Author: joeyh Date: 2012-03-15 21:14:34 +0000 (Thu, 15 Mar 2012) New Revision: 18684 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-03-15 20:00:38 UTC (rev 18683) +++ data/CVE/list 2012-03-15 21:14:34 UTC (rev 18684) @@ -1,3 +1,7 @@ +CVE-2012-1665 + RESERVED +CVE-2012-1664 + RESERVED CVE-2012-1663 (Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows ...) TODO: check CVE-2012-1662 @@ -996,8 +1000,7 @@ NOTE: http://seclists.org/oss-sec/2012/q1/644 CVE-2012-1179 RESERVED -CVE-2012-1178 [pidgin: Possible MSN remote crash] - RESERVED +CVE-2012-1178 (The msn_oim_report_to_user function in oim.c in the MSN protocol ...) - pidgin 2.10.2-1 (bug #664030) NOTE: http://pidgin.im/news/security/?id=61 CVE-2012-1177 [libgdata did not verify SSL] @@ -2772,71 +2775,60 @@ RESERVED CVE-2012-0465 RESERVED -CVE-2012-0464 - RESERVED +CVE-2012-0464 (Use-after-free vulnerability in the browser engine in Mozilla Firefox ...) - icedove <unfixed> [squeeze] - icedove <not-affected> (Vulnerable code not present) - iceweasel 10.0.3esr-1 [squeeze] - iceweasel <not-affected> (Vulnerable code not present) - iceape <unfixed> [squeeze] - iceape <not-affected> (Vulnerable code not present) -CVE-2012-0463 - RESERVED +CVE-2012-0463 (The nsWindow implementation in the browser engine in Mozilla Firefox ...) - iceweasel <not-affected> (Only affects Firefox Mobile on Android) -CVE-2012-0462 - RESERVED +CVE-2012-0462 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - icedove <unfixed> [squeeze] - icedove <not-affected> (Vulnerable code not present) - iceweasel 10.0.3esr-1 [squeeze] - iceweasel <not-affected> (Vulnerable code not present) - iceape <unfixed> [squeeze] - iceape <not-affected> (Vulnerable code not present) -CVE-2012-0461 - RESERVED +CVE-2012-0461 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - icedove <unfixed> - iceweasel 10.0.3esr-1 - iceape <unfixed> -CVE-2012-0460 - RESERVED +CVE-2012-0460 (Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, ...) - icedove <unfixed> [squeeze] - icedove <not-affected> (Vulnerable code not present) - iceweasel 10.0.3esr-1 [squeeze] - iceweasel <not-affected> (Vulnerable code not present) - iceape <unfixed> [squeeze] - iceape <not-affected> (Vulnerable code not present) -CVE-2012-0459 - RESERVED +CVE-2012-0459 (The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x ...) - icedove <unfixed> [squeeze] - icedove <not-affected> (Vulnerable code not present) - iceweasel 10.0.3esr-1 [squeeze] - iceweasel <not-affected> (Vulnerable code not present) - iceape <unfixed> [squeeze] - iceape <not-affected> (Vulnerable code not present) -CVE-2012-0458 - RESERVED +CVE-2012-0458 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x ...) - icedove <unfixed> - iceweasel 10.0.3esr-1 - iceape <unfixed> -CVE-2012-0457 - RESERVED +CVE-2012-0457 (Use-after-free vulnerability in the ...) - icedove <unfixed> [squeeze] - icedove <not-affected> (Vulnerable code not present) - iceweasel 10.0.3esr-1 [squeeze] - iceweasel <not-affected> (Vulnerable code not present) - iceape <unfixed> [squeeze] - iceape <not-affected> (Vulnerable code not present) -CVE-2012-0456 - RESERVED +CVE-2012-0456 (The SVG Filters implementation in Mozilla Firefox before 3.6.28 and ...) - icedove <unfixed> - iceweasel 10.0.3esr-1 - iceape <unfixed> -CVE-2012-0455 - RESERVED +CVE-2012-0455 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x ...) - icedove <unfixed> - iceweasel 10.0.3esr-1 - iceape <unfixed> -CVE-2012-0454 - RESERVED +CVE-2012-0454 (Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, ...) - iceweasel <not-affected> (Only affects Firefox on Windows) CVE-2012-0453 (Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in ...) - bugzilla <removed> @@ -2846,8 +2838,7 @@ - iceweasel 10.0.1-1 [squeeze] - iceweasel <not-affected> (Only affects Firefox >= 10) - iceape <not-affected> (Vulnerable version never uploaded to the archive) -CVE-2012-0451 - RESERVED +CVE-2012-0451 (CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, ...) - icedove <unfixed> [squeeze] - icedove <not-affected> (CSP introduced in Thunderbird 3.3) - iceweasel 10.0.3esr-1 @@ -2992,8 +2983,8 @@ RESERVED CVE-2012-0405 RESERVED -CVE-2012-0404 - RESERVED +CVE-2012-0404 (Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom ...) + TODO: check CVE-2012-0403 RESERVED CVE-2012-0402 @@ -3004,8 +2995,8 @@ RESERVED CVE-2012-0399 RESERVED -CVE-2012-0398 - RESERVED +CVE-2012-0398 (EMC Documentum eRoom before 7.4.4 does not properly validate session ...) + TODO: check CVE-2012-0397 (Buffer overflow in EMC RSA SecurID Software Token Converter before ...) NOT-FOR-US: EMC RSA SecurID Software Token Converter CVE-2012-0396 (EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly ...) @@ -3097,18 +3088,18 @@ RESERVED CVE-2012-0359 (The Cisco Cius with software before 9.2(1) SR2 allows remote attackers ...) NOT-FOR-US: Cisco Cius -CVE-2012-0358 - RESERVED +CVE-2012-0358 (Buffer overflow in the Cisco Port Forwarder ActiveX control in ...) + TODO: check CVE-2012-0357 RESERVED -CVE-2012-0356 - RESERVED -CVE-2012-0355 - RESERVED -CVE-2012-0354 - RESERVED -CVE-2012-0353 - RESERVED +CVE-2012-0356 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...) + TODO: check +CVE-2012-0355 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...) + TODO: check +CVE-2012-0354 (The Threat Detection feature on Cisco Adaptive Security Appliances ...) + TODO: check +CVE-2012-0353 (The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) ...) + TODO: check CVE-2012-0352 (Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series ...) NOT-FOR-US: Cisco NX-OS CVE-2012-0351 @@ -3593,8 +3584,7 @@ - python2.6 <unfixed> (low; bug #664135) - python2.5 <removed> NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/11 -CVE-2011-4939 [XMPP remote crash] - RESERVED +CVE-2011-4939 (The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin ...) - pidgin <unfixed> (bug #664028) [squeeze] - pidgin <not-affected> (vulnerable code not present) NOTE: http://pidgin.im/news/security/?id=60