thr3ads.net - Secure testing commits - [Secure-testing-commits] r18518

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-Feb-22 21:14 UTC
[Secure-testing-commits] r18518 - data/CVE

Author: joeyh
Date: 2012-02-22 21:14:30 +0000 (Wed, 22 Feb 2012)
New Revision: 18518

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-02-22 20:09:09 UTC (rev 18517)
+++ data/CVE/list	2012-02-22 21:14:30 UTC (rev 18518)
@@ -1,3 +1,47 @@
+CVE-2012-1257
+	RESERVED
+CVE-2012-1256 (The single sign-on (SSO) implementation in EasyVista before ...)
+	TODO: check
+CVE-2012-1255
+	RESERVED
+CVE-2012-1254
+	RESERVED
+CVE-2012-1253
+	RESERVED
+CVE-2012-1252
+	RESERVED
+CVE-2012-1251
+	RESERVED
+CVE-2012-1250
+	RESERVED
+CVE-2012-1249
+	RESERVED
+CVE-2012-1248
+	RESERVED
+CVE-2012-1247
+	RESERVED
+CVE-2012-1246
+	RESERVED
+CVE-2012-1245
+	RESERVED
+CVE-2012-1244
+	RESERVED
+CVE-2012-1243
+	RESERVED
+CVE-2012-1242
+	RESERVED
+CVE-2012-1241
+	RESERVED
+CVE-2012-1240
+	RESERVED
+CVE-2012-1239
+	RESERVED
+CVE-2012-1238
+	RESERVED
+CVE-2012-1237
+	RESERVED
+CVE-2012-1236
+	RESERVED
 CVE-2012-1235 (Cross-site request forgery (CSRF) vulnerability in
Advantech/BroadWin ...)
 	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-1234 (SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0
allows ...)
@@ -911,12 +955,16 @@
 	[squeeze] - libvpx <not-affected> (Introduced in 0.9.7)
 	NOTE: http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html
 CVE-2012-0822
+	RESERVED
 	NOT-FOR-US: Joomla!
 CVE-2012-0821
+	RESERVED
 	NOT-FOR-US: Joomla!
 CVE-2012-0820
+	RESERVED
 	NOT-FOR-US: Joomla!
 CVE-2012-0819
+	RESERVED
 	NOT-FOR-US: Joomla!
 CVE-2012-0818
 	RESERVED
@@ -2090,8 +2138,8 @@
 	RESERVED
 CVE-2012-0316
 	RESERVED
-CVE-2012-0315
-	RESERVED
+CVE-2012-0315 (Untrusted search path vulnerability in ALFTP before 5.31 allows
local ...)
+	TODO: check
 CVE-2012-0314 (Multiple cross-site request forgery (CSRF) vulnerabilities on
the ...)
 	NOT-FOR-US: eAccess Pocket WiFi 
 CVE-2012-0313 (Cross-site scripting (XSS) vulnerability in glucose 2 before
stage 6.2 ...)
@@ -2138,8 +2186,8 @@
 	RESERVED
 CVE-2012-0292
 	RESERVED
-CVE-2012-0291
-	RESERVED
+CVE-2012-0291 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite
...)
+	TODO: check
 CVE-2012-0290 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite
...)
 	NOT-FOR-US: Symantec pcAnywhere
 CVE-2012-0289
@@ -2534,6 +2582,7 @@
 	- redmine 1.0.5-1 (bug #608397)
 	NOTE: http://www.redmine.org/news/49
 CVE-2011-4926
+	RESERVED
 	NOT-FOR-US: WordPress plugin Adminimize
 CVE-2011-4925 (Terascale Open-Source Resource and Queue Manager (aka TORQUE
Resource ...)
