Author: carnil
Date: 2013-12-20 06:35:06 +0000 (Fri, 20 Dec 2013)
New Revision: 24834
Modified:
data/CVE/list
Log:
Run a manual update to get current CVE lists
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-12-20 06:30:03 UTC (rev 24833)
+++ data/CVE/list 2013-12-20 06:35:06 UTC (rev 24834)
@@ -1,52 +1,362 @@
+CVE-2014-0465
+ RESERVED
+CVE-2014-0464
+ RESERVED
+CVE-2014-0463
+ RESERVED
+CVE-2014-0462
+ RESERVED
+CVE-2014-0461
+ RESERVED
+CVE-2014-0460
+ RESERVED
+CVE-2014-0459
+ RESERVED
+CVE-2014-0458
+ RESERVED
+CVE-2014-0457
+ RESERVED
+CVE-2014-0456
+ RESERVED
+CVE-2014-0455
+ RESERVED
+CVE-2014-0454
+ RESERVED
+CVE-2014-0453
+ RESERVED
+CVE-2014-0452
+ RESERVED
+CVE-2014-0451
+ RESERVED
+CVE-2014-0450
+ RESERVED
+CVE-2014-0449
+ RESERVED
+CVE-2014-0448
+ RESERVED
+CVE-2014-0447
+ RESERVED
+CVE-2014-0446
+ RESERVED
+CVE-2014-0445
+ RESERVED
+CVE-2014-0444
+ RESERVED
+CVE-2014-0443
+ RESERVED
+CVE-2014-0442
+ RESERVED
+CVE-2014-0441
+ RESERVED
+CVE-2014-0440
+ RESERVED
+CVE-2014-0439
+ RESERVED
+CVE-2014-0438
+ RESERVED
+CVE-2014-0437
+ RESERVED
+CVE-2014-0436
+ RESERVED
+CVE-2014-0435
+ RESERVED
+CVE-2014-0434
+ RESERVED
+CVE-2014-0433
+ RESERVED
+CVE-2014-0432
+ RESERVED
+CVE-2014-0431
+ RESERVED
+CVE-2014-0430
+ RESERVED
+CVE-2014-0429
+ RESERVED
+CVE-2014-0428
+ RESERVED
+CVE-2014-0427
+ RESERVED
+CVE-2014-0426
+ RESERVED
+CVE-2014-0425
+ RESERVED
+CVE-2014-0424
+ RESERVED
+CVE-2014-0423
+ RESERVED
+CVE-2014-0422
+ RESERVED
+CVE-2014-0421
+ RESERVED
+CVE-2014-0420
+ RESERVED
+CVE-2014-0419
+ RESERVED
+CVE-2014-0418
+ RESERVED
+CVE-2014-0417
+ RESERVED
+CVE-2014-0416
+ RESERVED
+CVE-2014-0415
+ RESERVED
+CVE-2014-0414
+ RESERVED
+CVE-2014-0413
+ RESERVED
+CVE-2014-0412
+ RESERVED
+CVE-2014-0411
+ RESERVED
+CVE-2014-0410
+ RESERVED
+CVE-2014-0409
+ RESERVED
+CVE-2014-0408
+ RESERVED
+CVE-2014-0407
+ RESERVED
+CVE-2014-0406
+ RESERVED
+CVE-2014-0405
+ RESERVED
+CVE-2014-0404
+ RESERVED
+CVE-2014-0403
+ RESERVED
+CVE-2014-0402
+ RESERVED
+CVE-2014-0401
+ RESERVED
+CVE-2014-0400
+ RESERVED
+CVE-2014-0399
+ RESERVED
+CVE-2014-0398
+ RESERVED
+CVE-2014-0397
+ RESERVED
+CVE-2014-0396
+ RESERVED
+CVE-2014-0395
+ RESERVED
+CVE-2014-0394
+ RESERVED
+CVE-2014-0393
+ RESERVED
+CVE-2014-0392
+ RESERVED
+CVE-2014-0391
+ RESERVED
+CVE-2014-0390
+ RESERVED
+CVE-2014-0389
+ RESERVED
+CVE-2014-0388
+ RESERVED
+CVE-2014-0387
+ RESERVED
+CVE-2014-0386
+ RESERVED
+CVE-2014-0385
+ RESERVED
+CVE-2014-0384
+ RESERVED
+CVE-2014-0383
+ RESERVED
+CVE-2014-0382
+ RESERVED
+CVE-2014-0381
+ RESERVED
+CVE-2014-0380
+ RESERVED
+CVE-2014-0379
+ RESERVED
+CVE-2014-0378
+ RESERVED
+CVE-2014-0377
+ RESERVED
+CVE-2014-0376
+ RESERVED
+CVE-2014-0375
+ RESERVED
+CVE-2014-0374
+ RESERVED
+CVE-2014-0373
+ RESERVED
+CVE-2014-0372
+ RESERVED
+CVE-2014-0371
+ RESERVED
+CVE-2014-0370
+ RESERVED
+CVE-2014-0369
+ RESERVED
+CVE-2014-0368
+ RESERVED
+CVE-2014-0367
+ RESERVED
+CVE-2014-0366
+ RESERVED
+CVE-2013-7148
+ RESERVED
+CVE-2013-7147
+ RESERVED
+CVE-2013-7146
+ RESERVED
+CVE-2013-7145
+ RESERVED
+CVE-2013-7144
+ RESERVED
+CVE-2013-7143
+ RESERVED
+CVE-2013-7142
+ RESERVED
+CVE-2013-7141
+ RESERVED
+CVE-2013-7140
+ RESERVED
+CVE-2013-7139
+ RESERVED
+CVE-2013-7138
+ RESERVED
+CVE-2013-7137
+ RESERVED
+CVE-2013-7136
+ RESERVED
+CVE-2013-7133
+ RESERVED
+CVE-2013-7132
+ RESERVED
+CVE-2013-7131
+ RESERVED
+CVE-2013-7130
+ RESERVED
+CVE-2013-7129 (Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog
theme ...)
