thr3ads.net - Secure testing commits - [Secure-testing-commits] r19110

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-May-01 21:14 UTC
[Secure-testing-commits] r19110 - data/CVE

Author: joeyh
Date: 2012-05-01 21:14:30 +0000 (Tue, 01 May 2012)
New Revision: 19110

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-05-01 19:26:56 UTC (rev 19109)
+++ data/CVE/list	2012-05-01 21:14:30 UTC (rev 19110)
@@ -1,9 +1,199 @@
-CVE-2012-2416 [http://downloads.asterisk.org/pub/security/AST-2012-006.html]
+CVE-2012-2445
+	RESERVED
+CVE-2012-2444
+	RESERVED
+CVE-2012-2443
+	RESERVED
+CVE-2012-2442
+	RESERVED
+CVE-2012-2441 (RuggedCom Rugged Operating System (ROS) before 3.3 has a factory
...)
+	TODO: check
+CVE-2012-2440 (The default configuration of the TP-Link 8840T router enables
...)
+	TODO: check
+CVE-2012-2439 (The default configuration of the NETGEAR ProSafe FVS318N
firewall ...)
+	TODO: check
+CVE-2012-2438
+	RESERVED
+CVE-2012-2437
+	RESERVED
+CVE-2012-2436
+	RESERVED
+CVE-2012-2435
+	RESERVED
+CVE-2012-2434
+	RESERVED
+CVE-2012-2433
+	RESERVED
+CVE-2012-2432
+	RESERVED
+CVE-2012-2431
+	RESERVED
+CVE-2012-2430
+	RESERVED
+CVE-2012-2429
+	RESERVED
+CVE-2012-2428
+	RESERVED
+CVE-2012-2427
+	RESERVED
+CVE-2012-2426
+	RESERVED
+CVE-2012-2425 (The intu-help-qb (aka Intuit Help System Async Pluggable
Protocol) ...)
+	TODO: check
+CVE-2012-2424 (The intu-help-qb (aka Intuit Help System Async Pluggable
Protocol) ...)
+	TODO: check
+CVE-2012-2423 (The intu-help-qb (aka Intuit Help System Async Pluggable
Protocol) ...)
+	TODO: check
+CVE-2012-2422 (Intuit QuickBooks 2009 through 2012 might allow remote attackers
to ...)
+	TODO: check
+CVE-2012-2421 (Absolute path traversal vulnerability in the intu-help-qb (aka
Intuit ...)
+	TODO: check
+CVE-2012-2420 (The intu-help-qb (aka Intuit Help System Async Pluggable
Protocol) ...)
+	TODO: check
+CVE-2012-2419 (Memory leak in the intu-help-qb (aka Intuit Help System Async
...)
+	TODO: check
+CVE-2012-2418 (Heap-based buffer overflow in the intu-help-qb (aka Intuit Help
System ...)
+	TODO: check
+CVE-2012-2417
+	RESERVED
+CVE-2012-2413
+	RESERVED
+CVE-2012-2412
+	RESERVED
+CVE-2012-2411
+	RESERVED
+CVE-2012-2410
+	RESERVED
+CVE-2012-2409
+	RESERVED
+CVE-2012-2408
+	RESERVED
+CVE-2012-2407
+	RESERVED
+CVE-2012-2406
+	RESERVED
+CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly
implement ...)
+	TODO: check
+CVE-2012-2404 (wp-comments-post.php in WordPress before 3.3.2 supports offsite
...)
+	TODO: check
+CVE-2012-2403 (wp-includes/formatting.php in WordPress before 3.3.2 attempts to
...)
+	TODO: check
+CVE-2012-2402 (wp-admin/plugins.php in WordPress before 3.3.2 allows remote
...)
+	TODO: check
+CVE-2012-2401 (Plupload before 1.5.4, as used in wp-includes/js/plupload/ in
...)
+	TODO: check
+CVE-2012-2400 (Unspecified vulnerability in wp-includes/js/swfobject.js in
WordPress ...)
+	TODO: check
+CVE-2012-2399 (Unspecified vulnerability in
wp-includes/js/swfupload/swfupload.swf in ...)
