Secure testing commits - May 2012 - r19224 - data/CVE

Author: joeyh
Date: 2012-05-11 21:14:23 +0000 (Fri, 11 May 2012)
New Revision: 19224

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-05-11 20:57:59 UTC (rev 19223)
+++ data/CVE/list	2012-05-11 21:14:23 UTC (rev 19224)
@@ -1,3 +1,217 @@
+CVE-2012-2623
+	RESERVED
+CVE-2012-2622
+	RESERVED
+CVE-2012-2621
+	RESERVED
+CVE-2012-2620
+	RESERVED
+CVE-2012-2619
+	RESERVED
+CVE-2012-2618
+	RESERVED
+CVE-2012-2617
+	RESERVED
+CVE-2012-2616
+	RESERVED
+CVE-2012-2615
+	RESERVED
+CVE-2012-2614
+	RESERVED
+CVE-2012-2613
+	RESERVED
+CVE-2012-2612
+	RESERVED
+CVE-2012-2611
+	RESERVED
+CVE-2012-2610
+	RESERVED
+CVE-2012-2609
+	RESERVED
+CVE-2012-2608
+	RESERVED
+CVE-2012-2607
+	RESERVED
+CVE-2012-2606
+	RESERVED
+CVE-2012-2605
+	RESERVED
+CVE-2012-2604
+	RESERVED
+CVE-2012-2603
+	RESERVED
+CVE-2012-2602
+	RESERVED
+CVE-2012-2601
+	RESERVED
+CVE-2012-2600
+	RESERVED
+CVE-2012-2599
+	RESERVED
+CVE-2012-2598
+	RESERVED
+CVE-2012-2597
+	RESERVED
+CVE-2012-2596
+	RESERVED
+CVE-2012-2595
+	RESERVED
+CVE-2012-2594
+	RESERVED
+CVE-2012-2593
+	RESERVED
+CVE-2012-2592
+	RESERVED
+CVE-2012-2591
+	RESERVED
+CVE-2012-2590
+	RESERVED
+CVE-2012-2589
+	RESERVED
+CVE-2012-2588
+	RESERVED
+CVE-2012-2587
+	RESERVED
+CVE-2012-2586
+	RESERVED
+CVE-2012-2585
+	RESERVED
+CVE-2012-2584
+	RESERVED
+CVE-2012-2583
+	RESERVED
+CVE-2012-2582
+	RESERVED
+CVE-2012-2581
+	RESERVED
+CVE-2012-2580
+	RESERVED
+CVE-2012-2579
+	RESERVED
+CVE-2012-2578
+	RESERVED
+CVE-2012-2577
+	RESERVED
+CVE-2012-2576
+	RESERVED
+CVE-2012-2575
+	RESERVED
+CVE-2012-2574
+	RESERVED
+CVE-2012-2573
+	RESERVED
+CVE-2012-2572
+	RESERVED
+CVE-2012-2571
+	RESERVED
+CVE-2012-2570
+	RESERVED
+CVE-2012-2569
+	RESERVED
+CVE-2012-2568
+	RESERVED
+CVE-2012-2567
+	RESERVED
+CVE-2012-2566
+	RESERVED
+CVE-2012-2565
+	RESERVED
+CVE-2012-2564
+	RESERVED
+CVE-2012-2563
+	RESERVED
+CVE-2012-2562
+	RESERVED
+CVE-2012-2561
+	RESERVED
+CVE-2012-2560
+	RESERVED
+CVE-2012-2559
+	RESERVED
+CVE-2012-2558
+	RESERVED
+CVE-2012-2557
+	RESERVED
+CVE-2012-2556
+	RESERVED
+CVE-2012-2555
+	RESERVED
+CVE-2012-2554
+	RESERVED
+CVE-2012-2553
+	RESERVED
+CVE-2012-2552
+	RESERVED
+CVE-2012-2551
+	RESERVED
+CVE-2012-2550
+	RESERVED
+CVE-2012-2549
+	RESERVED
+CVE-2012-2548
+	RESERVED
+CVE-2012-2547
+	RESERVED
+CVE-2012-2546
+	RESERVED
+CVE-2012-2545
+	RESERVED
+CVE-2012-2544
+	RESERVED
+CVE-2012-2543
+	RESERVED
+CVE-2012-2542
+	RESERVED
+CVE-2012-2541
+	RESERVED
+CVE-2012-2540
+	RESERVED
+CVE-2012-2539
+	RESERVED
+CVE-2012-2538
+	RESERVED
+CVE-2012-2537
+	RESERVED
+CVE-2012-2536
+	RESERVED
+CVE-2012-2535
+	RESERVED
+CVE-2012-2534
+	RESERVED
+CVE-2012-2533
+	RESERVED
+CVE-2012-2532
+	RESERVED
+CVE-2012-2531
+	RESERVED
+CVE-2012-2530
+	RESERVED
+CVE-2012-2529
+	RESERVED
+CVE-2012-2528
+	RESERVED
+CVE-2012-2527
+	RESERVED
+CVE-2012-2526
+	RESERVED
+CVE-2012-2525
+	RESERVED
+CVE-2012-2524
+	RESERVED
+CVE-2012-2523
+	RESERVED
+CVE-2012-2522
+	RESERVED
+CVE-2012-2521
+	RESERVED
+CVE-2012-2520
+	RESERVED
+CVE-2012-2519
+	RESERVED
+CVE-2012-2518
+	RESERVED
+CVE-2012-2517
+	RESERVED
 CVE-2012-2516
 	RESERVED
 CVE-2012-2515
@@ -221,16 +435,22 @@
 CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly
implement ...)
