RESERVED CVE-2013-5759 @@ -1289,12 +1301,16 @@ RESERVED CVE-2013-5541 RESERVED + NOT-FOR-US: Cisco Identity Services Engine CVE-2013-5540 RESERVED + NOT-FOR-US: Cisco Identity Services Engine CVE-2013-5539 RESERVED + NOT-FOR-US: Cisco Identity Services Engine CVE-2013-5538 RESERVED + NOT-FOR-US: Cisco Identity Services Engine CVE-2013-5537 RESERVED CVE-2013-5536 @@ -1584,14 +1600,17 @@ NOT-FOR-US: IBM Maximo Asset Management CVE-2013-5394 RESERVED + NOT-FOR-US: IBM WebSphere eXtreme Scale CVE-2013-5393 RESERVED + NOT-FOR-US: IBM WebSphere eXtreme Scale CVE-2013-5392 RESERVED CVE-2013-5391 RESERVED CVE-2013-5390 RESERVED + NOT-FOR-US: IBM WebSphere eXtreme Scale CVE-2013-5389 RESERVED CVE-2013-5388 @@ -1960,6 +1979,7 @@ NOTE: kfreebsd-10 (experimental, #720478) CVE-2013-5208 RESERVED + NOT-FOR-US: HR Systems Strategies CVE-2013-5207 RESERVED CVE-2013-5206 @@ -2325,6 +2345,7 @@ RESERVED CVE-2013-5030 RESERVED + NOT-FOR-US: Ruckus Wireless Zoneflex CVE-2013-5029 (phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to ...) - phpmyadmin 4:4.0.5-1 [squeeze] - phpmyadmin (Not feasible) @@ -5395,8 +5416,10 @@ NOT-FOR-US: Solaris CVE-2013-3841 RESERVED + NOT-FOR-US: Oracle Siebel CRM CVE-2013-3840 RESERVED + NOT-FOR-US: Oracle Siebel CRM CVE-2013-3839 RESERVED - mysql-5.5 @@ -5404,21 +5427,28 @@ NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html CVE-2013-3838 RESERVED + NOT-FOR-US: Oracle SPARC Enterprise CVE-2013-3837 RESERVED + NOT-FOR-US: Oracle Solaris CVE-2013-3836 RESERVED + NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3835 RESERVED + NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-3834 RESERVED NOT-FOR-US: Oracle Secure Global Desktop CVE-2013-3833 RESERVED + NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3832 RESERVED + NOT-FOR-US: Oracle Siebel CRM CVE-2013-3831 RESERVED + NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3830 RESERVED CVE-2013-3829 @@ -5427,10 +5457,13 @@ - openjdk-7 CVE-2013-3828 RESERVED + NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3827 RESERVED + NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3826 RESERVED + NOT-FOR-US: Oracle Database Server CVE-2013-3825 (Unspecified vulnerability in the Oracle Agile Product Collaboration ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2013-3824 (Unspecified vulnerability in the Oracle Agile Collaborati
[Secure-testing-commits] r24033 - data/CVE
Author: fgeek-guest Date: 2013-10-16 18:57:16 + (Wed, 16 Oct 2013) New Revision: 24033 Modified: data/CVE/list Log: CVE-2013-5915 polarssl fixed in 1.3.1-1 Modified: data/CVE/list === --- data/CVE/list 2013-10-16 17:49:38 UTC (rev 24032) +++ data/CVE/list 2013-10-16 18:57:16 UTC (rev 24033) @@ -297,7 +297,7 @@ RESERVED NOT-FOR-US: WordPress plugin wp-e-commerce CVE-2013-5915 (The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly ...) - - polarssl (bug #725359) + - polarssl 1.3.1-1 (bug #725359) NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05 CVE-2013-5914 [Buffer overflow in ssl_read_record()] RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24043 - data/CVE
Author: fgeek-guest Date: 2013-10-17 05:55:02 + (Thu, 17 Oct 2013) New Revision: 24043 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-10-17 05:54:38 UTC (rev 24042) +++ data/CVE/list 2013-10-17 05:55:02 UTC (rev 24043) @@ -443,6 +443,7 @@ - openjdk-7 CVE-2013-5850 RESERVED + TODO: check CVE-2013-5849 RESERVED - openjdk-6 @@ -453,14 +454,17 @@ - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5847 RESERVED + NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5846 RESERVED - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-5845 RESERVED + NOT-FOR-US: Oracle iLearning CVE-2013-5844 RESERVED + TODO: check CVE-2013-5843 RESERVED TODO: This issue was fixed in Oracle Java, but not in OpenJDK. Likely not-affected, but needs further check @@ -470,6 +474,7 @@ - openjdk-7 CVE-2013-5841 RESERVED + NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5840 RESERVED - openjdk-6 @@ -486,8 +491,10 @@ NOT-FOR-US: Solaris CVE-2013-5836 RESERVED + NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5835 RESERVED + NOT-FOR-US: Oracle Siebel CRM CVE-2013-5834 RESERVED CVE-2013-5833 @@ -509,10 +516,13 @@ - openjdk-7 CVE-2013-5828 RESERVED + NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-5827 RESERVED + NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-5826 RESERVED + NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2013-5825 RESERVED - openjdk-6 @@ -526,6 +536,7 @@ TODO: This issue was fixed in Oracle Java, but not in OpenJDK. Likely not-affected, but needs further check CVE-2013-5822 RESERVED + NOT-FOR-US: Oracle iLearning CVE-2013-5821 RESERVED CVE-2013-5820 @@ -546,20 +557,24 @@ - openjdk-7 CVE-2013-5816 RESERVED + NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5815 RESERVED + NOT-FOR-US: Oracle Fusion Middleware Oracle Identity Analytics CVE-2013-5814 RESERVED - openjdk-6 - openjdk-7 CVE-2013-5813 RESERVED + NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5812 RESERVED - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5811 RESERVED + NOT-FOR-US: Oracle Industry Applications CVE-2013-5810 RESERVED - openjdk-6 (JavaFX not part of OpenJDK) @@ -604,18 +619,22 @@ - openjdk-7 CVE-2013-5799 RESERVED + NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2013-5798 RESERVED + NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5797 RESERVED - openjdk-6 - openjdk-7 CVE-2013-5796 RESERVED + NOT-FOR-US: Oracle Siebel CRM CVE-2013-5795 RESERVED CVE-2013-5794 RESERVED + NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5793 RESERVED - mysql-5.5 (Only affects Mysql 5.6) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24044 - data/CVE
Author: fgeek-guest Date: 2013-10-17 05:58:18 + (Thu, 17 Oct 2013) New Revision: 24044 Modified: data/CVE/list Log: openldap issue Modified: data/CVE/list === --- data/CVE/list 2013-10-17 05:55:02 UTC (rev 24043) +++ data/CVE/list 2013-10-17 05:58:18 UTC (rev 24044) @@ -1,3 +1,8 @@ +CVE-2013- [slapd segfaults on certain queries with rwm overlay enabled] + - openldap + TODO: check + NOTE: http://www.openldap.org/its/index.cgi/Incoming?id=7723 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1019490 CVE-2013-6063 RESERVED CVE-2013-6062 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24050 - data/CVE
Author: fgeek-guest Date: 2013-10-17 12:55:50 + (Thu, 17 Oct 2013) New Revision: 24050 Modified: data/CVE/list Log: new echoping issue Modified: data/CVE/list === --- data/CVE/list 2013-10-17 12:12:09 UTC (rev 24049) +++ data/CVE/list 2013-10-17 12:55:50 UTC (rev 24050) @@ -1,3 +1,10 @@ +CVE-2013- [echoping buffer overflows] + - echoping + TODO: check + NOTE: Upstream fix http://sourceforge.net/p/echoping/bugs/55/ + NOTE: https://bugs.gentoo.org/show_bug.cgi?id=349569 + NOTE: http://xforce.iss.net/xforce/xfdb/64141 + NOTE: http://secunia.com/advisories/42619/ CVE-2013- [slapd segfaults on certain queries with rwm overlay enabled] - openldap TODO: check ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24072 - data/CVE
Author: fgeek-guest Date: 2013-10-19 06:49:23 + (Sat, 19 Oct 2013) New Revision: 24072 Modified: data/CVE/list Log: CVE-2013-4448 and CVE-2013-4449 assigned Modified: data/CVE/list === --- data/CVE/list 2013-10-19 06:23:44 UTC (rev 24071) +++ data/CVE/list 2013-10-19 06:49:23 UTC (rev 24072) @@ -1,14 +1,3 @@ -CVE-2013- [echoping buffer overflows] - - echoping 6.0.2-4 (bug #606808) - NOTE: Upstream fix http://sourceforge.net/p/echoping/bugs/55/ - NOTE: https://bugs.gentoo.org/show_bug.cgi?id=349569 - NOTE: http://xforce.iss.net/xforce/xfdb/64141 - NOTE: http://secunia.com/advisories/42619/ -CVE-2013- [slapd segfaults on certain queries with rwm overlay enabled] - - openldap - TODO: check - NOTE: http://www.openldap.org/its/index.cgi/Incoming?id=7723 - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1019490 CVE-2013-6167 - iceweasel (low) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=858215 @@ -3710,10 +3699,19 @@ RESERVED CVE-2013-4450 RESERVED -CVE-2013-4449 +CVE-2013-4449 [slapd segfaults on certain queries with rwm overlay enabled] RESERVED -CVE-2013-4448 + - openldap + TODO: check + NOTE: http://www.openldap.org/its/index.cgi/Incoming?id=7723 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1019490 +CVE-2013-4448 [echoping buffer overflows] RESERVED + - echoping 6.0.2-4 (bug #606808) + NOTE: Upstream fix http://sourceforge.net/p/echoping/bugs/55/ + NOTE: https://bugs.gentoo.org/show_bug.cgi?id=349569 + NOTE: http://xforce.iss.net/xforce/xfdb/64141 + NOTE: http://secunia.com/advisories/42619/ CVE-2013-4447 RESERVED CVE-2013-4446 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24075 - data/CVE