+	TODO: check
+CVE-2010-5136
+	RESERVED
+CVE-2010-5135
+	RESERVED
+CVE-2010-5134
+	RESERVED
+CVE-2010-5133
+	RESERVED
+CVE-2010-5132
+	RESERVED
+CVE-2010-5131
+	RESERVED
+CVE-2010-5130
+	RESERVED
+CVE-2010-5129
+	RESERVED
+CVE-2010-5128
+	RESERVED
+CVE-2010-5127
+	RESERVED
+CVE-2010-5126
+	RESERVED
+CVE-2010-5125
+	RESERVED
+CVE-2010-5124
+	RESERVED
+CVE-2010-5123
+	RESERVED
+CVE-2010-5122
+	RESERVED
+CVE-2010-5121
+	RESERVED
+CVE-2010-5120
+	RESERVED
+CVE-2010-5119
+	RESERVED
+CVE-2010-5118
+	RESERVED
+CVE-2010-5117
+	RESERVED
+CVE-2010-5116
+	RESERVED
+CVE-2010-5115
+	RESERVED
+CVE-2010-5114
+	RESERVED
+CVE-2010-5113
+	RESERVED
+CVE-2010-5112
+	RESERVED
+CVE-2010-5111
+	RESERVED
+CVE-2010-5110
+	RESERVED
+CVE-2010-5109
+	RESERVED
+CVE-2010-5108
+	RESERVED
+CVE-2010-5107
+	RESERVED
+CVE-2010-5106
+	RESERVED
+CVE-2010-5105
+	RESERVED
+CVE-2010-5104
+	RESERVED
+CVE-2010-5103
+	RESERVED
+CVE-2010-5102
+	RESERVED
+CVE-2010-5101
+	RESERVED
+CVE-2010-5100
+	RESERVED
+CVE-2010-5099
+	RESERVED
+CVE-2010-5098
+	RESERVED
+CVE-2010-5097
+	RESERVED
+CVE-2010-5096
+	RESERVED
+CVE-2010-5095
+	RESERVED
+CVE-2010-5094
+	RESERVED
+CVE-2010-5093
+	RESERVED
+CVE-2010-5092
+	RESERVED
+CVE-2010-5091
+	RESERVED
+CVE-2010-5090
+	RESERVED
+CVE-2010-5089
+	RESERVED
+CVE-2010-5088
+	RESERVED
+CVE-2010-5087
+	RESERVED
+CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source
1.8.x ...)
 	- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
 	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
-CVE-2012-2415
+CVE-2012-2415 (Heap-based buffer overflow in chan_skinny.c in the Skinny
channel ...)
+	{DSA-2460-1}
 	- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
-CVE-2012-2414
+CVE-2012-2414 (main/manager.c in the Manager Interface in Asterisk Open Source
...)
+	{DSA-2460-1}
 	- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
 CVE-2012-2398 (Cross-site scripting (XSS) vulnerability in
files/ajax/download.php in ...)
 	NOT-FOR-US: ownCloud
@@ -341,8 +531,8 @@
 	NOT-FOR-US: PHP Gift Registry
 CVE-2012-2235
 	RESERVED
-CVE-2012-2234
-	RESERVED
+CVE-2012-2234 (Cross-site scripting (XSS) vulnerability in
sources/users.queries.php ...)
+	TODO: check
 CVE-2012-2233
 	RESERVED
 CVE-2012-2232
@@ -387,10 +577,10 @@
 	NOT-FOR-US: Novell ZENworks Configuration Management
 CVE-2012-2214
 	RESERVED
-CVE-2012-2213
-	RESERVED
-CVE-2012-2212
-	RESERVED
+CVE-2012-2213 (** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the
...)
+	TODO: check
+CVE-2012-2212 (** DISPUTED ** McAfee Web Gateway 7.0 allows remote attackers to
...)
+	TODO: check
 CVE-2012-2211
 	RESERVED
 CVE-2012-XXXX [libpng electric fence crash]
@@ -539,9 +729,9 @@
 CVE-2012-2142
 	RESERVED
 CVE-2012-2141 [Array index error, leading to out-of heap-based buffer read
(snmpd crash)]
+	RESERVED
 	- net-snmp <unfixed>
 	NOTE:  Red Hat patch:
https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff
-	RESERVED
 CVE-2012-2140
 	RESERVED
 CVE-2012-2139
@@ -553,6 +743,7 @@
 CVE-2012-2136
 	RESERVED
 CVE-2012-2135 [Python UTF-16 decoder crasher]
+	RESERVED
 	- python3.1 <unfixed> (bug #670389)
 	- python3.2 <unfixed> (bug #670389)
 	- python3.3 <unfixed>
@@ -565,8 +756,8 @@
 	RESERVED
 	TODO: check
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=758431
-CVE-2012-2131 [ASN1 BIO incomplete fix]
-	RESERVED
+CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in
...)
