thr3ads.net - Secure testing commits - [Secure-testing-commits] r19444

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-Jun-06 21:14 UTC
[Secure-testing-commits] r19444 - data/CVE

Author: joeyh
Date: 2012-06-06 21:14:35 +0000 (Wed, 06 Jun 2012)
New Revision: 19444

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-06-06 19:37:56 UTC (rev 19443)
+++ data/CVE/list	2012-06-06 21:14:35 UTC (rev 19444)
@@ -1,3 +1,7 @@
+CVE-2012-3105 (The glBufferData function in the WebGL implementation in Mozilla
...)
+	TODO: check
+CVE-2012-3104
+	RESERVED
 CVE-2011-5093 (Best Practical Solutions RT 4.x before 4.0.6 does not properly
...)
 	TODO: check
 CVE-2011-5092 (Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before
4.0.6 ...)
@@ -2286,8 +2290,7 @@
 CVE-2012-2145 [qpid DoS]
 	RESERVED
 	- qpid-cpp 0.16-1 (bug #672124)
-CVE-2012-2144 [OSSA 2012-006: Horizon session fixation and reuse]
-	RESERVED
+CVE-2012-2144 (Session fixation vulnerability in OpenStack Dashboard (Horizon)
...)
 	- horizon 2012.1-4 (bug #671604)
 CVE-2012-2143
 	RESERVED
@@ -2457,8 +2460,7 @@
 	RESERVED
 CVE-2012-2096
 	RESERVED
-CVE-2012-2094
-	RESERVED
+CVE-2012-2094 (Cross-site scripting (XSS) vulnerability in the refresh
mechanism in ...)
 	- horizon 2012.1-3
 CVE-2012-2093 (src/common/latex.py in Gajim 0.15 allows local users to
overwrite ...)
 	{DSA-2453-2 DSA-2453-1}
@@ -2811,38 +2813,27 @@
 	RESERVED
 CVE-2012-1948
 	RESERVED
-CVE-2012-1947
-	RESERVED
+CVE-2012-1947 (Heap-based buffer overflow in the utf16_to_isolatin1 function in
...)
 	- iceweasel 10.0.5esr-1
-CVE-2012-1946
-	RESERVED
+CVE-2012-1946 (Use-after-free vulnerability in the
nsINode::ReplaceOrInsertBefore ...)
 	- iceweasel 10.0.5esr-1
-CVE-2012-1945
-	RESERVED
+CVE-2012-1945 (Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before
10.0.5, ...)
 	- iceweasel 10.0.5esr-1
-CVE-2012-1944
-	RESERVED
+CVE-2012-1944 (The Content Security Policy (CSP) implementation in Mozilla
Firefox ...)
 	- iceweasel 10.0.5esr-1
-CVE-2012-1943
-	RESERVED
+CVE-2012-1943 (Untrusted search path vulnerability in Updater.exe in the
Windows ...)
 	- iceweasel <not-affected> (windows-specific)
-CVE-2012-1942
-	RESERVED
+CVE-2012-1942 (The Mozilla Updater and Windows Updater Service in Mozilla
Firefox ...)
 	- iceweasel <not-affected> (windows-specific)
-CVE-2012-1941
-	RESERVED
+CVE-2012-1941 (Heap-based buffer overflow in the ...)
 	- iceweasel 10.0.5esr-1
-CVE-2012-1940
-	RESERVED
+CVE-2012-1940 (Use-after-free vulnerability in the nsFrameList::FirstChild
function ...)
 	- iceweasel 10.0.5esr-1
-CVE-2012-1939
-	RESERVED
+CVE-2012-1939 (jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and
Thunderbird ...)
 	- iceweasel 10.0.5esr-1
-CVE-2012-1938
-	RESERVED
+CVE-2012-1938 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
 	- iceweasel 10.0.5esr-1
-CVE-2012-1937
-	RESERVED
+CVE-2012-1937 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
 	- iceweasel 10.0.5esr-1
 CVE-2012-1936 (** DISPUTED ** The wp_create_nonce function in ...)
 	NOT-FOR-US: Disputed Wordpress issue
@@ -3135,8 +3126,7 @@
 	NOT-FOR-US: Siemens Scalance S
 CVE-2012-1799 (The web server on the Siemens Scalance S Security Module
firewall S602 ...)
 	NOT-FOR-US: Siemens Scalance S
-CVE-2012-1798
-	RESERVED
+CVE-2012-1798 (The TIFFGetEXIFProperties function in coders/tiff.c in
ImageMagick ...)
 	{DSA-2462-1}
 	- imagemagick 8:6.7.4.0-4 (bug #667635)
 CVE-2012-1797 (IBM DB2 9.5 uses world-writable permissions for nodes.reg, which