Author: fgeek-guest Date: 2013-10-19 22:32:35 + (Sat, 19 Oct 2013) New Revision: 24075 Modified: data/CVE/list Log: nodejs issue Modified: data/CVE/list === --- data/CVE/list 2013-10-19 09:14:25 UTC (rev 24074) +++ data/CVE/list 2013-10-19 22:32:35 UTC (rev 24075) @@ -1,3 +1,7 @@ +CVE-2013- [nodejs: HTTP Pipelining DoS] + - nodejs 0.10.21~dfsg1-1 (medium) + NOTE: https://github.com/joyent/node/commit/085dd30e93da67362f044ad1b3b6b2d997064692 + NOTE: http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/ CVE-2013-6167 - iceweasel (low) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=858215 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24155 - data/CVE
Author: fgeek-guest Date: 2013-10-24 18:44:58 + (Thu, 24 Oct 2013) New Revision: 24155 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-10-24 12:10:45 UTC (rev 24154) +++ data/CVE/list 2013-10-24 18:44:58 UTC (rev 24155) @@ -563,6 +563,7 @@ RESERVED CVE-2013-5968 RESERVED + NOT-FOR-US: CA SiteMinder CVE-2013-5967 (Multiple SQL injection vulnerabilities in AlienVault Open Source ...) NOT-FOR-US: AlienVault Open Source Security Information Management CVE-2013-5966 @@ -3928,6 +3929,7 @@ RESERVED CVE-2013-4462 RESERVED + NOT-FOR-US: WordPress plugin CVE-2013-4461 RESERVED CVE-2013-4460 [XSS in account_sponsor_page.php project names] @@ -3954,6 +3956,7 @@ NOT-FOR-US: Katello CVE-2013-4454 RESERVED + NOT-FOR-US: WordPress plugin CVE-2013-4453 [XSS] RESERVED - ldap-account-manager (medium; bug #726976) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24193 - data/CVE
Author: fgeek-guest Date: 2013-10-28 10:22:27 + (Mon, 28 Oct 2013) New Revision: 24193 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-10-28 06:00:39 UTC (rev 24192) +++ data/CVE/list 2013-10-28 10:22:27 UTC (rev 24193) @@ -1,3 +1,5 @@ +CVE-2013-6285 + NOT-FOR-US: Tyler Technologies TaxWeb CVE-2013-6242 RESERVED CVE-2013-6241 @@ -464,10 +466,13 @@ NOT-FOR-US: WatchGuard WSM and Fireware CVE-2013-6020 RESERVED + NOT-FOR-US: Tyler Technologies TaxWeb CVE-2013-6019 RESERVED + NOT-FOR-US: Tyler Technologies TaxWeb CVE-2013-6018 RESERVED + NOT-FOR-US: Tyler Technologies TaxWeb CVE-2013-6017 RESERVED CVE-2013-6016 @@ -1847,6 +1852,7 @@ RESERVED CVE-2013-5430 RESERVED + NOT-FOR-US: IBM Security AppScan Enterprise CVE-2013-5429 RESERVED CVE-2013-5428 (IBM WebSphere DataPower XC10 appliances 2.5.0 do not require ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24200 - data/CVE
Author: fgeek-guest Date: 2013-10-29 11:01:10 + (Tue, 29 Oct 2013) New Revision: 24200 Modified: data/CVE/list Log: NFU: Ops View, IZON Modified: data/CVE/list === --- data/CVE/list 2013-10-29 07:07:34 UTC (rev 24199) +++ data/CVE/list 2013-10-29 11:01:10 UTC (rev 24200) @@ -17,6 +17,7 @@ RESERVED CVE-2013-6236 RESERVED + NOT-FOR-US: Stem Innovations IZON CVE-2013-6235 RESERVED CVE-2013-6234 @@ -1224,8 +1225,10 @@ NOTE: CVE split pending CVE-2013-5695 RESERVED + NOT-FOR-US: Ops View CVE-2013-5694 RESERVED + NOT-FOR-US: Ops View CVE-2013-5693 (Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 ...) NOT-FOR-US: X2CRM CVE-2013-5692 (Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24201 - data/CVE
Author: fgeek-guest Date: 2013-10-29 11:23:29 + (Tue, 29 Oct 2013) New Revision: 24201 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-10-29 11:01:10 UTC (rev 24200) +++ data/CVE/list 2013-10-29 11:23:29 UTC (rev 24201) @@ -1,3 +1,7 @@ +CVE-2013-6289 + NOT-FOR-US: TYPO3 extension Apache Solr +CVE-2013-6288 + NOT-FOR-US: TYPO3 extension Apache Solr CVE-2013-6285 NOT-FOR-US: Tyler Technologies TaxWeb CVE-2013-6275 [CSRF] @@ -485,10 +489,12 @@ NOT-FOR-US: Juniper Junos CVE-2013-6014 RESERVED + NOT-FOR-US: Juniper Junos CVE-2013-6013 (Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 ...) NOT-FOR-US: Juniper Junos CVE-2013-6012 RESERVED + NOT-FOR-US: Juniper Junos CVE-2013-6011 (Citrix NetScaler Application Delivery Controller (ADC) 10.0 before ...) NOT-FOR-US: Citrix NetScaler Application Delivery Controller CVE-2013-6010 (Cross-site scripting (XSS) vulnerability in the Comment Attachment ...) @@ -1106,6 +1112,7 @@ RESERVED CVE-2013-5741 RESERVED + NOT-FOR-US: Triangle Research International Nano-10 PLC CVE-2013-5745 (The vino_server_client_data_pending function in vino-server.c in GNOME ...) - vino 3.10.1-1 (low; bug #724545) [wheezy] - vino (Minor issue) @@ -6122,6 +6129,7 @@ RESERVED CVE-2013-3704 RESERVED + NOT-FOR-US: libzypp CVE-2013-3703 RESERVED NOT-FOR-US: Open Build Service @@ -7154,6 +7162,7 @@ RESERVED CVE-2013-3243 RESERVED + NOT-FOR-US: SAP NetWeaver CVE-2013-3242 (plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 ...) - joomla (bug #571794) CVE-2013-3241 (export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24202 - data/CVE
Author: fgeek-guest Date: 2013-10-29 11:26:45 + (Tue, 29 Oct 2013) New Revision: 24202 Modified: data/CVE/list Log: CVE-2013-2142/libimobiledevice fixed in 1.1.5-0.1 Modified: data/CVE/list === --- data/CVE/list 2013-10-29 11:23:29 UTC (rev 24201) +++ data/CVE/list 2013-10-29 11:26:45 UTC (rev 24202) @@ -10077,7 +10077,7 @@ RESERVED CVE-2013-2142 [libimobiledevice: insecure tmp use] RESERVED - - libimobiledevice (low; bug #710885) + - libimobiledevice 1.1.5-0.1 (low; bug #710885) [squeeze] - libimobiledevice (Minor issue) [wheezy] - libimobiledevice (Minor issue) NOTE: Fixed in experimental in 1.1.5-0.1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24203 - data/CVE
Author: fgeek-guest Date: 2013-10-29 11:34:12 + (Tue, 29 Oct 2013) New Revision: 24203 Modified: data/CVE/list Log: Added new keystone issue, which needs more analysis. Modified: data/CVE/list === --- data/CVE/list 2013-10-29 11:26:45 UTC (rev 24202) +++ data/CVE/list 2013-10-29 11:34:12 UTC (rev 24203) @@ -1,3 +1,8 @@ +CVE-2013- [OpenStack Keystone: Unintentional role granting with Keystone LDAP backend] + - keystone + TODO: check + NOTE: https://bugs.launchpad.net/keystone/+bug/1242855 + NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/10/29/4 CVE-2013-6289 NOT-FOR-US: TYPO3 extension Apache Solr CVE-2013-6288 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24204 - data/CVE
Author: fgeek-guest Date: 2013-10-29 11:51:55 + (Tue, 29 Oct 2013) New Revision: 24204 Modified: data/CVE/list Log: CVE-2013-4472, CVE-2013-4472, CVE-2013-4474 poppler/xpdf needs proper analysis Modified: data/CVE/list === --- data/CVE/list 2013-10-29 11:34:12 UTC (rev 24203) +++ data/CVE/list 2013-10-29 11:51:55 UTC (rev 24204) @@ -3944,12 +3944,19 @@ RESERVED CVE-2013-4475 RESERVED -CVE-2013-4474 +CVE-2013-4474 [User controlled format string] RESERVED -CVE-2013-4473 + - poppler + NOTE: check +CVE-2013-4473 [Stack based buffer overflow] RESERVED -CVE-2013-4472 + - poppler + NOTE: check +CVE-2013-4472 [Race condition on temporary file] RESERVED + - poppler + - xpdf + NOTE: check CVE-2013-4471 RESERVED CVE-2013-4470 [memory corruption with UDP_CORK and UFO] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24205 - data/CVE
Author: fgeek-guest
Date: 2013-10-29 12:40:26 + (Tue, 29 Oct 2013)
New Revision: 24205
Modified:
data/CVE/list
Log:
CVE-2011-4329
Modified: data/CVE/list
===
--- data/CVE/list 2013-10-29 11:51:55 UTC (rev 24204)
+++ data/CVE/list 2013-10-29 12:40:26 UTC (rev 24205)
@@ -35225,8 +35225,7 @@
- linux-2.6 3.1.4-1
[squeeze] - linux-2.6 2.6.32-40
CVE-2011-4329 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr
3.1.0 ...)
- - dolibarr
- TODO: check
+ - dolibarr 3.3.4-1 (low)
CVE-2011-4328 (plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak
permissions ...)
