Author: joeyh
Date: 2013-04-10 21:14:23 +0000 (Wed, 10 Apr 2013)
New Revision: 21912
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-04-10 17:29:50 UTC (rev 21911)
+++ data/CVE/list 2013-04-10 21:14:23 UTC (rev 21912)
@@ -510,7 +510,7 @@
NOT-FOR-US: Internet Explorer
CVE-2013-2556 (Unspecified vulnerability in Microsoft Windows 7 allows
attackers to ...)
NOT-FOR-US: Windows 7
-CVE-2013-2555 (Adobe Flash Player 11.6.602.171 on Windows allows remote
attackers to ...)
+CVE-2013-2555 (Integer overflow in Adobe Flash Player before 10.3.183.75 and
11.x ...)
NOT-FOR-US: Adobe Flash plugin
CVE-2013-2554 (Unspecified vulnerability in Microsoft Windows 7 allows
attackers to ...)
NOT-FOR-US: Windows 7
@@ -1961,8 +1961,7 @@
CVE-2013-1899 (Argument injection vulnerability in PostgreSQL 9.2.x before
9.2.4, ...)
{DSA-2658-1}
- postgresql-9.1 9.1.9-1 (bug #704479)
-CVE-2013-1898 [ruby gem Thumbshooter RCE]
- RESERVED
+CVE-2013-1898 (lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby
allows ...)
NOT-FOR-US: Ruby gem Thumbshooter
CVE-2013-1897 [unintended information exposure when rootdse is enabled]
RESERVED
@@ -2221,8 +2220,7 @@
- owncloud <not-affected> (owncloud stable4 (4.0.x) is not affected)
NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-008/
NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
-CVE-2013-1821 [entity expansion DoS vulnerability in REXML]
- RESERVED
+CVE-2013-1821 (lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392
allows ...)
- ruby1.9.1 1.9.3.194-8.1 (bug #702525)
- ruby1.8 1.8.7.358-7 (bug #702526)
NOTE: http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/
@@ -2281,15 +2279,12 @@
RESERVED
CVE-2013-1803
RESERVED
-CVE-2013-1802 [YAML parameter parsing vulnerability]
- RESERVED
+CVE-2013-1802 (The extlib gem 0.9.15 and earlier for Ruby does not properly
restrict ...)
- ruby-extlib 0.9.15-3 (bug #697895)
- libextlib-ruby <removed> (bug #697895)
-CVE-2013-1801 [YAML parameter parsing vulnerability]
- RESERVED
+CVE-2013-1801 (The httparty gem 0.9.0 and earlier for Ruby does not properly
restrict ...)
NOT-FOR-US: httparty Ruby gem
-CVE-2013-1800 [YAML parameter parsing vulnerability]
- RESERVED
+CVE-2013-1800 (The crack gem 0.3.1 and earlier for Ruby does not properly
restrict ...)
- ruby-crack <itp> (bug #623900)
CVE-2013-1799 (Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before
...)
TODO: check
@@ -2318,15 +2313,12 @@
- linux-2.6 <removed>
CVE-2013-1791
RESERVED
-CVE-2013-1790 [uninitialized memory read]
- RESERVED
+CVE-2013-1790 (poppler/Stream.cc in poppler before 0.22.1 allows
context-dependent ...)
- poppler 0.18.4-6 (low; bug #702071)
-CVE-2013-1789 [crash in broken documents]
- RESERVED
+CVE-2013-1789 (splash/Splash.cc in poppler before 0.22.1 allows
context-dependent ...)
- poppler <not-affected> (vulnerable code introduced in a later version)
TODO: recheck poppler >= 0.22 when it gets uploaded
-CVE-2013-1788 [invalid memory issues]
- RESERVED
+CVE-2013-1788 (poppler before 0.22.1 allows context-dependent attackers to
cause a ...)
- poppler 0.18.4-6 (low; bug #702071)
CVE-2013-1787 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery
in the ...)
