thr3ads.net - Secure testing commits - [Secure-testing-commits] r19434

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-Jun-05 21:14 UTC
[Secure-testing-commits] r19434 - data/CVE

Author: joeyh
Date: 2012-06-05 21:14:37 +0000 (Tue, 05 Jun 2012)
New Revision: 19434

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-06-05 20:48:53 UTC (rev 19433)
+++ data/CVE/list	2012-06-05 21:14:37 UTC (rev 19434)
@@ -1,3 +1,7 @@
+CVE-2011-5093 (Best Practical Solutions RT 4.x before 4.0.6 does not properly
...)
+	TODO: check
+CVE-2011-5092 (Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before
4.0.6 ...)
+	TODO: check
 CVE-2012-3103
 	RESERVED
 CVE-2012-3102
@@ -983,8 +987,8 @@
 	RESERVED
 CVE-2012-2631
 	RESERVED
-CVE-2012-2630
-	RESERVED
+CVE-2012-2630 (The Puella Magi Madoka Magica iP application 1.05 and earlier
for ...)
+	TODO: check
 CVE-2012-2629
 	RESERVED
 CVE-2012-2628
@@ -3397,6 +3401,7 @@
 	RESERVED
 CVE-2012-1667 [ Handling of zero length rdata can cause named to
terminate,unexpectedly]
 	RESERVED
+	{DSA-2486-1}
 	- bind9 <unfixed>
 	- isc-dhcp <unfixed>
 	[squeeze] - isc-dhcp <not-affected> (isc-dhcp started embedding bind
with version 4.2.x and later)
@@ -4338,18 +4343,18 @@
 	NOTE: Negligable local information disclosure
 CVE-2012-1256 (The single sign-on (SSO) implementation in EasyVista before ...)
 	NOT-FOR-US: EasyVista
-CVE-2012-1255
-	RESERVED
-CVE-2012-1254
-	RESERVED
-CVE-2012-1253
-	RESERVED
-CVE-2012-1252
-	RESERVED
-CVE-2012-1251
-	RESERVED
-CVE-2012-1250
-	RESERVED
+CVE-2012-1255 (SQL injection vulnerability in Segue 2.2.10.2 and earlier allows
...)
+	TODO: check
+CVE-2012-1254 (Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and
earlier ...)
+	TODO: check
+CVE-2012-1253 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail
before ...)
+	TODO: check
+CVE-2012-1252 (Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1
allows ...)
+	TODO: check
+CVE-2012-1251 (Opera before 9.63 does not properly verify X.509 certificates
from SSL ...)
+	TODO: check
+CVE-2012-1250 (Logitec LAN-W300N/R routers with firmware before 2.27 do not
properly ...)
+	TODO: check
 CVE-2012-1249 (The iLunascape application 1.0.4.0 and earlier for Android does
not ...)
 	NOT-FOR-US: iLunascape
 CVE-2012-1248 (app/config/core.php in baserCMS 1.6.15 and earlier does not
properly ...)
@@ -4543,8 +4548,7 @@
 CVE-2012-1174 [systemd: TOCTOU race condition by removing user session]
 	RESERVED
 	- systemd 44-1 (bug #664364)
-CVE-2012-1173
-	RESERVED
+CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4
allow ...)
 	{DSA-2447-1}
 	- tiff3 3.9.6-2
 	- tiff 4.0.1-2
@@ -5162,8 +5166,7 @@
 	[squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1
 CVE-2012-0945
 	RESERVED
-CVE-2012-0944
-	RESERVED
+CVE-2012-0944 (Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS
does ...)
 	- aptdaemon 0.43+bzr790-1
 	[squeeze] - aptdaemon <not-affected> (Vulnerable code not present)
