Author: joeyh
Date: 2013-10-01 21:14:37 +0000 (Tue, 01 Oct 2013)
New Revision: 23851
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-01 20:13:22 UTC (rev 23850)
+++ data/CVE/list 2013-10-01 21:14:37 UTC (rev 23851)
@@ -1,3 +1,17 @@
+CVE-2013-5967
+ RESERVED
+CVE-2013-5966
+ RESERVED
+CVE-2013-5965 (The Node View Permissions module 7.x-1.x before 7.x-1.2 for
Drupal ...)
+ TODO: check
+CVE-2013-5964 (Cross-site scripting (XSS) vulnerability in the administration
page in ...)
+ TODO: check
+CVE-2013-5963 (Unrestricted file upload vulnerability in multi.php in Simple
Dropbox ...)
+ TODO: check
+CVE-2013-5962 (Unrestricted file upload vulnerability in
frames/upload-images.php in ...)
+ TODO: check
+CVE-2013-5961 (Unrestricted file upload vulnerability in lazyseo.php in the
Lazy SEO ...)
+ TODO: check
CVE-2013-5960 (The authenticated-encryption feature in the
symmetric-encryption ...)
NOT-FOR-US: OWASP Enterprise Security API for Java
CVE-2013-5958
@@ -480,8 +494,7 @@
RESERVED
CVE-2013-5726
RESERVED
-CVE-2013-5725
- RESERVED
+CVE-2013-5725 (The Metaclassy Byword app 2.x before 2.1 for iOS does not
require ...)
NOT-FOR-US: Byword for iOS
CVE-2013-5724 (Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable
...)
{DSA-2752-1}
@@ -555,8 +568,7 @@
RESERVED
CVE-2013-5698 (Cross-site scripting (XSS) vulnerability in Open-Xchange
AppSuite and ...)
- open-xchange <itp> (bug #269329)
-CVE-2013-5697 [Blind SQL Injection]
- RESERVED
+CVE-2013-5697 (SQL injection vulnerability in mod_accounting.c in the
mod_accounting ...)
- libapache-mod-acct <removed>
CVE-2013-5696 (inc/central.class.php in GLPI before 0.84.2 does not attempt to
make ...)
- glpi <unfixed> (bug #723837)
@@ -565,11 +577,9 @@
RESERVED
CVE-2013-5694
RESERVED
-CVE-2013-5693 [Cross-Site Scripting]
- RESERVED
+CVE-2013-5693 (Cross-site scripting (XSS) vulnerability in X2Engine X2CRM
before 3.5 ...)
NOT-FOR-US: X2CRM
-CVE-2013-5692 [PHP File Inclusion]
- RESERVED
+CVE-2013-5692 (Directory traversal vulnerability in X2Engine X2CRM before 3.5
allows ...)
NOT-FOR-US: X2CRM
CVE-2013-5691 (The (1) IPv6 and (2) ATM ioctl request handlers in the kernel
in ...)
- kfreebsd-9 9.2~svn255465-1 (bug #722338)
@@ -705,8 +715,7 @@
CVE-2013-5654
RESERVED
NOT-FOR-US: YingZhi Python for iOS
-CVE-2013-5651 [virBitmapParse out-of-bounds read access]
- RESERVED
+CVE-2013-5651 (The virBitmapParse function in util/virbitmap.c in libvirt
before ...)
- libvirt 1.1.2~rc1-1
[squeeze] - libvirt <not-affected> (vulnerable code not introduced,
introduced in v0.10.2-rc1)
[wheezy] - libvirt <not-affected> (vulnerable code not introduced,
introduced in v0.10.2-rc1)
@@ -864,8 +873,7 @@
RESERVED
CVE-2013-5573
RESERVED
-CVE-2013-5572 [password leak]
- RESERVED
+CVE-2013-5572 (Zabbix 2.0.5 allows remote authenticated users to discover the
LDAP ...)
- zabbix <unfixed> (unimportant)
NOTE: http://seclists.org/fulldisclosure/2013/Sep/151
NOTE: Non-issue
@@ -1021,8 +1029,8 @@
RESERVED
CVE-2013-5517
RESERVED
-CVE-2013-5516
- RESERVED
+CVE-2013-5516 (The Media Snapshot implementation on Cisco TelePresence
Multipoint ...)
+ TODO: check
CVE-2013-5515
RESERVED
CVE-2013-5514
@@ -1263,8 +1271,8 @@
RESERVED
CVE-2013-5396
RESERVED
-CVE-2013-5395
- RESERVED
+CVE-2013-5395 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before
7.1.1.12, ...)