NOT-FOR-US: Drupal addon
@@ -3351,28 +3343,28 @@
RESERVED
CVE-2013-1389
RESERVED
-CVE-2013-1388
- RESERVED
-CVE-2013-1387
- RESERVED
-CVE-2013-1386
- RESERVED
-CVE-2013-1385
- RESERVED
-CVE-2013-1384
- RESERVED
-CVE-2013-1383
- RESERVED
+CVE-2013-1388 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update
10, ...)
+ TODO: check
+CVE-2013-1387 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update
10, ...)
+ TODO: check
+CVE-2013-1386 (Adobe Shockwave Player before 12.0.2.122 allows attackers to
execute ...)
+ TODO: check
+CVE-2013-1385 (Adobe Shockwave Player before 12.0.2.122 does not prevent
access to ...)
+ TODO: check
+CVE-2013-1384 (Adobe Shockwave Player before 12.0.2.122 allows attackers to
execute ...)
+ TODO: check
+CVE-2013-1383 (Buffer overflow in Adobe Shockwave Player before 12.0.2.122
allows ...)
+ TODO: check
CVE-2013-1382
RESERVED
CVE-2013-1381
RESERVED
-CVE-2013-1380
- RESERVED
-CVE-2013-1379
- RESERVED
-CVE-2013-1378
- RESERVED
+CVE-2013-1380 (Adobe Flash Player before 10.3.183.75 and 11.x before
11.7.700.169 on ...)
+ TODO: check
+CVE-2013-1379 (Adobe Flash Player before 10.3.183.75 and 11.x before
11.7.700.169 on ...)
+ TODO: check
+CVE-2013-1378 (Adobe Flash Player before 10.3.183.75 and 11.x before
11.7.700.169 on ...)
+ TODO: check
CVE-2013-1377
RESERVED
CVE-2013-1376
@@ -3528,10 +3520,10 @@
RESERVED
CVE-2013-1305
RESERVED
-CVE-2013-1304
- RESERVED
-CVE-2013-1303
- RESERVED
+CVE-2013-1304 (Use-after-free vulnerability in Microsoft Internet Explorer 6
through ...)
+ TODO: check
+CVE-2013-1303 (Use-after-free vulnerability in Microsoft Internet Explorer 6
through ...)
+ TODO: check
CVE-2013-1302
RESERVED
CVE-2013-1301
@@ -3544,22 +3536,22 @@
RESERVED
CVE-2013-1297
RESERVED
-CVE-2013-1296
- RESERVED
-CVE-2013-1295
- RESERVED
-CVE-2013-1294
- RESERVED
-CVE-2013-1293
- RESERVED
-CVE-2013-1292
- RESERVED
-CVE-2013-1291
- RESERVED
-CVE-2013-1290
- RESERVED
-CVE-2013-1289
- RESERVED
+CVE-2013-1296 (The Remote Desktop ActiveX control in mstscax.dll in Microsoft
Remote ...)
+ TODO: check
+CVE-2013-1295 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft
Windows XP ...)
+ TODO: check
+CVE-2013-1294 (Race condition in the kernel in Microsoft Windows XP SP2 and
SP3, ...)
+ TODO: check
+CVE-2013-1293 (The NTFS kernel-mode driver in Microsoft Windows Vista SP2,
Windows ...)
+ TODO: check
+CVE-2013-1292 (Race condition in win32k.sys in the kernel-mode drivers in
Microsoft ...)
+ TODO: check
+CVE-2013-1291 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP3, ...)
+ TODO: check
+CVE-2013-1290 (Microsoft SharePoint Server 2013, in certain configurations
involving ...)
+ TODO: check
+CVE-2013-1289 (Cross-site scripting (XSS) vulnerability in Microsoft
SharePoint ...)
+ TODO: check
CVE-2013-1288 (Use-after-free vulnerability in Microsoft Internet Explorer 8
allows ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1287 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and
SP3, ...)
