thr3ads.net - Secure testing commits - [Secure-testing-commits] r20041

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-Aug-28 09:14 UTC
[Secure-testing-commits] r20041 - data/CVE

Author: joeyh
Date: 2012-08-28 09:14:23 +0000 (Tue, 28 Aug 2012)
New Revision: 20041

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-08-28 05:55:58 UTC (rev 20040)
+++ data/CVE/list	2012-08-28 09:14:23 UTC (rev 20041)
@@ -1,7 +1,279 @@
+CVE-2012-4681 (Oracle Java 7 Update 6, and possibly other versions, allows
remote ...)
+	TODO: check
+CVE-2012-4680 (Directory traversal vulnerability in the XML Server in IOServer
before ...)
+	TODO: check
+CVE-2012-4679 (Cross-site scripting (XSS) vulnerability in admin/login.php in
...)
+	TODO: check
+CVE-2012-4678 (munin-cgi-graph for Munin 2.0 rc4 does not delete temporary
files, ...)
+	TODO: check
+CVE-2012-4677 (Tunnelblick 3.3beta20 and earlier allows local users to gain
...)
+	TODO: check
+CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20
and ...)
+	TODO: check
+CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows
remote ...)
+	TODO: check
+CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the
installation ...)
+	TODO: check
+CVE-2012-4673 (SQL injection vulnerability in
application/controllers/invoice.php in ...)
+	TODO: check
+CVE-2012-4672 (Apple iChat Server does not verify that a request was made for
an XMPP ...)
+	TODO: check
+CVE-2012-4671 (psyced before 20120821 does not verify that a request was made
for an ...)
+	TODO: check
+CVE-2012-4670 (Tigase XMPP Server before 5.1.0 does not verify that a request
was ...)
+	TODO: check
+CVE-2012-4669 (M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not
verify ...)
+	TODO: check
+CVE-2012-4666
+	RESERVED
+CVE-2012-4665
+	RESERVED
+CVE-2012-4664
+	RESERVED
+CVE-2012-4663
+	RESERVED
+CVE-2012-4662
+	RESERVED
+CVE-2012-4661
+	RESERVED
+CVE-2012-4660
+	RESERVED
+CVE-2012-4659
+	RESERVED
+CVE-2012-4658
+	RESERVED
+CVE-2012-4657
+	RESERVED
+CVE-2012-4656
+	RESERVED
+CVE-2012-4655
+	RESERVED
+CVE-2012-4654
+	RESERVED
+CVE-2012-4653
+	RESERVED
+CVE-2012-4652
+	RESERVED
+CVE-2012-4651
+	RESERVED
+CVE-2012-4650
+	RESERVED
+CVE-2012-4649
+	RESERVED
+CVE-2012-4648
+	RESERVED
+CVE-2012-4647
+	RESERVED
+CVE-2012-4646
+	RESERVED
+CVE-2012-4645
+	RESERVED
+CVE-2012-4644
+	RESERVED
+CVE-2012-4643
+	RESERVED
+CVE-2012-4642
+	RESERVED
+CVE-2012-4641
+	RESERVED
+CVE-2012-4640
+	RESERVED
+CVE-2012-4639
+	RESERVED
+CVE-2012-4638
+	RESERVED
+CVE-2012-4637
+	RESERVED
+CVE-2012-4636
+	RESERVED
+CVE-2012-4635
+	RESERVED
+CVE-2012-4634
+	RESERVED
+CVE-2012-4633
+	RESERVED
+CVE-2012-4632
+	RESERVED
+CVE-2012-4631
+	RESERVED
+CVE-2012-4630
+	RESERVED
+CVE-2012-4629
+	RESERVED
+CVE-2012-4628
+	RESERVED
+CVE-2012-4627
+	RESERVED
+CVE-2012-4626
+	RESERVED
+CVE-2012-4625
+	RESERVED
+CVE-2012-4624
+	RESERVED
+CVE-2012-4623
+	RESERVED
+CVE-2012-4622
+	RESERVED
+CVE-2012-4621
+	RESERVED
+CVE-2012-4620
+	RESERVED
+CVE-2012-4619
+	RESERVED
+CVE-2012-4618
+	RESERVED
+CVE-2012-4617
+	RESERVED
+CVE-2012-4616
+	RESERVED
+CVE-2012-4615
+	RESERVED
+CVE-2012-4614
+	RESERVED
+CVE-2012-4613
+	RESERVED
+CVE-2012-4612
+	RESERVED
+CVE-2012-4611
+	RESERVED
+CVE-2012-4610
+	RESERVED
+CVE-2012-4609
+	RESERVED
+CVE-2012-4608
+	RESERVED
+CVE-2012-4607
+	RESERVED
+CVE-2011-5127 (Directory traversal vulnerability in Blue Coat Reporter 9.x
before ...)