+ TODO: check
CVE-2013-5394
RESERVED
CVE-2013-5393
@@ -1287,14 +1295,14 @@
RESERVED
CVE-2013-5384
RESERVED
-CVE-2013-5383
- RESERVED
-CVE-2013-5382
- RESERVED
-CVE-2013-5381
- RESERVED
-CVE-2013-5380
- RESERVED
+CVE-2013-5383 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before
7.1.1.12, ...)
+ TODO: check
+CVE-2013-5382 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before
7.1.1.12, ...)
+ TODO: check
+CVE-2013-5381 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through
7.1.1.12, ...)
+ TODO: check
+CVE-2013-5380 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before
7.1.1.12, ...)
+ TODO: check
CVE-2013-5379
RESERVED
CVE-2013-5378
@@ -1313,8 +1321,8 @@
RESERVED
CVE-2013-5371
RESERVED
-CVE-2013-5370
- RESERVED
+CVE-2013-5370 (Unspecified vulnerability in IBM SPSS Collaboration and
Deployment ...)
+ TODO: check
CVE-2013-5369 (IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2
before ...)
NOT-FOR-US: IBM SPSS Analytical Decision Management
CVE-2013-5368
@@ -2960,8 +2968,7 @@
NOT-FOR-US: WordPress plugin Duplicator
CVE-2013-4624
RESERVED
-CVE-2013-4623 [polarssl: DoS through Certificate message during handshake]
- RESERVED
+CVE-2013-4623 (The x509parse_crt function in x509.h in PolarSSL 1.1.x before
1.1.7 ...)
- polarssl 1.2.8-1 (low; bug #719954)
[squeeze] - polarssl <no-dsa> (Minor issue)
[wheezy] - polarssl <no-dsa> (Minor issue)
@@ -3431,15 +3438,19 @@
RESERVED
NOT-FOR-US: Simple Machines Forum
CVE-2013-4394 [systemd: Improper sanitization of invalid XKB layouts
descriptions]
+ RESERVED
- systemd <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862324
CVE-2013-4393 [systemd: Possibility of denial of logging service by processing
native messages from file]
+ RESERVED
- systemd <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859104
CVE-2013-4392 [systemd: TOCTOU race condition when updating file permissions
and SELinux security contexts]
+ RESERVED
- systemd <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859060
CVE-2013-4391 [systemd: Integer overflow, leading to heap-based buffer
overflow by processing native messages]
+ RESERVED
- systemd <unfixed>
[wheezy] - systemd <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859051
@@ -3481,8 +3492,7 @@
CVE-2013-4379
RESERVED
NOT-FOR-US: Drupal module
-CVE-2013-4378 [blind XSS through X-Forwarded-For header]
- RESERVED
+CVE-2013-4378 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Javamelody
CVE-2013-4377 [qemu host crash from within guest]
RESERVED
@@ -3500,8 +3510,7 @@
RESERVED
CVE-2013-4373
RESERVED
-CVE-2013-4372
- RESERVED
+CVE-2013-4372 (Multiple cross-site scripting (XSS) vulnerabilities in Fuse
Management ...)
NOT-FOR-US: JBoss Fuse
CVE-2013-4371
RESERVED
@@ -3527,8 +3536,7 @@
NOTE: Non-issue, you trust the site providing the gem with installing
arbitrary code, allowing
NOTE: it a potential elevated CPU consumption doesn't add any extra harm
NOTE: CVE for incomplete fix for CVE-2013-4287
-CVE-2013-4362 [Insecure use of system]
- RESERVED
+CVE-2013-4362 (WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local
users ...)
{DSA-2765-1}
- davfs2 1.4.7-3 (bug #723034)
NOTE: http://savannah.nongnu.org/bugs/?40034
@@ -3537,8 +3545,7 @@
- xen <unfixed>
CVE-2013-4360
RESERVED
-CVE-2013-4359 [mod_sftp/mod_sftp_pam invalid pool allocation during kbdint
authentication]
- RESERVED
+CVE-2013-4359 (Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and
1.3.5r3 ...)
{DSA-2767-1}
- proftpd-dfsg <unfixed> (bug #723179)
CVE-2013-4358
@@ -3685,15 +3692,13 @@
NOTE: http://www.openwall.com/lists/oss-security/2013/09/09/9
CVE-2013-4317
RESERVED
-CVE-2013-4316
- RESERVED
+CVE-2013-4316 (Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method
Invocation ...)
- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts
2.3.15.1)
NOTE: http://struts.apache.org/release/2.3.x/docs/s2-019.html
CVE-2013-4315 (Directory traversal vulnerability in Django 1.4.x before 1.4.7,
1.5.x ...)
{DSA-2755-1}
- python-django 1.5.3-1 (bug #722605)
-CVE-2013-4314 [hostname check bypassing vulnerability]
- RESERVED
+CVE-2013-4314 (The X509Extension in pyOpenSSL before 0.13.1 does not properly
handle ...)
{DSA-2763-1}
- pyopenssl 0.13-2.1 (bug #722055)
CVE-2013-4313 (Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6,
and ...)
@@ -3705,8 +3710,7 @@
RESERVED
- libvirt <unfixed> (unimportant)
NOTE: polkit support not activated in Debian build, will be fixed in
point update
-CVE-2013-4310
- RESERVED
+CVE-2013-4310 (Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to
bypass ...)
- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts
2.3.15.1)
NOTE: http://struts.apache.org/release/2.3.x/docs/s2-018.html
CVE-2013-4309
@@ -3746,16 +3750,14 @@
- linux-2.6 <not-affected> (Not exploitable by unprivileged users in
2.6.32)
CVE-2013-4299
RESERVED
-CVE-2013-4297
- RESERVED
+CVE-2013-4297 (The virFileNBDDeviceAssociate function in util/virfile.c in
libvirt ...)
- libvirt 1.1.2-2
[jessie] - libvirt <not-affected> (Introduced with
8aabd597b379db5ae1655e36dff4f10d5622830a)
[wheezy] - libvirt <not-affected> (Introduced with
8aabd597b379db5ae1655e36dff4f10d5622830a)
[squeeze] - libvirt <not-affected> (Introduced with
8aabd597b379db5ae1655e36dff4f10d5622830a)
NOTE:
http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=2dba0323ff0cec31bdcea9dd3b2428af297401f2
NOTE: Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a, 1.0.6
-CVE-2013-4296 [libvirt remote crash]
- RESERVED
+CVE-2013-4296 (The remoteDispatchDomainMemoryStats function in daemon/remote.c
in ...)
{DSA-2764-1}
- libvirt <unfixed>
[squeeze] - libvirt <not-affected> (Vulnerable code not present,
introduced by commit 158ba8730e44b7dd07a21ab90499996c5dec080a)
@@ -3768,14 +3770,12 @@
[wheezy] - keystone <not-affected> (only affects Folsom release and
above)
CVE-2013-4293
RESERVED
-CVE-2013-4292 [unbounded RPC arrays in remote protocol]
- RESERVED
+CVE-2013-4292 (libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of
...)
- libvirt 1.1.2~rc2-1 (bug #721325)
[squeeze] - libvirt <not-affected> (Introduced with 1.1.0)
[wheezy] - libvirt <not-affected> (Introduced with 1.1.0)
[jessie] - libvirt <not-affected> (Introduced with 1.1.0)
-CVE-2013-4291
- RESERVED
+CVE-2013-4291 (The virSecurityManagerSetProcessLabel function in libvirt
0.10.2.7, ...)
- libvirt 1.1.2-2
[squeeze] - libvirt <not-affected> (vulnerable code not introduced,
introduced in 1.1.1)
[wheezy] - libvirt <not-affected> (vulnerable code not introduced,
introduced in 1.1.1)
@@ -3943,8 +3943,7 @@
CVE-2013-4240
RESERVED
NOT-FOR-US: WordPress plugin HMS Testimonials
-CVE-2013-4239 [memory corruption in xenDaemonListDefinedDomains function]
- RESERVED
+CVE-2013-4239 (The xenDaemonListDefinedDomains function in xen/xend_internal.c
in ...)
- libvirt 1.1.2~rc1-1 (bug #719533)
[wheezy] - libvirt <not-affected> (Introduced in 1.1.1)
[squeeze] - libvirt <not-affected> (Introduced in 1.1.1)
@@ -4017,8 +4016,7 @@
[squeeze] - nullmailer <no-dsa> (Minor issue)
NOTE: CVE request originally for /etc/nullmailer/remotes permissions in
gentoo, but Debian
NOTE: had the same problem until 1:1.11-2
-CVE-2013-4222 [Keystone disabling a tenant does not disable a user token]
- RESERVED
+CVE-2013-4222 (OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and
earlier, ...)
