Author: joeyh
Date: 2012-05-17 21:15:09 +0000 (Thu, 17 May 2012)
New Revision: 19264
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-05-17 09:14:35 UTC (rev 19263)
+++ data/CVE/list 2012-05-17 21:15:09 UTC (rev 19264)
@@ -1063,8 +1063,7 @@
CVE-2012-2320
RESERVED
- connman <unfixed> (bug #672989)
-CVE-2012-2319
- RESERVED
+CVE-2012-2319 (Multiple buffer overflows in the hfsplus filesystem
implementation in ...)
- linux-2.6 3.2.17-1 (low)
CVE-2012-2318 [Improper validation of incoming plaintext messages in MSN
protocol plug-in]
RESERVED
@@ -1544,14 +1543,12 @@
CVE-2012-2124
RESERVED
- squirrelmail <not-affected> (Incorrect RedHat security update)
-CVE-2012-2123
- RESERVED
+CVE-2012-2123 (The cap_bprm_set_creds function in security/commoncap.c in the
Linux ...)
{DSA-2469-1}
- linux-2.6 3.2.16-1
CVE-2012-2122
RESERVED
-CVE-2012-2121
- RESERVED
+CVE-2012-2121 (The KVM implementation in the Linux kernel before 3.3.4 does not
...)
- linux-2.6 3.2.17-1
CVE-2012-2120
RESERVED
@@ -2781,8 +2778,7 @@
RESERVED
CVE-2012-1602
RESERVED
-CVE-2012-1601
- RESERVED
+CVE-2012-1601 (The KVM implementation in the Linux kernel before 3.3.6 allows
host OS ...)
{DSA-2469-1}
- linux-2.6 3.2.17-1 (low)
CVE-2012-1600 [XSS from 5.0.4 release]
@@ -3714,8 +3710,7 @@
{DSA-2434-1}
- nginx 1.1.17-1 (bug #664137)
NOTE: http://seclists.org/oss-sec/2012/q1/644
-CVE-2012-1179
- RESERVED
+CVE-2012-1179 (The Linux kernel before 3.3.1, when KVM is used, allows guest OS
users ...)
- linux-2.6 3.2.14-1
CVE-2012-1178 (The msn_oim_report_to_user function in oim.c in the MSN protocol
...)
- pidgin 2.10.2-1 (low; bug #664030)
@@ -3837,8 +3832,7 @@
RESERVED
- expat 2.1.0~beta3-1 (low; bug #663579)
NOTE: resource leak
-CVE-2012-1146
- RESERVED
+CVE-2012-1146 (The mem_cgroup_usage_unregister_event function in
mm/memcontrol.c in ...)
- linux-2.6 3.2.10-1 (low)
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-1145
@@ -3994,8 +3988,7 @@
- ruby-actionpack-2.3 <unfixed> (bug #668977)
- rails 2.3.14
NOTE: (code lives within ruby-actionpack in unstable)
-CVE-2012-1097
- RESERVED
+CVE-2012-1097 (The regset (aka register set) feature in the Linux kernel before
...)
{DSA-2443-1}
- linux-2.6 3.2.10-1 (low)
CVE-2012-1096
@@ -4021,8 +4014,7 @@
NOTE: http://seclists.org/oss-sec/2012/q1/494
CVE-2012-1091
REJECTED
-CVE-2012-1090
- RESERVED
+CVE-2012-1090 (The cifs_lookup function in fs/cifs/dir.c in the Linux kernel
before ...)
{DSA-2443-1}
- linux-2.6 3.2.10-1
CVE-2012-1089 (Directory traversal vulnerability in Apache Wicket 1.4.x before
1.4.20 ...)
@@ -4517,8 +4509,7 @@
RESERVED
CVE-2012-0880
RESERVED
-CVE-2012-0879
- RESERVED
+CVE-2012-0879 (The I/O implementation for block devices in the Linux kernel
before ...)
{DSA-2469-1}
- linux-2.6 2.6.33-1
CVE-2012-0878 (Paste Script 1.7.5 and earlier does not properly set group
memberships ...)
@@ -6979,8 +6970,7 @@
- gridengine 6.2u5-6
NOTE: http://www.securityfocus.com/bid/53123/info
NOTE: http://gridscheduler.sourceforge.net/security.html
-CVE-2012-0207
- RESERVED
+CVE-2012-0207 (The igmp_heard_query function in net/ipv4/igmp.c in the Linux
kernel ...)
- linux-2.6 3.1.8-2 (bug #654876)
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
@@ -7626,8 +7616,7 @@
CVE-2012-0059
RESERVED
NOT-FOR-US: RHN Satellite
-CVE-2012-0058
- RESERVED
+CVE-2012-0058 (The kiocb_batch_free function in fs/aio.c in the Linux kernel
before ...)
