thr3ads.net - Secure testing commits - [Secure-testing-commits] r19616

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-Jun-27 21:14 UTC
[Secure-testing-commits] r19616 - data/CVE

Author: joeyh
Date: 2012-06-27 21:14:27 +0000 (Wed, 27 Jun 2012)
New Revision: 19616

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-06-27 20:47:02 UTC (rev 19615)
+++ data/CVE/list	2012-06-27 21:14:27 UTC (rev 19616)
@@ -1,3 +1,11 @@
+CVE-2012-3801 (The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does
not ...)
+	TODO: check
+CVE-2012-3800 (Cross-site scripting (XSS) vulnerability in og.js in the Organic
...)
+	TODO: check
+CVE-2012-3799 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+	TODO: check
+CVE-2012-3798 (The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when
...)
+	TODO: check
 CVE-2012-3797 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe
in ...)
 	NOT-FOR-US: Pro-face WinGP PC Runtime
 CVE-2012-3796 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe
in ...)
@@ -1975,65 +1983,45 @@
 	RESERVED
 CVE-2012-2835
 	RESERVED
-CVE-2012-2834
-	RESERVED
+CVE-2012-2834 (Integer overflow in Google Chrome before 20.0.1132.43 allows
remote ...)
 	- chromium-browser <unfixed>
-CVE-2012-2833
-	RESERVED
+CVE-2012-2833 (Buffer overflow in the JS API in the PDF functionality in Google
...)
 	- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
-CVE-2012-2832
-	RESERVED
+CVE-2012-2832 (The image-codec implementation in the PDF functionality in
Google ...)
 	- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
-CVE-2012-2831
-	RESERVED
+CVE-2012-2831 (Use-after-free vulnerability in Google Chrome before
20.0.1132.43 ...)
 	- chromium-browser <unfixed>
-CVE-2012-2830
-	RESERVED
+CVE-2012-2830 (Google Chrome before 20.0.1132.43 does not properly set array
values, ...)
 	- chromium-browser <unfixed>
-CVE-2012-2829
-	RESERVED
+CVE-2012-2829 (Use-after-free vulnerability in the Cascading Style Sheets (CSS)
...)
 	- chromium-browser <unfixed>
-CVE-2012-2828
-	RESERVED
+CVE-2012-2828 (Multiple integer overflows in the PDF functionality in Google
Chrome ...)
 	- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
-CVE-2012-2827
-	RESERVED
+CVE-2012-2827 (Use-after-free vulnerability in the UI in Google Chrome before
...)
 	- chromium-browser <not-affected> (MacOS specific)
-CVE-2012-2826
-	RESERVED
+CVE-2012-2826 (Google Chrome before 20.0.1132.43 does not properly implement
texture ...)
 	- chromium-browser <unfixed>
-CVE-2012-2825
-	RESERVED
+CVE-2012-2825 (The XSL implementation in Google Chrome before 20.0.1132.43
allows ...)
 	- libxslt <unfixed> (bug #679283)
-CVE-2012-2824
-	RESERVED
+CVE-2012-2824 (Use-after-free vulnerability in Google Chrome before
20.0.1132.43 ...)
 	- chromium-browser <unfixed>
-CVE-2012-2823
-	RESERVED
+CVE-2012-2823 (Use-after-free vulnerability in Google Chrome before
20.0.1132.43 ...)
 	- chromium-browser <unfixed>
-CVE-2012-2822
-	RESERVED
+CVE-2012-2822 (The PDF functionality in Google Chrome before 20.0.1132.43
allows ...)
 	- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
-CVE-2012-2821
-	RESERVED
+CVE-2012-2821 (The autofill implementation in Google Chrome before 20.0.1132.43
does ...)
 	- chromium-browser <unfixed>
-CVE-2012-2820
-	RESERVED
+CVE-2012-2820 (Google Chrome before 20.0.1132.43 does not properly implement
SVG ...)
 	- chromium-browser <unfixed>
-CVE-2012-2819
-	RESERVED
+CVE-2012-2819 (The texSubImage2D implementation in the WebGL subsystem in
Google ...)