+	TODO: check
+CVE-2011-5126 (Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS
6.2.2.1 ...)
+	TODO: check
+CVE-2011-5125 (Cross-site scripting (XSS) vulnerability in Blue Coat Director
before ...)
+	TODO: check
+CVE-2011-5124 (Stack-based buffer overflow in the BCAAA component before build
60258, ...)
+	TODO: check
+CVE-2011-5123 (The Antivirus component in Comodo Internet Security before ...)
+	TODO: check
+CVE-2011-5122 (The Antivirus component in Comodo Internet Security before ...)
+	TODO: check
+CVE-2011-5121 (The Antivirus component in Comodo Internet Security before ...)
+	TODO: check
+CVE-2011-5120 (The Antivirus component in Comodo Internet Security before ...)
+	TODO: check
+CVE-2011-5119 (Multiple race conditions in Comodo Internet Security before ...)
+	TODO: check
+CVE-2011-5118 (Multiple race conditions in Comodo Internet Security before ...)
+	TODO: check
+CVE-2010-5192 (Cross-site scripting (XSS) vulnerability in the Java Management
...)
+	TODO: check
+CVE-2010-5191 (Multiple cross-site request forgery (CSRF) vulnerabilities on
the Blue ...)
+	TODO: check
+CVE-2010-5190 (The Active Content Transformation functionality in Blue Coat
ProxySG ...)
+	TODO: check
+CVE-2010-5189 (Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1,
5.5 ...)
+	TODO: check
+CVE-2010-5188 (SilverStripe 2.3.x before 2.3.6 allows remote attackers to
obtain ...)
+	TODO: check
+CVE-2010-5187 (SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when
running ...)
+	TODO: check
+CVE-2010-5186 (The Antivirus component in Comodo Internet Security before ...)
+	TODO: check
+CVE-2010-5185 (The Antivirus component in Comodo Internet Security before ...)
+	TODO: check
+CVE-2010-5184 (** DISPUTED ** Race condition in ZoneAlarm Extreme Security ...)
+	TODO: check
+CVE-2010-5183 (** DISPUTED ** Race condition in Webroot Internet Security
Essentials ...)
+	TODO: check
+CVE-2010-5182 (** DISPUTED ** Race condition in VirusBuster Internet Security
Suite ...)
+	TODO: check
+CVE-2010-5181 (** DISPUTED ** Race condition in VIPRE Antivirus Premium
4.0.3272 on ...)
+	TODO: check
+CVE-2010-5180 (** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on
Windows ...)
+	TODO: check
+CVE-2010-5179 (** DISPUTED ** Race condition in Trend Micro Internet Security
Pro ...)
+	TODO: check
+CVE-2010-5178 (** DISPUTED ** Race condition in ThreatFire 4.7.0.17 on Windows
XP ...)
+	TODO: check
+CVE-2010-5177 (** DISPUTED ** Race condition in Sophos Endpoint Security and
Control ...)
+	TODO: check
+CVE-2010-5176 (** DISPUTED ** Race condition in Security Shield 2010
13.0.16.313 on ...)
+	TODO: check
+CVE-2010-5175 (** DISPUTED ** Race condition in PrivateFirewall 7.0.20.37 on
Windows ...)
+	TODO: check
+CVE-2010-5174 (** DISPUTED ** Race condition in Prevx 3.0.5.143 on Windows XP
allows ...)
+	TODO: check
+CVE-2010-5173 (** DISPUTED ** Race condition in PC Tools Firewall Plus 6.0.0.88
on ...)
+	TODO: check
+CVE-2010-5172 (** DISPUTED ** Race condition in Panda Internet Security 2010
15.01.00 ...)
+	TODO: check
+CVE-2010-5171 (** DISPUTED ** Race condition in Outpost Security Suite Pro ...)
+	TODO: check
+CVE-2010-5170 (** DISPUTED ** Race condition in Online Solutions Security Suite
...)
+	TODO: check
+CVE-2010-5169 (** DISPUTED ** Race condition in Online Armor Premium 4.0.0.35
on ...)
+	TODO: check
+CVE-2010-5168 (** DISPUTED ** Race condition in Symantec Norton Internet
Security ...)
+	TODO: check
+CVE-2010-5167 (** DISPUTED ** Race condition in Norman Security Suite PRO 8.0
on ...)
+	TODO: check
+CVE-2010-5166 (** DISPUTED ** Race condition in McAfee Total Protection 2010
10.0.580 ...)
+	TODO: check
+CVE-2010-5165 (** DISPUTED ** Race condition in Malware Defender 2.6.0 on
Windows XP ...)
+	TODO: check
+CVE-2010-5164 (** DISPUTED ** Race condition in KingSoft Personal Firewall 9
Plus ...)