- linux-2.6 3.2.2-1
[wheezy] - linux-2.6 <not-affected> (introduced in 3.2-rc1)
[squeeze] - linux-2.6 <not-affected> (introduced in 3.2-rc1)
@@ -7678,8 +7667,7 @@
{DSA-2443-1}
- linux-2.6 3.2.2-1
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2012-0044
- RESERVED
+CVE-2012-0044 (Integer overflow in the drm_mode_dirtyfb_ioctl function in ...)
- linux-2.6 3.1.5-1
[squeeze] - linux-2.6 2.6.32-40
CVE-2012-0043 (Buffer overflow in the reassemble_message function in ...)
@@ -7700,8 +7688,7 @@
NOTE:
http://groups.google.com/group/simplesamlphp-announce/browse_thread/thread/cb96723ee3c6751e
CVE-2012-0039 (** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash
function ...)
- glib2.0 <unfixed> (unimportant; bug #655044)
-CVE-2012-0038
- RESERVED
+CVE-2012-0038 (Integer overflow in the xfs_acl_from_disk function in
fs/xfs/xfs_acl.c ...)
- linux-2.6 3.2.1-1
[squeeze] - linux-2.6 2.6.32-41
CVE-2012-0037
@@ -7967,8 +7954,7 @@
CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83,
and ...)
{DSA-2389-1}
- linux-2.6 3.1.8-1
-CVE-2011-4621
- RESERVED
+CVE-2011-4621 (The Linux kernel before 2.6.37 does not properly implement a
certain ...)
- linux-2.6 2.6.37-1
CVE-2011-4620 (Buffer overflow in the ulSetError function in util/ulError.cxx
in PLIB ...)
{DSA-2425-1}
@@ -8007,8 +7993,7 @@
- icecast2 <unfixed> (bug #652663)
[lenny] - icecast2 <no-dsa> (Minor issue)
[squeeze] - icecast2 <no-dsa> (Minor issue)
-CVE-2011-4611
- RESERVED
+CVE-2011-4611 (Integer overflow in the perf_event_interrupt function in ...)
{DSA-2389-1}
- linux-2.6 3.0.0-1
CVE-2011-4610
@@ -8066,8 +8051,7 @@
CVE-2011-4595
RESERVED
NOT-FOR-US: WordPress pretty-link plugin
-CVE-2011-4594
- RESERVED
+CVE-2011-4594 (The __sys_sendmsg function in net/socket.c in the Linux kernel
before ...)
- linux-2.6 3.1-1
[squeeze] - linux-2.6 <not-affected> (Introduced and fixed during 3.1
dev cycle)
[lenny] - linux-2.6 <not-affected> (Introduced and fixed during 3.1 dev
cycle)
@@ -8815,8 +8799,7 @@
RESERVED
- openssh <not-affected> (Only affects platforms w/o /dev/random)
NOTE: http://www.openssh.com/txt/portable-keysign-rand-helper.adv
-CVE-2011-4326
- RESERVED
+CVE-2011-4326 (The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux
kernel ...)
- linux-2.6 2.6.39-1
[squeeze] - linux-2.6 2.6.32-40
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -9456,8 +9439,7 @@
CVE-2011-4132 (The cleanup_journal_tail function in the Journaling Block Device
(JBD) ...)
- linux-2.6 3.1.6-1
[squeeze] - linux-2.6 2.6.32-40
-CVE-2011-4131
- RESERVED
+CVE-2011-4131 (The NFSv4 implementation in the Linux kernel before 3.2.2 does
not ...)
- linux-2.6 3.2.9-1
CVE-2011-4130 (Use-after-free vulnerability in the Response API in ProFTPD
before ...)
{DSA-2346-2 DSA-2346-1}
@@ -9510,8 +9492,7 @@
[squeeze] - libpar-packer-perl 1.006-1+squeeze1
CVE-2011-4113 (SQL injection vulnerability in the Views module before 6.x-2.13
for ...)
- drupal6-mod-views 2.14-1
-CVE-2011-4112
- RESERVED
+CVE-2011-4112 (The net subsystem in the Linux kernel before 3.1 does not
properly ...)
- linux-2.6 3.1-1 (unimportant)
NOTE: Turned out to be a non-issue,
http://www.openwall.com/lists/oss-security/2011/11/24/3
CVE-2011-4111
@@ -9567,8 +9548,7 @@
[squeeze] - libcap2 1:2.19-3
CVE-2011-4098
RESERVED
-CVE-2011-4097
- RESERVED
+CVE-2011-4097 (Integer overflow in the oom_badness function in mm/oom_kill.c in
the ...)
- linux-2.6 3.0.0-6
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
@@ -11082,8 +11062,7 @@
RESERVED
- linux-2.6 3.0.0-1
[squeeze] - linux-2.6 2.6.32-40
-CVE-2011-3637
- RESERVED
+CVE-2011-3637 (The m_stop function in fs/proc/task_mmu.c in the Linux kernel
before ...)
- linux-2.6 2.6.39-1
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)