[Secure-testing-commits] r24352 - data/CVE

Wed, 20 Nov 2013 06:43:44 -0800 

Author: carnil
Date: 2013-11-20 13:46:37 +0000 (Wed, 20 Nov 2013)
New Revision: 24352

Modified:
   data/CVE/list
Log:
Add changes to CVE list

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2013-11-20 13:43:42 UTC (rev 24351)
+++ data/CVE/list       2013-11-20 13:46:37 UTC (rev 24352)
@@ -747,10 +747,12 @@
 CVE-2013-6283 (VideoLAN VLC Media Player 2.0.8 and earlier allows remote 
attackers to ...)
        - vlc <unfixed>
        TODO: check, seems not to affect 2.1.0-2
-CVE-2013-6282
+CVE-2013-6282 [missing access checks in get_user/put_user on ARM]
        RESERVED
        - linux <unfixed>
        - linux-2.6 <unfixed>
+       NOTE: 
https://www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282
+       NOTE: 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/arm/include/asm/uaccess.h?id=8404663f81d212918ff85f493649a7991209fa04
 CVE-2013-6281 (Cross-site scripting (XSS) vulnerability in 
codebase/spreadsheet.php ...)
        TODO: check
 CVE-2013-6280 (Cross-site scripting (XSS) vulnerability in Social Sharing 
Toolkit ...)
@@ -873,6 +875,7 @@
        RESERVED
 CVE-2013-6226
        RESERVED
+       NOT-FOR-US: Pydio (AjaXplorer) Zoho Editor plugin
 CVE-2013-6225
        RESERVED
 CVE-2013-6224
@@ -2316,6 +2319,7 @@
        RESERVED
 CVE-2013-5607
        RESERVED
+       - nspr 2:4.10.2-1
 CVE-2013-5606
        RESERVED
        - nss 2:3.15.3-1
@@ -4623,7 +4627,8 @@
        RESERVED
 CVE-2013-4593
        RESERVED
-CVE-2013-4592
+       - ruby-omniauth-facebook <itp> (bug #705766)
+CVE-2013-4592 [kvm: memory leak when memory slot is moved with assigned device]
        RESERVED
        - linux 3.8-1
        - linux-2.6 <removed>
@@ -4632,41 +4637,53 @@
        - linux 3.8-1
        [wheezy] - linux <not-affected> (Introduced in 3.6)
        - linux-2.6 <not-affected> (Introduced in 3.6)
+       NOTE: 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=12d6e7538e2d418c08f082b1b44ffa5fb7270ed8
+       NOTE: 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40f193f5bb022e927a57a4f5d5194e4f12ddb74
 CVE-2013-4590
        RESERVED
 CVE-2013-4589
        RESERVED
-CVE-2013-4588
+       - graphicsmagick <unfixed> (bug #729661)
+CVE-2013-4588 [net: ipvs stack buffer overflow]
        RESERVED
-       - linux 2.6.33-1
-       - linux-2.6 <removed>
+       - linux <not-affected> (fixed in 2.6.33)
+       - linux-2.6 2.6.37-1
+       NOTE: 2.6.37-1 first version including 2.6.33 in unstable for linux-2.6
+       NOTE: 
https://git.kernel.org/linus/04bcef2a83f40c6db24222b27a52892cba39dffb
+       NOTE: http://seclists.org/fulldisclosure/2013/Nov/77
 CVE-2013-4587
        RESERVED
 CVE-2013-4586
        RESERVED
 CVE-2013-4585
        RESERVED
-CVE-2013-4584
+CVE-2013-4584 [ssl_outgoing_ciphers not applied to STARTTLS connections]
        RESERVED
        - perdition <unfixed> (low; bug #729028)
        [wheezy] - perdition <no-dsa> (Minor issue)
        [squeeze] - perdition <no-dsa> (Minor issue)
 CVE-2013-4583
        RESERVED
-CVE-2013-4582
+       - gitlab <itp> (bug #651606)
+CVE-2013-4582 [Local file inclusion vulnerability]
+       - gitlab <itp> (bug #651606)
        RESERVED
-CVE-2013-4581
+CVE-2013-4581 [Remote code execution vulnerability via Git SSH access]
        RESERVED
-CVE-2013-4580
+       - gitlab <itp> (bug #651606)
+CVE-2013-4580 [Unauthenticated API access to GitLab when using MySQL]
        RESERVED
-CVE-2013-4579
+       - gitlab <itp> (bug #651606)
+CVE-2013-4579 [ath9k_htc improperly updates MAC address]
        RESERVED
-       - linux <unfixed>
        - linux-2.6 <removed>
+       - linux <unfixed> (bug #729573)
+       NOTE: 
http://www.mathyvanhoef.com/2013/11/unmasking-spoofed-mac-address.html
 CVE-2013-4578
        RESERVED
-CVE-2013-4577
+CVE-2013-4577 [should set safer permissions even when hashed passwords are 
found]
        RESERVED
+       - grub2 2.00-20 (bug #632598)
 CVE-2013-4576
        RESERVED
 CVE-2013-4575 (Heap-based buffer overflow in the utility program in the Linux 
agent ...)
@@ -4678,7 +4695,8 @@
        NOT-FOR-US: mediawiki extension ZeroRatedMobileAccess
 CVE-2013-4572
        RESERVED
-       - mediawiki <unfixed>
+       - mediawiki <unfixed> (bug #729629)
+       NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=53032
 CVE-2013-4571
        RESERVED
 CVE-2013-4570
@@ -4688,34 +4706,49 @@
        NOT-FOR-US: mediawiki extension CleanChanges
 CVE-2013-4568
        RESERVED
-       - mediawiki <unfixed>
+       - mediawiki <unfixed> (bug #729629)
+       NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