+	TODO: check
+CVE-2010-5163 (** DISPUTED ** Race condition in Kaspersky Internet Security
2010 ...)
+	TODO: check
+CVE-2010-5162 (** DISPUTED ** Race condition in G DATA TotalCare 2010 on
Windows XP ...)
+	TODO: check
+CVE-2010-5161 (** DISPUTED ** Race condition in F-Secure Internet Security 2010
10.00 ...)
+	TODO: check
+CVE-2010-5160 (** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on
...)
+	TODO: check
+CVE-2010-5159 (** DISPUTED ** Race condition in Dr.Web Security Space Pro
6.0.0.03100 ...)
+	TODO: check
+CVE-2010-5158 (** DISPUTED ** Race condition in DefenseWall Personal Firewall
3.00 on ...)
+	TODO: check
+CVE-2010-5157 (Race condition in Comodo Internet Security before 4.1.149672.916
on ...)
+	TODO: check
+CVE-2010-5156 (** DISPUTED ** Race condition in CA Internet Security Suite Plus
2010 ...)
+	TODO: check
+CVE-2010-5155 (** DISPUTED ** Race condition in Blink Professional 4.6.1 on
Windows ...)
+	TODO: check
+CVE-2010-5154 (** DISPUTED ** Race condition in BitDefender Total Security 2010
...)
+	TODO: check
+CVE-2010-5153 (** DISPUTED ** Race condition in Avira Premium Security Suite
...)
+	TODO: check
+CVE-2010-5152 (** DISPUTED ** Race condition in AVG Internet Security 9.0.791
on ...)
+	TODO: check
+CVE-2010-5151 (** DISPUTED ** Race condition in avast! Internet Security
5.0.462 on ...)
+	TODO: check
+CVE-2010-5150 (** DISPUTED ** Race condition in 3D EQSecure Professional
Edition 4.2 ...)
+	TODO: check
+CVE-2009-5132 (The Filtering Service in Websense Web Security and Web Filter
before ...)
+	TODO: check
+CVE-2009-5131 (The Receive Service in Websense Email Security before 7.1 does
not ...)
+	TODO: check
+CVE-2009-5130 (The Rules Service in Websense Email Security before 7.1 allows
remote ...)
+	TODO: check
+CVE-2009-5129 (The Websense V10000 appliance before 1.0.1 allows remote
attackers to ...)
+	TODO: check
+CVE-2009-5128 (The Websense V10000 appliance before 1.0.1 allows remote
attackers to ...)
+	TODO: check
+CVE-2009-5127 (The Antivirus component in Comodo Internet Security before ...)
+	TODO: check
+CVE-2009-5126 (The Antivirus component in Comodo Internet Security before ...)
+	TODO: check
+CVE-2009-5125 (Comodo Internet Security before 3.9.95478.509 allows remote
attackers ...)
+	TODO: check
+CVE-2009-5124 (The Antivirus component in Comodo Internet Security before ...)
+	TODO: check
+CVE-2009-5123 (The Antivirus component in Comodo Internet Security before ...)
+	TODO: check
 CVE-2012-XXXX [letodms XSS and CSRF]
 	- letodms <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2012/08/27/10
-CVE-2012-4667 [squidclamav XSS]
+CVE-2012-4667 (Multiple cross-site scripting (XSS) vulnerabilities in
SquidClamav 5.x ...)
 	- squidclamav <unfixed> (bug #685398)
 CVE-2012-4606
 	RESERVED
@@ -1248,8 +1520,8 @@
 	RESERVED
 CVE-2012-4037 (Multiple cross-site scripting (XSS) vulnerabilities in the web
client ...)
 	- transmission 2.52-3 (bug #683380)
-CVE-2012-4036
-	RESERVED
+CVE-2012-4036 (Unrestricted file upload vulnerability in admin.php in PBBoard
2.1.4 ...)
+	TODO: check
 CVE-2012-4035 (The new_password page in PBBoard 2.1.4 allows remote attackers
to ...)
 	NOT-FOR-US: PBBoard
 CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow
remote ...)
@@ -2340,8 +2612,7 @@
 	RESERVED
 	{DSA-2532-1}
 	- libapache2-mod-rpaf 0.6-1
-CVE-2012-3525
-	RESERVED
+CVE-2012-3525 (s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a
...)
 	- jabberd2 <unfixed> (bug #685666)
 CVE-2012-3524
 	RESERVED
@@ -2361,24 +2632,20 @@
 	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <not-affected> (Introduced in 3.1)
-CVE-2012-3519
-	RESERVED
+CVE-2012-3519 (routerlist.c in Tor before 0.2.2.38 uses a different amount of
time ...)