{DSA-2435-1}
- gnash 0.8.10-1 (low; bug #649384)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24206 - data/CVE
Author: fgeek-guest Date: 2013-10-29 13:13:29 + (Tue, 29 Oct 2013) New Revision: 24206 Modified: data/CVE/list Log: dolibarr CVE-2011-4814, CVE-2012-1225, CVE-2012-1226 Modified: data/CVE/list === --- data/CVE/list 2013-10-29 12:40:26 UTC (rev 24205) +++ data/CVE/list 2013-10-29 13:13:29 UTC (rev 24206) @@ -30012,11 +30012,9 @@ CVE-2012-1227 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: pluck CVE-2012-1226 (Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 ...) - - dolibarr - TODO: check + - dolibarr 3.3.4-1 CVE-2012-1225 (Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and ...) - - dolibarr - TODO: check + - dolibarr 3.3.4-1 CVE-2012-1224 (Cross-site scripting (XSS) vulnerability in system/classes/login.php ...) NOT-FOR-US: ContentLion Alpha CVE-2012-1223 (RabidHamster R2/Extreme 1.65 and earlier uses a small search space of ...) @@ -33658,8 +33656,7 @@ CVE-2012-0121 (Unspecified vulnerability in HP Data Protector Express (aka DPX) ...) NOT-FOR-US: HP Data Protector Express CVE-2011-4814 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 ...) - - dolibarr - TODO: check + - dolibarr 3.3.4-1 (low) CVE-2011-4813 (Directory traversal vulnerability in clientarea.php in ...) NOT-FOR-US: WHMCompleteSolution CVE-2011-4812 (Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24207 - data/CVE
Author: fgeek-guest Date: 2013-10-29 13:16:04 + (Tue, 29 Oct 2013) New Revision: 24207 Modified: data/CVE/list Log: NFU ESA-2013-072 Modified: data/CVE/list === --- data/CVE/list 2013-10-29 13:13:29 UTC (rev 24206) +++ data/CVE/list 2013-10-29 13:16:04 UTC (rev 24207) @@ -7065,6 +7065,7 @@ RESERVED CVE-2013-3285 RESERVED + NOT-FOR-US: EMC NetWorker CVE-2013-3284 RESERVED CVE-2013-3283 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24208 - data/CVE
Author: fgeek-guest Date: 2013-10-29 13:22:18 + (Tue, 29 Oct 2013) New Revision: 24208 Modified: data/CVE/list Log: dolibarr CVE-2011-4802, CVE-2013-2091, CVE-2013-2092, CVE-2013-2093 Modified: data/CVE/list === --- data/CVE/list 2013-10-29 13:16:04 UTC (rev 24207) +++ data/CVE/list 2013-10-29 13:22:18 UTC (rev 24208) @@ -10291,16 +10291,13 @@ [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2013-2093 RESERVED - - dolibarr - TODO: check + - dolibarr 3.3.4-1 (high) CVE-2013-2092 RESERVED - - dolibarr - TODO: check + - dolibarr 3.3.4-1 CVE-2013-2091 RESERVED - - dolibarr - TODO: check + - dolibarr 3.3.4-1 CVE-2013-2090 [Remote command Injection] RESERVED NOT-FOR-US: Creme Fraiche Ruby Gem @@ -33681,8 +33678,7 @@ CVE-2011-4803 (SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin ...) NOT-FOR-US: WPTouch WordPress plugin CVE-2011-4802 (Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and ...) - - dolibarr - TODO: check + - dolibarr 3.3.4-1 CVE-2011-4801 (SQL injection vulnerability in akeyActivationLogin.do in Authenex Web ...) NOT-FOR-US: Authenex Strong Authentication System CVE-2011-4800 (Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24222 - data/CVE
Author: fgeek-guest Date: 2013-10-30 10:09:28 + (Wed, 30 Oct 2013) New Revision: 24222 Modified: data/CVE/list Log: NFU ESA-2013-074 Modified: data/CVE/list === --- data/CVE/list 2013-10-30 09:37:27 UTC (rev 24221) +++ data/CVE/list 2013-10-30 10:09:28 UTC (rev 24222) @@ -7181,6 +7181,7 @@ RESERVED CVE-2013-3287 RESERVED + NOT-FOR-US: EMC Unisphere for VMAX CVE-2013-3286 RESERVED CVE-2013-3285 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24281 - data/CVE
Author: fgeek-guest Date: 2013-11-04 00:08:22 + (Mon, 04 Nov 2013) New Revision: 24281 Modified: data/CVE/list Log: CVE-2013-6171 Modified: data/CVE/list === --- data/CVE/list 2013-11-03 21:42:04 UTC (rev 24280) +++ data/CVE/list 2013-11-04 00:08:22 UTC (rev 24281) @@ -363,6 +363,8 @@ NOTE: http://trac.roundcube.net/ticket/1489382 CVE-2013-6171 RESERVED + - dovecot + TODO: check CVE-2013-6170 (Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before ...) NOT-FOR-US: Juniper Junos CVE-2013-6169 (The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24284 - data/CVE
Author: fgeek-guest Date: 2013-11-04 07:42:20 + (Mon, 04 Nov 2013) New Revision: 24284 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-11-04 06:10:47 UTC (rev 24283) +++ data/CVE/list 2013-11-04 07:42:20 UTC (rev 24284) @@ -4144,18 +4144,25 @@ RESERVED CVE-2013-4504 RESERVED + NOT-FOR-US: Drupal contrib module CVE-2013-4503 RESERVED + NOT-FOR-US: Drupal contrib module CVE-2013-4502 RESERVED + NOT-FOR-US: Drupal contrib module CVE-2013-4501 RESERVED + NOT-FOR-US: Drupal contrib module CVE-2013-4500 RESERVED + NOT-FOR-US: Drupal contrib module CVE-2013-4499 RESERVED + NOT-FOR-US: Drupal contrib module CVE-2013-4498 RESERVED + NOT-FOR-US: Drupal contrib module CVE-2013-4497 [XenAPI security groups not kept through migrate or resize] RESERVED - nova 2013.2-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24285 - data/CVE
Author: fgeek-guest Date: 2013-11-04 07:50:24 + (Mon, 04 Nov 2013) New Revision: 24285 Modified: data/CVE/list Log: new php-horde issues Modified: data/CVE/list === --- data/CVE/list 2013-11-04 07:42:20 UTC (rev 24284) +++ data/CVE/list 2013-11-04 07:50:24 UTC (rev 24285) @@ -3,6 +3,12 @@ NOTE: https://bugs.tryton.org/issue3446 CVE-2004- [base-passwd: sets valid shells for system services] - bass-passwd (low; bug #274229) +CVE-2013-6365 [CSRF edit.php] + - php-horde + TODO: check +CVE-2013-6364 [XSS and CSRF search.php] + - php-horde + TODO: check CVE-2013-6340 [TCP dissector crash] RESERVED - wireshark 1.10.3-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24295 - data/CVE
Author: fgeek-guest Date: 2013-11-04 20:29:03 + (Mon, 04 Nov 2013) New Revision: 24295 Modified: data/CVE/list Log: CVE-2013-4508 Modified: data/CVE/list === --- data/CVE/list 2013-11-04 20:26:42 UTC (rev 24294) +++ data/CVE/list 2013-11-04 20:29:03 UTC (rev 24295) @@ -4143,6 +4143,9 @@ RESERVED CVE-2013-4508 RESERVED + - lighttpd + TODO: check + NOTE: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt CVE-2013-4507 RESERVED CVE-2013-4506 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24297 - data/CVE
Author: fgeek-guest Date: 2013-11-04 20:32:58 + (Mon, 04 Nov 2013) New Revision: 24297 Modified: data/CVE/list Log: CVE-2013-4509 Modified: data/CVE/list === --- data/CVE/list 2013-11-04 20:32:27 UTC (rev 24296) +++ data/CVE/list 2013-11-04 20:32:58 UTC (rev 24297) @@ -4139,8 +4139,11 @@ RESERVED - tryton-client 2.8.4-1 NOTE: https://bugs.tryton.org/issue3446 -CVE-2013-4509 +CVE-2013-4509 [showing passwords during password input] RESERVED + - ibus + TODO: check + NOTE: http://www.openwall.com/lists/oss-security/2013/11/04/2 CVE-2013-4508 RESERVED - lighttpd ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24302 - data/CVE
Author: fgeek-guest Date: 2013-11-04 22:13:14 + (Mon, 04 Nov 2013) New Revision: 24302 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-11-04 21:26:26 UTC (rev 24301) +++ data/CVE/list 2013-11-04 22:13:14 UTC (rev 24302) @@ -1,5 +1,7 @@ CVE-2004- [base-passwd: sets valid shells for system services] - bass-passwd (low; bug #274229) +CVE-2013-6366 + NOT-FOR-US: VMware Hyperic HQ CVE-2013-6365 [CSRF edit.php] - php-horde - horde3 @@ -1871,6 +1873,7 @@ RESERVED CVE-2013-5564 RESERVED + NOT-FOR-US: Cisco Prime Central for Hosted Collaboration Solution CVE-2013-5563 RESERVED CVE-2013-5562 @@ -1881,6 +1884,7 @@ RESERVED CVE-2013-5559 RESERVED + NOT-FOR-US: Cisco AnyConnect Secure Mobility Client CVE-2013-5558 RESERVED CVE-2013-5557 @@ -3404,14 +3408,17 @@ RESERVED CVE-2013-4838 RESERVED + NOT-FOR-US: HP LoadRunner CVE-2013-4837 RESERVED CVE-2013-4836 RESERVED + NOT-FOR-US: HP Application LifeCycle Management CVE-2013-4835 RESERVED CVE-2013-4834 RESERVED + NOT-FOR-US: HP Application LifeCycle Management CVE-2013-4833 (Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 ...) NOT-FOR-US: HP CVE-2013-4832 (HP Service Manager 9.30 through 9.32 allows remote authenticated users ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24304 - data/CVE