+ TODO: check
+CVE-2013-7128 (Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1
in ...)
+ TODO: check
+CVE-2013-7127 (Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores
cleartext ...)
+ TODO: check
+CVE-2013-7126
+ RESERVED
+CVE-2013-7125
+ RESERVED
+CVE-2013-7124
+ RESERVED
+CVE-2013-7123
+ RESERVED
+CVE-2013-7122
+ RESERVED
+CVE-2013-7121
+ RESERVED
+CVE-2013-7120
+ RESERVED
+CVE-2013-7119
+ RESERVED
+CVE-2013-7118
+ RESERVED
+CVE-2013-7117
+ RESERVED
+CVE-2013-7116
+ RESERVED
+CVE-2013-7115
+ RESERVED
+CVE-2013-7109
+ RESERVED
+CVE-2013-7105 (Buffer overflow in the Interstage HTTP Server log
functionality, as ...)
+ TODO: check
+CVE-2013-7104 (McAfee Email Gateway 7.6 allows remote authenticated
administrators to ...)
+ TODO: check
+CVE-2013-7103 (McAfee Email Gateway 7.6 allows remote authenticated
administrators to ...)
+ TODO: check
+CVE-2013-7102
+ RESERVED
+CVE-2013-7101
+ RESERVED
+CVE-2013-7100
+ RESERVED
+CVE-2013-7099
+ RESERVED
+CVE-2013-7098
+ RESERVED
+CVE-2013-7097
+ RESERVED
+CVE-2013-7096 (Multiple SQL injection vulnerabilities in SAP EMR Unwired allow
remote ...)
+ TODO: check
+CVE-2013-7095 (The XML parser (crm_flex_data) in SAP Customer Relationship
Management ...)
+ TODO: check
+CVE-2013-7094 (SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS
function in ...)
+ TODO: check
+CVE-2013-7093 (SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote
...)
+ TODO: check
+CVE-2013-7092 (Multiple SQL injection vulnerabilities in ...)
+ TODO: check
+CVE-2013-7091 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2013-7090
+ RESERVED
+CVE-2013-7084
+ RESERVED
CVE-2013-7134
+ RESERVED
NOT-FOR-US: Juvia
CVE-2013-XXXX [http://downloads.asterisk.org/pub/security/AST-2013-007.html]
- asterisk 1:11.7.0~dfsg-1 (bug #732355)
CVE-2013-XXXX [http://downloads.asterisk.org/pub/security/AST-2013-006.html]
- asterisk 1:11.7.0~dfsg-1 (bug #732355)
CVE-2013-7135
+ RESERVED
- libproc-daemon-perl 0.14-2 (low; bug #732283)
[wheezy] - libproc-daemon-perl <no-dsa> (Minor issue)
[squeeze] - libproc-daemon-perl <not-affected> (does not have pid_file
option)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=91450
CVE-2013-7114
+ RESERVED
- wireshark 1.10.4-1
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2013-68.html
CVE-2013-7113
+ RESERVED
- wireshark 1.10.4-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2013-67.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488
CVE-2013-7112
+ RESERVED
- wireshark 1.10.4-1 (unimportant)
NOTE: https://www.wireshark.org/security/wnpa-sec-2013-66.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9388
NOTE: Not suitable for code injection
CVE-2013-7111
+ RESERVED
NOT-FOR-US: Bio Basespace SDK Ruby Gem
CVE-2013-7110
+ RESERVED
- transifex-client <unfixed> (low)
[wheezy] - transifex-client <not-affected> (Incomplete patch was never
released)
NOTE: fix for CVE-2013-2073 was incorrect/incomplete
NOTE: https://github.com/transifex/transifex-client/issues/42
NOTE: https://github.com/transifex/transifex-client/commit/6d69d61
CVE-2013-7108 [off-by-one read error]
+ RESERVED
- icinga 1.10.2-1
- nagios3 <unfixed>
NOTE: https://dev.icinga.org/issues/5251
CVE-2013-7107 [CSRF]
+ RESERVED
- icinga 1.10.2-1
- nagios3 <unfixed>
NOTE: https://dev.icinga.org/issues/5250
CVE-2013-7106 [several buffer overflows]
+ RESERVED
- icinga 1.10.2-1
NOTE: https://dev.icinga.org/issues/5250
CVE-2013-7083
RESERVED
CVE-2013-7068
RESERVED
-CVE-2013-7067
- RESERVED
+CVE-2013-7067 (The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does
not ...)
+ TODO: check
CVE-2013-7066
RESERVED
CVE-2013-7065
@@ -115,19 +425,22 @@
- linux <unfixed>
- linux-2.6 <removed>
CVE-2013-7089 [dbg_printhex possible information leak]
+ RESERVED
- clamav 0.97.7+dfsg-1
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6804
CVE-2013-7088 [buffer overflow]
+ RESERVED
- clamav 0.97.7+dfsg-1
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6809
NOTE:
https://github.com/vrtadmin/clamav-devel/commit/e8e3746266dd3f82054ca137b81b800e54de6ebd
CVE-2013-7087 [[clamav: WWPack corrupt heap memory]
+ RESERVED
- clamav 0.97.7+dfsg-1
NOTE:
https://github.com/vrtadmin/clamav-devel/commit/71990820d01c246e4e61408a3659dd9d92949b38
NOTE: from
https://github.com/vrtadmin/clamav-devel/commits/master/libclamav/wwunpack.c
-CVE-2013-7086 [Command injection]
+CVE-2013-7086 (The message function in lib/webbynode/notify.rb in the
Webbynode gem ...)
NOT-FOR-US: Ruby Gem Webbynode
-CVE-2013-7085 [uscan: broken handling of filenames with whitespace]
+CVE-2013-7085 (Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled,
allows ...)
