Author: joeyh
Date: 2012-11-13 21:14:27 +0000 (Tue, 13 Nov 2012)
New Revision: 20482
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-11-13 14:44:31 UTC (rev 20481)
+++ data/CVE/list 2012-11-13 21:14:27 UTC (rev 20482)
@@ -1,4 +1,25 @@
+CVE-2012-5859
+ RESERVED
+CVE-2012-5858
+ RESERVED
+CVE-2012-5857
+ RESERVED
+CVE-2012-5856
+ RESERVED
+CVE-2012-5855
+ RESERVED
+CVE-2012-5853
+ RESERVED
+CVE-2012-5852
+ RESERVED
+CVE-2012-5851
+ RESERVED
+CVE-2012-5850
+ RESERVED
+CVE-2012-5849
+ RESERVED
CVE-2012-5854
+ RESERVED
- weechat 0.3.9.1-1 (bug #693026)
[squeeze] - weechat <not-affected> (Vulnerable code not present)
CVE-2012-5848
@@ -43,8 +64,8 @@
RESERVED
CVE-2012-5828
RESERVED
-CVE-2012-5827
- RESERVED
+CVE-2012-5827 (Joomla! 2.5.x before 2.5.8 allows remote attackers to conduct
...)
+ TODO: check
CVE-2012-5826
RESERVED
CVE-2011-5243 (TwitterOAuth does not verify that the server hostname matches a
domain ...)
@@ -371,8 +392,7 @@
RESERVED
CVE-2012-5674
RESERVED
-CVE-2012-5673
- RESERVED
+CVE-2012-5673 (Unspecified vulnerability in Adobe Flash Player before
10.3.183.29 and ...)
NOT-FOR-US: Adobe Flash Player
CVE-2011-5235 (SQL injection vulnerability in mnoGoSearch before 3.3.12 allows
remote ...)
NOT-FOR-US: mnoGoSearch
@@ -854,8 +874,7 @@
RESERVED
CVE-2012-5483
RESERVED
-CVE-2012-5482
- RESERVED
+CVE-2012-5482 (The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and
Essex ...)
- glance 2012.1.1-3 (bug #692641)
CVE-2012-5481
RESERVED
@@ -1312,14 +1331,11 @@
CVE-2012-XXXX [gunicorn fails to drop supplemental groups]
- gunicorn 0.14.5-3 (low)
[squeeze] - gunicorn <no-dsa> (Minor issue)
-CVE-2012-5287
- RESERVED
+CVE-2012-5287 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and
11.x ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2012-5286
- RESERVED
+CVE-2012-5286 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and
11.x ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2012-5285
- RESERVED
+CVE-2012-5285 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and
11.x ...)
NOT-FOR-US: Adobe Flash Player
CVE-2012-5284
RESERVED
@@ -2233,8 +2249,7 @@
RESERVED
CVE-2012-4885 (The wikitext parser in MediaWiki 1.17.x before 1.17.3 and
1.18.x ...)
- mediawiki 1:1.19.0-1 (low)
-CVE-2012-4884
- RESERVED
+CVE-2012-4884 (Argument injection vulnerability in Request Tracker (RT) 3.8.x
before ...)
{DSA-2567-1}
- request-tracker3.8 <removed>
- request-tracker4 4.0.7-2
@@ -2755,25 +2770,21 @@
{DSA-2567-1}
- request-tracker3.8 <removed>
- request-tracker4 4.0.7-2
-CVE-2012-4734
- RESERVED
+CVE-2012-4734 (Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8
allows ...)
{DSA-2567-1}
- request-tracker3.8 <removed>
- request-tracker4 4.0.7-2
CVE-2012-4733
RESERVED
-CVE-2012-4732
- RESERVED
+CVE-2012-4732 (Cross-site request forgery (CSRF) vulnerability in Request
Tracker ...)
{DSA-2567-1}
- request-tracker3.8 <removed>
- request-tracker4 4.0.7-2
-CVE-2012-4731
- RESERVED
+CVE-2012-4731 (FAQ manager for Request Tracker (RTFM) before 2.4.5 does not
properly ...)
{DSA-2568-1}
- rtfm <removed>
- request-tracker4 4.0.7-2
-CVE-2012-4730
- RESERVED
+CVE-2012-4730 (Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8
allows ...)