Author: fgeek-guest Date: 2013-11-05 16:03:02 + (Tue, 05 Nov 2013) New Revision: 24304 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-11-04 22:58:49 UTC (rev 24303) +++ data/CVE/list 2013-11-05 16:03:02 UTC (rev 24304) @@ -1876,6 +1876,7 @@ NOT-FOR-US: Cisco Prime Central for Hosted Collaboration Solution CVE-2013-5563 RESERVED + NOT-FOR-US: Cisco CS-MARS CVE-2013-5562 RESERVED CVE-2013-5561 @@ -7397,6 +7398,7 @@ NOT-FOR-US: EMC Unisphere for VMAX CVE-2013-3286 RESERVED + NOT-FOR-US: EMC Documentum CVE-2013-3285 RESERVED NOT-FOR-US: EMC NetWorker @@ -7408,6 +7410,7 @@ RESERVED CVE-2013-3281 RESERVED + NOT-FOR-US: EMC Documentum CVE-2013-3280 (EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet ...) NOT-FOR-US: RSA Authentication Agent for Web for Internet Information Services CVE-2013-3279 (EMC Atmos before 2.1.4 has a blank password for the PostgreSQL ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24310 - data/CVE
Author: fgeek-guest Date: 2013-11-06 09:13:56 + (Wed, 06 Nov 2013) New Revision: 24310 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-11-06 09:11:54 UTC (rev 24309) +++ data/CVE/list 2013-11-06 09:13:56 UTC (rev 24310) @@ -931,8 +931,10 @@ RESERVED CVE-2013-6164 RESERVED + NOT-FOR-US: Project'Or RIA CVE-2013-6163 RESERVED + NOT-FOR-US: Project'Or RIA CVE-2013-6162 RESERVED CVE-2013-6161 @@ -3576,6 +3578,7 @@ NOT-FOR-US: PDFCool CVE-2013-4985 RESERVED + NOT-FOR-US: Vivotek IP Cameras CVE-2013-4984 (The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos ...) NOT-FOR-US: Sophos Web Protection Appliance CVE-2013-4983 (The get_referers function in /opt/ws/bin/sblistpack in Sophos Web ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24327 - data/CVE
Author: fgeek-guest Date: 2013-11-08 06:31:50 + (Fri, 08 Nov 2013) New Revision: 24327 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-11-08 05:49:55 UTC (rev 24326) +++ data/CVE/list 2013-11-08 06:31:50 UTC (rev 24327) @@ -1023,6 +1023,7 @@ RESERVED CVE-2013-6122 RESERVED + NOT-FOR-US: Goodix gt915 Android touchscreen driver CVE-2013-6121 RESERVED CVE-2013-6120 @@ -4187,6 +4188,7 @@ RESERVED CVE-2013-4740 RESERVED + NOT-FOR-US: Goodix gt915 Android touchscreen driver CVE-2013-4739 RESERVED - linux (Android-specific camera drivers) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24328 - data/CVE
Author: fgeek-guest Date: 2013-11-08 06:55:13 + (Fri, 08 Nov 2013) New Revision: 24328 Modified: data/CVE/list Log: CVE-2013-4548 Modified: data/CVE/list === --- data/CVE/list 2013-11-08 06:31:50 UTC (rev 24327) +++ data/CVE/list 2013-11-08 06:55:13 UTC (rev 24328) @@ -1,7 +1,3 @@ -CVE-2013- [openssh AES_GCM memory corruption] - - openssh (bug #729029) - [wheezy] - openssh (AES-GCM support introduced in 6.2) - [squeeze] - openssh (AES-GCM support introduced in 6.2) CVE-2013-6616 RESERVED CVE-2013-6615 @@ -4638,8 +4634,11 @@ RESERVED CVE-2013-4549 RESERVED -CVE-2013-4548 +CVE-2013-4548 [openssh AES_GCM memory corruption] RESERVED + - openssh (bug #729029) + [wheezy] - openssh (AES-GCM support introduced in 6.2) + [squeeze] - openssh (AES-GCM support introduced in 6.2) CVE-2013-4547 RESERVED CVE-2013-4546 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24343 - data/CVE
Author: fgeek-guest Date: 2013-11-09 15:19:26 + (Sat, 09 Nov 2013) New Revision: 24343 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-11-09 14:24:20 UTC (rev 24342) +++ data/CVE/list 2013-11-09 15:19:26 UTC (rev 24343) @@ -2461,6 +2461,7 @@ NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-5554 RESERVED + NOT-FOR-US: Cisco Wide Area Application Services CVE-2013-5553 RESERVED CVE-2013-5552 @@ -6295,6 +6296,7 @@ NOT-FOR-US: WebSphere CVE-2013-4051 RESERVED + NOT-FOR-US: IBM Domino CVE-2013-4050 RESERVED CVE-2013-4049 (Unrestricted file upload vulnerability in IBM SPSS Analytical Decision ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24359 - data/CVE
Author: fgeek-guest
Date: 2013-11-20 15:23:16 + (Wed, 20 Nov 2013)
New Revision: 24359
Modified:
data/CVE/list
Log:
NFU: EMC ESA-2013-078
Modified: data/CVE/list
===
--- data/CVE/list 2013-11-20 14:30:22 UTC (rev 24358)
+++ data/CVE/list 2013-11-20 15:23:16 UTC (rev 24359)
@@ -1330,14 +1330,19 @@
RESERVED
CVE-2013-6177
RESERVED
+ NOT-FOR-US: EMC
CVE-2013-6176
RESERVED
+ NOT-FOR-US: EMC
CVE-2013-6175
RESERVED
+ NOT-FOR-US: EMC
CVE-2013-6174
RESERVED
+ NOT-FOR-US: EMC
CVE-2013-6173
RESERVED
+ NOT-FOR-US: EMC
CVE-2013-6172 (steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and
0.9.x ...)
{DSA-2787-1}
- roundcube 0.9.4-1.1 (bug #727668)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24377 - data/CVE
Author: fgeek-guest Date: 2013-11-21 07:21:59 + (Thu, 21 Nov 2013) New Revision: 24377 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-11-21 07:20:35 UTC (rev 24376) +++ data/CVE/list 2013-11-21 07:21:59 UTC (rev 24377) @@ -1780,7 +1780,7 @@ CVE-2013-5973 RESERVED CVE-2013-5972 (VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 ...) - TODO: check + NOT-FOR-US: VMware CVE-2013-5971 (Session fixation vulnerability in the vSphere Web Client Server in ...) NOT-FOR-US: VMware vSphere CVE-2013-5970 (hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 ...) @@ -1793,6 +1793,7 @@ NOT-FOR-US: AlienVault Open Source Security Information Management CVE-2013-5966 RESERVED + NOT-FOR-US: ZK Framework CVE-2013-5965 (The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal ...) NOT-FOR-US: Drupal addon CVE-2013-5964 (Cross-site scripting (XSS) vulnerability in the administration page in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24380 - data/CVE
Author: fgeek-guest Date: 2013-11-21 07:24:52 + (Thu, 21 Nov 2013) New Revision: 24380 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-11-21 07:23:58 UTC (rev 24379) +++ data/CVE/list 2013-11-21 07:24:52 UTC (rev 24380) @@ -1462,6 +1462,7 @@ RESERVED CVE-2013-6117 RESERVED + NOT-FOR-US: Dahua DVR CVE-2013-6116 RESERVED CVE-2013-6115 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24383 - data/CVE
Author: fgeek-guest Date: 2013-11-21 07:58:09 + (Thu, 21 Nov 2013) New Revision: 24383 Modified: data/CVE/list Log: CVE-2013-6375 Modified: data/CVE/list === --- data/CVE/list 2013-11-21 07:28:03 UTC (rev 24382) +++ data/CVE/list 2013-11-21 07:58:09 UTC (rev 24383) @@ -908,8 +908,10 @@ RESERVED CVE-2013-6376 RESERVED -CVE-2013-6375 +CVE-2013-6375 [XSA-78 Insufficient TLB flushing in VT-d (iommu) code] RESERVED + - xen + TODO: check CVE-2013-6374 RESERVED CVE-2013-6373 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24414 - data/CVE
Author: fgeek-guest Date: 2013-11-23 08:52:34 + (Sat, 23 Nov 2013) New Revision: 24414 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-11-23 06:02:51 UTC (rev 24413) +++ data/CVE/list 2013-11-23 08:52:34 UTC (rev 24414) @@ -26,6 +26,7 @@ RESERVED CVE-2013-6795 RESERVED + NOT-FOR-US: Rackspace Windows Agent and Updater CVE-2013-6794 (Cross-site scripting (XSS) vulnerability in the Calendar module in ...) NOT-FOR-US: Olat CVE-2013-6793 (Multiple cross-site scripting (XSS) vulnerabilities in the Calendar ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24415 - data/CVE
Author: fgeek-guest Date: 2013-11-23 09:47:25 + (Sat, 23 Nov 2013) New Revision: 24415 Modified: data/CVE/list Log: CVE-2013-6375 #730254 Modified: data/CVE/list === --- data/CVE/list 2013-11-23 08:52:34 UTC (rev 24414) +++ data/CVE/list 2013-11-23 09:47:25 UTC (rev 24415) @@ -953,7 +953,7 @@ RESERVED CVE-2013-6375 [XSA-78 Insufficient TLB flushing in VT-d (iommu) code] RESERVED - - xen + - xen (bug #730254) [squeeze] - xen (Only affects >= 4.2) [wheezy] - xen (Only affects >= 4.2) CVE-2013-6374 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24398 - data/CVE