+	{DSA-2454-2}
 	- openssl <not-affected> (only affected patch against 0.9.8)
 	NOTE: http://marc.info/?l=openssl-dev&m=133525318514423&w=2
 CVE-2012-2130
@@ -629,8 +820,7 @@
 	{DSA-2455-1}
 	- typo3-src <unfixed> (bug #669158)
 	NOTE:
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/
-CVE-2012-2111 [Incorrect permission checks when granting/removing privileges]
-	RESERVED
+CVE-2012-2111 (The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights,
and (4) ...)
 	- samba <unfixed>
 	NOTE: http://www.samba.org/samba/history/samba-3.6.5.html
 	NOTE: According to the release notes Samba 3.4.x to 3.6.4 are affected
@@ -1346,8 +1536,8 @@
 	NOT-FOR-US: Koyo ECOM
 CVE-2012-1804
 	RESERVED
-CVE-2012-1803
-	RESERVED
+CVE-2012-1803 (RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a
...)
+	TODO: check
 CVE-2012-1802 (Buffer overflow in the embedded web server on the Siemens
Scalance X ...)
 	NOT-FOR-US: Siemens Scalance X
 CVE-2012-1801 (Multiple stack-based buffer overflows in (1) COM and (2) ActiveX
...)
@@ -1358,6 +1548,7 @@
 	NOT-FOR-US: Siemens Scalance S
 CVE-2012-1798
 	RESERVED
+	{DSA-2462-1}
 	- imagemagick 8:6.7.4.0-4 (bug #667635)
 CVE-2012-1797 (IBM DB2 9.5 uses world-writable permissions for nodes.reg, which
has ...)
 	NOT-FOR-US: IBM DB2
@@ -1812,6 +2003,7 @@
 	- joomla <itp> (bug #571794)
 CVE-2012-1610
 	RESERVED
+	{DSA-2462-1}
 	- imagemagick 8:6.7.4.0-4 (bug #667635)
 CVE-2012-1609
 	RESERVED
@@ -1903,8 +2095,7 @@
 	- dietlibc 0.33~cvs20120325-1 (unimportant)
 CVE-2012-1576
 	RESERVED
-CVE-2012-1575
-	RESERVED
+CVE-2012-1575 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin
before ...)
 	NOT-FOR-US: cumin
 CVE-2012-1574 (The Kerberos/MapReduce security functionality in Apache Hadoop
...)
 	NOT-FOR-US: Apache Hadoop
@@ -2028,8 +2219,8 @@
 	RESERVED
 CVE-2012-1522
 	RESERVED
-CVE-2012-1521
-	RESERVED
+CVE-2012-1521 (Use-after-free vulnerability in the XML parser in Google Chrome
before ...)
+	TODO: check
 CVE-2012-1520
 	RESERVED
 CVE-2012-1519
@@ -2603,14 +2794,14 @@
 	RESERVED
 CVE-2012-1246
 	RESERVED
-CVE-2012-1245
-	RESERVED
-CVE-2012-1244
-	RESERVED
-CVE-2012-1243
-	RESERVED
-CVE-2012-1242
-	RESERVED
+CVE-2012-1245 (Cross-site scripting (XSS) vulnerability in the cleanup_urls
function ...)
+	TODO: check
+CVE-2012-1244 (The NTT DOCOMO sp mode mail application 5400 and earlier for
Android ...)
+	TODO: check
+CVE-2012-1243 (The TwitRocker2 application before 1.0.23 for Android does not
...)
+	TODO: check
+CVE-2012-1242 (Untrusted search path vulnerability in JustSystems Ichitaro 2011
Sou, ...)
+	TODO: check
 CVE-2012-1241 (GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before
1.8.7 ...)