- devscripts <unfixed> (bug #732006)
[wheezy] - devscripts <not-affected> (does not contain the vulnerable
code; introduced in 2.13.5)
[squeeze] - devscripts <not-affected> (does not contain the vulnerable
code; introduced in 2.13.5)
@@ -191,14 +504,12 @@
- nova 2013.2.1-1 (bug #732022)
[wheezy] - nova <not-affected> (Support for live snapshots added later)
NOTE: https://bugs.launchpad.net/nova/+bug/1227027
-CVE-2013-7050 [uscan: arbitrary code execution]
- RESERVED
+CVE-2013-7050 (The get_main_source_dir function in scripts/uscan.pl in
devscripts ...)
- devscripts 2.13.8 (bug #731849)
[wheezy] - devscripts <not-affected> (does not contain the vulnerable
code; introduced in 2.13.5)
[squeeze] - devscripts <not-affected> (does not contain the vulnerable
code; introduced in 2.13.5)
NOTE:
http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=91f05b5
-CVE-2013-7069 [remote code execution via per-project .ackrc files]
- RESERVED
+CVE-2013-7069 (ack 2.00 through 2.11_02 allows remote attackers to execute
arbitrary ...)
- ack-grep 2.12-1 (bug #731848)
[wheezy] - ack-grep <not-affected> (don't support per-project .ackrc
files)
[squeeze] - ack-grep <not-affected> (don't support per-project .ackrc
files)
@@ -209,10 +520,10 @@
RESERVED
CVE-2013-7006
RESERVED
-CVE-2013-7005
- RESERVED
-CVE-2013-7004
- RESERVED
+CVE-2013-7005 (D-Link DSR-150 with firmware before 1.08B44; DSR-150N with
firmware ...)
+ TODO: check
+CVE-2013-7004 (D-Link DSR-150 with firmware before 1.08B44; DSR-150N with
firmware ...)
+ TODO: check
CVE-2013-7003
RESERVED
NOT-FOR-US: LiveZilla
@@ -317,14 +628,12 @@
[wheezy] - python2.7 <no-dsa> (Minor issue)
[squeeze] - python3.1 <no-dsa> (Minor issue)
[wheezy] - python3.2 <no-dsa> (Minor issue)
-CVE-2013-7039 [stack overflow in MHD_digest_auth_check()]
- RESERVED
+CVE-2013-7039 (Stack-based buffer overflow in the MHD_digest_auth_check
function in ...)
- libmicrohttpd 0.9.32-1 (low; bug #731933)
[squeeze] - libmicrohttpd <no-dsa> (Minor issue, only expoitable in
corner cases)
[wheezy] - libmicrohttpd <no-dsa> (Minor issue, only expoitable in
corner cases)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039390
-CVE-2013-7038 [out-of-bounds read in MHD_http_unescape()]
- RESERVED
+CVE-2013-7038 (The MHD_http_unescape function in libmicrohttpd before 0.9.32
might ...)
- libmicrohttpd 0.9.32-1 (low; bug #731933)
[squeeze] - libmicrohttpd <no-dsa> (Minor issue)
[wheezy] - libmicrohttpd <no-dsa> (Minor issue)
@@ -479,42 +788,42 @@
RESERVED
CVE-2013-6974
RESERVED
-CVE-2013-6973
- RESERVED
-CVE-2013-6972
- RESERVED
-CVE-2013-6971
- RESERVED
-CVE-2013-6970
- RESERVED
-CVE-2013-6969
- RESERVED
-CVE-2013-6968
- RESERVED
-CVE-2013-6967
- RESERVED
-CVE-2013-6966
- RESERVED
-CVE-2013-6965
- RESERVED
-CVE-2013-6964
- RESERVED
-CVE-2013-6963
- RESERVED
-CVE-2013-6962
- RESERVED
-CVE-2013-6961
- RESERVED
-CVE-2013-6960
- RESERVED
-CVE-2013-6959
- RESERVED
-CVE-2013-6958
- RESERVED
-CVE-2013-6957
- RESERVED
-CVE-2013-6956
- RESERVED
+CVE-2013-6973 (Cisco WebEx Training Center allows remote attackers to discover
...)
+ TODO: check
+CVE-2013-6972 (Cisco WebEx Training Center allows remote attackers to discover
...)
+ TODO: check
+CVE-2013-6971 (Open redirect vulnerability in Cisco WebEx Training Center
allows ...)
+ TODO: check
+CVE-2013-6970 (Cisco WebEx Meeting Center allows remote attackers to obtain
sensitive ...)
+ TODO: check
+CVE-2013-6969 (The training-registration page in Cisco WebEx Training Center
allows ...)
+ TODO: check
+CVE-2013-6968 (Cisco WebEx Training Center provides different error messages
for ...)
+ TODO: check
+CVE-2013-6967 (Open redirect vulnerability in the mobile-browser subsystem in
Cisco ...)
+ TODO: check
+CVE-2013-6966 (Open redirect vulnerability in Cisco WebEx Training Center
allows ...)
+ TODO: check
+CVE-2013-6965 (The registration component in Cisco WebEx Training Center
provides the ...)
+ TODO: check
+CVE-2013-6964 (Cisco WebEx Meeting Center allows remote authenticated users to
bypass ...)
+ TODO: check
+CVE-2013-6963 (Cross-site scripting (XSS) vulnerability in the registration
component ...)
+ TODO: check
+CVE-2013-6962 (Cross-site scripting (XSS) vulnerability in the mobile-browser
...)
+ TODO: check
+CVE-2013-6961 (Cross-site scripting (XSS) vulnerability in the Collaboration
Partner ...)
+ TODO: check
+CVE-2013-6960 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco
WebEx ...)
+ TODO: check
+CVE-2013-6959 (Open redirect vulnerability in Cisco WebEx Sales Center allows
remote ...)
+ TODO: check
+CVE-2013-6958 (Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3,
when the ...)
+ TODO: check
+CVE-2013-6957 (Cross-site scripting (XSS) vulnerability in the web
administrative ...)
+ TODO: check
+CVE-2013-6956 (Cross-site scripting (XSS) vulnerability in the Secure Access
Service ...)