- keystone 2013.1.3-1 (bug #719290)
[wheezy] - keystone <not-affected> (Vulnerable code not present in
Openstack Essex)
NOTE:
http://lists.openstack.org/pipermail/openstack-security/2013-August/000263.html
@@ -4239,14 +4237,12 @@
CVE-2013-4155 (OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana
allows ...)
{DSA-2737-1}
- swift 1.8.0-7 (bug #719008)
-CVE-2013-4154 [libvirt: crash of libvirtd without guest agent configuration]
- RESERVED
+CVE-2013-4154 (The qemuAgentCommand function in libvirt before 1.1.1, when a
guest ...)
- libvirt 1.1.0-4 (low; bug #717355)
[squeeze] - libvirt <no-dsa> (Minor issue)
[wheezy] - libvirt <no-dsa> (Minor issue)
NOTE: http://openwall.com/lists/oss-security/2013/07/19/12
-CVE-2013-4153 [libvirt: double free of returned JSON array in
qemuAgentGetVCPUs]
- RESERVED
+CVE-2013-4153 (Double free vulnerability in the qemuAgentGetVCPUs function in
...)
- libvirt 1.1.0-4 (bug #717354)
[squeeze] - libvirt <not-affected> (Introduced in 1.0.6)
[wheezy] - libvirt <not-affected> (Introduced in 1.0.6)
@@ -4290,8 +4286,7 @@
CVE-2013-4137 [SQL Injection]
RESERVED
- statusnet <itp> (bug #491723)
-CVE-2013-4136 [passenger insecure tmp files usage]
- RESERVED
+CVE-2013-4136 (ext/common/ServerInstanceDir.h in Phusion Passenger gem before
4.0.6 ...)
- passenger <removed>
- ruby-passenger 3.0.13debian-1.2 (low; bug #717176)
[squeeze] - passenger <no-dsa> (minor, local, issue)
@@ -4593,8 +4588,8 @@
RESERVED
CVE-2013-4043
RESERVED
-CVE-2013-4042
- RESERVED
+CVE-2013-4042 (Unspecified vulnerability in IBM SPSS Collaboration and
Deployment ...)
+ TODO: check
CVE-2013-4041
RESERVED
CVE-2013-4040
@@ -4623,8 +4618,8 @@
RESERVED
CVE-2013-4028
RESERVED
-CVE-2013-4027
- RESERVED
+CVE-2013-4027 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through
7.1.1.12, ...)
+ TODO: check
CVE-2013-4026
RESERVED
CVE-2013-4025 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance
Manager ...)
@@ -4635,24 +4630,24 @@
RESERVED
CVE-2013-4022 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance
Manager ...)
NOT-FOR-US: IBM
-CVE-2013-4021
- RESERVED
-CVE-2013-4020
- RESERVED
-CVE-2013-4019
- RESERVED
-CVE-2013-4018
- RESERVED
-CVE-2013-4017
- RESERVED
+CVE-2013-4021 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before
7.1.1.12, ...)
+ TODO: check
+CVE-2013-4020 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through
7.1.1.12, ...)
+ TODO: check
+CVE-2013-4019 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
+ TODO: check
+CVE-2013-4018 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before
7.1.1.12, ...)
+ TODO: check
+CVE-2013-4017 (SQL injection vulnerability in IBM Maximo Asset Management 7.1
before ...)
+ TODO: check
CVE-2013-4016
RESERVED
CVE-2013-4015 (Microsoft Internet Explorer 6 through 10 allows local users to
bypass ...)
NOT-FOR-US: MS IE
-CVE-2013-4014
- RESERVED
-CVE-2013-4013
- RESERVED
+CVE-2013-4014 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
+ TODO: check
+CVE-2013-4013 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through
7.1.1.12, ...)
+ TODO: check
CVE-2013-4012
RESERVED
CVE-2013-4011 (Multiple unspecified vulnerabilities in the InfiniBand
subsystem in ...)
@@ -4731,12 +4726,12 @@
RESERVED
CVE-2013-3974
RESERVED
-CVE-2013-3973
- RESERVED
-CVE-2013-3972
- RESERVED
-CVE-2013-3971
- RESERVED
+CVE-2013-3973 (SQL injection vulnerability in IBM Maximo Asset Management 7.1
before ...)
+ TODO: check
+CVE-2013-3972 (IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before
7.5.0.5 ...)
+ TODO: check
+CVE-2013-3971 (IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before
...)