Author: fgeek-guest Date: 2013-11-22 06:31:51 + (Fri, 22 Nov 2013) New Revision: 24398 Modified: data/CVE/list Log: NFU ESA-2013-077 Modified: data/CVE/list === --- data/CVE/list 2013-11-21 21:32:50 UTC (rev 24397) +++ data/CVE/list 2013-11-22 06:31:51 UTC (rev 24398) @@ -8462,6 +8462,7 @@ RESERVED CVE-2013-3288 RESERVED + NOT-FOR-US: EMC CVE-2013-3287 (EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level ...) NOT-FOR-US: EMC Unisphere for VMAX CVE-2013-3286 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24399 - data/CVE
Author: fgeek-guest Date: 2013-11-22 06:32:27 + (Fri, 22 Nov 2013) New Revision: 24399 Modified: data/CVE/list Log: REJECT CVE-2013-6377 Modified: data/CVE/list === --- data/CVE/list 2013-11-22 06:31:51 UTC (rev 24398) +++ data/CVE/list 2013-11-22 06:32:27 UTC (rev 24399) @@ -914,7 +914,7 @@ CVE-2013-6378 RESERVED CVE-2013-6377 - RESERVED + REJECTED CVE-2013-6376 RESERVED CVE-2013-6375 [XSA-78 Insufficient TLB flushing in VT-d (iommu) code] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24416 - data/CVE
Author: fgeek-guest Date: 2013-11-24 10:04:18 + (Sun, 24 Nov 2013) New Revision: 24416 Modified: data/CVE/list Log: NFU + TODO Modified: data/CVE/list === --- data/CVE/list 2013-11-23 09:47:25 UTC (rev 24415) +++ data/CVE/list 2013-11-24 10:04:18 UTC (rev 24416) @@ -1,3 +1,27 @@ +CVE-2013-6869 + NOT-FOR-US: Sap NetWeaver +CVE-2013-6868 + NOT-FOR-US: SAP Sybase Adaptive Server Enterprise +CVE-2013-6867 + NOT-FOR-US: SAP Sybase Adaptive Server Enterprise +CVE-2013-6866 + NOT-FOR-US: SAP Sybase Adaptive Server Enterprise +CVE-2013-6865 + NOT-FOR-US: SAP Sybase Adaptive Server Enterprise +CVE-2013-6864 + NOT-FOR-US: SAP Sybase Adaptive Server Enterprise +CVE-2013-6863 + NOT-FOR-US: SAP Sybase Adaptive Server Enterprise +CVE-2013-6862 + NOT-FOR-US: SAP Sybase Adaptive Server Enterprise +CVE-2013-6861 + NOT-FOR-US: SAP Sybase Adaptive Server Enterprise +CVE-2013-6860 + NOT-FOR-US: SAP Sybase Adaptive Server Enterprise +CVE-2013-6859 + NOT-FOR-US: SAP Sybase Adaptive Server Enterprise +CVE-2013-6858 + TODO: check CVE-2013-6807 RESERVED CVE-2013-6806 @@ -5366,6 +5390,7 @@ NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6062a8 CVE-2013-4482 RESERVED + TODO: check CVE-2013-4481 RESERVED CVE-2013-4480 (Red Hat Satellite 5.6 and earlier does not disable the web interface ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24451 - data/CVE
Author: fgeek-guest Date: 2013-11-26 17:41:36 + (Tue, 26 Nov 2013) New Revision: 24451 Modified: data/CVE/list Log: percona-xtrabackup CVE-2013-6394 Modified: data/CVE/list === --- data/CVE/list 2013-11-26 16:43:37 UTC (rev 24450) +++ data/CVE/list 2013-11-26 17:41:36 UTC (rev 24451) @@ -1,5 +1,3 @@ -CVE-2013- [static IV used in Percona XtraBackup] - - percona-xtrabackup (bug #730544) CVE-2013- [XSS] - ganglia-web (bug #730507) NOTE: https://github.com/ganglia/ganglia-web/issues/218 @@ -1019,8 +1017,9 @@ RESERVED CVE-2013-6395 RESERVED -CVE-2013-6394 +CVE-2013-6394 [static IV used in Percona XtraBackup] RESERVED + - percona-xtrabackup (bug #730544) CVE-2013-6393 RESERVED CVE-2013-6392 [information disclosure] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24452 - data/CVE
Author: fgeek-guest Date: 2013-11-26 17:42:47 + (Tue, 26 Nov 2013) New Revision: 24452 Modified: data/CVE/list Log: ganglia-web CVE-2013-6395 Modified: data/CVE/list === --- data/CVE/list 2013-11-26 17:41:36 UTC (rev 24451) +++ data/CVE/list 2013-11-26 17:42:47 UTC (rev 24452) @@ -1,7 +1,3 @@ -CVE-2013- [XSS] - - ganglia-web (bug #730507) - NOTE: https://github.com/ganglia/ganglia-web/issues/218 - TODO: check if also older versions affected (note: webinterface in ganglia source package for (old)stable) CVE-2013-6857 RESERVED CVE-2013-6856 @@ -1015,8 +1011,11 @@ RESERVED CVE-2013-6396 RESERVED -CVE-2013-6395 +CVE-2013-6395 [XSS] RESERVED + - ganglia-web (bug #730507) + NOTE: https://github.com/ganglia/ganglia-web/issues/218 + TODO: check if also older versions affected (note: webinterface in ganglia source package for (old)stable) CVE-2013-6394 [static IV used in Percona XtraBackup] RESERVED - percona-xtrabackup (bug #730544) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24453 - data/CVE
Author: fgeek-guest
Date: 2013-11-26 18:07:02 + (Tue, 26 Nov 2013)
New Revision: 24453
Modified:
data/CVE/list
Log:
XSA-74/CVE-2013-4553, XSA-76/CVE-2013-4554
Modified: data/CVE/list
===
--- data/CVE/list 2013-11-26 17:42:47 UTC (rev 24452)
+++ data/CVE/list 2013-11-26 18:07:02 UTC (rev 24453)
@@ -5276,10 +5276,12 @@
CVE-2013-4555 (Cross-site request forgery (CSRF) vulnerability in ...)
{DSA-2794-1}
- spip 2.1.24-1 (bug #729172)
-CVE-2013-4554
+CVE-2013-4554 [XSA-76]
RESERVED
-CVE-2013-4553
+ - xen
+CVE-2013-4553 [XSA-74]
RESERVED
+ - xen
CVE-2013-4552
RESERVED
NOT-FOR-US: drupalauth module for simpleSAMLphp
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24463 - data/CVE
Author: fgeek-guest Date: 2013-11-27 11:54:59 + (Wed, 27 Nov 2013) New Revision: 24463 Modified: data/CVE/list Log: hplip 725876 waiting for CVE Modified: data/CVE/list === --- data/CVE/list 2013-11-27 10:44:41 UTC (rev 24462) +++ data/CVE/list 2013-11-27 11:54:59 UTC (rev 24463) @@ -1,3 +1,6 @@ +CVE-2013- [hplip insecure temporary file handling in pkit.py] + - hplip (bug #725876) + NOTE: CVE requested CVE-2013-6857 RESERVED CVE-2013-6856 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24465 - data/CVE
Author: fgeek-guest Date: 2013-11-27 12:13:59 + (Wed, 27 Nov 2013) New Revision: 24465 Modified: data/CVE/list Log: hplip upstream bug report reference Modified: data/CVE/list === --- data/CVE/list 2013-11-27 12:09:58 UTC (rev 24464) +++ data/CVE/list 2013-11-27 12:13:59 UTC (rev 24465) @@ -1,6 +1,7 @@ CVE-2013- [hplip insecure temporary file handling in pkit.py] - hplip (bug #725876) NOTE: CVE requested + NOTE: Upstream report https://bugzilla.novell.com/show_bug.cgi?id=852368 CVE-2013-6857 RESERVED CVE-2013-6856 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24467 - data/CVE
Author: fgeek-guest Date: 2013-11-27 14:02:05 + (Wed, 27 Nov 2013) New Revision: 24467 Modified: data/CVE/list Log: NFU: HPSBGN02942 Modified: data/CVE/list === --- data/CVE/list 2013-11-27 12:29:48 UTC (rev 24466) +++ data/CVE/list 2013-11-27 14:02:05 UTC (rev 24467) @@ -4593,6 +4593,7 @@ RESERVED CVE-2013-4844 RESERVED + NOT-FOR-US: HP Service Manager and ServiceCenter CVE-2013-4843 (Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with ...) NOT-FOR-US: HP iLO CVE-2013-4842 (Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24474 - data/CVE
Author: fgeek-guest Date: 2013-11-28 07:43:12 + (Thu, 28 Nov 2013) New Revision: 24474 Modified: data/CVE/list Log: CVE-2013-6403 Modified: data/CVE/list === --- data/CVE/list 2013-11-28 06:09:57 UTC (rev 24473) +++ data/CVE/list 2013-11-28 07:43:12 UTC (rev 24474) @@ -998,8 +998,10 @@ RESERVED CVE-2013-6404 RESERVED -CVE-2013-6403 +CVE-2013-6403 [security bypass on admin page] RESERVED + - owncloud + TODO: check CVE-2013-6402 [hplip insecure temporary file handling in pkit.py] RESERVED - hplip (bug #725876) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24484 - data/CVE
Author: fgeek-guest Date: 2013-11-29 07:26:58 + (Fri, 29 Nov 2013) New Revision: 24484 Modified: data/CVE/list Log: NFU: Livezilla Modified: data/CVE/list === --- data/CVE/list 2013-11-29 06:19:59 UTC (rev 24483) +++ data/CVE/list 2013-11-29 07:26:58 UTC (rev 24484) @@ -1466,8 +1466,10 @@ RESERVED CVE-2013-6224 RESERVED + NOT-FOR-US: Livezilla CVE-2013-6223 RESERVED + NOT-FOR-US: Livezilla CVE-2013-6222 RESERVED CVE-2013-6221 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24485 - data/CVE
Author: fgeek-guest Date: 2013-11-29 07:55:35 + (Fri, 29 Nov 2013) New Revision: 24485 Modified: data/CVE/list Log: horizon CVE-2013-6406, owncloud security bypass waiting for CVE Modified: data/CVE/list === --- data/CVE/list 2013-11-29 07:26:58 UTC (rev 24484) +++ data/CVE/list 2013-11-29 07:55:35 UTC (rev 24485) @@ -1,3 +1,6 @@ +CVE-2013- [owncloud: security bypass on admin page] + - owncloud + NOTE: http://www.openwall.com/lists/oss-security/2013/11/28/5 CVE-2013- [privilege escalation via tty hijacking] - adequate (bug #730691) NOTE: https://bitbucket.org/jwilk/adequate/commits/94e5fc5d810057bffb673501ed809f7c2dabd9ee @@ -1007,8 +1010,10 @@ - lucene-solr NOTE: https://issues.apache.org/jira/browse/SOLR-3895 TODO: check (confirmed that they at least affect also 3.6.2) -CVE-2013-6406 +CVE-2013-6406 [OpenStack Horizon: Nova strings persistent XSS ] RESERVED + - horizon (bug #730752) + NOTE: https://github.com/openstack/horizon/commit/6179f70290783e55b10bbd4b3b7ee74db3f8ef70 CVE-2013-6405 [net: uninitialised memory leakage] RESERVED - linux-2.6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24487 - data/CVE
