Author: corsac Date: 2012-07-07 12:54:01 +0000 (Sat, 07 Jul 2012) New Revision: 19676 Modified: data/CVE/list Log: add CVEs for vlc/naxsi/at-spi2-atk/asterisk Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-07-06 22:08:24 UTC (rev 19675) +++ data/CVE/list 2012-07-07 12:54:01 UTC (rev 19676) @@ -1,8 +1,5 @@ -CVE-2012-XXXX [VLC Ogg demuxer heap overflow] - - vlc 2.0.2-1 -CVE-2012-XXXX [naxsi: file disclosure in nx_extract] - - nginx 1.2.1-2 - [squeeze] - nginx <not-affected> (naxsi package was introduced in 1.1.18-1) +CVE-2012-3863 [asterisk: Possible resource leak on uncompleted re-invite transactions] + - asterisk <unfixed> CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 ...) NOT-FOR-US: Windows utility CVE-2012-3846 (Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin ...) @@ -958,6 +955,7 @@ RESERVED CVE-2012-3382 RESERVED + - mono <unfixed> CVE-2012-3381 [sblim-sfcb: insecure LD_LIBRARY_PATH usage] RESERVED NOT-FOR-US: sblim-sfcb @@ -965,14 +963,18 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=838160 NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/7 NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/8 -CVE-2012-3380 +CVE-2012-3380 [naxsi: file disclosure in nx_extract] + - nginx 1.2.1-2 + [squeeze] - nginx <not-affected> (naxsi package was introduced in 1.1.18-1) +CVE-2012-3379 [as31: insecure file creation in /tmp] RESERVED -CVE-2012-3379 + - as31 2.3.1-5 (bug #655496) +CVE-2012-3378 [at-spi2-atk: insecure tempdir handling] RESERVED -CVE-2012-3378 + - at-spi2-atk 2.5.3-1 (bug #678026) +CVE-2012-3377 [VLC Ogg demuxer heap overflow] RESERVED -CVE-2012-3377 - RESERVED + - vlc 2.0.2-1 CVE-2012-3376 RESERVED CVE-2012-3375