+ TODO: check
CVE-2013-3970 (Juniper Junos Pulse Secure Access Service (aka SSL VPN) with
IVE OS ...)
NOT-FOR-US: Juniper Junos Pulse Secure Access Service
CVE-2013-3969
@@ -6267,8 +6262,7 @@
RESERVED
CVE-2013-3279
RESERVED
-CVE-2013-3278
- RESERVED
+CVE-2013-3278 (EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for
storage ...)
NOT-FOR-US: EMC
CVE-2013-3277 (Open redirect vulnerability in EMC RSA Archer GRC 5.x before
5.4 ...)
NOT-FOR-US: EMC
@@ -6794,12 +6788,12 @@
NOT-FOR-US: TrustZone kernel
CVE-2013-3050 (SQL injection vulnerability in ZAPms 1.41 and earlier allows
remote ...)
NOT-FOR-US: ZAPms
-CVE-2013-3049
- RESERVED
-CVE-2013-3048
- RESERVED
-CVE-2013-3047
- RESERVED
+CVE-2013-3049 (IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before
...)
+ TODO: check
+CVE-2013-3048 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
+ TODO: check
+CVE-2013-3047 (IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before
7.5.0.5 ...)
+ TODO: check
CVE-2013-3046
RESERVED
CVE-2013-3045
@@ -6810,8 +6804,8 @@
RESERVED
CVE-2013-3042
RESERVED
-CVE-2013-3041
- RESERVED
+CVE-2013-3041 (The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12,
8.0 ...)
+ TODO: check
CVE-2013-3040 (IBM InfoSphere Information Server through 8.5 FP3, 8.7 through
FP2, ...)
NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-3039 (IBM Rational Requirements Composer before 4.0.4 does not
properly ...)
@@ -8901,8 +8895,7 @@
{DSA-2766-1}
- linux-2.6 <removed> (low)
- linux <not-affected> (openvz flavour no longer included after Squeeze)
-CVE-2013-2238 [buffer overflow]
- RESERVED
+CVE-2013-2238 (Multiple buffer overflows in the switch_perform_substitution
function ...)
- freeswitch <itp> (bug #389591)
CVE-2013-2237 (The key_notify_policy_flush function in net/key/af_key.c in the
Linux ...)
{DSA-2766-1 DSA-2745-1}
@@ -8930,8 +8923,7 @@
CVE-2013-2231 [qemu-ga win32 service unquoted search path]
RESERVED
- qemu <not-affected> (Only affects win32 build)
-CVE-2013-2230
- RESERVED
+CVE-2013-2230 (The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1
allows ...)
- libvirt 1.1.0-3 (bug #715559)
[squeeze] - libvirt <not-affected> (Vulnerable code introduced in with
commit abf75aea)
[wheezy] - libvirt <not-affected> (Vulnerable code introduced in with
commit abf75aea)
@@ -8977,8 +8969,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2013/06/28/2
CVE-2013-2219 (The Red Hat Directory Server before 8.2.11-13 and 389 Directory
Server ...)
- 389-ds-base <unfixed> (bug #718325)
-CVE-2013-2218 [crash when listing network interfaces with filters]
- RESERVED
+CVE-2013-2218 (Double free vulnerability in the virConnectListAllInterfaces
method in ...)
- libvirt 1.1.0-1 (bug #714699)
[squeeze] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6)
[wheezy] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6)
@@ -10314,8 +10305,7 @@
NOTE: https://rt.cpan.org/Ticket/Display.html?id=83909
CVE-2013-1840 (The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2),
and ...)
- glance 2012.1.1-5 (bug #703063)
-CVE-2013-1839 [DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc]
- RESERVED
+CVE-2013-1839 (The strHdrAcptLangGetItem function in errorpage.cc in Squid
3.2.x ...)
- squid3 <not-affected> (the errors were introduced in trunk rev.11496
in 3.2.0.9)
NOTE: According to http://seclists.org/bugtraq/2013/Mar/68 not
affecting 3.1?
NOTE: http://bazaar.launchpad.net/~squid/squid/3.2/revision/11796
@@ -11643,16 +11633,14 @@
RESERVED
CVE-2013-1445
RESERVED
-CVE-2013-1444 [txt2man: Unsafe use of /tmp]
- RESERVED
+CVE-2013-1444 (A certain Debian patch for txt2man 1.5.5, as used in txt2man
1.5.5-2, ...)