 	- tor 0.2.3.20-rc-1 (low)
 	[squeeze] - tor <no-dsa> (Will be fixed in stable-proposed-updates)
-CVE-2012-3518
-	RESERVED
+CVE-2012-3518 (The networkstatus_parse_vote_from_string function in
routerparse.c in ...)
 	- tor 0.2.3.20-rc-1 (low)
 	[squeeze] - tor <no-dsa> (Will be fixed in stable-proposed-updates)
-CVE-2012-3517
-	RESERVED
+CVE-2012-3517 (Use-after-free vulnerability in dns.c in Tor before 0.2.2.38
might ...)
 	- tor 0.2.3.20-rc-1 (low)
 	[squeeze] - tor <no-dsa> (Will be fixed in stable-proposed-updates)
 CVE-2012-3516
 	RESERVED
 CVE-2012-3515
 	RESERVED
-CVE-2012-3514
-	RESERVED
+CVE-2012-3514 (OCaml Xml-Light Library before r234 computes hash values without
...)
 	- xml-light <unfixed> (bug #685584)
 CVE-2012-3513 [remote execution as www-data]
 	RESERVED
@@ -2399,17 +2666,15 @@
 	- linux-2.6 2.6.20-1
 CVE-2012-3509
 	RESERVED
-CVE-2012-4668 [SA50279: roundcube self XSS/issue 2b]
+CVE-2012-4668 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail
0.8.1 ...)
 	- roundcube <unfixed> (bug #685475)
 	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
 	NOTE: http://trac.roundcube.net/ticket/1488613
-CVE-2012-3508 [SA50279: roundcube stored XSS/issue 2a]
-	RESERVED
+CVE-2012-3508 (Cross-site scripting (XSS) vulnerability in
program/lib/washtml.php in ...)
 	- roundcube 0.7.2-4 (bug #685475)
 	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
 	NOTE: http://trac.roundcube.net/ticket/1488613
-CVE-2012-3507 [SA50212: roundcube 0.8 XSS]
-	RESERVED
+CVE-2012-3507 (Cross-site scripting (XSS) vulnerability in ...)
 	- roundcube <not-affected> (only affects rc versions of 0.8)
 	NOTE: http://trac.roundcube.net/ticket/1488519
 CVE-2012-3506
@@ -2420,14 +2685,12 @@
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985
 CVE-2012-3504
 	RESERVED
-CVE-2012-3503
-	RESERVED
+CVE-2012-3503 (The installation script in Katello 1.0 and earlier does not
properly ...)
 	NOT-FOR-US: Katello
 CVE-2012-3502 (The proxy functionality in (1) mod_proxy_ajp.c in the
mod_proxy_ajp ...)
 	- apache2 <not-affected> (Only affects 2.4 from experimental)
 	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=53727
-CVE-2012-3501
-	RESERVED
+CVE-2012-3501 (The squidclamav_check_preview_handler function in squidclamav.c
in ...)
 	- squidclamav <unfixed> (bug #685398)
 CVE-2012-3500
 	RESERVED
@@ -2461,31 +2724,28 @@
 	{DSA-2534-1}
 	- postgresql-9.1 9.1.5-1
 	- postgresql-8.4 8.4.12-2
-CVE-2012-3487
-	RESERVED
-CVE-2012-3486
-	RESERVED
-CVE-2012-3485
-	RESERVED
-CVE-2012-3484
-	RESERVED
-CVE-2012-3483
-	RESERVED
+CVE-2012-3487 (Race condition in Tunnelblick 3.3beta20 and earlier allows local
users ...)
+	TODO: check
+CVE-2012-3486 (Tunnelblick 3.3beta20 and earlier allows local users to gain
...)
+	TODO: check
+CVE-2012-3485 (Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine
the ...)
+	TODO: check
+CVE-2012-3484 (Tunnelblick 3.3beta20 and earlier relies on a test for specific
...)
+	TODO: check
+CVE-2012-3483 (Race condition in the runScript function in Tunnelblick
3.3beta20 and ...)
+	TODO: check
 CVE-2012-3482 [fetchmail segfault in NTLM protocol exchange]
 	RESERVED
 	- fetchmail <unfixed> (low)
 	NOTE: http://www.fetchmail.info/fetchmail-SA-2012-02.txt
-CVE-2012-3481 [gimp gif plug-in heap-based buffer overflow]
-	RESERVED
+CVE-2012-3481 (Integer overflow in the ReadImage function in ...)
 	- gimp <unfixed> (bug #685397)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/08/20/8
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=776572
-CVE-2012-3480
-	RESERVED
+CVE-2012-3480 (Multiple integer overflows in the (1) strtod, (2) strtof, (3)
strtold, ...)