Author: fgeek-guest Date: 2013-11-29 08:07:37 + (Fri, 29 Nov 2013) New Revision: 24487 Modified: data/CVE/list Log: CVEs assigned today from oss-security mailing list Modified: data/CVE/list === --- data/CVE/list 2013-11-29 08:05:57 UTC (rev 24486) +++ data/CVE/list 2013-11-29 08:07:37 UTC (rev 24487) @@ -4,12 +4,6 @@ CVE-2013- [privilege escalation via tty hijacking] - adequate (bug #730691) NOTE: https://bitbucket.org/jwilk/adequate/commits/94e5fc5d810057bffb673501ed809f7c2dabd9ee -CVE-2013- [crash on airplane crash] - - openttd - NOTE: http://bugs.openttd.org/task/5820 -CVE-2013- [incorrect parsing of access control file in nbd-server] - - nbd - NOTE: http://anonscm.debian.org/gitweb/?p=users/wouter/nbd.git;a=commitdiff;h=0e9bd98c44dd94d9ede92655a36849fbc8cbf5b9 CVE-2013-6857 RESERVED CVE-2013-6856 @@ -994,10 +988,14 @@ RESERVED CVE-2013-6412 RESERVED -CVE-2013-6411 +CVE-2013-6411 [crash on airplane crash] RESERVED -CVE-2013-6410 + - openttd + NOTE: http://bugs.openttd.org/task/5820 +CVE-2013-6410 [incorrect parsing of access control file in nbd-server] RESERVED + - nbd + NOTE: http://anonscm.debian.org/gitweb/?p=users/wouter/nbd.git;a=commitdiff;h=0e9bd98c44dd94d9ede92655a36849fbc8cbf5b9 CVE-2013-6409 RESERVED CVE-2013-6408 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24488 - data/CVE
Author: fgeek-guest Date: 2013-11-29 08:08:31 + (Fri, 29 Nov 2013) New Revision: 24488 Modified: data/CVE/list Log: CVE-2013-6409 Modified: data/CVE/list === --- data/CVE/list 2013-11-29 08:07:37 UTC (rev 24487) +++ data/CVE/list 2013-11-29 08:08:31 UTC (rev 24488) @@ -1,9 +1,6 @@ CVE-2013- [owncloud: security bypass on admin page] - owncloud NOTE: http://www.openwall.com/lists/oss-security/2013/11/28/5 -CVE-2013- [privilege escalation via tty hijacking] - - adequate (bug #730691) - NOTE: https://bitbucket.org/jwilk/adequate/commits/94e5fc5d810057bffb673501ed809f7c2dabd9ee CVE-2013-6857 RESERVED CVE-2013-6856 @@ -996,8 +993,10 @@ RESERVED - nbd NOTE: http://anonscm.debian.org/gitweb/?p=users/wouter/nbd.git;a=commitdiff;h=0e9bd98c44dd94d9ede92655a36849fbc8cbf5b9 -CVE-2013-6409 +CVE-2013-6409 [privilege escalation via tty hijacking] RESERVED + - adequate (bug #730691) + NOTE: https://bitbucket.org/jwilk/adequate/commits/94e5fc5d810057bffb673501ed809f7c2dabd9ee CVE-2013-6408 RESERVED - lucene-solr ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24491 - data/CVE
Author: fgeek-guest Date: 2013-11-29 09:34:55 + (Fri, 29 Nov 2013) New Revision: 24491 Modified: data/CVE/list Log: CVE-2013-6885 Modified: data/CVE/list === --- data/CVE/list 2013-11-29 09:30:56 UTC (rev 24490) +++ data/CVE/list 2013-11-29 09:34:55 UTC (rev 24491) @@ -1,6 +1,9 @@ CVE-2013- [owncloud: security bypass on admin page] - owncloud NOTE: http://www.openwall.com/lists/oss-security/2013/11/28/5 +CVE-2013-6885 [AMD Publ. 51810 Errata 793 system hang] + TODO: check + NOTE: http://www.openwall.com/lists/oss-security/2013/11/28/1 CVE-2013-6857 RESERVED CVE-2013-6856 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24492 - data/CVE
Author: fgeek-guest Date: 2013-11-29 09:57:17 + (Fri, 29 Nov 2013) New Revision: 24492 Modified: data/CVE/list Log: new clamav issues Modified: data/CVE/list === --- data/CVE/list 2013-11-29 09:34:55 UTC (rev 24491) +++ data/CVE/list 2013-11-29 09:57:17 UTC (rev 24492) @@ -1,3 +1,11 @@ +CVE-2013- [clamav: double-free error libclamunrar_iface/unrar_iface.c] + - clamav + NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6 + TODO: check +CVE-2013- [clamav: WWPack corrupt heap memory] + - clamav + NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6 + TODO: check CVE-2013- [owncloud: security bypass on admin page] - owncloud NOTE: http://www.openwall.com/lists/oss-security/2013/11/28/5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24507 - data/CVE
Author: fgeek-guest Date: 2013-12-01 10:21:38 + (Sun, 01 Dec 2013) New Revision: 24507 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-12-01 05:40:35 UTC (rev 24506) +++ data/CVE/list 2013-12-01 10:21:38 UTC (rev 24507) @@ -1,3 +1,5 @@ +CVE-2013-6918 + NOT-FOR-US: Satechi travel router CVE-2013-6899 RESERVED CVE-2013-6898 @@ -2922,6 +2924,7 @@ RESERVED CVE-2013-5636 RESERVED + NOT-FOR-US: Check Point Endpoint Security CVE-2013-5635 RESERVED CVE-2013-5633 @@ -7825,6 +7828,7 @@ RESERVED CVE-2013-3708 RESERVED + NOT-FOR-US: Novell iPrint Client CVE-2013-3707 RESERVED CVE-2013-3706 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24520 - data/CVE
Author: fgeek-guest
Date: 2013-12-02 10:24:17 + (Mon, 02 Dec 2013)
New Revision: 24520
Modified:
data/CVE/list
Log:
NFU
Modified: data/CVE/list
===
--- data/CVE/list 2013-12-02 09:24:58 UTC (rev 24519)
+++ data/CVE/list 2013-12-02 10:24:17 UTC (rev 24520)
@@ -7834,6 +7834,7 @@
NOT-FOR-US: Novell iPrint Client
CVE-2013-3707
RESERVED
+ NOT-FOR-US: Novell Open Enterprise Server 2
CVE-2013-3706
RESERVED
CVE-2013-3705
@@ -33879,6 +33880,7 @@
NOT-FOR-US: YAST
CVE-2012-0434
RESERVED
+ NOT-FOR-US: Crowbar
CVE-2012-0433
RESERVED
CVE-2012-0432 (Stack-based buffer overflow in the Novell NCP implementation in
NetIQ ...)
@@ -33895,6 +33897,7 @@
RESERVED
CVE-2012-0426
RESERVED
+ NOT-FOR-US: SUSE Linux Enterprise for SAP Applications
CVE-2012-0425
RESERVED
CVE-2012-0424
@@ -33907,6 +33910,7 @@
NOT-FOR-US: SUSE Audit Log Keeper daemon
CVE-2012-0420
RESERVED
+ NOT-FOR-US: SUSE Zypper
CVE-2012-0419 (Directory traversal vulnerability in the agent HTTP interfaces
in ...)
NOT-FOR-US: Novell GroupWise
CVE-2012-0418 (Unspecified vulnerability in the client in Novell GroupWise 8.0
before ...)
@@ -85299,7 +85303,7 @@
CVE-2008-3188 (libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the
...)
- libxcrypt (Suse issue)
CVE-2008-3187 (zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and
11.0 ...)
- NOT-FOR-US: zypper
+ NOT-FOR-US: SUSE Zypper
CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in ...)
{DSA-1765-1}
- horde3 3.2.1+debian0-1 (low; bug #492578)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24582 - data/CVE
Author: fgeek-guest Date: 2013-12-04 20:27:08 + (Wed, 04 Dec 2013) New Revision: 24582 Modified: data/CVE/list Log: CVE-2012-6151 Modified: data/CVE/list === --- data/CVE/list 2013-12-04 18:20:09 UTC (rev 24581) +++ data/CVE/list 2013-12-04 20:27:08 UTC (rev 24582) @@ -19237,8 +19237,11 @@ RESERVED CVE-2012-6152 RESERVED -CVE-2012-6151 +CVE-2012-6151 [snmpd DoS when AgentX subagent times-out] RESERVED + - net-snmp + TODO: check + NOTE: http://sourceforge.net/p/net-snmp/bugs/2411/ CVE-2012-6150 (The winbind_name_list_to_sid_string_list function in ...) - samba - samba4 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24605 - data/CVE
Author: fgeek-guest
Date: 2013-12-06 09:26:26 + (Fri, 06 Dec 2013)
New Revision: 24605
Modified:
data/CVE/list
Log:
CVE-2013-5661, CVE-2013-2133
Modified: data/CVE/list
===
--- data/CVE/list 2013-12-06 06:30:17 UTC (rev 24604)
+++ data/CVE/list 2013-12-06 09:26:26 UTC (rev 24605)
@@ -3532,8 +3532,10 @@
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2013-5662
RESERVED
-CVE-2013-5661
+CVE-2013-5661 [bind: DNS response rate limiting can simplify cache poisoning
attacks]
RESERVED
+ - bind9
+ TODO: check
CVE-2013-5660
RESERVED
CVE-2013-5659
@@ -12565,6 +12567,8 @@
NOTE: http://struts.apache.org/release/2.3.x/docs/s2-015.html
CVE-2013-2133
RESERVED
+ - jbossas4
+ TODO: check
CVE-2013-2132 (bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo)
before ...)