 	- chromium-browser <unfixed>
-CVE-2012-2818
-	RESERVED
+CVE-2012-2818 (Use-after-free vulnerability in Google Chrome before
20.0.1132.43 ...)
 	- chromium-browser <unfixed>
-CVE-2012-2817
-	RESERVED
+CVE-2012-2817 (Use-after-free vulnerability in Google Chrome before
20.0.1132.43 ...)
 	- chromium-browser <unfixed>
-CVE-2012-2816
-	RESERVED
+CVE-2012-2816 (Google Chrome before 20.0.1132.43 on Windows does not properly
isolate ...)
 	- chromium-browser <unfixed>
-CVE-2012-2815
-	RESERVED
+CVE-2012-2815 (Google Chrome before 20.0.1132.43 allows remote attackers to
obtain ...)
 	- chromium-browser <unfixed>
 CVE-2012-2814
 	RESERVED
@@ -2049,8 +2037,7 @@
 	RESERVED
 CVE-2012-2808
 	RESERVED
-CVE-2012-2807
-	RESERVED
+CVE-2012-2807 (Multiple integer overflows in libxml2, as used in Google Chrome
before ...)
 	- libxml2 <unfixed> (bug #679280)
 	NOTE:
http://git.chromium.org/gitweb/?p=chromium/src.git;a=patch;h=f183580d61c054f7f6bb35cfe29e1b342390fbebcd
 CVE-2012-2806
@@ -2137,8 +2124,7 @@
 	RESERVED
 CVE-2012-2765
 	RESERVED
-CVE-2012-2764
-	RESERVED
+CVE-2012-2764 (Untrusted search path vulnerability in Google Chrome before ...)
 	- chromium-browser <not-affected> (Windows specific)
 CVE-2012-2763
 	RESERVED
@@ -2235,73 +2221,73 @@
 CVE-2012-2733
 	RESERVED
 CVE-2012-2732
-	RESERVED
-CVE-2012-2731
-	RESERVED
-CVE-2012-2730
-	RESERVED
-CVE-2012-2729
-	RESERVED
-CVE-2012-2728
-	RESERVED
-CVE-2012-2727
-	RESERVED
-CVE-2012-2726
-	RESERVED
-CVE-2012-2725
-	RESERVED
+	REJECTED
+CVE-2012-2731 (The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores
the ...)
+	TODO: check
+CVE-2012-2730 (The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does
not ...)
+	TODO: check
+CVE-2012-2729 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+	TODO: check
+CVE-2012-2728 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Node ...)
+	TODO: check
+CVE-2012-2727 (Open redirect vulnerability in the Janrain Capture module
6.x-1.0 and ...)
+	TODO: check
+CVE-2012-2726 (Cross-site scripting (XSS) vulnerability in the Protest module
6.x-1.x ...)
+	TODO: check
+CVE-2012-2725 (classes/Filter/WhitelistedExternalFilter.php in the Authoring
HTML ...)
+	TODO: check
 CVE-2012-2724
 	RESERVED
-CVE-2012-2723
-	RESERVED
-CVE-2012-2722
-	RESERVED
-CVE-2012-2721
-	RESERVED
-CVE-2012-2720
-	RESERVED
-CVE-2012-2719
-	RESERVED
+CVE-2012-2723 (Cross-site scripting (XSS) vulnerability in the Maestro module
7.x-1.x ...)
+	TODO: check
+CVE-2012-2722 (The node selection interface in the WYSIWYG editor (CKEditor) in
the ...)
+	TODO: check
+CVE-2012-2721 (The default views in the Organic Groups (OG) module 6.x-2.x
before ...)
+	TODO: check
+CVE-2012-2720 (The Token Authentication (tokenauth) module 6.x-1.x before
6.x-1.7 for ...)
+	TODO: check
+CVE-2012-2719 (The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when
accessed ...)
+	TODO: check
 CVE-2012-2718 (SQL injection vulnerability in the Counter module for Drupal
allows ...)
 	NOT-FOR-US: Drupal module
 CVE-2012-2717
 	RESERVED
 CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment
...)
 	NOT-FOR-US: Drupal module
-CVE-2012-2715
-	RESERVED
+CVE-2012-2715 (Cross-site scripting (XSS) vulnerability in the themes_links
function ...)