 	- eglibc <unfixed> (bug #684889)
 	- glibc <removed> 
-CVE-2012-3479 [GNU Emacs file-local variables]
-	RESERVED
+CVE-2012-3479 (lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically
...)
 	- emacs23 <unfixed> (bug #684695)
 	- emacs24 <unfixed> (bug #684694)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/1
@@ -2494,8 +2754,8 @@
 	RESERVED
 	{DSA-2530-1}
 	- rssh 2.3.3-5
-CVE-2012-3477
-	RESERVED
+CVE-2012-3477 (SQL injection vulnerability in signup_check.php in NeoInvoice
allows ...)
+	TODO: check
 CVE-2012-3476 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
 	NOT-FOR-US: Ushahidi
 CVE-2012-3475 (The installer in the Ushahidi Platform before 2.5 omits certain
calls ...)
@@ -2514,8 +2774,7 @@
 	NOT-FOR-US: Ushahidi
 CVE-2012-3468 (Multiple SQL injection vulnerabilities in the Ushahidi Platform
before ...)
 	NOT-FOR-US: Ushahidi
-CVE-2012-3467
-	RESERVED
+CVE-2012-3467 (Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator
mechanism ...)
 	- qpid-cpp 0.16-7 (bug #684456)
 CVE-2012-3466 [gpg passphrases cached forever]
 	RESERVED
@@ -2597,8 +2856,7 @@
 	NOTE:
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
-CVE-2012-3441 [insecure permissions in DB creation script]
-	RESERVED
+CVE-2012-3441 (The database creation script ...)
 	- icinga <not-affected> (Debian uses dbconfig, which does the right
thing, bug #683320)
 CVE-2012-3440 (A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise
Linux ...)
 	- sudo <not-affected> (Red Hat-specific postinst script)
@@ -2653,27 +2911,22 @@
 	- icedtea-web <unfixed>
 CVE-2012-3422 (The getFirstInTableInstance function in the IcedTea-Web plugin
before ...)
 	- icedtea-web <unfixed>
-CVE-2012-3421 [pcp: incorrect event-driven programming]
-	RESERVED
+CVE-2012-3421 (The pduread function in pdu.c in libpcp in Performance Co-Pilot
(PCP) ...)
 	{DSA-2533-1}
 	- pcp 3.6.5 (bug #685476)
-CVE-2012-3420 [pcp: memory leaks]
-	RESERVED
+CVE-2012-3420 (Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5
allow ...)
 	{DSA-2533-1}
 	- pcp 3.6.5 (bug #685476)
-CVE-2012-3419 [pcp: information disclosure]
-	RESERVED
+CVE-2012-3419 (Performance Co-Pilot (PCP) before 3.6.5 exports some of the
/proc file ...)
 	{DSA-2533-1}
 	- pcp 3.6.5 (bug #685476)
-CVE-2012-3418 [pcp: multiple integer and heap-based overflows]
-	RESERVED
+CVE-2012-3418 (libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote
...)
 	{DSA-2533-1}
 	- pcp 3.6.5 (bug #685476)
 CVE-2012-3417 (The good_client function in rquotad (rquota_svc.c) in Linux
DiskQuota ...)
 	- quota 4.00~pre1-1
 	NOTE: this is at least fixed in 4.00, I could not trace this back to an exact
version
-CVE-2012-3416
-	RESERVED
+CVE-2012-3416 (Condor before 7.8.2 allows remote attackers to bypass host-based
...)
 	- condor 7.8.2~dfsg.1-1 (bug #685366)
 CVE-2012-3415
 	RESERVED
@@ -2696,8 +2949,7 @@
 	RESERVED
 	- dnsmasq <unfixed> (low; bug #683372)
 	[squeeze] - dnsmasq <no-dsa> (Minor issue)
-CVE-2012-3410
-	RESERVED
+CVE-2012-3410 (Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash
before 4.2 ...)
 	- bash 4.2-4 (low)
 	[squeeze] - bash <no-dsa> (Minor issue)
 CVE-2012-3409
@@ -2739,11 +2991,9 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833703
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
-CVE-2012-3403 [Gimp CEL plug-in heap buffer overflow when loading external
palette files]
-	RESERVED
+CVE-2012-3403 (Heap-based buffer overflow in the KiSS CEL file format plug-in
in GIMP ...)
 	- gimp <unfixed> (bug #685397)
-CVE-2012-3402 [Gimp PSD plug-in Heap-buffer overflow by decoding certain PSD
headers]
-	RESERVED
+CVE-2012-3402 (Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop
PSD ...)
 	- gimp 2.4.0~rc1-1
 	NOTE: Only affects 2.2 series
 CVE-2012-3401 (The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c)
in ...)