 	- torque <not-affected> (The version in Debian doesn''t yet have
MUNGE support)
@@ -2585,18 +2634,25 @@
 	{DSA-2264-1 DSA-2240-1}
 	- linux-2.6 2.6.38-4
 CVE-2011-4912
+	RESERVED
 	NOT-FOR-US: Joomla
 CVE-2011-4911
+	RESERVED
 	NOT-FOR-US: Joomla
 CVE-2011-4910
+	RESERVED
 	NOT-FOR-US: Joomla
 CVE-2011-4909
+	RESERVED
 	NOT-FOR-US: Joomla
 CVE-2011-4908
+	RESERVED
 	NOT-FOR-US: Joomla
 CVE-2011-4907
+	RESERVED
 	NOT-FOR-US: Joomla
 CVE-2011-4906
+	RESERVED
 	NOT-FOR-US: Joomla
 CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a
denial ...)
 	- activemq 5.5.0+dfsg-5 (bug #655495)
@@ -2724,8 +2780,8 @@
 	RESERVED
 CVE-2012-0224 (Untrusted search path vulnerability in 7-Technologies (7T) AQUIS
1.5 ...)
 	NOT-FOR-US: 7-Technologies (7T) AQUIS
-CVE-2012-0223
-	RESERVED
+CVE-2012-0223 (Untrusted search path vulnerability in 7-Technologies (7T)
TERMIS 2.10 ...)
+	TODO: check
 CVE-2012-0222
 	RESERVED
 CVE-2012-0221
@@ -3711,6 +3767,7 @@
 CVE-2012-0026
 	REJECTED
 CVE-2012-0025
+	RESERVED
 	NOT-FOR-US: libfpx
 CVE-2012-0024 (MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash
values ...)
 	- maradns 1.4.09-1
@@ -3918,6 +3975,7 @@
 	{DSA-2330-1}
 	- simplesamlphp 1.8.1-1
 CVE-2011-4624
+	RESERVED
 	NOT-FOR-US: WordPress flash-album-gallery
 CVE-2011-4623
 	RESERVED
@@ -3933,6 +3991,7 @@
 	{DSA-2390-1}
 	- openssl 1.0.0f-1 
 CVE-2011-4618
+	RESERVED
 	NOT-FOR-US: WordPress advanced-text-widget
 CVE-2011-4617 (virtualenv.py in virtualenv before 1.5 allows local users to
overwrite ...)
 	- python-virtualenv 1.4.9-1 (low; bug #652653)
@@ -4014,6 +4073,7 @@
 CVE-2011-4596 (Multiple directory traversal vulnerabilities in OpenStack Nova
before ...)
 	- nova 2012.1~e1-4
 CVE-2011-4595
+	RESERVED
 	NOT-FOR-US: WordPress pretty-link plugin
 CVE-2011-4594
 	RESERVED
@@ -4700,6 +4760,7 @@
 CVE-2011-4344 (Cross-site scripting (XSS) vulnerability in Jenkins Core in
CloudBees ...)
 	- jenkins-winstone 0.9.10-jenkins-29+dfsg-1  (bug #649900)
 CVE-2011-4343
+	RESERVED
 	NOT-FOR-US: Mojarra/MyFaces
 CVE-2011-4342
 	RESERVED
@@ -4794,6 +4855,7 @@
 CVE-2011-4311 (ResourceSpace before 4.2.2833 does not properly validate access
keys, ...)
 	NOT-FOR-US: ResourceSpace
 CVE-2011-4310
+	RESERVED
 	NOT-FOR-US: cmsmadesimple
 CVE-2011-4309 [MSA-11-0041]
 	RESERVED
@@ -5232,6 +5294,7 @@
 CVE-2011-4196
 	RESERVED
 CVE-2011-4195
+	RESERVED
 	NOT-FOR-US: kiwi
 CVE-2011-4194 (Buffer overflow in Novell iPrint Server in Novell Open
Enterprise ...)
 	NOT-FOR-US: Novell iPrint
@@ -5450,6 +5513,7 @@
 	[lenny] - phpmyadmin <not-affected> (Vulerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=751112
 CVE-2011-4106
+	RESERVED
 	NOT-FOR-US: wordpress plugin timthumb
 CVE-2011-4105 (LightDM before 1.0.6 allows local users to change ownership of
...)