 	NOT-FOR-US: ActiveScriptRuby
 CVE-2012-1240 (Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo
...)
@@ -2740,9 +2931,11 @@
 	[squeeze] - bitlbee <no-dsa> (Minor issue)
 CVE-2012-1186
 	RESERVED
+	{DSA-2462-1}
 	- imagemagick 8:6.6.9.7-7 (bug #665007) 
 CVE-2012-1185
 	RESERVED
+	{DSA-2462-1}
 	- imagemagick 8:6.6.9.7-7 (bug #665007) 
 CVE-2012-1184 [Asterisk: Stack Buffer Overflow in HTTP Manager]
 	RESERVED
@@ -2750,6 +2943,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
 CVE-2012-1183 [Asterisk: Remote Crash Vulnerability in Milliwatt Application]
 	RESERVED
+	{DSA-2460-1}
 	- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
 CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before
...)
@@ -2891,80 +3085,61 @@
 CVE-2012-1145
 	RESERVED
 	NOT-FOR-US: RHN Satellite
-CVE-2012-1144
-	RESERVED
+CVE-2012-1144 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	{DSA-2428-1}
 	- freetype 2.4.9-1 (bug #662864)
-CVE-2012-1143
-	RESERVED
+CVE-2012-1143 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	- freetype 2.4.9-1 (unimportant; bug #662864)
 	NOTE: Crash only
-CVE-2012-1142
-	RESERVED
+CVE-2012-1142 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	{DSA-2428-1}
 	- freetype 2.4.9-1 (bug #662864)
-CVE-2012-1141
-	RESERVED
+CVE-2012-1141 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	- freetype 2.4.9-1 (unimportant; bug #662864)
 	NOTE: Crash only
-CVE-2012-1140
-	RESERVED
+CVE-2012-1140 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	- freetype 2.4.9-1 (unimportant; bug #662864)
 	NOTE: Crash only
-CVE-2012-1139
-	RESERVED
+CVE-2012-1139 (Array index error in FreeType before 2.4.9, as used in Mozilla
Firefox ...)
 	- freetype 2.4.9-1 (unimportant; bug #662864)
 	NOTE: Crash only
-CVE-2012-1138
-	RESERVED
+CVE-2012-1138 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	- freetype 2.4.9-1 (unimportant; bug #662864)
 	NOTE: Crash only
-CVE-2012-1137
-	RESERVED
+CVE-2012-1137 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	- freetype 2.4.9-1 (unimportant; bug #662864)
 	NOTE: Crash only
-CVE-2012-1136
-	RESERVED
+CVE-2012-1136 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	{DSA-2428-1}
 	- freetype 2.4.9-1 (bug #662864)
-CVE-2012-1135
-	RESERVED
+CVE-2012-1135 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	- freetype 2.4.9-1 (unimportant; bug #662864)
 	NOTE: Crash only
-CVE-2012-1134
-	RESERVED
+CVE-2012-1134 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	{DSA-2428-1}
 	- freetype 2.4.9-1 (bug #662864)
-CVE-2012-1133
-	RESERVED
+CVE-2012-1133 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	{DSA-2428-1}
 	- freetype 2.4.9-1 (bug #662864)
-CVE-2012-1132
-	RESERVED
+CVE-2012-1132 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	- freetype 2.4.9-1 (unimportant; bug #662864)
 	NOTE: Crash only
-CVE-2012-1131
-	RESERVED
+CVE-2012-1131 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	- freetype 2.4.9-1 (unimportant; bug #662864)
 	NOTE: Crash only
-CVE-2012-1130
-	RESERVED
+CVE-2012-1130 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	- freetype 2.4.9-1 (unimportant; bug #662864)
 	NOTE: Crash only
-CVE-2012-1129
-	RESERVED
+CVE-2012-1129 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	- freetype 2.4.9-1 (unimportant; bug #662864)
 	NOTE: Crash only
-CVE-2012-1128
-	RESERVED
+CVE-2012-1128 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	- freetype 2.4.9-1 (unimportant; bug #662864)
 	NOTE: Crash only
-CVE-2012-1127
-	RESERVED
+CVE-2012-1127 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	- freetype 2.4.9-1 (unimportant; bug #662864)
 	NOTE: Crash only
-CVE-2012-1126
-	RESERVED
+CVE-2012-1126 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before
10.0.4 ...)