+ TODO: check
CVE-2013-6955
RESERVED
CVE-2013-6954
@@ -573,10 +882,10 @@
RESERVED
CVE-2013-6927
RESERVED
-CVE-2013-6926
- RESERVED
-CVE-2013-6925
- RESERVED
+CVE-2013-6926 (The integrated HTTPS server in Siemens RuggedCom ROS before
3.12.2 ...)
+ TODO: check
+CVE-2013-6925 (The integrated HTTPS server in Siemens RuggedCom ROS before
3.12.2 ...)
+ TODO: check
CVE-2013-6924
RESERVED
CVE-2013-6923
@@ -1313,11 +1622,9 @@
CVE-2013-6884
RESERVED
NOT-FOR-US: Ditto Forensic FieldStation
-CVE-2013-6883
- RESERVED
+CVE-2013-6883 (Cross-site request forgery (CSRF) vulnerability in CRU Ditto
Forensic ...)
NOT-FOR-US: Ditto Forensic FieldStation
-CVE-2013-6882
- RESERVED
+CVE-2013-6882 (Multiple cross-site scripting (XSS) vulnerabilities in CRU
Ditto ...)
NOT-FOR-US: Ditto Forensic FieldStation
CVE-2013-6881
RESERVED
@@ -1398,15 +1705,13 @@
RESERVED
CVE-2013-6840 (Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and
10.1 ...)
NOT-FOR-US: Siemens COMOS
-CVE-2013-6839
- RESERVED
+CVE-2013-6839 (SQL injection vulnerability in InstantSoft InstantCMS 1.10.3
and ...)
NOT-FOR-US: InstantCMS
CVE-2013-6838
RESERVED
-CVE-2013-6837
- RESERVED
-CVE-2013-6836 [heap-based buffer overflow in ms_escher_get_data function]
- RESERVED
+CVE-2013-6837 (Cross-site scripting (XSS) vulnerability in the setTimeout
function in ...)
+ TODO: check
+CVE-2013-6836 (Heap-based buffer overflow in the ms_escher_get_data function
in ...)
- gnumeric <unfixed>
NOTE:
https://projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.9.shtml
TODO: check
@@ -1438,8 +1743,7 @@
NOT-FOR-US: Fortinet FortiAnalyzer
CVE-2013-6825
RESERVED
-CVE-2013-6824 [Possible shell command injection]
- RESERVED
+CVE-2013-6824 (Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before
2.2.1rc1 ...)
- zabbix 1:2.2.0+dfsg-6 (low)
[squeeze] - zabbix <no-dsa> (Minor issue)
[wheezy] - zabbix <no-dsa> (Minor issue)
@@ -1472,8 +1776,7 @@
RESERVED
CVE-2013-6810 (The server in EMC Connectrix Manager Converged Network Edition
(CMCNE) ...)
NOT-FOR-US: EMC Connectrix Manager Converged Network Edition
-CVE-2013-6809
- RESERVED
+CVE-2013-6809 (Format string vulnerability in the client in Tftpd32 before
4.50 ...)
NOT-FOR-US: Tftpd32
CVE-2013-6808
RESERVED
@@ -1658,8 +1961,8 @@
RESERVED
CVE-2013-6734
RESERVED
-CVE-2013-6733
- RESERVED
+CVE-2013-6733 (Cross-site scripting (XSS) vulnerability in the Web Application
in the ...)
+ TODO: check
CVE-2013-6732
RESERVED
CVE-2013-6731
@@ -1682,8 +1985,8 @@
RESERVED
CVE-2013-6722
RESERVED
-CVE-2013-6721
- RESERVED
+CVE-2013-6721 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Service ...)
+ TODO: check
CVE-2013-6720
RESERVED
CVE-2013-6719
@@ -1704,12 +2007,12 @@
{DSA-2816-1}
- php5 5.5.6+dfsg-2 (bug #731112)
NOTE:
http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071
-CVE-2013-6711
- RESERVED
-CVE-2013-6710
- RESERVED
-CVE-2013-6709
- RESERVED
+CVE-2013-6711 (Cross-site scripting (XSS) vulnerability in the
product-creation ...)
+ TODO: check
+CVE-2013-6710 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx
...)
+ TODO: check
+CVE-2013-6709 (The registration component in Cisco WebEx Training Center
provides the ...)
+ TODO: check
CVE-2013-6708 (Cisco Cloud Portal 9.4 allows remote attackers to read files of
...)
NOT-FOR-US: Cisco
CVE-2013-6707 (Memory leak in the connection-manager implementation in Cisco
Adaptive ...)
@@ -1724,8 +2027,8 @@
NOT-FOR-US: Cisco
CVE-2013-6702 (The management implementation on Cisco ONS 15454 controller
cards with ...)
NOT-FOR-US: Cisco
-CVE-2013-6701
- RESERVED
+CVE-2013-6701 (The tNetTaskLimit process on the Transport Node Controller
(TNC) on ...)
+ TODO: check
CVE-2013-6700 (The SNMP module in Cisco IOS XR allows remote attackers to
cause a ...)
NOT-FOR-US: Cisco IOS XR
CVE-2013-6699 (The Control and Provisioning of Wireless Access Points (CAPWAP)
...)
@@ -1860,12 +2163,12 @@
RESERVED
CVE-2013-6641
RESERVED
-CVE-2013-6640 (The DehoistArrayIndex function in hydrogen-dehoist.cc in Google
V8 ...)
+CVE-2013-6640 (The DehoistArrayIndex function in hydrogen-dehoist.cc (aka ...)
{DSA-2811-1}
- libv8 <unfixed>
- chromium-browser 31.0.1650.63-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6639 (The DehoistArrayIndex function in hydrogen-dehoist.cc in Google
V8 ...)
+CVE-2013-6639 (The DehoistArrayIndex function in hydrogen-dehoist.cc (aka ...)