 CVE-2013-4567
        RESERVED
-       - mediawiki <unfixed>
+       - mediawiki <unfixed> (bug #729629)
+       NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
 CVE-2013-4566
        RESERVED
-CVE-2013-4565
+CVE-2013-4565 [heap-based buffer overflow]
        RESERVED
+       - xlhtml <unfixed> (bug #729279)
 CVE-2013-4564
        RESERVED
-CVE-2013-4563
+CVE-2013-4563 [net: large udp packet over IPv6 over UFO-enabled device with 
TBF qdisc panic]
        RESERVED
+       - linux-2.6 <not-affected> (Introded in v3.10-rc5)
+       - linux <unfixed>
+       NOTE: Introduced: 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e2bd517c108816220f262d7954b697af03b5f9c
+       NOTE: fixed in: 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e033e0
+       TODO: check
 CVE-2013-4562
        RESERVED
+       - ruby-omniauth-facebook <itp> (bug #705766)
+       NOTE: 
https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7
 CVE-2013-4561
        RESERVED
-CVE-2013-4560
+CVE-2013-4560 [use-after-free in fam]
        RESERVED
-CVE-2013-4559
+       - lighttpd 1.4.33-1+nmu1 (bug #729453)
+CVE-2013-4559 [setuid privilege escalation issue]
        RESERVED
+       - lighttpd 1.4.33-1+nmu1 (bug #729453)
 CVE-2013-4558
        RESERVED
 CVE-2013-4557
        RESERVED
+       - spip 2.1.24-1 (bug #729172)
 CVE-2013-4556
        RESERVED
+       - spip 2.1.24-1 (bug #729172)
 CVE-2013-4555
        RESERVED
+       - spip 2.1.24-1 (bug #729172)
 CVE-2013-4554
        RESERVED
 CVE-2013-4553
@@ -4743,12 +4776,15 @@
        - openssh 1:6.4p1-1 (bug #729029)
        [wheezy] - openssh <not-affected> (AES-GCM support introduced in 6.2)
        [squeeze] - openssh <not-affected> (AES-GCM support introduced in 6.2)
-CVE-2013-4547
+CVE-2013-4547 [security restrictions bypass]
        RESERVED
-CVE-2013-4546
+       - nginx <unfixed> (bug #730012)
+CVE-2013-4546 [remote command execution]
        RESERVED
+       - gitlab <itp> (bug #651606)
 CVE-2013-4545
        RESERVED
+       - curl 7.33.0-1
 CVE-2013-4544
        RESERVED
 CVE-2013-4543
@@ -4855,11 +4891,11 @@
        NOTE: This is rather a bug in the various IBus engines not in ibus 
itself, asked maintainers to investigate affected engines,
        NOTE: can be assigned to affected engines once more info is available
        NOTE: Introduced in 1.5, so stable/oldstable not affected
-CVE-2013-4508
+CVE-2013-4508 [ssl.cipher-list not inherited into SNI]
        RESERVED
-       - lighttpd <unfixed>
-       TODO: check
+       - lighttpd 1.4.33-1+nmu1 (bug #729453)
        NOTE: 
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt
+       NOTE: http://redmine.lighttpd.net/issues/2525
 CVE-2013-4507 [XSS]
        RESERVED
        NOT-FOR-US: CollectiveAccess
@@ -4897,9 +4933,9 @@
        NOTE: 
https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7
 CVE-2013-4496
        RESERVED
-CVE-2013-4495
+CVE-2013-4495 [remote command execution]
        RESERVED
-       - torque 2.4.16+dfsg-1.3
+       - torque 2.4.16+dfsg-1.3 (bug #729333)
 CVE-2013-4494 (Xen before 4.1.x, 4.2.x, and 4.3.x does not take the 
page_alloc_lock ...)
        - xen <unfixed>
 CVE-2013-4493
@@ -8864,6 +8900,10 @@
        [squeeze] - chromium-browser <end-of-life>
 CVE-2013-2930
        RESERVED
+       - linux-2.6 <not-affected> (Introduced in v3.4)
+       [wheezy] - linux <not-affected> (Introduced in v3.4)
+       - linux 3.11.8-1
+       NOTE: Introduced by ced39002f5ea)
 CVE-2013-2929
        RESERVED
 CVE-2013-2928 (Multiple unspecified vulnerabilities in Google Chrome before 
...)
@@ -10959,7 +10999,7 @@
 CVE-2013-2187
        RESERVED
 CVE-2013-2186 (The DiskFileItem class in Apache Commons FileUpload, as used in 
Red ...)
-       - libcommons-fileupload-java <unfixed> (bug #726601)
+       - libcommons-fileupload-java 1.3-2.1 (bug #726601)
 CVE-2013-2185 [tomcat: arbitrary file upload via deserialization]
        RESERVED
        NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
@@ -33838,8 +33878,12 @@
        RESERVED
 CVE-2011-4974
        RESERVED
-CVE-2011-4973
+CVE-2011-4973 [mod_nss FakeBasicAuth authentication bypass]
        RESERVED
+       - libapache2-mod-nss <unfixed> (bug #729626)
+       NOTE: 
https://www.redhat.com/archives/mod_nss-list/2011-May/msg00001.html
+       NOTE: 
https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=a6c3370491ae1d3bc552e8de9353c82f73e510e3
+       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1017197
 CVE-2011-4972 [CKEditor module for Drupal access bypass]
        RESERVED
        NOT-FOR-US: Drupal module


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to