 	- freetype 2.4.9-1 (unimportant; bug #662864)
 	NOTE: Crash only
 CVE-2012-1125
@@ -3005,8 +3180,7 @@
 	RESERVED
 	- phpldapadmin 1.2.2-3 (bug #662050)
 	- ldap-account-manager 3.6-2 (bug #661904)
-CVE-2012-1113
-	RESERVED
+CVE-2012-1113 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	- gallery2 <unfixed>
 	NOTE: see redhat link
 CVE-2012-1112
@@ -3415,8 +3589,7 @@
 	RESERVED
 CVE-2012-0947
 	RESERVED
-CVE-2012-0946
-	RESERVED
+CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to
access ...)
 	- nvidia-graphics-drivers 295.40-1
 	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 CVE-2012-0945
@@ -3492,6 +3665,7 @@
 	RESERVED
 CVE-2012-0920
 	RESERVED
+	{DSA-2456-1}
 	- dropbear 2012.55-1 (low; bug #661150)
 	NOTE: this is limited to authenticated users with enforced command
restrictions
 CVE-2012-0919 (Cross-site scripting (XSS) vulnerability in Hitachi IT
Operations ...)
@@ -3635,8 +3809,7 @@
 	RESERVED
 	- eglibc <unfixed> (low; bug #660611)
 	[squeeze] - eglibc <no-dsa> (Hardening bypass, can be fixed in next
point update)
-CVE-2012-0863 [mumble info disclosure]
-	RESERVED
+CVE-2012-0863 (Mumble 1.2.3 and earlier uses world-readable permissions for
...)
 	{DSA-2411-1}
 	- mumble 1.2.3-3 (bug #659039)
 CVE-2012-0862
@@ -3969,14 +4142,14 @@
 	RESERVED
 CVE-2012-0744
 	RESERVED
-CVE-2012-0743
-	RESERVED
+CVE-2012-0743 (IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote
...)
+	TODO: check
 CVE-2012-0742 (IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and ...)
 	NOT-FOR-US: IBM Tivoli Event Pump
 CVE-2012-0741
 	RESERVED
-CVE-2012-0740
-	RESERVED
+CVE-2012-0740 (Cross-site scripting (XSS) vulnerability in the Web Admin Tool
in IBM ...)
+	TODO: check
 CVE-2012-0739
 	RESERVED
 CVE-2012-0738
@@ -4003,8 +4176,8 @@
 	RESERVED
 CVE-2012-0727
 	RESERVED
-CVE-2012-0726
-	RESERVED
+CVE-2012-0726 (The default configuration of TLS in IBM Tivoli Directory Server
(TDS) ...)
+	TODO: check
 CVE-2012-0725 (Adobe Flash Player before 11.2.202.229 in Google Chrome before
...)
 	TODO: check
 CVE-2012-0724 (Adobe Flash Player before 11.2.202.229 in Google Chrome before
...)
@@ -4039,8 +4212,8 @@
 	NOT-FOR-US: IBM DB2
 CVE-2012-0709 (IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4
does not ...)
 	NOT-FOR-US: IBM DB2
-CVE-2012-0708
-	RESERVED
+CVE-2012-0708 (Heap-based buffer overflow in the Ole API in the CQOle ActiveX
control ...)
+	TODO: check
 CVE-2012-0707 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Lombardi ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2012-0706
@@ -4099,7 +4272,7 @@
 	- webkit <undetermined>
 CVE-2012-0694
 	RESERVED
-CVE-2012-0693 (submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows
remote ...)
+CVE-2012-0693 (** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS)
5.03 ...)
 	NOT-FOR-US: WHMCompleteSolution
 CVE-2012-0692
 	RESERVED
@@ -4583,24 +4756,23 @@
 	NOT-FOR-US: Final Draft
 CVE-2011-5058 (The CmbWebserver.dll module of the Control service in 3S CoDeSys
3.4 ...)
 	NOT-FOR-US: 3S CoDeSys
-CVE-2012-0479
-	RESERVED
+CVE-2012-0479 (Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before
10.0.4, ...)
+	{DSA-2458-1 DSA-2457-1}
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.4esr-1
 	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
 	- iceape 2.7.4-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0478
-	RESERVED
+CVE-2012-0478 (The texImage2D implementation in the WebGL subsystem in Mozilla
...)
