Author: joeyh
Date: 2013-01-14 21:14:23 +0000 (Mon, 14 Jan 2013)
New Revision: 20921
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-01-14 16:43:21 UTC (rev 20920)
+++ data/CVE/list 2013-01-14 21:14:23 UTC (rev 20921)
@@ -1,5 +1,217 @@
+CVE-2013-1347
+ RESERVED
+CVE-2013-1346
+ RESERVED
+CVE-2013-1345
+ RESERVED
+CVE-2013-1344
+ RESERVED
+CVE-2013-1343
+ RESERVED
+CVE-2013-1342
+ RESERVED
+CVE-2013-1341
+ RESERVED
+CVE-2013-1340
+ RESERVED
+CVE-2013-1339
+ RESERVED
+CVE-2013-1338
+ RESERVED
+CVE-2013-1337
+ RESERVED
+CVE-2013-1336
+ RESERVED
+CVE-2013-1335
+ RESERVED
+CVE-2013-1334
+ RESERVED
+CVE-2013-1333
+ RESERVED
+CVE-2013-1332
+ RESERVED
+CVE-2013-1331
+ RESERVED
+CVE-2013-1330
+ RESERVED
+CVE-2013-1329
+ RESERVED
+CVE-2013-1328
+ RESERVED
+CVE-2013-1327
+ RESERVED
+CVE-2013-1326
+ RESERVED
+CVE-2013-1325
+ RESERVED
+CVE-2013-1324
+ RESERVED
+CVE-2013-1323
+ RESERVED
+CVE-2013-1322
+ RESERVED
+CVE-2013-1321
+ RESERVED
+CVE-2013-1320
+ RESERVED
+CVE-2013-1319
+ RESERVED
+CVE-2013-1318
+ RESERVED
+CVE-2013-1317
+ RESERVED
+CVE-2013-1316
+ RESERVED
+CVE-2013-1315
+ RESERVED
+CVE-2013-1314
+ RESERVED
+CVE-2013-1313
+ RESERVED
+CVE-2013-1312
+ RESERVED
+CVE-2013-1311
+ RESERVED
+CVE-2013-1310
+ RESERVED
+CVE-2013-1309
+ RESERVED
+CVE-2013-1308
+ RESERVED
+CVE-2013-1307
+ RESERVED
+CVE-2013-1306
+ RESERVED
+CVE-2013-1305
+ RESERVED
+CVE-2013-1304
+ RESERVED
+CVE-2013-1303
+ RESERVED
+CVE-2013-1302
+ RESERVED
+CVE-2013-1301
+ RESERVED
+CVE-2013-1300
+ RESERVED
+CVE-2013-1299
+ RESERVED
+CVE-2013-1298
+ RESERVED
+CVE-2013-1297
+ RESERVED
+CVE-2013-1296
+ RESERVED
+CVE-2013-1295
+ RESERVED
+CVE-2013-1294
+ RESERVED
+CVE-2013-1293
+ RESERVED
+CVE-2013-1292
+ RESERVED
+CVE-2013-1291
+ RESERVED
+CVE-2013-1290
+ RESERVED
+CVE-2013-1289
+ RESERVED
+CVE-2013-1288
+ RESERVED
+CVE-2013-1287
+ RESERVED
+CVE-2013-1286
+ RESERVED
+CVE-2013-1285
+ RESERVED
+CVE-2013-1284
+ RESERVED
+CVE-2013-1283
+ RESERVED
+CVE-2013-1282
+ RESERVED
+CVE-2013-1281
+ RESERVED
+CVE-2013-1280
+ RESERVED
+CVE-2013-1279
+ RESERVED
+CVE-2013-1278
+ RESERVED
+CVE-2013-1277
+ RESERVED
+CVE-2013-1276
+ RESERVED
+CVE-2013-1275
+ RESERVED
+CVE-2013-1274
+ RESERVED
+CVE-2013-1273
+ RESERVED
+CVE-2013-1272
+ RESERVED
+CVE-2013-1271
+ RESERVED
+CVE-2013-1270
+ RESERVED
+CVE-2013-1269
+ RESERVED
+CVE-2013-1268
+ RESERVED
+CVE-2013-1267
+ RESERVED
+CVE-2013-1266
+ RESERVED
+CVE-2013-1265
+ RESERVED
+CVE-2013-1264
+ RESERVED
+CVE-2013-1263
+ RESERVED
+CVE-2013-1262
+ RESERVED
+CVE-2013-1261
+ RESERVED
+CVE-2013-1260
+ RESERVED
+CVE-2013-1259
+ RESERVED
+CVE-2013-1258
+ RESERVED
+CVE-2013-1257
+ RESERVED
+CVE-2013-1256
+ RESERVED
+CVE-2013-1255
+ RESERVED
+CVE-2013-1254
+ RESERVED
+CVE-2013-1253
+ RESERVED
+CVE-2013-1252
+ RESERVED
+CVE-2013-1251
+ RESERVED
+CVE-2013-1250
+ RESERVED
+CVE-2013-1249
+ RESERVED
+CVE-2013-1248
+ RESERVED
+CVE-2012-6501 (The KillProcess method in the HP PKI ActiveX control
(HPPKI.ocx) ...)