 	- gallery2 <undetermined>
 CVE-2012-2404 (wp-comments-post.php in WordPress before 3.3.2 supports offsite
...)
+	{DSA-2670-1}
 	- wordpress 3.3.2+dfsg-1 (bug #670124)
 CVE-2012-2403 (wp-includes/formatting.php in WordPress before 3.3.2 attempts to
...)
+	{DSA-2670-1}
 	- wordpress 3.3.2+dfsg-1 (bug #670124)
 CVE-2012-2402 (wp-admin/plugins.php in WordPress before 3.3.2 allows remote
...)
+	{DSA-2670-1}
 	- wordpress 3.3.2+dfsg-1 (bug #670124)
 CVE-2012-2401 (Plupload before 1.5.4, as used in wp-includes/js/plupload/ in
...)
+	{DSA-2670-1}
 	- wordpress 3.3.2+dfsg-1 (bug #670124)
 CVE-2012-2400 (Unspecified vulnerability in wp-includes/js/swfobject.js in
WordPress ...)
+	{DSA-2670-1}
 	- wordpress 3.3.2+dfsg-1 (bug #670124)
 CVE-2012-2399 (Unspecified vulnerability in
wp-includes/js/swfupload/swfupload.swf in ...)
+	{DSA-2670-1}
 	- wordpress 3.3.2+dfsg-1 (bug #670124)
 CVE-2010-5136
 	RESERVED
@@ -486,12 +706,10 @@
 	RESERVED
 CVE-2012-2337
 	RESERVED
-CVE-2012-2336
-	RESERVED
+CVE-2012-2336 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3,
when ...)
 	- php5 5.4.3 (unimportant)
 	NOTE: Rather harmless bug
-CVE-2012-2335
-	RESERVED
+CVE-2012-2335 (php-wrapper.fcgi does not properly handle command-line
arguments, ...)
 	NOT-FOR-US: Incomplete wrapper provided by PHP as workaround for
CVE-2012-1823/CVE-2012-2311
 CVE-2012-2334
 	RESERVED
@@ -517,8 +735,7 @@
 	- nodejs 0.6.17~dfsg1-1
 	NOTE:
http://blog.nodejs.org/2012/05/07/http-server-security-vulnerability-please-upgrade-to-0-6-17/
 	NOTE: https://github.com/joyent/node/commit/c9a231d
-CVE-2012-2329 [buffer overflow vulnerability in the apache_request_headers()]
-	RESERVED
+CVE-2012-2329 (Buffer overflow in the apache_request_headers function in ...)
 	- php5 5.4.3-1
 	[squeeze] - php5 <not-affected> (Vulnerable code not present)
 	NOTE: 5.4.x only
@@ -567,8 +784,7 @@
 CVE-2012-2312
 	RESERVED
 	- jbossas4 <not-affected> (Only affects JBoss 7)
-CVE-2012-2311 [PHP-CGI query string parameter vulnerability]
-	RESERVED
+CVE-2012-2311 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3,
when ...)
 	{DSA-2465-1}
 	- php5 5.4.3-1 (bug #671880)
 	NOTE: This CVE ID is for the initial incomplete fix for CVE-2012-1823
@@ -1734,8 +1950,7 @@
 	RESERVED
 CVE-2012-1824
 	RESERVED
-CVE-2012-1823 [PHP-CGI query string parameter vulnerability]
-	RESERVED
+CVE-2012-1823 (sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2,
when ...)
 	{DSA-2465-1}
 	- php5 5.4.3-1
 	NOTE: http://ompldr.org/vZGxxaQ https://bugs.php.net/bug.php?id=61910
@@ -4545,10 +4760,10 @@
 	RESERVED
 CVE-2012-0677
 	RESERVED
-CVE-2012-0676
-	RESERVED
-CVE-2012-0675
-	RESERVED
+CVE-2012-0676 (WebKit in Apple Safari before 5.1.7 does not properly track
state ...)
+	TODO: check
+CVE-2012-0675 (Time Machine in Apple Mac OS X before 10.7.4 does not require
...)