@@ -3663,8 +3913,8 @@
 	RESERVED
 CVE-2012-2991
 	RESERVED
-CVE-2012-2990
-	RESERVED
+CVE-2012-2990 (The MASetupCaller ActiveX control before 1.4.2012.508 in ...)
+	TODO: check
 CVE-2012-2989
 	RESERVED
 CVE-2012-2988
@@ -3675,8 +3925,8 @@
 	NOT-FOR-US: HP Virtual SAN Appliance
 CVE-2012-2985 (Cross-site scripting (XSS) vulnerability in InsertDocument.aspx
in ...)
 	NOT-FOR-US: CuteSoft Cute Editor
-CVE-2012-2984
-	RESERVED
+CVE-2012-2984 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2012-2983
 	RESERVED
 CVE-2012-2982
@@ -5087,40 +5337,31 @@
 	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
 CVE-2010-5096 (** DISPUTED ** ...)
 	NOT-FOR-US: MyBB
-CVE-2010-5095 [SilverStripe escaping exploit]
-	RESERVED
+CVE-2010-5095 (Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x
before ...)
 	- silverstripe <itp> (bug #528461)
 	NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5094 [SilverStripe unauthenticated remote removal of index.php under
certain conditions]
-	RESERVED
+CVE-2010-5094 (The deleteinstallfiles function in control/ContentController.php
in ...)
 	- silverstripe <itp> (bug #528461)
 	NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5093 [SilverStripe privilege escalation exploit]
-	RESERVED
+CVE-2010-5093 (Member_ProfileForm in security/Member.php in SilverStripe 2.3.x
before ...)
 	- silverstripe <itp> (bug #528461)
 	NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5092 [SilverStripe fixed password encryption when saving members
through the "Add Member" dialog in the "Security" admin. The
saving process was disregarding password encyrption and saving them as
plaintext]
-	RESERVED
+CVE-2010-5092 (The Add Member dialog in the Security admin page in SilverStripe
2.4.0 ...)
 	- silverstripe <itp> (bug #528461)
 	NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5091 [SilverStripe fixed a security issue where logged-in CMS authors
were allowed to rename files with harmful extensions]
-	RESERVED
+CVE-2010-5091 (The setName function in filesystem/File.php in SilverStripe
2.3.x ...)
 	- silverstripe <itp> (bug #528461)
 	NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5090 [SilverStripe fixed a security issue where users with access to
admin/security (but limited privileges) can take over a known administrator
account by changing its password]
-	RESERVED
+CVE-2010-5090 (SilverStripe before 2.4.2 allows remote authenticated users to
change ...)
 	- silverstripe <itp> (bug #528461)
 	NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5089 [SilverStripe information disclosure]
-	RESERVED
+CVE-2010-5089 (SilverStripe before 2.4.2 does not properly restrict access to
pages ...)
 	- silverstripe <itp> (bug #528461)
 	NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5088 [SilverStripe CSRF]
-	RESERVED
+CVE-2010-5088 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
 	- silverstripe <itp> (bug #528461)
 	NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5087 [SilverStripe CSRF protection bypassed when handling form action
requests through controller]
-	RESERVED
+CVE-2010-5087 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows
remote ...)
 	- silverstripe <itp> (bug #528461)
 	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source
1.8.x ...)
@@ -5431,8 +5672,7 @@
 	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2298 (Multiple cross-site scripting (XSS) vulnerabilities in the
RealName ...)
 	NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2297 [Drupal SA-CONTRIB-2012-062 - Creative Commons - XSS]
-	RESERVED
+CVE-2012-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the
Creative ...)
 	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2296 (The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x.
6.x-2.x ...)
 	NOT-FOR-US: Drupal addon not packaged
@@ -5448,8 +5688,8 @@
 	RESERVED
 CVE-2012-2290
 	RESERVED
-CVE-2012-2289
-	RESERVED
+CVE-2012-2289 (EMC ApplicationXtender Desktop before 6.5 SP2 and
ApplicationXtender ...)
+	TODO: check
 CVE-2012-2288
 	RESERVED
 CVE-2012-2287
@@ -5582,8 +5822,8 @@
 	RESERVED
 CVE-2012-2228
 	RESERVED
-CVE-2012-2227
-	RESERVED
+CVE-2012-2227 (Directory traversal vulnerability in update/index.php in PluXml
before ...)
+	TODO: check
 CVE-2012-2226
 	RESERVED
 CVE-2012-2225 (360zip 1.93beta allows remote attackers to execute arbitrary
code via ...)
@@ -5759,12 +5999,10 @@
 CVE-2012-2148
 	RESERVED
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server)
-CVE-2012-2147
-	RESERVED
+CVE-2012-2147 (munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to
cause a ...)