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.4esr-1
 	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
 	- iceape 2.7.4-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0477
-	RESERVED
+CVE-2012-0477 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla
Firefox ...)
+	{DSA-2458-1 DSA-2457-1}
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.4esr-1
@@ -4609,8 +4781,7 @@
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0476
 	RESERVED
-CVE-2012-0475
-	RESERVED
+CVE-2012-0475 (Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0,
and ...)
 	- icedove <unfixed> (low)
 	[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
 	- iceweasel 12.0-1 (low)
@@ -4618,70 +4789,63 @@
 	- iceape <unfixed> (low)
 	[squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
 	NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9
-CVE-2012-0474
-	RESERVED
+CVE-2012-0474 (Cross-site scripting (XSS) vulnerability in the docshell ...)
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.4esr-1
 	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
 	- iceape 2.7.4-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0473
-	RESERVED
+CVE-2012-0473 (The WebGLBuffer::FindMaxUshortElement function in Mozilla
Firefox 4.x ...)
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.4esr-1
 	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
 	- iceape 2.7.4-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0472
-	RESERVED
+CVE-2012-0472 (The cairo-dwrite implementation in Mozilla Firefox 4.x through
11.0, ...)
 	- icedove <not-affected> (Windows-specific)
 	- iceweasel <not-affected> (Windows-specific)
 	- iceape <not-affected> (Windows-specific)
-CVE-2012-0471
-	RESERVED
+CVE-2012-0471 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x
...)
+	{DSA-2458-1 DSA-2457-1}
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.4esr-1
 	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
 	- iceape 2.7.4-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0470
-	RESERVED
+CVE-2012-0470 (Heap-based buffer overflow in the ...)
+	{DSA-2458-1 DSA-2457-1}
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.4esr-1
 	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
 	- iceape 2.7.4-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0469
-	RESERVED
+CVE-2012-0469 (Use-after-free vulnerability in the ...)
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.4esr-1
 	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
 	- iceape 2.7.4-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0468
-	RESERVED
+CVE-2012-0468 (The browser engine in Mozilla Firefox 4.x through 11.0,
Thunderbird ...)
 	- icedove <not-affected> (Only affects Firefox 11 and above)
 	- iceweasel <not-affected> (Only affects Firefox 11 and above)
 	- iceape <not-affected> (Only affects Firefox 11 and above)
-CVE-2012-0467
-	RESERVED
+CVE-2012-0467 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
+	{DSA-2458-1 DSA-2457-1}
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.4esr-1
 	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
 	- iceape 2.7.4-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
-CVE-2012-0466
-	RESERVED
+CVE-2012-0466 (template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x
before ...)
 	- bugzilla <removed> (low)
 	[squeeze] - bugzilla <no-dsa> (Minor issue)
-CVE-2012-0465
-	RESERVED
+CVE-2012-0465 (Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before
4.0.6, ...)
 	- bugzilla <removed> (low)
 	[squeeze] - bugzilla <no-dsa> (Minor issue)
 CVE-2012-0464 (Use-after-free vulnerability in the browser engine in Mozilla
Firefox ...)
@@ -4701,7 +4865,7 @@
 	- iceape 2.7.3-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0461 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
-	{DSA-2437-1 DSA-2433-1}
+	{DSA-2458-1 DSA-2437-1 DSA-2433-1}
 	- icedove <unfixed>
 	- iceweasel 10.0.3esr-1
 	- iceape 2.7.3-1
@@ -4720,7 +4884,7 @@
 	- iceape 2.7.3-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0458 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR
10.x ...)
-	{DSA-2437-1 DSA-2433-1}
+	{DSA-2458-1 DSA-2437-1 DSA-2433-1}
 	- icedove <unfixed>
 	- iceweasel 10.0.3esr-1
 	- iceape 2.7.3-1
@@ -4732,12 +4896,12 @@
 	- iceape 2.7.3-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0456 (The SVG Filters implementation in Mozilla Firefox before 3.6.28
and ...)
-	{DSA-2437-1 DSA-2433-1}
+	{DSA-2458-1 DSA-2437-1 DSA-2433-1}
 	- icedove <unfixed>
 	- iceweasel 10.0.3esr-1
 	- iceape 2.7.3-1
 CVE-2012-0455 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR
10.x ...)