+	TODO: check
 CVE-2012-0674 (Safari in Apple iOS before 5.1.1 allows remote attackers to
spoof the ...)
 	TODO: check
 CVE-2012-0673
@@ -4573,34 +4788,34 @@
 	RESERVED
 CVE-2012-0663
 	RESERVED
-CVE-2012-0662
-	RESERVED
-CVE-2012-0661
-	RESERVED
-CVE-2012-0660
-	RESERVED
-CVE-2012-0659
-	RESERVED
-CVE-2012-0658
-	RESERVED
-CVE-2012-0657
-	RESERVED
-CVE-2012-0656
-	RESERVED
-CVE-2012-0655
-	RESERVED
-CVE-2012-0654
-	RESERVED
+CVE-2012-0662 (Integer overflow in the Security Framework in Apple Mac OS X
before ...)
+	TODO: check
+CVE-2012-0661 (Use-after-free vulnerability in QuickTime in Apple Mac OS X
10.7.x ...)
+	TODO: check
+CVE-2012-0660 (Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4
allows ...)
+	TODO: check
+CVE-2012-0659 (Integer overflow in QuickTime in Apple Mac OS X before 10.7.4
allows ...)
+	TODO: check
+CVE-2012-0658 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4
allows ...)
+	TODO: check
+CVE-2012-0657 (Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS
...)
+	TODO: check
+CVE-2012-0656 (Race condition in LoginUIFramework in Apple Mac OS X 10.7.x
before ...)
+	TODO: check
+CVE-2012-0655 (libsecurity in Apple Mac OS X before 10.7.4 does not properly
restrict ...)
+	TODO: check
+CVE-2012-0654 (libsecurity in Apple Mac OS X before 10.7.4 accesses
uninitialized ...)
+	TODO: check
 CVE-2012-0653
 	RESERVED
-CVE-2012-0652
-	RESERVED
-CVE-2012-0651
-	RESERVED
+CVE-2012-0652 (Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or
...)
+	TODO: check
+CVE-2012-0651 (The directory server in Directory Service in Apple Mac OS X
10.6.8 ...)
+	TODO: check
 CVE-2012-0650
 	RESERVED
-CVE-2012-0649
-	RESERVED
+CVE-2012-0649 (Race condition in the initialization routine in blued in
Bluetooth in ...)
+	TODO: check
 CVE-2012-0648 (WebKit, as used in Apple iTunes before 10.6, allows
man-in-the-middle ...)
 	- webkit <undetermined>
 CVE-2012-0647 (WebKit in Apple Safari before 5.1.4 does not properly handle
redirects ...)
@@ -5881,9 +6096,11 @@
 	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4957
 	RESERVED
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 CVE-2011-4956
 	RESERVED
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 CVE-2011-4955
 	RESERVED
@@ -12069,21 +12286,27 @@
 	RESERVED
 	- xen 4.1.2-1
 CVE-2011-3130 (wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2
before ...)
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
 CVE-2011-3129 (The file upload functionality WordPress 3.1 before 3.1.3 and 3.2
...)
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
 CVE-2011-3128 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats
unattached ...)
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
 CVE-2011-3127 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not
prevent ...)
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
 CVE-2011-3126 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote
...)
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
 CVE-2011-3125 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2
before ...)
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
 CVE-2011-3124 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and
Linux, ...)
@@ -12091,6 +12314,7 @@
 CVE-2011-3123 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and
Linux, ...)
 	NOT-FOR-US: InfoSphere
 CVE-2011-3122 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2
before ...)
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
 	NOTE: original advisory seems to be
http://technet.microsoft.com/en-us/security/msvr/msvr11-010
@@ -107022,7 +107246,7 @@
 	NOT-FOR-US: MyNewsGroups
 CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows
remote ...)
 	- monkey 0.9.2-1
-    NOTE: Vulnerable code verified not be present in any Debian version
+	NOTE: Vulnerable code verified not be present in any Debian version
 CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to
execute ...)
 	NOT-FOR-US: WS_FTP Pro
 CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and
possibly ...)
@@ -118761,9 +118985,9 @@
 CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in
cleartext in ...)
 	{DSA-335}
 	- mantis 0.17.5-6
-CVE-2003-0498 (Cach&#129;&#195;&#129;&#169; Database 5.x
installs the /cachesys/csp directory with insecure ...)
+CVE-2003-0498 (Cach&#233; Database 5.x installs the /cachesys/csp directory
with insecure ...)
 	NOT-FOR-US: Intersystems Cache database
-CVE-2003-0497 (Cach&#129;&#195;&#129;&#169; Database 5.x
installs /cachesys/bin/cache with world-writable ...)
+CVE-2003-0497 (Cach&#233; Database 5.x installs /cachesys/bin/cache with
world-writable ...)
 	NOT-FOR-US: Intersystems Cache database
 CVE-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users
to ...)
 	NOT-FOR-US: Microsoft