{DSA-2705-1}
- pymongo 2.5.2-1 (bug #710597)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24606 - data/CVE
Author: fgeek-guest Date: 2013-12-06 10:47:29 + (Fri, 06 Dec 2013) New Revision: 24606 Modified: data/CVE/list Log: NFU: CVE-2013-6985 Enorth Webpublisher CMS Modified: data/CVE/list === --- data/CVE/list 2013-12-06 09:26:26 UTC (rev 24605) +++ data/CVE/list 2013-12-06 10:47:29 UTC (rev 24606) @@ -648,6 +648,8 @@ RESERVED CVE-2014-0001 RESERVED +CVE-2013-6985 + NOT-FOR-US: Enorth Webpublisher CMS CVE-2013-6920 RESERVED CVE-2013-6919 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24616 - data/CVE
Author: fgeek-guest Date: 2013-12-07 09:53:21 + (Sat, 07 Dec 2013) New Revision: 24616 Modified: data/CVE/list Log: NFU CVE-2013-6039 Modified: data/CVE/list === --- data/CVE/list 2013-12-07 07:48:12 UTC (rev 24615) +++ data/CVE/list 2013-12-07 09:53:21 UTC (rev 24616) @@ -2711,6 +2711,7 @@ RESERVED CVE-2013-6039 RESERVED + NOT-FOR-US: NagiosQL CVE-2013-6038 RESERVED CVE-2013-6037 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24666 - data/CVE
Author: fgeek-guest Date: 2013-12-10 13:51:14 + (Tue, 10 Dec 2013) New Revision: 24666 Modified: data/CVE/list Log: CVE-2013-6400 XSA-80 Modified: data/CVE/list === --- data/CVE/list 2013-12-10 07:54:03 UTC (rev 24665) +++ data/CVE/list 2013-12-10 13:51:14 UTC (rev 24666) @@ -2223,8 +2223,10 @@ NOTE: https://bugzilla.novell.com/show_bug.cgi?id=852368 CVE-2013-6401 RESERVED -CVE-2013-6400 +CVE-2013-6400 [XSA-80: IOMMU TLB flushing may be inadvertently suppressed] RESERVED + - xen + TODO: check CVE-2013-6399 RESERVED CVE-2013-6398 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24685 - data/CVE
Author: fgeek-guest Date: 2013-12-11 08:39:19 + (Wed, 11 Dec 2013) New Revision: 24685 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-12-11 07:04:34 UTC (rev 24684) +++ data/CVE/list 2013-12-11 08:39:19 UTC (rev 24685) @@ -5898,6 +5898,7 @@ RESERVED CVE-2013-4845 RESERVED + NOT-FOR-US: HP Officejet Pro CVE-2013-4844 (Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, ...) NOT-FOR-US: HP Service Manager and ServiceCenter CVE-2013-4843 (Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24691 - data/CVE
Author: fgeek-guest Date: 2013-12-11 17:51:22 + (Wed, 11 Dec 2013) New Revision: 24691 Modified: data/CVE/list Log: CVE-2013-2215 note Modified: data/CVE/list === --- data/CVE/list 2013-12-11 12:17:46 UTC (rev 24690) +++ data/CVE/list 2013-12-11 17:51:22 UTC (rev 24691) @@ -12767,6 +12767,7 @@ RESERVED CVE-2013-2215 RESERVED + NOTE: Asked to be rejected in oss-security mailing list CVE-2013-2214 [REJECTED: nagios3: information leak; works as designed] RESERVED NOT-FOR-US: Nagios issue, to be rejected ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24703 - data/CVE
Author: fgeek-guest Date: 2013-12-12 07:29:44 + (Thu, 12 Dec 2013) New Revision: 24703 Modified: data/CVE/list Log: TYPO3-CORE-SA-2013-004 Modified: data/CVE/list === --- data/CVE/list 2013-12-12 06:33:38 UTC (rev 24702) +++ data/CVE/list 2013-12-12 07:29:44 UTC (rev 24703) @@ -1,3 +1,23 @@ +CVE-2013-7082 +- typo3-src +CVE-2013-7081 +- typo3-src +CVE-2013-7080 +- typo3-src +CVE-2013-7079 +- typo3-src +CVE-2013-7078 +- typo3-src +CVE-2013-7077 +- typo3-src +CVE-2013-7076 +- typo3-src +CVE-2013-7075 +- typo3-src +CVE-2013-7074 +- typo3-src +CVE-2013-7073 +- typo3-src CVE-2013-7072 NOT-FOR-US: Monitorix CVE-2013-7071 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24704 - data/CVE
Author: fgeek-guest Date: 2013-12-12 08:01:02 + (Thu, 12 Dec 2013) New Revision: 24704 Modified: data/CVE/list Log: bug reported for TYPO3 issues Modified: data/CVE/list === --- data/CVE/list 2013-12-12 07:29:44 UTC (rev 24703) +++ data/CVE/list 2013-12-12 08:01:02 UTC (rev 24704) @@ -1,23 +1,23 @@ CVE-2013-7082 -- typo3-src + - typo3-src (bug #731999) CVE-2013-7081 -- typo3-src + - typo3-src (bug #731999) CVE-2013-7080 -- typo3-src + - typo3-src (bug #731999) CVE-2013-7079 -- typo3-src + - typo3-src (bug #731999) CVE-2013-7078 -- typo3-src + - typo3-src (bug #731999) CVE-2013-7077 -- typo3-src + - typo3-src (bug #731999) CVE-2013-7076 -- typo3-src + - typo3-src (bug #731999) CVE-2013-7075 -- typo3-src + - typo3-src (bug #731999) CVE-2013-7074 -- typo3-src + - typo3-src (bug #731999) CVE-2013-7073 -- typo3-src + - typo3-src (bug #731999) CVE-2013-7072 NOT-FOR-US: Monitorix CVE-2013-7071 @@ -30,6 +30,9 @@ TODO: check plone/zope CVE-2013-7060 [Filesystem path information leak] TODO: check plone/zope +CVE-2013-7049 + TODO: check + NOTE: http://www.openwall.com/lists/oss-security/2013/12/11/14 CVE-2013-7048 [Nova live snapshots use an insecure local directory] - nova TODO: check ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24732 - data/CVE
Author: fgeek-guest Date: 2013-12-13 08:20:38 + (Fri, 13 Dec 2013) New Revision: 24732 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-12-13 07:28:16 UTC (rev 24731) +++ data/CVE/list 2013-12-13 08:20:38 UTC (rev 24732) @@ -5539,35 +5539,35 @@ CVE-2013-5060 RESERVED CVE-2013-5059 (Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web ...) - TODO: check + NOT-FOR-US: Microsoft SharePoint Server CVE-2013-5058 (Integer overflow in the kernel-mode drivers in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows Kernel CVE-2013-5057 (hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not ...) - TODO: check + NOT-FOR-US: Microsoft Windows Kernel CVE-2013-5056 (Use-after-free vulnerability in the Scripting Runtime Object Library ...) TODO: check CVE-2013-5055 RESERVED CVE-2013-5054 (Microsoft Office 2013 and 2013 RT allows remote attackers to discover ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2013-5053 RESERVED CVE-2013-5052 (Microsoft Internet Explorer 7 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5051 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5050 RESERVED CVE-2013-5049 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5048 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5047 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5046 (Microsoft Internet Explorer 7 through 11 allows local users to bypass ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5045 (Microsoft Internet Explorer 10 and 11 allows local users to bypass the ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5044 RESERVED CVE-2013-5043 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24733 - data/CVE
Author: fgeek-guest Date: 2013-12-13 08:39:24 + (Fri, 13 Dec 2013) New Revision: 24733 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-12-13 08:20:38 UTC (rev 24732) +++ data/CVE/list 2013-12-13 08:39:24 UTC (rev 24733) @@ -8712,7 +8712,7 @@ CVE-2013-3908 (Microsoft Internet Explorer 6 through 10 allows user-assisted remote ...) NOT-FOR-US: Microsoft CVE-2013-3907 (portcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...) - TODO: check + NOT-FOR-US: Microsoft Windows Vista CVE-2013-3906 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 ...) NOT-FOR-US: Microsoft CVE-2013-3905 (Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does ...) @@ -8720,15 +8720,15 @@ CVE-2013-3904 RESERVED CVE-2013-3903 (Array index error in win32k.sys in the kernel-mode drivers in ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2013-3902 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2013-3901 RESERVED CVE-2013-3900 (The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2013-3899 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2013-3898 (Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, ...) NOT-FOR-US: Microsoft CVE-2013-3897 (Use-after-free vulnerability in the CDisplayPointer class in ...) @@ -8770,7 +8770,7 @@ CVE-2013-3879 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2013-3878 (Stack-based buffer overflow in the LRPC client in Microsoft Windows XP ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2013-3877 RESERVED CVE-2013-3876 (DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24734 - data/CVE
Author: fgeek-guest Date: 2013-12-13 08:46:23 + (Fri, 13 Dec 2013) New Revision: 24734 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-12-13 08:39:24 UTC (rev 24733) +++ data/CVE/list 2013-12-13 08:46:23 UTC (rev 24734) @@ -5513,7 +5513,7 @@ CVE-2013-5073 RESERVED CVE-2013-5072 (Cross-site scripting (XSS) vulnerability in Outlook Web Access in ...) - TODO: check + NOT-FOR-US: Microsoft Exchange Server OWA CVE-2013-5071 RESERVED CVE-2013-5070 @@ -5545,7 +5545,7 @@ CVE-2013-5057 (hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not ...) NOT-FOR-US: Microsoft Windows Kernel CVE-2013-5056 (Use-after-free vulnerability in the Scripting Runtime Object Library ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2013-5055 RESERVED CVE-2013-5054 (Microsoft Office 2013 and 2013 RT allows remote attackers to discover ...) @@ -5573,7 +5573,7 @@ CVE-2013-5043 RESERVED CVE-2013-5042 (Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR ...) - TODO: check + NOT-FOR-US: Microsoft ASP.NET SignalR CVE-2013-5041 RESERVED CVE-2013-5040 @@ -8670,7 +8670,7 @@ CVE-2013-3930 RESERVED CVE-2013-3929 (Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2013-3928 RESERVED CVE-2013-3927 (Unspecified vulnerability in the client library in Siemens COMOS 9.2 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24798 - data/CVE
Author: fgeek-guest Date: 2013-12-18 08:00:11 + (Wed, 18 Dec 2013) New Revision: 24798 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-12-18 07:32:31 UTC (rev 24797) +++ data/CVE/list 2013-12-18 08:00:11 UTC (rev 24798) @@ -5284,6 +5284,7 @@ RESERVED CVE-2013-5227 RESERVED + NOT-FOR-US: Safari CVE-2013-5226 RESERVED CVE-2013-5225 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24823 - data/CVE
Author: fgeek-guest
Date: 2013-12-19 10:07:35 + (Thu, 19 Dec 2013)
New Revision: 24823
Modified:
data/CVE/list
Log:
REJECTs
Modified: data/CVE/list
===
--- data/CVE/list 2013-12-19 07:48:48 UTC (rev 24822)
+++ data/CVE/list 2013-12-19 10:07:35 UTC (rev 24823)
@@ -7314,8 +7314,10 @@
[wheezy] - libguestfs 1:1.18.1-1+deb7u3
CVE-2013-4418
RESERVED
+ NOTE: security hardening, got rejected
CVE-2013-4417
REJECTED
+ NOTE: security hardening, got rejected
CVE-2013-4416 (The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x,
4.2.x, ...)