 	- lightdm 1.0.6-2
@@ -5491,8 +5555,10 @@
 	- squid3 3.1.16-1
 	[lenny] - squid3 <not-affected> (no IPv6 support)
 CVE-2011-4095
+	RESERVED
 	NOT-FOR-US: Jara
 CVE-2011-4094
+	RESERVED
 	NOT-FOR-US: Jara
 CVE-2011-4093
 	RESERVED
@@ -6997,6 +7063,7 @@
 	RESERVED
 	- hardlink <not-affected> (Only the C version, ours are written in
Python)
 CVE-2011-3629
+	RESERVED
 	NOT-FOR-US: Joomla
 CVE-2011-3628
 	RESERVED
@@ -7026,8 +7093,10 @@
 	- vlc 1.1.3-1
 	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=285370
 CVE-2011-3622
+	RESERVED
 	NOT-FOR-US: phorum
 CVE-2011-3621
+	RESERVED
 	NOT-FOR-US: fluxbb
 CVE-2011-3620
 	RESERVED
@@ -7178,6 +7247,7 @@
 	[squeeze] - typo3-src <not-affected> (Only affects 4.5.x)
 	[lenny] - typo3-src <not-affected> (Only affects 4.5.x)
 CVE-2011-3582
+	RESERVED
 	NOT-FOR-US: Advanced Electron Forums
 CVE-2011-3581 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal
...)
 	{DSA-2353-1}
@@ -7772,6 +7842,7 @@
 	- apt <unfixed> (unimportant; bug #642480)
 	NOTE: Not exploitable in Debian, since no keyring URI is defined
 CVE-2011-3373
+	RESERVED
 	NOT-FOR-US: Views Bulk Operations module for Drupal
 CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x
before ...)
 	{DSA-2318-1}
@@ -7783,6 +7854,7 @@
 CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: PunBB
 CVE-2011-3370
+	RESERVED
 	NOT-FOR-US: status.net
 CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe
before ...)
 	- etherape 0.9.12-1 (low; bug #645324)
@@ -7852,6 +7924,7 @@
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in commit
3b463ae0)
 	[squeeze] - linux-2.6 2.6.32-36
 CVE-2011-3352
+	RESERVED
 	NOT-FOR-US: Zikula
 CVE-2011-3351
 	RESERVED
@@ -8301,6 +8374,7 @@
 	- pidgin 2.10.0-1 (unimportant)
 	NOTE: Only exploitable by a malicious MSN server to crash the client
 CVE-2011-3183
+	RESERVED
 	NOT-FOR-US: Concrete CMS
 CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of
the ...)
 	- php5 5.3.7-1 (unimportant)
@@ -8310,6 +8384,7 @@
 	- phpmyadmin 4:3.4.4-1
 	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2011-3180
+	RESERVED
 	NOT-FOR-US: Suse kiwi
 CVE-2011-3179 (The server process in Novell Messenger 2.1 and 2.2.x before
2.2.1, and ...)
 	NOT-FOR-US: Novell Messenger
@@ -9055,12 +9130,16 @@
 CVE-2011-2937 (Cross-site scripting (XSS) vulnerability in the UI messages ...)
 	- roundcube 0.5.4+dfsg-1 (bug #641996)
 CVE-2011-2936
+	RESERVED
 	NOT-FOR-US: Elgg
 CVE-2011-2935
+	RESERVED
 	NOT-FOR-US: Elgg
 CVE-2011-2934
+	RESERVED
 	NOT-FOR-US: WebsiteBaker
 CVE-2011-2933
+	RESERVED
 	NOT-FOR-US: WebsiteBaker
 CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in ...)