{DSA-2567-1}
- request-tracker3.8 <removed>
- request-tracker4 4.0.7-2
@@ -3295,8 +3306,7 @@
- pgbouncer 1.5.2-4
CVE-2012-4574
RESERVED
-CVE-2012-4573
- RESERVED
+CVE-2012-4573 (The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and
Essex ...)
- glance 2012.1.1-2 (bug #692641)
CVE-2012-4572
RESERVED
@@ -3323,8 +3333,7 @@
RESERVED
- linux <unfixed>
- linux-2.6 <removed>
-CVE-2012-4564 [ppm2tiff heap overflow]
- RESERVED
+CVE-2012-4564 (ppm2tiff does not check the return value of the
TIFFScanlineSize ...)
- tiff <unfixed> (bug #692345)
- tiff3 <not-affected> (The tiff-tools package is only built from the
tiff source package)
CVE-2012-4563
@@ -3348,13 +3357,11 @@
RESERVED
CVE-2012-4555
RESERVED
-CVE-2012-4554
- RESERVED
+CVE-2012-4554 (The OpenID module in Drupal 7.x before 7.16 allows remote
OpenID ...)
- drupal7 7.14-1.1 (bug #690817)
- drupal6 <not-affected> (according to upstream)
NOTE: http://drupal.org/node/1815912
-CVE-2012-4553
- RESERVED
+CVE-2012-4553 (Drupal 7.x before 7.16 allows remote attackers to obtain
sensitive ...)
- drupal7 7.14-1.1 (bug #690817)
- drupal6 <not-affected> (according to upstream)
NOTE: http://drupal.org/node/1815912
@@ -3369,8 +3376,7 @@
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server)
CVE-2012-4549
RESERVED
-CVE-2012-4548
- RESERVED
+CVE-2012-4548 (Argument injection vulnerability in syntax-highlighting.sh in
cgit ...)
- cgit <itp> (bug #515793)
CVE-2012-4547 (Unspecified vulnerability in awredir.pl in AWStats before 7.1
has ...)
- awstats <not-affected>
@@ -3388,8 +3394,7 @@
RESERVED
CVE-2012-4541
RESERVED
-CVE-2012-4540 [IcedTea-Web: buffer overflow in
IcedTeaScriptableJavaObject::invoke.]
- RESERVED
+CVE-2012-4540 (Off-by-one error in the invoke function in ...)
- icedtea-web 1.3.1-1 (bug #692608)
NOTE: http://seclists.org/oss-sec/2012/q4/237
CVE-2012-4539
@@ -3454,7 +3459,7 @@
- ruby1.8 <not-affected> (Only affects 1.9.x, see bug #690670)
- ruby1.9.1 1.9.3.194-3 (bug #690670)
CVE-2012-4521 [rejected dupe assignment]
- RESERVED
+ REJECTED
CVE-2012-4520
RESERVED
- python-django 1.4.2-1 (bug #691145)
@@ -3469,18 +3474,15 @@
- librdmacm 1.0.16-1 (bug #690672)
[squeeze] - librdmacm <not-affected> (Introduced in 1.0.12)
[wheezy] - librdmacm 1.0.15-1+deb7u1
-CVE-2012-4515
- RESERVED
+CVE-2012-4515 (Use-after-free vulnerability in
khtml/rendering/render_replaced.cpp in ...)
- kdebase <removed> (unimportant)
- kde-baseapps <unfixed> (unimportant)
NOTE: Konqueror not supported security-wise
-CVE-2012-4514
- RESERVED
+CVE-2012-4514 (rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3
allows ...)
- kdebase <removed> (unimportant)
- kde-baseapps <unfixed> (unimportant)
NOTE: Konqueror not supported security-wise
-CVE-2012-4513
- RESERVED
+CVE-2012-4513 (khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3
allows ...)
- kdebase <removed> (unimportant)
- kde-baseapps <unfixed> (unimportant)
NOTE: Konqueror not supported security-wise
@@ -3511,12 +3513,10 @@
- gitolite <not-affected> (Only affects 3.x releases)
NOTE:
https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion
NOTE:
https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2
-CVE-2012-4505
- RESERVED
+CVE-2012-4505 (Heap-based buffer overflow in the px_pac_reload function in
lib/pac.c ...)
