Author: joeyh
Date: 2012-01-27 21:14:55 +0000 (Fri, 27 Jan 2012)
New Revision: 18317
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-01-27 19:55:36 UTC (rev 18316)
+++ data/CVE/list 2012-01-27 21:14:55 UTC (rev 18317)
@@ -1,3 +1,7 @@
+CVE-2012-0921
+ RESERVED
+CVE-2012-0920
+ RESERVED
CVE-2012-0919 (Cross-site scripting (XSS) vulnerability in Hitachi IT
Operations ...)
NOT-FOR-US: Hitachi IT Operations Director
CVE-2012-0918 (Unspecified vulnerability in Hitachi COBOL2002 Net Developer,
Net ...)
@@ -234,12 +238,10 @@
RESERVED
- as31 2.3.1-5 (bug #655496)
[squeeze] - as31 <no-dsa> (The maintainer consider it a minor issue.
Check comments in the bug report)
-CVE-2012-0807 [Suhosin extension "transparent cookie encryption buffer
overflow"]
- RESERVED
+CVE-2012-0807 (Stack-based buffer overflow in the suhosin_encrypt_single_cookie
...)
- php-suhosin 0.9.33-1 (bug #657190)
NOTE:
https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa
-CVE-2012-0806 [bip: buffer overflow]
- RESERVED
+CVE-2012-0806 (Buffer overflow in Bip 0.8.8 and earlier might allow remote ...)
{DSA-2393-1}
- bip 0.8.8-2 (bug #657217)
[lenny] - bip <not-affected> (Maintainer reports vulnerable code not
present)
@@ -1123,8 +1125,8 @@
RESERVED
CVE-2012-0396
RESERVED
-CVE-2012-0395
- RESERVED
+CVE-2012-0395 (Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x
before ...)
+ TODO: check
CVE-2012-0394 (** DISPUTED ** The DebuggingInterceptor component in Apache
Struts ...)
- libstruts1.2-java <undetermined>
CVE-2012-0393 (The ParameterInterceptor component in Apache Struts before
2.3.1.1 ...)
@@ -1303,10 +1305,10 @@
RESERVED
CVE-2012-0313 (Cross-site scripting (XSS) vulnerability in glucose 2 before
stage 6.2 ...)
NOT-FOR-US: glucose
-CVE-2012-0312
- RESERVED
-CVE-2012-0311
- RESERVED
+CVE-2012-0312 (Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J
before ...)
+ TODO: check
+CVE-2012-0311 (Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J
before ...)
+ TODO: check
CVE-2012-0310 (CRLF injection vulnerability in Cogent DataHub 7.1.2 and
earlier, ...)
NOT-FOR-US: Cogent DataHub
CVE-2012-0309 (Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2
and ...)
@@ -2736,15 +2738,18 @@
NOT-FOR-US: batavi not in Debian
CVE-2012-0068 [heap-buffer underflow when parsing LANalyzer packet]
RESERVED
+ {DSA-2395-1}
- wireshark 1.6.5-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670
CVE-2012-0067 [DoS due to integer overflow in IPTrace capture format]
RESERVED
+ {DSA-2395-1}
- wireshark 1.6.5-1 (unimportant)
NOTE: Not suitable for code injection
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668
CVE-2012-0066 [DoS via large buffer allocation request]
RESERVED
+ {DSA-2395-1}
- wireshark 1.6.5-1 (unimportant)
NOTE: Not suitable for code injection
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666
@@ -2833,10 +2838,12 @@
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
CVE-2012-0042 [wireshark unspecified NULL derefs]
RESERVED
+ {DSA-2395-1}
- wireshark 1.6.5-1 (unimportant)
NOTE: Not suitable for code injection
CVE-2012-0041 [typecast DoS]
RESERVED
+ {DSA-2395-1}
- wireshark 1.6.5-1 (unimportant)
NOTE: Not suitable for code injection
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663
@@ -2871,6 +2878,7 @@
- nova <unfixed>
CVE-2012-0029
RESERVED
+ {DSA-2396-1}
- qemu-kvm 1.0+dfsg-5
CVE-2012-0028
RESERVED
@@ -3810,8 +3818,7 @@
RESERVED
- gdb <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=703238
-CVE-2011-4354 [OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys]
- RESERVED
+CVE-2011-4354 (crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit
platforms, as ...)
{DSA-2390-1}
- openssl 0.9.8o-4squeeze3 (bug #650621)
CVE-2011-4353 [VP5/VP6 DoS]
@@ -4507,8 +4514,8 @@
RESERVED
CVE-2011-4144
RESERVED
-CVE-2011-4143
- RESERVED
+CVE-2011-4143 (EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows
remote ...)
+ TODO: check
CVE-2011-4142 (The Web Search feature in EMC SourceOne Email Management 6.5
before ...)
NOT-FOR-US: EMC SourceOne Email Management
CVE-2011-4141 (Untrusted search path vulnerability in EMC RSA SecurID Software
Token ...)
@@ -6737,6 +6744,7 @@
[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
NOTE: http://www.wireshark.org/security/wnpa-sec-2011-16.html
CVE-2011-3483 (Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a
denial ...)
+ {DSA-2395-1}
- wireshark 1.6.2-1
[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
NOTE: http://www.wireshark.org/security/wnpa-sec-2011-14.html
@@ -10916,13 +10924,11 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=708876
CVE-2011-1942
RESERVED
-CVE-2011-1941 [phpMyAdmin PMASA-2011-4 insecure redirect]
- RESERVED
+CVE-2011-1941 (Open redirect vulnerability in the redirector feature in
phpMyAdmin ...)
- phpmyadmin 4:3.4.1-1
[lenny] - phpmyadmin <not-affected> (3.4.x only)
[squeeze] - phpmyadmin <not-affected> (3.4.x only)
-CVE-2011-1940 [phpMyAdmin PMASA-2011-3 xss on tracking]
- RESERVED
+CVE-2011-1940 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
{DSA-2391-1}
- phpmyadmin 4:3.4.1-1
[lenny] - phpmyadmin <not-affected> (3.3.x+ only)