+ TODO: check
+CVE-2012-6500 (Directory traversal vulnerability in download.lib.php in
Pragyan CMS ...)
+ TODO: check
+CVE-2012-6499 (Open redirect vulnerability in age-verification.php in the Age
...)
+ TODO: check
+CVE-2011-5254 (Unspecified vulnerability in the Connections plugin before
0.7.1.6 for ...)
+ TODO: check
+CVE-2011-5253 (Dl Download Ticket Service 0.3 through 0.9 allows remote
attackers to ...)
+ TODO: check
+CVE-2011-5252 (Open redirect vulnerability in Users/Account/LogOff in Orchard
1.0.x ...)
+ TODO: check
CVE-2012-0722
- RESERVED
+ REJECTED
CVE-2013-1247
RESERVED
CVE-2013-1246
@@ -977,140 +1189,113 @@
RESERVED
CVE-2013-0772
RESERVED
-CVE-2013-0771
- RESERVED
+CVE-2013-0771 (Heap-based buffer overflow in the ...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
-CVE-2013-0770
- RESERVED
+CVE-2013-0770 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
-CVE-2013-0769
- RESERVED
+CVE-2013-0769 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- iceweasel 10.0.12esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2013-0768
- RESERVED
+CVE-2013-0768 (Stack-based buffer overflow in the Canvas implementation in
Mozilla ...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
-CVE-2013-0767
- RESERVED
+CVE-2013-0767 (The nsSVGPathElement::GetPathLengthScale function in Mozilla
Firefox ...)
- iceweasel 10.0.12esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2013-0766
- RESERVED
+CVE-2013-0766 (Use-after-free vulnerability in the ~nsHTMLEditRules
implementation in ...)
- iceweasel 10.0.12esr-1
- icedove <unfixed>
- iceape <unfixed>
CVE-2013-0765
RESERVED
-CVE-2013-0764
- RESERVED
+CVE-2013-0764 (The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla
Firefox ...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
-CVE-2013-0763
- RESERVED
+CVE-2013-0763 (Use-after-free vulnerability in Mozilla Firefox before 18.0,
Firefox ...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
-CVE-2013-0762
- RESERVED
+CVE-2013-0762 (Use-after-free vulnerability in the imgRequest::OnStopFrame
function ...)
- iceweasel 10.0.12esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2013-0761
- RESERVED
+CVE-2013-0761 (Use-after-free vulnerability in the ...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
-CVE-2013-0760
- RESERVED
+CVE-2013-0760 (Buffer overflow in the CharDistributionAnalysis::HandleOneChar
...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
-CVE-2013-0759
- RESERVED
+CVE-2013-0759 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12
and 17.x ...)
- iceweasel 10.0.12esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2013-0758
- RESERVED
+CVE-2013-0758 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12
and 17.x ...)
- iceweasel 10.0.12esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2013-0757
- RESERVED
+CVE-2013-0757 (The Chrome Object Wrapper (COW) implementation in Mozilla
Firefox ...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
-CVE-2013-0756
- RESERVED
+CVE-2013-0756 (Use-after-free vulnerability in the obj_toSource function in
Mozilla ...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
-CVE-2013-0755
- RESERVED
+CVE-2013-0755 (Use-after-free vulnerability in the mozVibrate implementation
in the ...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
-CVE-2013-0754
- RESERVED
+CVE-2013-0754 (Use-after-free vulnerability in the ListenerManager
implementation in ...)
- iceweasel 10.0.12esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2013-0753
- RESERVED
+CVE-2013-0753 (Use-after-free vulnerability in the serializeToStream
implementation ...)
- iceweasel 10.0.12esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2013-0752
- RESERVED
+CVE-2013-0752 (Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2,
...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
-CVE-2013-0751
- RESERVED
+CVE-2013-0751 (Mozilla Firefox before 18.0 on Android and SeaMonkey before
2.15 do ...)
- iceape <not-affected> (Android-specific)
- iceweasel <not-affected> (Android-specific)
- icedove <not-affected> (Android-specific)
-CVE-2013-0750
- RESERVED
+CVE-2013-0750 (Integer overflow in the JavaScript implementation in Mozilla
Firefox ...)
- iceweasel 10.0.12esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2013-0749
- RESERVED
+CVE-2013-0749 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
-CVE-2013-0748
- RESERVED
+CVE-2013-0748 (The XBL.__proto__.toString implementation in Mozilla Firefox
before ...)
- iceweasel 10.0.12esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2013-0747
- RESERVED
+CVE-2013-0747 (The gPluginHandler.handleEvent function in the plugin handler
in ...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
-CVE-2013-0746
- RESERVED
+CVE-2013-0746 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12
and 17.x ...)
- iceweasel 10.0.12esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2013-0745
- RESERVED
+CVE-2013-0745 (The AutoWrapperChanger class in Mozilla Firefox before 18.0,
Firefox ...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
-CVE-2013-0744
- RESERVED
+CVE-2013-0744 (Use-after-free vulnerability in the ...)