@@ -3568,12 +3560,12 @@
NOT-FOR-US: Microsoft Windows
CVE-2013-1285 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and
SP3, ...)
NOT-FOR-US: Microsoft Windows
-CVE-2013-1284
- RESERVED
-CVE-2013-1283
- RESERVED
-CVE-2013-1282
- RESERVED
+CVE-2013-1284 (Race condition in the kernel in Microsoft Windows 8, Windows
Server ...)
+ TODO: check
+CVE-2013-1283 (Race condition in win32k.sys in the kernel-mode drivers in
Microsoft ...)
+ TODO: check
+CVE-2013-1282 (The LDAP service in Microsoft Active Directory, Active
Directory ...)
+ TODO: check
CVE-2013-1281 (The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1
and ...)
NOT-FOR-US: Microsoft Windows
CVE-2013-1280 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server
2003 ...)
@@ -6194,11 +6186,9 @@
NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12
CVE-2013-0286
RESERVED
-CVE-2013-0285
- RESERVED
+CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x
before ...)
NOT-FOR-US: nori Ruby gem
-CVE-2013-0284
- RESERVED
+CVE-2013-0284 (Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when
...)
NOT-FOR-US: newrelic_rpm Ruby gem
CVE-2013-0283
RESERVED
@@ -6300,8 +6290,7 @@
- postgresql-8.4 8.4.16-1
CVE-2013-0254 (The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x
before ...)
- qt4-x11 4:4.8.2+dfsg-11 (bug #699870)
-CVE-2013-0253
- RESERVED
+CVE-2013-0253 (The default configuration of Apache Maven 3.0.4, when using
Maven ...)
- wagon2 2.2-3+nmu1 (bug #701991)
CVE-2013-0252 (boost::locale::utf::utf_traits in the Boost.Locale library in
Boost ...)
- boost1.50 <unfixed> (bug #699650)
@@ -7149,8 +7138,7 @@
CVE-2012-6135
RESERVED
- ruby-passenger (low; bug #702219)
-CVE-2012-6134
- RESERVED
+CVE-2012-6134 (Cross-site request forgery (CSRF) vulnerability in the
omniauth-oauth2 ...)
NOT-FOR-US: ruby-omniauth, there was a sponsor request, but no ITP:
http://osdir.com/ml/debian-mentors/2011-08/msg00662.html
CVE-2012-6133 [XSS flaws in ok and error messages]
RESERVED
@@ -7283,8 +7271,7 @@
- moodle <unfixed> (low; bug #702387)
[squeeze] - moodle <no-dsa> (Minor issue)
[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
-CVE-2012-6097 [cronie fd leak]
- RESERVED
+CVE-2012-6097 (File descriptor leak in cronie 1.4.8, when running in certain
...)
- cronie <unfixed> (low; bug #697811)
NOTE: Only present in experimental
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=786096
@@ -7515,8 +7502,8 @@
NOT-FOR-US: Microsoft SharePoint
CVE-2013-0079 (Microsoft Visio Viewer 2010 SP1 allows remote attackers to
execute ...)
NOT-FOR-US: Microsoft Visio Viewer
-CVE-2013-0078
- RESERVED
+CVE-2013-0078 (The Microsoft Antimalware Client in Windows Defender on Windows
8 and ...)
+ TODO: check
CVE-2013-0077 (Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3,
Server ...)
NOT-FOR-US: Microsoft Windows
CVE-2013-0076 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft
Windows ...)
@@ -8750,8 +8737,7 @@
RESERVED
CVE-2012-5636
RESERVED
-CVE-2012-5635 [GlusterFS: insecure temporary file creation]
- RESERVED
+CVE-2012-5635 (The GlusterFS functionality in Red Hat Storage Management
Console 2.0, ...)
- glusterfs <undetermined> (bug #704944)
CVE-2012-5634 (Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI
passthrough, ...)
{DSA-2636-1}
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