 	- munin 2.0~rc6-1 (bug #670811)
 	[squeeze] - munin <not-affected> (Vulnerable code not present)
-CVE-2012-2146
-	RESERVED
+CVE-2012-2146 (Elixir 0.8.0 uses Blowfish in CFB mode without constructing a
unique ...)
 	- elixir <unfixed> (low; bug #670919)
 CVE-2012-2145 [qpid DoS]
 	RESERVED
@@ -5817,13 +6055,11 @@
 	RESERVED
 	- polarssl 1.1.2-1
 	[squeeze] - polarssl <not-affected> (Introduced in 0.99-pre4)
-CVE-2012-2129 [dokuwiki doku.php ''target'' param xss]
-	RESERVED
+CVE-2012-2129 (Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki
...)
 	- dokuwiki 0.0.20120125a-1 (low; bug #670917)
 	[squeeze] - dokuwiki <not-affected>
 	NOTE: http://secunia.com/advisories/48848/
-CVE-2012-2128
-	RESERVED
+CVE-2012-2128 (** DISPUTED ** ...)
 	- dokuwiki 0.0.20120125a-1
 	NOTE: http://bugs.dokuwiki.org/index.php?do=details&task_id=2488
 CVE-2012-2127 (fs/proc/root.c in the procfs implementation in the Linux kernel
before ...)
@@ -5876,8 +6112,7 @@
 	NOT-FOR-US: musl libc not in Debian
 CVE-2012-2113 (Multiple integer overflows in tiff2pdf in libtiff before 4.0.2
allow ...)
 	- tiff 4.0.2-1 (bug #678140)
-CVE-2012-2112
-	RESERVED
+CVE-2012-2112 (Cross-site scripting (XSS) vulnerability in the Exception
Handler in ...)
 	{DSA-2455-1}
 	- typo3-src 4.5.15+dfsg1-1 (bug #669158)
 	NOTE:
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/
@@ -5908,13 +6143,11 @@
 CVE-2012-2105
 	RESERVED
 	NOT-FOR-US: tsheetx
-CVE-2012-2104
-	RESERVED
+CVE-2012-2104 (cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file
without ...)
 	- munin 2.0~rc6-1 (bug #668666)
 	[squeeze] - munin <not-affected> (Vulnerable code not present)
 	[lenny] - munin <not-affected> (Vulnerable code not present)
-CVE-2012-2103
-	RESERVED
+CVE-2012-2103 (The qmailscan plugin for Munin 1.4.5 allows local users to
overwrite ...)
 	- munin 2.0~rc6-1 (bug #668778) 
 	[squeeze] - munin <not-affected> (Vulnerable code not present)
 	[lenny] - munin <not-affected> (Vulnerable code not present)
@@ -6352,12 +6585,12 @@
 	- icedove 10.0.5-1
 CVE-2012-1936 (** DISPUTED ** The wp_create_nonce function in ...)
 	NOT-FOR-US: Disputed Wordpress issue
-CVE-2012-1935
-	RESERVED
-CVE-2012-1934
-	RESERVED
-CVE-2012-1933
-	RESERVED
+CVE-2012-1935 (Multiple cross-site scripting (XSS) vulnerabilities in Newscoop
3.5.x ...)
+	TODO: check
+CVE-2012-1934 (SQL injection vulnerability in admin/country/edit.php in
Newscoop ...)
+	TODO: check
+CVE-2012-1933 (Multiple PHP remote file inclusion vulnerabilities in Newscoop
3.5.x ...)
+	TODO: check
 CVE-2012-1932
 	RESERVED
 CVE-2007-6753 (Untrusted search path vulnerability in Shell32.dll in Microsoft
...)
@@ -6382,8 +6615,8 @@
 	NOT-FOR-US: RealNetworks Helix
 CVE-2012-1922
 	RESERVED
-CVE-2012-1921
-	RESERVED
+CVE-2012-1921 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
 CVE-2012-1920 (@Mail WebMail Client in AtMail Open-Source 1.04 and earlier
allows ...)
 	NOT-FOR-US: AtMail
 CVE-2012-1919 (CRLF injection vulnerability in mime.php in @Mail WebMail Client
in ...)
@@ -6435,8 +6668,7 @@
 	RESERVED
 CVE-2012-1897
 	RESERVED
-CVE-2012-1586 [file enumeration possibility via mount.cifs]
-	RESERVED
+CVE-2012-1586 (mount.cifs in cifs-utils 2.6 allows local users to determine the
...)
 	- cifs-utils 2:5.3-2 (low; bug #665923)
 	[squeeze] - cifs-utils <no-dsa> (Minor issue)
 CVE-2012-1896
@@ -7181,7 +7413,7 @@
 	RESERVED
 	- drupal7 7.14-1 (bug #671402)
 CVE-2012-1587
-	RESERVED
+	REJECTED
 	NOTE: To be rejected
 CVE-2012-1585 (OpenStack Compute (Nova) Essex before 2011.3 allows remote ...)