+	TODO: check
 CVE-2012-2714
 	RESERVED
-CVE-2012-2713
-	RESERVED
-CVE-2012-2712
-	RESERVED
-CVE-2012-2711
-	RESERVED
-CVE-2012-2710
-	RESERVED
+CVE-2012-2713 (Cross-site request forgery (CSRF) vulnerability in the BrowserID
...)
+	TODO: check
+CVE-2012-2712 (Multiple cross-site scripting (XSS) vulnerabilities in the
Search API ...)
+	TODO: check
+CVE-2012-2711 (Multiple cross-site scripting (XSS) vulnerabilities in the
Taxonomy ...)
+	TODO: check
+CVE-2012-2710 (Cross-site scripting (XSS) vulnerability in the Zen module
6.x-1.x ...)
+	TODO: check
 CVE-2012-2709
 	RESERVED
-CVE-2012-2708
-	RESERVED
-CVE-2012-2707
-	RESERVED
-CVE-2012-2706
-	RESERVED
-CVE-2012-2705
-	RESERVED
+CVE-2012-2708 (Cross-site scripting (XSS) vulnerability in the ...)
+	TODO: check
+CVE-2012-2707 (The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal
does ...)
+	TODO: check
+CVE-2012-2706 (Cross-site scripting (XSS) vulnerability in the Post Affiliate
Pro ...)
+	TODO: check
+CVE-2012-2705 (The filter_titles function in the Smart Breadcrumb module
6.x-1.x ...)
+	TODO: check
 CVE-2012-2704
 	RESERVED
-CVE-2012-2703
-	RESERVED
-CVE-2012-2702
-	RESERVED
+CVE-2012-2703 (Cross-site scripting (XSS) vulnerability in the Advertisement
module ...)
+	TODO: check
+CVE-2012-2702 (The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for
Drupal ...)
+	TODO: check
 CVE-2012-2701
-	RESERVED
+	REJECTED
 CVE-2012-2700
-	RESERVED
+	REJECTED
 CVE-2012-2699
-	RESERVED
+	REJECTED
 CVE-2012-2698 [mediawiki uselang XSS]
 	RESERVED
 	[squeeze] - mediawiki <not-affected> (bug #677895; only affects
experimental version 1.9.0)
@@ -2472,7 +2458,8 @@
 	RESERVED
 CVE-2012-2640
 	RESERVED
-CVE-2012-2639 (The list_directory function in Lib/SimpleHTTPServer.py in ...)
+CVE-2012-2639
+	REJECTED
 	NOTE: Duplicate with CVE-2011-4940
http://www.openwall.com/lists/oss-security/2012/06/26/3
 CVE-2012-2638 (Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in
SmallPICT ...)
 	NOT-FOR-US: SmallPICT
@@ -3653,8 +3640,8 @@
 	RESERVED
 CVE-2012-2201
 	RESERVED
-CVE-2012-2200
-	RESERVED
+CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1,
and VIOS ...)
+	TODO: check
 CVE-2012-2199
 	RESERVED
 CVE-2012-2198
@@ -3858,8 +3845,7 @@
 CVE-2012-2123 (The cap_bprm_set_creds function in security/commoncap.c in the
Linux ...)
 	{DSA-2469-1}
 	- linux-2.6 3.2.16-1
-CVE-2012-2122 [mysql authentication bypass]
-	RESERVED
+CVE-2012-2122 (sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before
...)
 	{DSA-2496-1}
 	- mysql-5.1 <unfixed> (bug #677018)
 	- mysql-5.5 5.5.24+dfsg-1
@@ -8795,8 +8781,7 @@
 CVE-2011-4941
 	RESERVED
 	NOT-FOR-US: piwik
-CVE-2011-4940 [python: potential XSS in SimpleHTTPServer''s
list_directory()]
-	RESERVED
+CVE-2011-4940 (The list_directory function in Lib/SimpleHTTPServer.py in ...)
 	- python2.7 2.7.2-8 (unimportant)
 	- python2.6 <unfixed> (unimportant; bug #664135)
 	- python2.5 <removed> (unimportant)
Secure testing commits - Jun 2012 - r19616 - data/CVE

[Secure-testing-commits] r19616 - data/CVE