- txt2man 1.5.5-4.1 (bug #724614)
[wheezy] - txt2man <no-dsa> (Minor issue)
[squeeze] - txt2man <no-dsa> (Minor issue)
CVE-2013-1443 (The authentication framework (django.contrib.auth) in Django
1.4.x ...)
{DSA-2758-1}
- python-django 1.5.4-1 (bug #723043)
-CVE-2013-1442 [Information leak on AVX and/or LWP capable CPUs]
- RESERVED
+CVE-2013-1442 (Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does
not ...)
- xen <unfixed>
TODO: check, see NOTE
NOTE: advisory say: In Xen 4.0.2 through 4.0.4 as well as in Xen 4.1.x
XSAVE support is disabled by default
@@ -14325,8 +14313,8 @@
NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2013-0452 (Cross-site request forgery (CSRF) vulnerability in the Software
Use ...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
-CVE-2013-0451
- RESERVED
+CVE-2013-0451 (SQL injection vulnerability in IBM Maximo Asset Management 6.2
through ...)
+ TODO: check
CVE-2012-6425
RESERVED
CVE-2012-6424
@@ -15233,8 +15221,7 @@
- samba 2:3.6.6-5
CVE-2013-0212 (store/swift.py in OpenStack Glance Essex (2012.1), Folsom
(2012.2) ...)
- glance 2012.1.1-4
-CVE-2013-0211
- RESERVED
+CVE-2013-0211 (Integer signedness error in the archive_write_zip_data function
in ...)
- libarchive 3.0.4-3 (bug #703957)
[squeeze] - libarchive <not-affected> (Vulnerable code not present)
CVE-2013-0210
@@ -21957,8 +21944,8 @@
RESERVED
CVE-2012-4097
RESERVED
-CVE-2012-4096
- RESERVED
+CVE-2012-4096 (The local file editor in the Baseboard Management Controller
(BMC) in ...)
+ TODO: check
CVE-2012-4095
RESERVED
CVE-2012-4094 (Buffer overflow in the Smart Call Home feature in the fabric
...)
@@ -23969,8 +23956,8 @@
NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3324 (Directory traversal vulnerability in the UTL_FILE module in IBM
DB2 ...)
NOT-FOR-US: IBM DB2
-CVE-2012-3323
- RESERVED
+CVE-2012-3323 (IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before
7.1.1.12, and ...)
+ TODO: check
CVE-2012-3322 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
NOT-FOR-US: IBM
CVE-2012-3321 (IBM SmartCloud Control Desk 7.5 allows remote authenticated
users to ...)
@@ -34105,61 +34092,61 @@
CVE-2011-4403
RESERVED
CVE-2011-4402
- RESERVED
+ REJECTED
CVE-2011-4401
- RESERVED
+ REJECTED
CVE-2011-4400
- RESERVED
+ REJECTED
CVE-2011-4399
- RESERVED
+ REJECTED
CVE-2011-4398
- RESERVED
+ REJECTED
CVE-2011-4397
- RESERVED
+ REJECTED
CVE-2011-4396
- RESERVED
+ REJECTED
CVE-2011-4395
- RESERVED
+ REJECTED
CVE-2011-4394
- RESERVED
+ REJECTED
CVE-2011-4393
- RESERVED
+ REJECTED
CVE-2011-4392
- RESERVED
+ REJECTED
CVE-2011-4391
- RESERVED
+ REJECTED
CVE-2011-4390
- RESERVED
+ REJECTED
CVE-2011-4389
- RESERVED
+ REJECTED
CVE-2011-4388
- RESERVED
+ REJECTED
CVE-2011-4387
- RESERVED
+ REJECTED
CVE-2011-4386
- RESERVED
+ REJECTED
CVE-2011-4385
- RESERVED
+ REJECTED
CVE-2011-4384
- RESERVED
+ REJECTED
CVE-2011-4383
- RESERVED
+ REJECTED
CVE-2011-4382
- RESERVED
+ REJECTED
CVE-2011-4381
- RESERVED
+ REJECTED
CVE-2011-4380
- RESERVED
+ REJECTED
CVE-2011-4379
- RESERVED
+ REJECTED
CVE-2011-4378
- RESERVED
+ REJECTED
CVE-2011-4377
- RESERVED
+ REJECTED
CVE-2011-4376
- RESERVED
+ REJECTED
CVE-2011-4375
- RESERVED
+ REJECTED
CVE-2011-4374 (Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux
allows ...)
NOT-FOR-US: Adobe Reader
CVE-2011-4373 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