 	- nova 2012-1~rc3-1 (bug #666888)
@@ -7797,8 +8029,8 @@
 	RESERVED
 CVE-2012-1297 (Multiple cross-site request forgery (CSRF) vulnerabilities in
main.php ...)
 	NOT-FOR-US: Contao
-CVE-2012-1296
-	RESERVED
+CVE-2012-1296 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2012-1295
 	RESERVED
 CVE-2012-1294 (SQL injection vulnerability in CONTIMEX Impulsio CMS allows
remote ...)
@@ -8074,17 +8306,14 @@
 	- pidgin 2.10.2-1 (low; bug #664030)
 	[squeeze] - pidgin <no-dsa> (Only exploitable by malicious server)
 	NOTE: http://pidgin.im/news/security/?id=61
-CVE-2012-1177 [libgdata did not verify SSL]
-	RESERVED
+CVE-2012-1177 (libgdata before 0.10.2 and 0.11.x before 0.11.1 does not
validate SSL ...)
 	{DSA-2482-1}
 	- libgdata 0.10.2-1 (bug #664032)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/3
-CVE-2012-1176 [buffer overflow in python-pyfribidi]
-	RESERVED
+CVE-2012-1176 (Buffer overflow in the fribidi_utf8_to_unicode function in
PyFriBidi ...)
 	- pyfribidi 0.11.0-1 (bug #663189)
 	[squeeze] - pyfribidi <no-dsa> (Minor issue)
-CVE-2012-1175 [gnash integer overflow]
-	RESERVED
+CVE-2012-1175 (Integer overflow in the GnashImage::size method in ...)
 	{DSA-2435-1}
 	- gnash 0.8.10-5 (bug #664023)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/5
@@ -8935,8 +9164,7 @@
 CVE-2012-0856 (Heap-based buffer overflow in the MPV_frame_start function in
...)
 	- libav <not-affected> (Vulnerable code not present)
 	- ffmpeg <not-affected> (Vulnerable code not present)
-CVE-2012-0855
-	RESERVED
+CVE-2012-0855 (Heap-based buffer overflow in the get_sot function in the J2K
decoder ...)
 	- libav <not-affected> (Vulnerable code not present)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-0854 (The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg
before ...)
@@ -8957,8 +9185,7 @@
 CVE-2012-0850 (The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg
before ...)
 	- libav 4:0.8.1-1
 	- ffmpeg <not-affected> (Vulnerable code not present)
-CVE-2012-0849
-	RESERVED
+CVE-2012-0849 (Integer overflow in the ff_j2k_dwt_init function in ...)
 	- libav <not-affected> (Vulnerable code not present)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-0848 (Heap-based buffer overflow in the ws_snd_decode_frame function
in ...)
@@ -10787,8 +11014,7 @@
 	RESERVED
 	- policykit-1 0.103-1
 	[squeeze] - policykit-1 <not-affected> (vulnerable code introduced in
0.103)
-CVE-2011-4944 [python2.6: distutils world-readable password]
-	RESERVED
+CVE-2011-4944 (Python 2.6 through 3.2 creates ~/.pypirc with world-readable
...)
 	- python2.7 2.7.3~rc2-2 (low; bug #650555)
 	- python2.6 <unfixed> (unimportant; bug #615118)
 	[squeeze] - python2.6 <no-dsa> (Minor issue)
@@ -11154,8 +11380,7 @@
 	- tomcat7 7.0.26-1
 CVE-2011-4857 (Heap-based buffer overflow in the in_mod.dll plugin in Winamp
before ...)
 	NOT-FOR-US: Winamp
-CVE-2010-5080 [SilverStripe HTTP referer leakage on Security/changepassword]
-	RESERVED
+CVE-2010-5080 (The Security/changepassword URL action in SilverStripe 2.3.x
before ...)
 	- silverstripe <itp> (bug #528461)
 	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5079 [SilverStripe weak entropy in tokens for CSRF protection,
autologin, "forgot password" emails and password salts]
@@ -12003,8 +12228,8 @@
 	- openttd 1.1.5-1 (low)
 	NOTE: http://vcs.openttd.org/svn/changeset/23764
 	NOTE: http://security.openttd.org/en/CVE-2012-0049
-CVE-2012-0048
-	RESERVED
+CVE-2012-0048 (OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a
denial ...)
+	TODO: check
 CVE-2012-0047 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x
before ...)
 	NOT-FOR-US: Apache Wicket
 CVE-2012-0046 [mediawiki info leak]
Secure testing commits - Aug 2012 - r20041 - data/CVE

[Secure-testing-commits] r20041 - data/CVE