 CVE-2012-0943
@@ -5379,8 +5382,7 @@
 CVE-2012-0863 (Mumble 1.2.3 and earlier uses world-readable permissions for
...)
 	{DSA-2411-1}
 	- mumble 1.2.3-3 (bug #659039)
-CVE-2012-0862 [xinetd enables unintentional services over tcpmux port]
-	RESERVED
+CVE-2012-0862 (builtins.c in Xinetd before 2.3.15 does not check the service
type ...)
 	- xinetd 1:2.3.14-7.1 (bug #672381)
 	[squeeze] - xinetd <no-dsa> (Minor issue)
 CVE-2012-0861
@@ -5525,8 +5527,7 @@
 	[lenny] - samba <not-affected> (Only affects 3.6.x)
 CVE-2012-0816
 	RESERVED
-CVE-2012-0815
-	RESERVED
+CVE-2012-0815 (The headerVerifyInfo function in lib/header.c in RPM before
4.9.1.3 ...)
 	- rpm 4.9.1.3-1 (bug #667031)
 CVE-2012-0814 (The auth_parse_options function in auth-options.c in sshd in
OpenSSH ...)
 	- openssh 1:5.6p1-1 (low; bug #657445)
@@ -8424,11 +8425,9 @@
 CVE-2012-0062
 	RESERVED
 	NOT-FOR-US: JBoss Operations Network
-CVE-2012-0061
-	RESERVED
+CVE-2012-0061 (The headerLoad function in lib/header.c in RPM before 4.9.1.3
does not ...)
 	- rpm 4.9.1.3-1 (bug #667031)
-CVE-2012-0060
-	RESERVED
+CVE-2012-0060 (RPM before 4.9.1.3 does not properly validate region tags, which
...)
 	- rpm 4.9.1.3-1 (bug #667031)
 CVE-2012-0059
 	RESERVED
@@ -9229,16 +9228,13 @@
 CVE-2011-4461 (Jetty 8.1.0.RC2 and earlier computes hash values for form
parameters ...)
 	- jetty 6.1.26-1
 	[squeeze] - jetty <no-dsa> (Minor issue)
-CVE-2011-4460
-	RESERVED
+CVE-2011-4460 (SQL injection vulnerability in Best Practical Solutions RT 2.x
and 3.x ...)
 	{DSA-2480-1}
 	- request-tracker4 4.0.5-3 
-CVE-2011-4459
-	RESERVED
+CVE-2011-4459 (Best Practical Solutions RT 3.x before 3.8.12 and 4.x before
4.0.6 ...)
 	{DSA-2480-1}
 	- request-tracker4 4.0.5-3 
-CVE-2011-4458
-	RESERVED
+CVE-2011-4458 (Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before
3.8.12 and ...)
 	{DSA-2480-1}
 	- request-tracker4 4.0.5-3 
 CVE-2011-4457 (OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88,
when ...)
@@ -16545,20 +16541,16 @@
 	- libstruts1.2-java <undetermined>
 CVE-2011-2086
 	RESERVED
-CVE-2011-2085
-	RESERVED
+CVE-2011-2085 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Best ...)
 	{DSA-2480-1}
 	- request-tracker4 4.0.5-3 
-CVE-2011-2084
-	RESERVED
+CVE-2011-2084 (Best Practical Solutions RT 3.x before 3.8.12 and 4.x before
4.0.6 ...)
 	{DSA-2480-1}
 	- request-tracker4 4.0.5-3 
-CVE-2011-2083
-	RESERVED
+CVE-2011-2083 (Multiple cross-site scripting (XSS) vulnerabilities in Best
Practical ...)
 	{DSA-2480-1}
 	- request-tracker4 4.0.5-3 
-CVE-2011-2082
-	RESERVED
+CVE-2011-2082 (The vulnerable-passwords script in Best Practical Solutions RT
3.x ...)
 	{DSA-2480-1}
 	- request-tracker4 4.0.5-3 
 CVE-2011-2081 (MediaCAST 8 and earlier does not properly handle requests for
...)
Secure testing commits - Jun 2012 - r19434 - data/CVE

[Secure-testing-commits] r19434 - data/CVE