has ...)
@@ -3413,8 +3403,7 @@
 	RESERVED
 CVE-2012-1668
 	RESERVED
-CVE-2012-1667 [ Handling of zero length rdata can cause named to
terminate,unexpectedly]
-	RESERVED
+CVE-2012-1667 (ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x
before ...)
 	{DSA-2486-1}
 	- bind9 <unfixed>
 	- isc-dhcp <unfixed>
@@ -3581,8 +3570,7 @@
 CVE-2012-1611 [joomla xss]
 	RESERVED
 	- joomla <itp> (bug #571794)
-CVE-2012-1610
-	RESERVED
+CVE-2012-1610 (Integer overflow in the GetEXIFProperty function in
magick/property.c ...)
 	{DSA-2462-1}
 	- imagemagick 8:6.7.4.0-4 (bug #667635)
 CVE-2012-1609
@@ -4511,12 +4499,10 @@
 	RESERVED
 	- bitlbee 3.0.4+bzr855-1 (low)
 	[squeeze] - bitlbee <no-dsa> (Minor issue)
-CVE-2012-1186
-	RESERVED
+CVE-2012-1186 (Integer overflow in the SyncImageProfiles function in profile.c
in ...)
 	{DSA-2462-1}
 	- imagemagick 8:6.6.9.7-7 (bug #665007) 
-CVE-2012-1185
-	RESERVED
+CVE-2012-1185 (Multiple integer overflows in (1) magick/profile.c or (2) ...)
 	{DSA-2462-1}
 	- imagemagick 8:6.6.9.7-7 (bug #665007) 
 CVE-2012-1184 [Asterisk: Stack Buffer Overflow in HTTP Manager]
@@ -5248,8 +5234,7 @@
 	NOT-FOR-US: Support Incident Tracker
 CVE-2012-0921
 	RESERVED
-CVE-2012-0920
-	RESERVED
+CVE-2012-0920 (Use-after-free vulnerability in Dropbear SSH Server 0.52 through
...)
 	{DSA-2456-1}
 	- dropbear 2012.55-1 (low; bug #661150)
 	NOTE: this is limited to authenticated users with enforced command
restrictions
@@ -5578,8 +5563,7 @@
 	{DSA-2393-1}
 	- bip 0.8.8-2 (bug #657217)
 	[lenny] - bip <not-affected> (Maintainer reports vulnerable code not
present)
-CVE-2012-0805
-	RESERVED
+CVE-2012-0805 (Multiple SQL injection vulnerabilities in SQLAlchemy before
0.7.0b4, ...)
 	{DSA-2449-1}
 	- sqlalchemy 0.6.7-1
 CVE-2012-0804 (Heap-based buffer overflow in the proxy_connect function in ...)
@@ -6576,8 +6560,8 @@
 	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.14-10
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2012-0441
-	RESERVED
+CVE-2012-0441 (The ASN.1 decoder in the QuickDER decoder in Mozilla Network
Security ...)
+	TODO: check
 CVE-2012-0440 (Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi
in ...)
 	- bugzilla <removed> (low)
 	[squeeze] - bugzilla <no-dsa> (Minor issue)
@@ -7455,12 +7439,10 @@
 	RESERVED
 CVE-2012-0261
 	RESERVED
-CVE-2012-0260
-	RESERVED
+CVE-2012-0260 (The JPEGWarningHandler function in coders/jpeg.c in ImageMagick
before ...)
 	{DSA-2462-1}
 	- imagemagick 8:6.7.4.0-4 (bug #667635)
-CVE-2012-0259
-	RESERVED
+CVE-2012-0259 (The GetEXIFProperty function in magick/property.c in ImageMagick
...)
 	{DSA-2462-1}
 	- imagemagick 8:6.7.4.0-4 (bug #667635)
 CVE-2012-0258 (Heap-based buffer overflow in the WWCabFile ActiveX component in
the ...)
@@ -7486,12 +7468,10 @@
 CVE-2012-0249 (Buffer overflow in the ospf_ls_upd_list_lsa function in
ospf_packet.c ...)
 	{DSA-2459-1}
 	- quagga 0.99.20.1-1
-CVE-2012-0248
-	RESERVED
+CVE-2012-0248 (ImageMagick 6.7.5-7 and earlier allows remote attackers to cause
a ...)
 	{DSA-2427-1}
 	- imagemagick 8:6.6.9.7-6 (low; bug #659339)
-CVE-2012-0247
-	RESERVED
+CVE-2012-0247 (ImageMagick 6.7.5-7 and earlier allows remote attackers to cause
a ...)
 	{DSA-2427-1}
 	- imagemagick 8:6.6.9.7-6 (bug #659339)
 CVE-2012-0246 (Directory traversal vulnerability in an unspecified ActiveX
control in ...)
Secure testing commits - Jun 2012 - r19444 - data/CVE

[Secure-testing-commits] r19444 - data/CVE