-	{DSA-2437-1 DSA-2433-1}
+	{DSA-2458-1 DSA-2437-1 DSA-2433-1}
 	- icedove <unfixed>
 	- iceweasel 10.0.3esr-1
 	- iceape 2.7.3-1
@@ -5267,8 +5431,8 @@
 	- csound 1:5.16.6~dfsg-1 (bug #661197)
 	NOTE: http://secunia.com/secunia_research/2012-3/
 	NOTE:
http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=7d617a9551fb6c552ba16874b71266fcd90f3a6f
-CVE-2012-0269
-	RESERVED
+CVE-2012-0269 (Buffer overflow in JustSystems Ichitaro 2011 Sou, Ichitaro 2006
...)
+	TODO: check
 CVE-2012-0268 (Integer overflow in the CYImage::LoadJPG method in YImage.dll in
...)
 	NOT-FOR-US: Yahoo! Messenger
 CVE-2012-0267 (The StopModule method in the NTR ActiveX control before 2.0.4.8
allows ...)
@@ -5693,9 +5857,11 @@
 	RESERVED
 CVE-2012-0260
 	RESERVED
+	{DSA-2462-1}
 	- imagemagick 8:6.7.4.0-4 (bug #667635)
 CVE-2012-0259
 	RESERVED
+	{DSA-2462-1}
 	- imagemagick 8:6.7.4.0-4 (bug #667635)
 CVE-2012-0258 (Heap-based buffer overflow in the WWCabFile ActiveX component in
the ...)
 	NOT-FOR-US: Invensys Wonderware Application Server
@@ -5704,6 +5870,7 @@
 CVE-2012-0256 (Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x
before ...)
 	- trafficserver 3.0.4-1 
 CVE-2012-0255 (The BGP implementation in bgpd in Quagga before 0.99.20.1 does
not ...)
+	{DSA-2459-1}
 	- quagga 0.99.20.1-1
 CVE-2012-0254
 	RESERVED
@@ -5714,8 +5881,10 @@
 CVE-2012-0251
 	RESERVED
 CVE-2012-0250 (Buffer overflow in the OSPFv2 implementation in ospfd in Quagga
before ...)
+	{DSA-2459-1}
 	- quagga 0.99.20.1-1
 CVE-2012-0249 (Buffer overflow in the ospf_ls_upd_list_lsa function in
ospf_packet.c ...)
+	{DSA-2459-1}
 	- quagga 0.99.20.1-1
 CVE-2012-0248
 	RESERVED
@@ -5988,8 +6157,7 @@
 	RESERVED
 CVE-2012-0217
 	RESERVED
-CVE-2012-0216 [apache2 insecure default config]
-	RESERVED
+CVE-2012-0216 (The default configuration of the apache2 package in Debian
GNU/Linux ...)
 	{DSA-2452-1}
 	- apache2 2.2.22-4 (low)
 CVE-2012-0215 [tryton-server privilege escalation through Many2Many editing]
@@ -11757,14 +11925,14 @@
 	RESERVED
 CVE-2011-3082
 	RESERVED
-CVE-2011-3081
-	RESERVED
-CVE-2011-3080
-	RESERVED
-CVE-2011-3079
-	RESERVED
-CVE-2011-3078
-	RESERVED
+CVE-2011-3081 (Use-after-free vulnerability in Google Chrome before
18.0.1025.168 ...)
+	TODO: check
+CVE-2011-3080 (Race condition in the Inter-process Communication (IPC)
implementation ...)
+	TODO: check
+CVE-2011-3079 (The Inter-process Communication (IPC) implementation in Google
Chrome ...)
+	TODO: check
+CVE-2011-3078 (Use-after-free vulnerability in Google Chrome before
18.0.1025.168 ...)
+	TODO: check
 CVE-2011-3077 (Use-after-free vulnerability in Google Chrome before
18.0.1025.151 ...)
 	- chromium-browser 18.0.1025.151~r130497-1
 CVE-2011-3076 (Use-after-free vulnerability in Google Chrome before
18.0.1025.151 ...)
Secure testing commits - May 2012 - r19110 - data/CVE

[Secure-testing-commits] r19110 - data/CVE
