Author: joeyh Date: 2012-06-26 21:14:51 +0000 (Tue, 26 Jun 2012) New Revision: 19610 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-06-26 18:27:38 UTC (rev 19609) +++ data/CVE/list 2012-06-26 21:14:51 UTC (rev 19610) @@ -1,16 +1,16 @@ CVE-2012-XXXX [extplorer CSRF] - extplorer 2.1.0b6+dfsg.3-3 -CVE-2012-3797 +CVE-2012-3797 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...) NOT-FOR-US: Pro-face WinGP PC Runtime -CVE-2012-3796 +CVE-2012-3796 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...) NOT-FOR-US: Pro-face WinGP PC Runtime -CVE-2012-3795 +CVE-2012-3795 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...) NOT-FOR-US: Pro-face WinGP PC Runtime -CVE-2012-3794 +CVE-2012-3794 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...) NOT-FOR-US: Pro-face WinGP PC Runtime -CVE-2012-3793 +CVE-2012-3793 (Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ...) NOT-FOR-US: Pro-face WinGP PC Runtime -CVE-2012-3792 +CVE-2012-3792 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...) NOT-FOR-US: Pro-face WinGP PC Runtime CVE-2012-3791 (Multiple SQL injection vulnerabilities in Simple Web Content ...) NOT-FOR-US: Simple Web Content Management System @@ -2288,11 +2288,9 @@ RESERVED CVE-2012-2696 RESERVED -CVE-2012-2695 - RESERVED +CVE-2012-2695 (The Active Record component in Ruby on Rails before 3.0.14, 3.1.x ...) - ruby-activerecord-3.2 3.2.6-1 (bug #675429) -CVE-2012-2694 - RESERVED +CVE-2012-2694 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...) - ruby-activerecord-3.2 3.2.6-1 (bug #675429) CVE-2012-2693 (libvirt, possibly before 0.9.12, does not properly assign USB devices ...) - libvirt 0.9.12-1 (bug #677496) @@ -2392,13 +2390,11 @@ - iptables <unfixed> (bug #675445) CVE-2012-2662 RESERVED -CVE-2012-2661 - RESERVED +CVE-2012-2661 (The Active Record component in Ruby on Rails 3.0.x before 3.0.13, ...) - rails <not-affected> (Doesn''t affects RoR in Squeeze) - ruby-activerecord-3.2 3.2.6-1 (bug #675396; bug #675429) NOTE: http://seclists.org/oss-sec/2012/q2/448 -CVE-2012-2660 - RESERVED +CVE-2012-2660 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...) - ruby-activerecord-3.2 3.2.6-1 (bug #675429) NOTE: http://seclists.org/oss-sec/2012/q2/449 CVE-2012-2659 @@ -2453,8 +2449,7 @@ RESERVED CVE-2012-2640 RESERVED -CVE-2012-2639 - RESERVED +CVE-2012-2639 (The list_directory function in Lib/SimpleHTTPServer.py in ...) NOTE: Duplicate with CVE-2011-4940 http://www.openwall.com/lists/oss-security/2012/06/26/3 CVE-2012-2638 (Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT ...) NOT-FOR-US: SmallPICT @@ -3142,11 +3137,9 @@ [squeeze] - linux-2.6 <not-affected> (Vulnerable code not present) CVE-2012-2382 RESERVED -CVE-2012-2381 - RESERVED +CVE-2012-2381 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller ...) NOT-FOR-US: Apache Roller -CVE-2012-2380 - RESERVED +CVE-2012-2380 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: Apache Roller CVE-2012-2379 RESERVED @@ -31533,8 +31526,8 @@ - kfreebsd-6 <not-affected> (jail binary not yet provided, see bug #584930) - kfreebsd-7 <not-affected> (jail binary not yet provided, see bug #584930) - kfreebsd-8 <not-affected> (jail binary not yet provided, see bug #584930) -CVE-2010-2021 - RESERVED +CVE-2010-2021 (Open redirect vulnerability in the Global Redirect module 6.x-1.x ...) + TODO: check CVE-2010-2020 (sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD ...) - kfreebsd-6 <removed> [lenny] - kfreebsd-6 <no-dsa> (Minor issue, not enabled by default)