{DSA-2811-1}
- libv8 <unfixed>
- chromium-browser 31.0.1650.63-1
@@ -2383,16 +2686,14 @@
RESERVED
CVE-2013-6429
RESERVED
-CVE-2013-6428 [Heat ReST API doesn't respect tenant scoping]
- RESERVED
+CVE-2013-6428 (The ReST API in OpenStack Orchestration API (Heat) before
Havana ...)
- heat 2013.2.1-1 (bug #732033)
NOTE: https://launchpad.net/bugs/1256983
CVE-2013-6427 (upgrade.py in the hp-upgrade service in HP Linux Imaging and
Printing ...)
- hplip 3.13.11-2 (bug #731480)
[squeeze] - hplip <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=853405
-CVE-2013-6426 [Heat CFN policy rules not all enforced]
- RESERVED
+CVE-2013-6426 (The cloudformation-compatible API in OpenStack Orchestration
API ...)
- heat 2013.2.1-1 (bug #732033)
NOTE: https://launchpad.net/bugs/1256049
CVE-2013-6425
@@ -2412,8 +2713,7 @@
[squeeze] - curl <not-affected> (issue introduced with 59cf93cc, 7.21.4)
CVE-2013-6421 (The unpack_zip function in archive_unpacker.rb in the sprout
gem ...)
NOT-FOR-US: Ruby Gem sprout
-CVE-2013-6420 [php: memory corruption in openssl_x509_parse()]
- RESERVED
+CVE-2013-6420 (The asn1_time_to_time_t function in ext/openssl/openssl.c in
PHP ...)
{DSA-2816-1}
- php5 5.5.6+dfsg-2 (bug #731895)
NOTE:
http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415
@@ -2460,8 +2760,7 @@
[wheezy] - augeas <not-affected> (Affected patch not present/applied)
[squeeze] - augeas <not-affected> (Affected patch not present/applied)
NOTE: only if applied original patch for CVE-2012-0786
-CVE-2013-6411 [crash on airplane crash]
- RESERVED
+CVE-2013-6411 (The HandleCrashedAircraft function in aircraft_cmd.cpp in
OpenTTD ...)
- openttd 1.3.3-1 (low)
[squeeze] - openttd <no-dsa> (Minor issue)
[wheezy] - openttd 1.2.1-3
@@ -2500,8 +2799,7 @@
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=852368
CVE-2013-6401
RESERVED
-CVE-2013-6400 [XSA-80: IOMMU TLB flushing may be inadvertently suppressed]
- RESERVED
+CVE-2013-6400 (Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has
been ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (4.2.x and later are vulnerable)
[squeeze] - xen <not-affected> (4.2.x and later are vulnerable)
@@ -2523,8 +2821,7 @@
- ganglia 3.6.0-1
NOTE: ganglia-web and ganglia are now two separate source packages
NOTE: https://github.com/ganglia/ganglia-web/issues/218
-CVE-2013-6394 [static IV used in Percona XtraBackup]
- RESERVED
+CVE-2013-6394 (Percona XtraBackup before 2.1.6 uses a constant string for the
...)
- percona-xtrabackup <unfixed> (bug #730544)
TODO: check if this if fixed with 2.1.6-2; note fw's comment on
oss-security
CVE-2013-6393
@@ -2533,8 +2830,7 @@
- linux-2.6 <not-affected> (Android-specific)
- linux <not-affected> (Android-specific)
NOTE:
https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/base/genlock.c?id=e3c43027bdb59f03eec7ead0a01c77e4bf801625&h=jb_3.2.3
-CVE-2013-6391 [Keystone trust circumvention through EC2-style tokens]
- RESERVED
+CVE-2013-6391 (The ec2tokens API in OpenStack Identity (Keystone) before
Havana ...)
- keystone 2013.2.1-1 (bug #731981)
[wheezy] - keystone <not-affected> (vulnerable code not present)
NOTE: https://launchpad.net/bugs/1242597
@@ -2591,8 +2887,7 @@
NOTE:
http://git.kernel.org/linus/a497e47d4aec37aaf8f13509f3ef3d1f6a717d88
CVE-2013-6377
REJECTED
-CVE-2013-6376 [kvm: BUG_ON() in apic_cluster_id()]
- RESERVED
+CVE-2013-6376 (The recalculate_apic_map function in arch/x86/kvm/lapic.c in
the KVM ...)
- linux <unfixed>
- linux-2.6 <removed>
CVE-2013-6375 (Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough,
does ...)
@@ -2612,12 +2907,10 @@
RESERVED
CVE-2013-6369
RESERVED
-CVE-2013-6368 [kvm: cross page vapic_addr access]
- RESERVED
+CVE-2013-6368 (The KVM subsystem in the Linux kernel through 3.12.5 allows
local ...)
- linux <unfixed>
- linux-2.6 <removed>
-CVE-2013-6367 [kvm: division by zero in apic_get_tmcct()]
- RESERVED
+CVE-2013-6367 (The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM
...)
- linux <unfixed>
- linux-2.6 <removed>
CVE-2013-6363
@@ -2628,8 +2921,7 @@
RESERVED
CVE-2013-6360
RESERVED
-CVE-2013-6359 [node DoS on bad plugin]
- RESERVED
+CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote
attackers to ...)
{DSA-2815-1}
- munin 2.0.18-1
[squeeze] - munin <no-dsa> (Minor issue)
@@ -2723,12 +3015,12 @@
RESERVED
CVE-2013-6330
RESERVED
-CVE-2013-6329
- RESERVED
+CVE-2013-6329 (IBM Global Security Kit (aka GSKit), as used in Content Manager
...)
+ TODO: check
CVE-2013-6328
RESERVED
-CVE-2013-6327
- RESERVED
+CVE-2013-6327 (Cross-site scripting (XSS) vulnerability in the HTTP Option in
IBM ...)