 	- rails 2.3.14
@@ -9144,6 +9223,7 @@
 	- torque 2.4.15+dfsg-1
 	[squeeze] - torque <no-dsa> (Not fixable, would need an update to a
release with MUNGE support, clusters typically run in locked down environments)
 CVE-2011-2906
+	RESERVED
 	NOT-FOR-US: ** REJECT **
 CVE-2011-2905
 	RESERVED
@@ -9737,6 +9817,7 @@
 CVE-2011-2728
 	RESERVED
 CVE-2011-2727
+	RESERVED
 	NOT-FOR-US: Tribiq CMS
 CVE-2011-2726 [SA-CORE-2011-003]
 	RESERVED
@@ -9809,6 +9890,7 @@
 	RESERVED
 	- linux-2.6 <not-affected> (xtensa arch not used in Debian)
 CVE-2011-2706
+	RESERVED
 	NOT-FOR-US: sNews
 CVE-2011-2705 (The SecureRandom.random_bytes function in lib/securerandom.rb in
Ruby ...)
 	- ruby1.8 1.8.7.352-1 (low; bug #635878)
@@ -10379,6 +10461,7 @@
 	[lenny] - nfs-utils <not-affected> (Introduced in 1.2.3)
 	[squeeze] - nfs-utils <not-affected> (Introduced in 1.2.3)
 CVE-2011-2499
+	RESERVED
 	NOT-FOR-US: Mambo CMS
 CVE-2011-2498
 	RESERVED
@@ -11573,6 +11656,7 @@
 CVE-2011-2055
 	RESERVED
 CVE-2011-2054
+	RESERVED
 	NOT-FOR-US: ** REJECT ** CVE-2011-2054 misused as CVE-2011-2524
 CVE-2011-2053
 	RESERVED
@@ -12823,6 +12907,7 @@
 	RESERVED
 	NOT-FOR-US: OpenVAS Manager
 CVE-2011-1596
+	RESERVED
 	NOT-FOR-US: ** REJECT ** (regular bug in gnome-screensaver-dialog)
 CVE-2011-1595 (Directory traversal vulnerability in the disk_create function in
...)
 	- rdesktop 1.7.0-1 (low; bug #623552)
@@ -13236,6 +13321,7 @@
 CVE-2011-1475 (The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does
not ...)
 	- tomcat6 <not-affected> (Only affects Tomcat 7)
 CVE-2011-1474
+	RESERVED
 	NOT-FOR-US: PaX patched kernels
 CVE-2011-1473
 	RESERVED
@@ -14215,8 +14301,10 @@
 CVE-2011-1152
 	REJECTED
 CVE-2011-1151
+	RESERVED
 	NOT-FOR-US: Joomla!
 CVE-2011-1150
+	RESERVED
 	NOT-FOR-US: bbPress
 CVE-2011-1149 (Android before 2.3 does not properly restrict access to the
system ...)
 	NOT-FOR-US: Android
@@ -14433,6 +14521,7 @@
 CVE-2011-1097 (rsync 3.x before 3.0.8, when certain recursion, deletion, and
...)
 	- rsync 3.0.8 (low; bug #621866)
 CVE-2011-1096
+	RESERVED
 	NOT-FOR-US: alleged flaw in W3C XML Encryption standard. Nothing specific to
fix
 CVE-2011-1095 (locale/programs/locale.c in locale in the GNU C Library (aka
glibc or ...)
 	- glibc <removed>
@@ -14476,10 +14565,13 @@
 	NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php
 	NOTE: obscure exploit scenario
 CVE-2011-1086
+	RESERVED
 	NOT-FOR-US: openfiler
 CVE-2011-1085
+	RESERVED
 	NOT-FOR-US: smoothwall
 CVE-2011-1084
+	RESERVED
 	NOT-FOR-US: smoothwall
 CVE-2011-1083 (The epoll implementation in the Linux kernel 2.6.37.2 and
earlier does ...)
 	- linux-2.6 <unfixed> (low)
@@ -14525,6 +14617,7 @@
 	[squeeze] - v86d 0.1.9-1+squeeze1
 	[lenny] - v86d 0.1.5.2-1+lenny1
 CVE-2011-1069
+	RESERVED
 	NOT-FOR-US: PHPShop
 CVE-2011-1068 (Microsoft Windows Azure Software Development Kit (SDK) 1.3.x
before ...)
 	NOT-FOR-US: Microsoft Windows Azure SDK
Secure testing commits - Feb 2012 - r18518 - data/CVE

[Secure-testing-commits] r18518 - data/CVE
