thr3ads.net - Secure testing commits - [Secure-testing-commits] r18494

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-Feb-20 21:14 UTC
[Secure-testing-commits] r18494 - data/CVE

Author: joeyh
Date: 2012-02-20 21:14:28 +0000 (Mon, 20 Feb 2012)
New Revision: 18494

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-02-20 17:32:50 UTC (rev 18493)
+++ data/CVE/list	2012-02-20 21:14:28 UTC (rev 18494)
@@ -1,3 +1,25 @@
+CVE-2012-1200 (Multiple PHP remote file inclusion vulnerabilities in Nova CMS
allow ...)
+	TODO: check
+CVE-2012-1199 (Multiple PHP remote file inclusion vulnerabilities in Basic
Analysis ...)
+	TODO: check
+CVE-2012-1198 (base_ag_main.php in Basic Analysis and Security Engine (BASE)
1.4.5 ...)
+	TODO: check
+CVE-2012-1197 (Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1
Build ...)
+	TODO: check
+CVE-2012-1196 (Directory traversal vulnerability in the VulCore web service
...)
+	TODO: check
+CVE-2012-1195 (Unrestricted file upload vulnerability in ...)
+	TODO: check
+CVE-2012-1194 (The resolver in the DNS Server service in Microsoft Windows
Server ...)
+	TODO: check
+CVE-2012-1193 (The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3
overwrites ...)
+	TODO: check
+CVE-2012-1192 (The resolver in Unbound before 1.4.11 overwrites cached server
names ...)
+	TODO: check
+CVE-2012-1191 (The resolver in dnscache in Daniel J. Bernstein djbdns 1.05
overwrites ...)
+	TODO: check
+CVE-2011-5081 (Cross-site scripting (XSS) vulnerability in RestoreFile.pm in
BackupPC ...)
+	TODO: check
 CVE-2012-XXXX [F*X XSS issues via various HTTP parameters in fup]
 	- fex <unfixed> (low; bug #660621)
 	NOTE: advisory has been posted on ossec, CVE ids will be assigned
@@ -2,2 +24,3 @@
 CVE-2012-1190 [phpMyAdmin PMASA-2012-1 XSS using a crafted database name]
+	RESERVED
 	- phpmyadmin 4:3.4.10.1-1 (unimportant)
@@ -338,7 +361,7 @@
 	NOT-FOR-US: Sybase
 CVE-2012-1034 (Multiple cross-site scripting (XSS) vulnerabilities in the admin
...)
 	NOT-FOR-US: EPiServer CMS
-CVE-2012-1033 (The resolver in ISC BIND 9 through 9.8.1-P1 does not properly
...)
+CVE-2012-1033 (The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached
server ...)
 	NOTE: DNS protocol flaw
 CVE-2012-1032
 	RESERVED
@@ -2450,8 +2473,7 @@
 	- zope2.11 <removed>
 	- zope2.9 <removed>
 	NOTE: http://openwall.com/lists/oss-security/2012/01/19/16
-CVE-2011-4923 [backuppc xss issue]
-	RESERVED
+CVE-2011-4923 (Cross-site scripting (XSS) vulnerability in View.pm in BackupPC
3.0.0, ...)
 	- backuppc 3.2.1-2 (bug #646865)
 	[squeeze] - backuppc 3.1.0-9.1
 CVE-2011-4922 [libpurple info leak]
@@ -2865,8 +2887,7 @@
 	- linux-2.6 3.1.8-2 (bug #654876)
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
-CVE-2012-0206 [PowerDNS packet loop]
-	RESERVED
+CVE-2012-0206 (common_startup.cc in PowerDNS (aka pdns) Authoritative Server
before ...)
 	{DSA-2385-1}
 	- pdns 3.0-1.1 (high)
 CVE-2012-0205
@@ -3846,8 +3867,7 @@
 	[squeeze] - libhtml-template-pro-perl 0.9502-1+squeeze1
 CVE-2011-4615 (Multiple cross-site scripting (XSS) vulnerabilities in Zabbix
before ...)
 	- zabbix 1:1.8.10-1 (bug #652664)
-CVE-2011-4614 [TYPO3-SA-2011-004]
-	RESERVED
+CVE-2011-4614 (PHP remote file inclusion vulnerability in ...)
 	- typo3-src 4.5.9+dfsg1-1 (bug #652365)
 	[squeeze] - typo3-src <not-affected> (Only affects 4.5 onwards)
 	[lenny] - typo3-src <not-affected> (Only affects 4.5 onwards)
@@ -4667,8 +4687,7 @@
 	NOT-FOR-US: websitebaker
 CVE-2011-4321 (The password reset functionality in Joomla! 1.5.x through 1.5.24
uses ...)
 	NOT-FOR-US: Joomla
-CVE-2011-4320 [ejabberd DoS in pubsub module]
-	RESERVED
+CVE-2011-4320 (The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and
...)
 	- ejabberd 2.1.9-1 (low)
 	[squeeze] - ejabberd <no-dsa> (Only triggerable with malformed config
file)
 	NOTE: https://support.process-one.net/browse/EJAB-1498
@@ -5330,8 +5349,7 @@
 CVE-2011-4114 (The par_mktmpdir function in the PAR::Packer module before 1.012
for ...)
 	- libpar-packer-perl 1.012-1 (bug #650706)
 	[squeeze] - libpar-packer-perl 1.006-1+squeeze1
-CVE-2011-4113
-	RESERVED
+CVE-2011-4113 (SQL injection vulnerability in the Views module before 6.x-2.13
for ...)
 	- drupal6-mod-views 2.14-1
 CVE-2011-4112
 	RESERVED
@@ -5357,8 +5375,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=751112
 CVE-2011-4106
 	RESERVED
-CVE-2011-4105
-	RESERVED
+CVE-2011-4105 (LightDM before 1.0.6 allows local users to change ownership of
...)
 	- lightdm 1.0.6-2
 CVE-2011-4104
 	RESERVED
@@ -7724,8 +7741,7 @@
 	- ffmpeg <removed>
 	- ffmpeg-debian <end-of-life>
 	NOTE: http://www.ocert.org/advisories/ocert-2011-002.html
-CVE-2011-3361 [BackupPC XSS in Browse.pm]
-	RESERVED
+CVE-2011-3361 (Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in
BackupPC ...)
 	- backuppc 3.2.1-2 (bug #641450)
 	[squeeze] - backuppc 3.1.0-9.1
 	NOTE:
http://sourceforge.net/mailarchive/forum.php?thread_name=f1f1ef74-716d-4af8-b1bf-c1ba6d9a98a1%40SC1EXHC-02.global.atheros.com&forum_name=backuppc-devel
@@ -12263,9 +12279,11 @@
 	RESERVED
 CVE-2011-1778
 	RESERVED
+	{DSA-2413-1}
 	- libarchive 2.8.5-5 (bug #651844)
 CVE-2011-1777
 	RESERVED
+	{DSA-2413-1}
 	- libarchive 2.8.5-5 (bug #651844)
 CVE-2011-1776 (The is_gpt_valid function in fs/partitions/efi.c in the Linux
kernel ...)
 	{DSA-2264-1 DSA-2240-1}
Secure testing commits - Feb 2012 - r18494 - data/CVE

[Secure-testing-commits] r18494 - data/CVE