+ TODO: check
CVE-2013-6326
RESERVED
CVE-2013-6325
@@ -2836,8 +3128,8 @@
RESERVED
CVE-2013-6272
RESERVED
-CVE-2013-6271
- RESERVED
+CVE-2013-6271 (Android 4.0 through 4.3 allows attackers to bypass intended
access ...)
+ TODO: check
CVE-2013-6270
RESERVED
CVE-2013-6269
@@ -3005,13 +3297,11 @@
RESERVED
CVE-2013-6194
RESERVED
-CVE-2013-6193
- RESERVED
-CVE-2013-6192
- RESERVED
+CVE-2013-6193 (Unspecified vulnerability on HP LaserJet M1522n and M2727;
LaserJet ...)
+ TODO: check
+CVE-2013-6192 (Cross-site request forgery (CSRF) vulnerability in HP
Operations ...)
NOT-FOR-US: HP Operations Orchestration
-CVE-2013-6191
- RESERVED
+CVE-2013-6191 (Cross-site scripting (XSS) vulnerability in HP Operations ...)
NOT-FOR-US: HP Operations Orchestration
CVE-2013-6190
RESERVED
@@ -3314,8 +3604,7 @@
CVE-2013-6052 (OpenJPEG 1.3 and earlier allows remote attackers to obtain
sensitive ...)
{DSA-2808-1}
- openjpeg <unfixed> (bug #731237)
-CVE-2013-6051 [bgpd crash on valid BGP updates]
- RESERVED
+CVE-2013-6051 (The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21
does not ...)
{DSA-2803-1}
- quagga 0.99.22.4-1 (bug #730513)
[squeeze] - quagga <not-affected> (Only affects 0.99.21)
@@ -3327,8 +3616,7 @@
- apt-listbugs 0.1.10 (low)
[squeeze] - apt-listbugs <no-dsa> (Minor issue)
[wheezy] - apt-listbugs 0.1.8+deb7u1
-CVE-2013-6048 [OOM in HTML generation on bad multigraph data]
- RESERVED
+CVE-2013-6048 (The get_group_tree function in lib/Munin/Master/HTMLConfig.pm
in Munin ...)
{DSA-2815-1}
- munin 2.0.18-1
[squeeze] - munin <no-dsa> (Minor issue)
@@ -3354,8 +3642,8 @@
RESERVED
CVE-2013-6039 (Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL
3.2 ...)
NOT-FOR-US: NagiosQL
-CVE-2013-6038
- RESERVED
+CVE-2013-6038 (Stack-based buffer overflow in Trimble SketchUp Viewer
13.0.4124 ...)
+ TODO: check
CVE-2013-6037
RESERVED
CVE-2013-6036
@@ -3420,8 +3708,8 @@
RESERVED
CVE-2013-6006
RESERVED
-CVE-2013-6005
- RESERVED
+CVE-2013-6005 (Cross-site scripting (XSS) vulnerability in Cybozu Dezie before
8.1.0 ...)
+ TODO: check
CVE-2013-6004 (Session fixation vulnerability in Cybozu Garoon before 3.7.2
allows ...)
NOT-FOR-US: Cybozu Garoon
CVE-2013-6003 (CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5
SP5, ...)
@@ -3538,8 +3826,8 @@
RESERVED
CVE-2013-5947
RESERVED
-CVE-2013-5946
- RESERVED
+CVE-2013-5946 (The runShellCmd function in systemCheck.htm in D-Link DSR-150
with ...)
+ TODO: check
CVE-2013-5945
RESERVED
CVE-2013-5944 (The integrated web server on Siemens SCALANCE X-200 switches
with ...)
@@ -4185,8 +4473,7 @@
RESERVED
CVE-2013-5677
RESERVED
-CVE-2013-5676
- RESERVED
+CVE-2013-5676 (The Jenkins Plugin for SonarQube 3.7 and earlier allows remote
...)
NOT-FOR-US: SonarQube Jenkins plugin
CVE-2013-5674 (badges/external.php in Moodle 2.5.x before 2.5.2 does not
properly ...)
- moodle 2.5.2-1
@@ -4824,8 +5111,8 @@
RESERVED
CVE-2013-5467
RESERVED
-CVE-2013-5466
- RESERVED
+CVE-2013-5466 (The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5,
and the ...)
+ TODO: check
CVE-2013-5465
RESERVED
CVE-2013-5464
@@ -4876,12 +5163,12 @@
NOT-FOR-US: IBM
CVE-2013-5441
RESERVED
-CVE-2013-5440
- RESERVED
+CVE-2013-5440 (IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1
allows ...)
+ TODO: check
CVE-2013-5439
RESERVED
-CVE-2013-5438
- RESERVED
+CVE-2013-5438 (Cross-site scripting (XSS) vulnerability in the web server in
IBM Flex ...)
+ TODO: check
CVE-2013-5437
RESERVED
CVE-2013-5436
@@ -4924,10 +5211,10 @@
NOT-FOR-US: IBM WebSphere
CVE-2013-5417 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Application ...)
NOT-FOR-US: IBM WebSphere Application Server
-CVE-2013-5416
- RESERVED
-CVE-2013-5415
- RESERVED
+CVE-2013-5416 (Unspecified vulnerability in IBM Rational ClearCase through
7.1.2.12, ...)
+ TODO: check
+CVE-2013-5415 (Buffer overflow in IBM Rational ClearCase through 7.1.2.12,
8.0.0.x ...)
+ TODO: check
CVE-2013-5414 (The migration functionality in IBM WebSphere Application Server
(WAS) ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-5413
@@ -4952,18 +5239,18 @@
NOT-FOR-US: IBM Rational Quality Manager
CVE-2013-5403 (Unspecified vulnerability on the IBM WebSphere DataPower XC10
...)
NOT-FOR-US: IBM WebSphere
-CVE-2013-5402
- RESERVED
+CVE-2013-5402 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
+ TODO: check
CVE-2013-5401
RESERVED
CVE-2013-5400
RESERVED
CVE-2013-5399
RESERVED
-CVE-2013-5398
- RESERVED
-CVE-2013-5397
- RESERVED
+CVE-2013-5398 (Unspecified vulnerability in the Webservice Axis Gateway in IBM
...)