{DSA-2571-1}
- libproxy 0.3.1-5.1 (bug #690376)
-CVE-2012-4504
- RESERVED
+CVE-2012-4504 (Stack-based buffer overflow in the url::get_pac function in
url.cpp in ...)
- libproxy <not-affected> (Vulnerable code not present)
NOTE: 0.4-only issue, fixed in newest upstream 0.4.9
CVE-2012-4503
@@ -5424,22 +5424,22 @@
RESERVED
CVE-2012-3759
RESERVED
-CVE-2012-3758
- RESERVED
-CVE-2012-3757
- RESERVED
-CVE-2012-3756
- RESERVED
-CVE-2012-3755
- RESERVED
-CVE-2012-3754
- RESERVED
-CVE-2012-3753
- RESERVED
-CVE-2012-3752
- RESERVED
-CVE-2012-3751
- RESERVED
+CVE-2012-3758 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote
...)
+ TODO: check
+CVE-2012-3757 (Apple QuickTime before 7.7.3 allows remote attackers to execute
...)
+ TODO: check
+CVE-2012-3756 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote
...)
+ TODO: check
+CVE-2012-3755 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote
...)
+ TODO: check
+CVE-2012-3754 (Use-after-free vulnerability in the Clear method in the ActiveX
...)
+ TODO: check
+CVE-2012-3753 (Buffer overflow in the plugin in Apple QuickTime before 7.7.3
allows ...)
+ TODO: check
+CVE-2012-3752 (Multiple buffer overflows in Apple QuickTime before 7.7.3 allow
remote ...)
+ TODO: check
+CVE-2012-3751 (Use-after-free vulnerability in the plugin in Apple QuickTime
before ...)
+ TODO: check
CVE-2012-3750 (The Passcode Lock implementation in Apple iOS before 6.0.1 does
not ...)
NOT-FOR-US: iOS
CVE-2012-3749 (The extensions APIs in the kernel in Apple iOS before 6.0.1
provide ...)
@@ -5920,8 +5920,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=697105
NOTE: http://stealth.openwall.net/null/dzug.c
-CVE-2012-3523 [inn prone to STARTTLS plaintext command injection]
- RESERVED
+CVE-2012-3523 (The STARTTLS implementation in nnrpd in INN before 2.5.3 does
not ...)
- inn <not-affected> (STARTTLS was introduced in 2.3, see bug #685581)
- inn2 2.5.3-1 (bug #685581)
CVE-2012-3522 [geshi XSS in contrib/langwiz.php]
@@ -8520,8 +8519,8 @@
RESERVED
CVE-2012-2456
RESERVED
-CVE-2012-2455
- RESERVED
+CVE-2012-2455 (Advanced Productivity Software DTE Axiom before 12.3.3 does not
...)
+ TODO: check
CVE-2012-2454
RESERVED
CVE-2012-2453
@@ -10258,14 +10257,14 @@
NOT-FOR-US: DeltaV (SCADA system) not in Debian
CVE-2012-1814 (Cross-site scripting (XSS) vulnerability in Emerson DeltaV and
DeltaV ...)
NOT-FOR-US: DeltaV (SCADA system) not in Debian
-CVE-2012-1813
- RESERVED
-CVE-2012-1812
- RESERVED
-CVE-2012-1811
- RESERVED
-CVE-2012-1810
- RESERVED
+CVE-2012-1813 (eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2
allows ...)
+ TODO: check
+CVE-2012-1812 (eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2
allows ...)
+ TODO: check
+CVE-2012-1811 (EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows
remote ...)
+ TODO: check
+CVE-2012-1810 (EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows
remote ...)
+ TODO: check
CVE-2012-1809 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, ...)
NOT-FOR-US: Koyo ECOM
CVE-2012-1808 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, ...)
@@ -25480,8 +25479,8 @@
NOT-FOR-US: IBM WebSphere
CVE-2011-1375 (IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config
and ...)
NOT-FOR-US: IBM AIX
-CVE-2011-1374
- RESERVED
+CVE-2011-1374 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote
...)
+ TODO: check
CVE-2011-1373 (Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX,
when the ...)
NOT-FOR-US: IBM DB2
CVE-2011-1372 (The Web User Interface on the IBM TS3100 and TS3200 tape
libraries ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