- xen (ocaml version of the xenstore daemon not used in
Debian)
CVE-2013-4415
@@ -7363,6 +7365,7 @@
NOT-FOR-US: Cumin
CVE-2013-4403
RESERVED
+ NOTE: rejected
CVE-2013-4402 (GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote
...)
{DSA-2774-1 DSA-2773-1}
- gnupg2 2.0.22-1 (bug #725433)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24824 - data/CVE
Author: fgeek-guest Date: 2013-12-19 10:10:09 + (Thu, 19 Dec 2013) New Revision: 24824 Modified: data/CVE/list Log: CVE-2013-4517 Modified: data/CVE/list === --- data/CVE/list 2013-12-19 10:07:35 UTC (rev 24823) +++ data/CVE/list 2013-12-19 10:10:09 UTC (rev 24824) @@ -6965,6 +6965,8 @@ RESERVED CVE-2013-4517 RESERVED + TODO: check + NOTE: http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc CVE-2013-4516 (The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the ...) - linux 3.12-1 (unimportant) [wheezy] - linux (Affected code not present yet) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24841 - data/CVE
Author: fgeek-guest Date: 2013-12-20 10:00:50 + (Fri, 20 Dec 2013) New Revision: 24841 Modified: data/CVE/list Log: REVIVE-SA-2013-001/CVE-2013-7149 Modified: data/CVE/list === --- data/CVE/list 2013-12-20 09:51:01 UTC (rev 24840) +++ data/CVE/list 2013-12-20 10:00:50 UTC (rev 24841) @@ -198,6 +198,8 @@ RESERVED CVE-2014-0366 RESERVED +CVE-2013-7149 + NOT-FOR-US: Revive Adserver CVE-2013-7148 RESERVED CVE-2013-7147 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24842 - data/CVE
Author: fgeek-guest Date: 2013-12-20 10:27:35 + (Fri, 20 Dec 2013) New Revision: 24842 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-12-20 10:00:50 UTC (rev 24841) +++ data/CVE/list 2013-12-20 10:27:35 UTC (rev 24842) @@ -278,6 +278,7 @@ RESERVED CVE-2013-7100 RESERVED + TODO: check, Asterisk Open Source CVE-2013-7099 RESERVED CVE-2013-7098 @@ -358,15 +359,19 @@ CVE-2013-7068 RESERVED CVE-2013-7067 (The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not ...) - TODO: check + NOT-FOR-US: Drupal module CVE-2013-7066 RESERVED + NOT-FOR-US: Drupal module CVE-2013-7065 RESERVED + NOT-FOR-US: Drupal module CVE-2013-7064 RESERVED + NOT-FOR-US: Drupal module CVE-2013-7063 RESERVED + NOT-FOR-US: Drupal module CVE-2013-7059 RESERVED CVE-2013-7058 @@ -523,9 +528,9 @@ CVE-2013-7006 RESERVED CVE-2013-7005 (D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware ...) - TODO: check + NOT-FOR-US: D-Link DSR-150 CVE-2013-7004 (D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware ...) - TODO: check + NOT-FOR-US: D-Link DSR-150 CVE-2013-7003 RESERVED NOT-FOR-US: LiveZilla @@ -2030,7 +2035,7 @@ CVE-2013-6702 (The management implementation on Cisco ONS 15454 controller cards with ...) NOT-FOR-US: Cisco CVE-2013-6701 (The tNetTaskLimit process on the Transport Node Controller (TNC) on ...) - TODO: check + NOT-FOR-US: Cisco CVE-2013-6700 (The SNMP module in Cisco IOS XR allows remote attackers to cause a ...) NOT-FOR-US: Cisco IOS XR CVE-2013-6699 (The Control and Provisioning of Wireless Access Points (CAPWAP) ...) @@ -3335,6 +3340,7 @@ RESERVED CVE-2013-6178 RESERVED + NOT-FOR-US: EMC RSA Archer GRC CVE-2013-6177 (Directory traversal vulnerability in EMC Document Sciences xPression ...) NOT-FOR-US: EMC CVE-2013-6176 (Multiple SQL injection vulnerabilities in EMC Document Sciences ...) @@ -5118,7 +5124,7 @@ CVE-2013-5467 RESERVED CVE-2013-5466 (The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the ...) - TODO: check + NOT-FOR-US: IBM DB2 and DB2 Connect CVE-2013-5465 RESERVED CVE-2013-5464 @@ -5147,6 +5153,7 @@ NOT-FOR-US: IBM CVE-2013-5452 RESERVED + NOT-FOR-US: IBM FileNet Business Process Framework CVE-2013-5451 RESERVED CVE-2013-5450 (IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz ...) @@ -5207,6 +5214,7 @@ RESERVED CVE-2013-5422 RESERVED + NOT-FOR-US: IBM Rational ClearQuest CVE-2013-5421 RESERVED CVE-2013-5420 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24843 - data/CVE
Author: fgeek-guest Date: 2013-12-20 10:39:53 + (Fri, 20 Dec 2013) New Revision: 24843 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-12-20 10:27:35 UTC (rev 24842) +++ data/CVE/list 2013-12-20 10:39:53 UTC (rev 24843) @@ -235,11 +235,11 @@ CVE-2013-7130 RESERVED CVE-2013-7129 (Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2013-7128 (Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in ...) - TODO: check + NOT-FOR-US: SteamOS CVE-2013-7127 (Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2013-7126 RESERVED CVE-2013-7125 @@ -267,11 +267,11 @@ CVE-2013-7109 RESERVED CVE-2013-7105 (Buffer overflow in the Interstage HTTP Server log functionality, as ...) - TODO: check + NOT-FOR-US: Fujitsu Interstage HTTP Server CVE-2013-7104 (McAfee Email Gateway 7.6 allows remote authenticated administrators to ...) - TODO: check + NOT-FOR-US: McAfee Email Gateway CVE-2013-7103 (McAfee Email Gateway 7.6 allows remote authenticated administrators to ...) - TODO: check + NOT-FOR-US: McAfee Email Gateway CVE-2013-7102 RESERVED CVE-2013-7101 @@ -286,17 +286,17 @@ CVE-2013-7097 RESERVED CVE-2013-7096 (Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote ...) - TODO: check + NOT-FOR-US: Sap EMR CVE-2013-7095 (The XML parser (crm_flex_data) in SAP Customer Relationship Management ...) - TODO: check + NOT-FOR-US: Sap CRM CVE-2013-7094 (SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in ...) - TODO: check + NOT-FOR-US: SAP NetWeaver CVE-2013-7093 (SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote ...) - TODO: check + NOT-FOR-US: SAP Network Interface Router CVE-2013-7092 (Multiple SQL injection vulnerabilities in ...) - TODO: check + NOT-FOR-US: McAfee Email Gateway CVE-2013-7091 (Directory traversal vulnerability in ...) - TODO: check + NOT-FOR-US: Zimbra CVE-2013-7090 RESERVED CVE-2013-7084 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24844 - data/CVE
Author: fgeek-guest Date: 2013-12-20 10:59:47 + (Fri, 20 Dec 2013) New Revision: 24844 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-12-20 10:39:53 UTC (rev 24843) +++ data/CVE/list 2013-12-20 10:59:47 UTC (rev 24844) @@ -8950,9 +8950,9 @@ - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-4001 (Session fixation vulnerability in IBM Cognos Command Center before ...) - TODO: check + NOT-FOR-US: IBM Cognos Command Center CVE-2013-4000 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM ...) - TODO: check + NOT-FOR-US: IBM Cognos Command Center CVE-2013-3999 (Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics ...) NOT-FOR-US: IBM Social Media Analytics CVE-2013-3998 @@ -10897,7 +10897,7 @@ CVE-2013-3141 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3140 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3139 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3138 (Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows ...) @@ -11097,9 +11097,9 @@ CVE-2013-3044 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...) NOT-FOR-US: IBM CVE-2013-3043 (Directory traversal vulnerability in the client in IBM Rational ...) - TODO: check + NOT-FOR-US: IBM CVE-2013-3042 (Directory traversal vulnerability in the server in IBM Rational ...) - TODO: check + NOT-FOR-US: IBM CVE-2013-3041 (The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 ...) NOT-FOR-US: IBM CVE-2013-3040 (IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, ...) @@ -11738,13 +11738,13 @@ CVE-2013-2817 RESERVED CVE-2013-2816 (The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 ...) - TODO: check + NOT-FOR-US: Cooper Power Systems CVE-2013-2815 RESERVED CVE-2013-2814 (Cooper Power Systems Cybectec DNP3 Master OPC Server allows remote ...) - TODO: check + NOT-FOR-US: Cooper Power Systems CVE-2013-2813 (The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 ...) - TODO: check + NOT-FOR-US: Cooper Power Systems CVE-2013-2812 RESERVED CVE-2013-2811 (The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24859 - data/CVE
Author: fgeek-guest Date: 2013-12-21 12:20:22 + (Sat, 21 Dec 2013) New Revision: 24859 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-12-21 07:58:42 UTC (rev 24858) +++ data/CVE/list 2013-12-21 12:20:22 UTC (rev 24859) @@ -198,6 +198,14 @@ RESERVED CVE-2014-0366 RESERVED +CVE-2013-7191 + NOT-FOR-US: Tenmiles Helpdesk Pilot +CVE-2013-7189 + NOT-FOR-US: iScripts AutoHoster +CVE-2013-7188 + RESERVED +CVE-2013-7187 + NOT-FOR-US: WordPress plugin FormCraft CVE-2013-7149 NOT-FOR-US: Revive Adserver CVE-2013-7148 @@ -3381,6 +3389,7 @@ NOT-FOR-US: Project'Or RIA CVE-2013-6162 RESERVED + NOT-FOR-US: Code-Crafters Ability Mail Server CVE-2013-6161 RESERVED CVE-2013-6160 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