+ TODO: check
+CVE-2013-5397 (Unspecified vulnerability in the Webservice Axis Gateway in IBM
...)
+ TODO: check
CVE-2013-5396
RESERVED
CVE-2013-5395 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before
7.1.1.12, ...)
@@ -5302,15 +5589,14 @@
RESERVED
CVE-2013-5229
RESERVED
-CVE-2013-5228
- RESERVED
-CVE-2013-5227
- RESERVED
+CVE-2013-5228 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before
7.0.1, ...)
+ TODO: check
+CVE-2013-5227 (Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote
attackers ...)
NOT-FOR-US: Safari
CVE-2013-5226
RESERVED
-CVE-2013-5225
- RESERVED
+CVE-2013-5225 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before
7.0.1, ...)
+ TODO: check
CVE-2013-5224
RESERVED
CVE-2013-5223 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link
...)
@@ -5365,16 +5651,16 @@
RESERVED
CVE-2013-5200 (The (1) REST and (2) memcache interfaces in the Hazelcast
cluster API ...)
- open-xchange <itp> (bug #269329)
-CVE-2013-5199
- RESERVED
-CVE-2013-5198
- RESERVED
-CVE-2013-5197
- RESERVED
-CVE-2013-5196
- RESERVED
-CVE-2013-5195
- RESERVED
+CVE-2013-5199 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before
7.0.1, ...)
+ TODO: check
+CVE-2013-5198 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before
7.0.1, ...)
+ TODO: check
+CVE-2013-5197 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before
7.0.1, ...)
+ TODO: check
+CVE-2013-5196 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before
7.0.1, ...)
+ TODO: check
+CVE-2013-5195 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before
7.0.1, ...)
+ TODO: check
CVE-2013-5194
RESERVED
CVE-2013-5193 (The App Store component in Apple iOS before 7.0.4 does not
properly ...)
@@ -5558,8 +5844,7 @@
RESERVED
CVE-2013-5108 (Multiple cross-site scripting (XSS) vulnerabilities in the xn
function ...)
- rockmongo <itp> (bug #702961)
-CVE-2013-5107
- RESERVED
+CVE-2013-5107 (Directory traversal vulnerability in RockMongo 1.1.5 and
earlier ...)
- rockmongo <itp> (bug #702961)
CVE-2013-5106
RESERVED
@@ -5785,8 +6070,7 @@
RESERVED
CVE-2013-4989
RESERVED
-CVE-2013-4988
- RESERVED
+CVE-2013-4988 (Stack-based buffer overflow in IcoFX 2.5 and earlier allows
remote ...)
NOT-FOR-US: IcoFX
CVE-2013-4987 (PineApp Mail-SeCure before 3.70 allows remote authenticated
users to ...)
NOT-FOR-US: PinApp
@@ -6153,8 +6437,7 @@
RESERVED
CVE-2013-4846
RESERVED
-CVE-2013-4845
- RESERVED
+CVE-2013-4845 (Cross-site scripting (XSS) vulnerability on HP Officejet Pro
8500 (aka ...)
NOT-FOR-US: HP Officejet Pro
CVE-2013-4844 (Unspecified vulnerability in HP Service Manager 7.11, 9.21,
9.30, ...)
NOT-FOR-US: HP Service Manager and ServiceCenter
@@ -6291,10 +6574,10 @@
NOT-FOR-US: Siemens Enterprise OpenScape
CVE-2013-4777 (A certain configuration of Android 2.3.7 on the Motorola Defy
XT phone ...)
NOT-FOR-US: Motorola
-CVE-2013-4776
- RESERVED
-CVE-2013-4775
- RESERVED
+CVE-2013-4776 (NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13
and ...)
+ TODO: check
+CVE-2013-4775 (NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13
and ...)
+ TODO: check
CVE-2013-4785 (The web interface on the Dell iDRAC6 with firmware before 1.95
allows ...)
NOT-FOR-US: Dell
CVE-2013-4783 (The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x
before ...)
@@ -6763,8 +7046,7 @@
NOTE: 2.6.37-1 first version including 2.6.33 in unstable for linux-2.6
NOTE:
https://git.kernel.org/linus/04bcef2a83f40c6db24222b27a52892cba39dffb
NOTE: http://seclists.org/fulldisclosure/2013/Nov/77
-CVE-2013-4587 [kvm: rtc_status.dest_map out-of-bounds access]
- RESERVED
+CVE-2013-4587 (Array index error in the kvm_vm_ioctl_create_vcpu function in
...)
- linux <unfixed>
- linux-2.6 <removed>
CVE-2013-4586
@@ -6816,15 +7098,12 @@
RESERVED
CVE-2013-4570
RESERVED
-CVE-2013-4569
- RESERVED
+CVE-2013-4569 (The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x
before ...)
NOT-FOR-US: mediawiki extension CleanChanges
-CVE-2013-4568
- RESERVED
+CVE-2013-4568 (Incomplete blacklist vulnerability in Sanitizer::checkCss in
MediaWiki ...)
- mediawiki 1:1.19.8+dfsg-2.2 (bug #729629)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
-CVE-2013-4567
- RESERVED
+CVE-2013-4567 (Incomplete blacklist vulnerability in Sanitizer::checkCss in
MediaWiki ...)
- mediawiki 1:1.19.8+dfsg-2.2 (bug #729629)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
CVE-2013-4566 (mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none
for the ...)
@@ -6963,8 +7242,7 @@
CVE-2013-4521
RESERVED
NOT-FOR-US: Nuxeo
-CVE-2013-4520
- RESERVED
+CVE-2013-4520 (xslt.c in libxslt before 1.1.25 allows context-dependent
attackers to ...)
- libxslt <not-affected> (The versions in wheezy and squeeze contain
the full patch)
CVE-2013-4519 (Multiple cross-site scripting (XSS) vulnerabilities in Review
Board ...)