- iceweasel 10.0.12esr-1
- icedove <unfixed>
- iceape <unfixed>
@@ -1161,8 +1346,7 @@
RESERVED
CVE-2013-0723
RESERVED
-CVE-2013-0722 [stack-based buffer overflow when parsing hosts list]
- RESERVED
+CVE-2013-0722 (Stack-based buffer overflow in the scan_load_hosts function in
...)
- ettercap 1:0.7.5.1-2 (low; bug #697987)
[squeeze] - ettercap <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2013/01/10/2
@@ -1489,8 +1673,7 @@
RESERVED
CVE-2013-0631 (Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to
obtain ...)
NOT-FOR-US: Adobe ColdFusion
-CVE-2013-0630
- RESERVED
+CVE-2013-0630 (Buffer overflow in Adobe Flash Player before 10.3.183.50 and
11.x ...)
NOT-FOR-US: Adobe Flash Player
CVE-2013-0629 (Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is
not ...)
NOT-FOR-US: Adobe ColdFusion
@@ -2120,7 +2303,7 @@
RESERVED
CVE-2013-0423
RESERVED
-CVE-2013-0422 (The MBeanInstantiator in Oracle Java Runtime Environment (JRE)
1.7 in ...)
+CVE-2013-0422 (The findClass method in the MBeanInstantiator class in Oracle
Java ...)
TODO: check
NOTE: Exploitable on Linux
http://www.openwall.com/lists/oss-security/2013/01/11/1
CVE-2013-0421
@@ -2665,8 +2848,7 @@
- mount <unfixed> (bug #697464; low)
[squeeze] - mount <no-dsa> (Minor issue)
NOTE: CVE request
http://www.openwall.com/lists/oss-security/2013/01/06/1
-CVE-2013-0156 [Multiple vulnerabilities in parameter parsing in ActionPack]
- RESERVED
+CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails
before ...)
{DSA-2604-1}
- rails 2.3.14.1 (bug #697722; high)
- ruby-activesupport-2.3 2.3.14-5 (bug #697789)
@@ -2677,8 +2859,7 @@
NOTE: http://www.insinuator.net/2013/01/rails-yaml/
NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/14
NOTE: experimental has 3.2.8-1 and should be affected too
-CVE-2013-0155 [Unsafe Query Generation Risk in Ruby on Rails]
- RESERVED
+CVE-2013-0155 (Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and
3.2.x ...)
- ruby-activerecord-3.2 3.2.6-4 (bug #697744)
- ruby-activerecord-2.3 <not-affected> (Only applies to 3.x)
- ruby-actionpack-3.2 3.2.6-5 (bug #697802)
@@ -2686,8 +2867,7 @@
- rails <not-affected> (Only applies to 3.x)
NOTE: Starting with 2.3.14.1 rails is a transition package
NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/13
-CVE-2013-0154
- RESERVED
+CVE-2013-0154 (The get_page_type function in xen/arch/x86/mm.c in Xen 4.2,
when ...)
- xen <not-affected> (Only applies to Xen 4.2, which is only available
in experimental)
CVE-2013-0153
RESERVED
@@ -4059,8 +4239,8 @@
RESERVED
CVE-2012-5875
RESERVED
-CVE-2012-5874
- RESERVED
+CVE-2012-5874 (Multiple SQL injection vulnerabilities in the (1) ...)
+ TODO: check
CVE-2012-5873
RESERVED
CVE-2012-5872
@@ -5941,8 +6121,8 @@
- chromium-browser <unfixed>
- ffmpeg <removed>
- libav 6:0.8.5-1 (bug #694483)
- NOTE:
http://git.libav.org/?p=libav.git;a=commitdiff;h=6d5b0092678b2a95dfe209a207550bd2fe9ef646
is supposed to fix this.
- NOTE: Upstream has a sample, but can only be reproduced with
asan/tsan. However, Chrome seems to be affected by this somehow more directly.
+ NOTE:
http://git.libav.org/?p=libav.git;a=commitdiff;h=6d5b0092678b2a95dfe209a207550bd2fe9ef646
is supposed to fix this.
+ NOTE: Upstream has a sample, but can only be reproduced with asan/tsan.
However, Chrome seems to be affected by this somehow more directly.
CVE-2012-5143 (Integer overflow in Google Chrome before 23.0.1271.97 allows
remote ...)
- chromium-browser <unfixed>
CVE-2012-5142 (Google Chrome before 23.0.1271.97 does not properly handle
history ...)
@@ -11899,7 +12079,7 @@
- ffmpeg <removed>
NOTE: https://chromiumcodereview.appspot.com/10829204
NOTE: proposed patch for libav: http://patches.libav.org/patch/32636/
- NOTE: fixed with
http://git.libav.org/?p=libav.git;a=commitdiff;h=7751e4693dd10ec98c20fbd9887233b575034272
+ NOTE: fixed with
http://git.libav.org/?p=libav.git;a=commitdiff;h=7751e4693dd10ec98c20fbd9887233b575034272
CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle
plug-ins, ...)
- chromium-browser 22.0.1229.94~r161065-1
CVE-2012-2880 (Race condition in Google Chrome before 22.0.1229.79 allows
remote ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