- reviewboard <itp> (bug #653113)
@@ -7323,7 +7601,7 @@
- libguestfs 1:1.22.7-1
[wheezy] - libguestfs 1:1.18.1-1+deb7u3
CVE-2013-4418
- REJECTED
+ RESERVED
NOTE: security hardening, got rejected
CVE-2013-4417
REJECTED
@@ -7374,7 +7652,7 @@
RESERVED
NOT-FOR-US: Cumin
CVE-2013-4403
- REJECTED
+ RESERVED
NOTE: rejected
CVE-2013-4402 (GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote
...)
{DSA-2774-1 DSA-2773-1}
@@ -8657,10 +8935,10 @@
CVE-2013-4002 (Unspecified vulnerability in the Java Runtime Environment (JRE)
in IBM ...)
- openjdk-6 6b27-1.12.7-1
- openjdk-7 7u45-2.4.3-1
-CVE-2013-4001
- RESERVED
-CVE-2013-4000
- RESERVED
+CVE-2013-4001 (Session fixation vulnerability in IBM Cognos Command Center
before ...)
+ TODO: check
+CVE-2013-4000 (Multiple cross-site request forgery (CSRF) vulnerabilities in
IBM ...)
+ TODO: check
CVE-2013-3999 (Cross-site scripting (XSS) vulnerability in IBM Social Media
Analytics ...)
NOT-FOR-US: IBM Social Media Analytics
CVE-2013-3998
@@ -10604,8 +10882,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3141 (Microsoft Internet Explorer 8 and 9 allows remote attackers to
execute ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2013-3140
- RESERVED
+CVE-2013-3140 (Use-after-free vulnerability in Microsoft Internet Explorer 9
allows ...)
+ TODO: check
CVE-2013-3139 (Microsoft Internet Explorer 6 through 10 allows remote
attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3138 (Integer overflow in the TCP/IP kernel-mode driver in Microsoft
Windows ...)
@@ -10804,10 +11082,10 @@
NOT-FOR-US: IBM
CVE-2013-3044 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and
8.5.2.1 ...)
NOT-FOR-US: IBM
-CVE-2013-3043
- RESERVED
-CVE-2013-3042
- RESERVED
+CVE-2013-3043 (Directory traversal vulnerability in the client in IBM Rational
...)
+ TODO: check
+CVE-2013-3042 (Directory traversal vulnerability in the server in IBM Rational
...)
+ TODO: check
CVE-2013-3041 (The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12,
8.0 ...)
NOT-FOR-US: IBM
CVE-2013-3040 (IBM InfoSphere Information Server through 8.5 FP3, 8.7 through
FP2, ...)
@@ -11444,14 +11722,14 @@
NOT-FOR-US: e-terracontrol
CVE-2013-2817
RESERVED
-CVE-2013-2816
- RESERVED
+CVE-2013-2816 (The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16
...)
+ TODO: check
CVE-2013-2815
RESERVED
-CVE-2013-2814
- RESERVED
-CVE-2013-2813
- RESERVED
+CVE-2013-2814 (Cooper Power Systems Cybectec DNP3 Master OPC Server allows
remote ...)
+ TODO: check
+CVE-2013-2813 (The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16
...)
+ TODO: check
CVE-2013-2812
RESERVED
CVE-2013-2811 (The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE
...)
@@ -13935,7 +14213,7 @@
- tiff 4.0.2-6+nmu1 (bug #706674)
- tiff3 3.9.7-1 (bug #712840)
[wheezy] - tiff3 <no-dsa> (the changes that effect the library are just
hardening, converting uses of sprintf to snprintf. those can be rolled into the
next tiff3 update, but a separate dsa isn't needed)
-CVE-2013-1960 (Heap-based buffer overflow in the tp_process_jpeg_strip
function in ...)
+CVE-2013-1960 (Heap-based buffer overflow in the t2p_process_jpeg_strip
function in ...)
{DSA-2698-1}
- tiff 4.0.2-6+nmu1 (bug #706675)
- tiff3 <not-affected> (tiff command line tools not build in tiff3)
@@ -16020,8 +16298,7 @@
RESERVED
- bcron 0.09-13 (low; bug #686650)
[squeeze] - bcron 0.09-11+squeeze1
-CVE-2013-1364 [possible to override LDAP configuration parameters via the API]
- RESERVED
+CVE-2013-1364 (The user.login function in Zabbix before 1.8.16 and 2.x before
...)
- zabbix 1:2.0.4+dfsg-2 (bug #698541)
[squeeze] - zabbix 1:1.8.2-1squeeze5
NOTE: patches in https://support.zabbix.com/browse/ZBX-6097
@@ -18917,8 +19194,7 @@
{DSA-2668-1}
- linux 3.2.39-1
- linux-2.6 <removed>
-CVE-2013-0348 [sthttpd world-redable logdir]
- RESERVED
+CVE-2013-0348 (thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use ...)
NOT-FOR-US: sthttpd
CVE-2013-0347 [webfs world-readable logdir]
RESERVED
@@ -20029,8 +20305,7 @@
RESERVED
CVE-2012-6152
RESERVED
-CVE-2012-6151 [snmpd DoS when AgentX subagent times-out]
- RESERVED
+CVE-2012-6151 (Net-SNMP 5.7.1 and earlier, when AgentX is registering to
handle a MIB ...)
- net-snmp <unfixed> (low; bug #731625)
[wheezy] - net-snmp <no-dsa> (Minor issue)
[squeeze] - net-snmp <no-dsa> (Minor issue)
@@ -22385,8 +22660,7 @@
CVE-2012-5395
RESERVED
NOT-FOR-US: Mediawiki extension CentralAuth
-CVE-2012-5394
- RESERVED
+CVE-2012-5394 (Cross-site request forgery (CSRF) vulnerability in the
CentralAuth ...)
NOT-FOR-US: mediawiki extension CentralAuth
CVE-2012-5393
RESERVED
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
