diff options
author | Joey Hess <joeyh@debian.org> | 2013-06-02 21:14:29 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2013-06-02 21:14:29 +0000 |
commit | 55ee1fa30e3527e0cbfb79b4ecc5ce8140b133eb (patch) | |
tree | e4a50f90b9dc424e32bf2f0a75e857871cf38463 | |
parent | f16a2c79e94bf0269914f59c04b008025a710af1 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@22455 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/2002.list | 2 | ||||
-rw-r--r-- | data/CVE/2013.list | 37 |
2 files changed, 35 insertions, 4 deletions
diff --git a/data/CVE/2002.list b/data/CVE/2002.list index bd426e1e72..1c572b8ced 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -1,7 +1,7 @@ CVE-2002-2483 - linux-2.6 2.4.20 CVE-2002-2443 (schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) ...) - {DSA-2698-1} + {DSA-2701-1 DSA-2698-1} - krb5 1.10.1+dfsg-6 (bug #708267) NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637 NOTE: https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 5d9ed62af4..5b90f0e95c 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -378,6 +378,7 @@ CVE-2013-3564 CVE-2013-3563 RESERVED CVE-2013-3562 (Multiple integer signedness errors in the tvb_unmasked function in ...) + {DSA-2700-1} - wireshark 1.8.7-1 (bug #709167) [squeeze] - wireshark <not-affected> (Only affects 1.8.x) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8499 @@ -388,25 +389,30 @@ CVE-2013-3561 (Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-29.html CVE-2013-3560 (The dissect_dsmcc_un_download function in ...) + {DSA-2700-1} - wireshark 1.8.7-1 (unimportant; bug #709167) [squeeze] - wireshark <not-affected> (Only affects 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-28.html NOTE: Not suitable for code injection CVE-2013-3559 (epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in ...) + {DSA-2700-1} - wireshark 1.8.7-1 (bug #709167) [squeeze] - wireshark <not-affected> (Only affects 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-27.html CVE-2013-3558 (The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c ...) + {DSA-2700-1} - wireshark 1.8.7-1 (bug #709167) [squeeze] - wireshark <not-affected> (Only affects 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-26.html CVE-2013-3557 (The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ...) + {DSA-2700-1} - wireshark 1.8.7-1 (unimportant; bug #709167) NOTE: Not suitable for code injection CVE-2013-3556 (The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 ...) - wireshark <not-affected> (Only affected the dev trunk) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-25.html (r48943) CVE-2013-3555 (epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark ...) + {DSA-2700-1} - wireshark 1.8.7-1 (bug #709167) [squeeze] - wireshark <not-affected> (Only affects 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-24.html @@ -912,7 +918,8 @@ CVE-2013-3317 RESERVED CVE-2013-3316 RESERVED -CVE-2013-3315 (The server in TIBCO Silver Mobile 1.1.0 does not properly verify access ...) +CVE-2013-3315 + RESERVED NOT-FOR-US: TIBCO CVE-2013-3314 RESERVED @@ -4995,34 +5002,42 @@ CVE-2013-1683 CVE-2013-1682 RESERVED CVE-2013-1681 (Use-after-free vulnerability in the ...) + {DSA-2699-1} - iceweasel 17.0.6esr-1 - icedove <unfixed> - iceape <unfixed> CVE-2013-1680 (Use-after-free vulnerability in the nsFrameList::FirstChild function ...) + {DSA-2699-1} - iceweasel 17.0.6esr-1 - icedove <unfixed> - iceape <unfixed> CVE-2013-1679 (Use-after-free vulnerability in the ...) + {DSA-2699-1} - iceweasel 17.0.6esr-1 - icedove <unfixed> - iceape <unfixed> CVE-2013-1678 (The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before ...) + {DSA-2699-1} - iceweasel 17.0.6esr-1 - icedove <unfixed> - iceape <unfixed> CVE-2013-1677 (The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox ...) + {DSA-2699-1} - iceweasel 17.0.6esr-1 - icedove <unfixed> - iceape <unfixed> CVE-2013-1676 (The SelectionIterator::GetNextSegment function in Mozilla Firefox ...) + {DSA-2699-1} - iceweasel 17.0.6esr-1 - icedove <unfixed> - iceape <unfixed> CVE-2013-1675 (Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, ...) + {DSA-2699-1} - iceweasel 17.0.6esr-1 - icedove <unfixed> - iceape <unfixed> CVE-2013-1674 (Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ...) + {DSA-2699-1} - iceweasel 17.0.6esr-1 - icedove <unfixed> - iceape <unfixed> @@ -5037,6 +5052,7 @@ CVE-2013-1671 (Mozilla Firefox before 21.0 does not properly implement the INPUT [wheezy] - iceweasel <not-affected> (Doesn't affect ESR 17 series) NOTE: fixed in experimental in 21.0-1 CVE-2013-1670 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...) + {DSA-2699-1} - iceweasel 17.0.6esr-1 - icedove <unfixed> - iceape <unfixed> @@ -6048,9 +6064,11 @@ CVE-2013-1249 (Race condition in win32k.sys in the kernel-mode drivers in Micros NOT-FOR-US: Microsoft Windows CVE-2013-1248 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows -CVE-2013-1247 (Cross-site scripting (XSS) vulnerability in the wireless configuration ...) +CVE-2013-1247 + RESERVED NOT-FOR-US: Cisco -CVE-2013-1246 (Cisco TelePresence System Software does not properly handle inactive ...) +CVE-2013-1246 + RESERVED NOT-FOR-US: Cisco CVE-2013-1245 (The user-management page in Cisco WebEx Social relies on client-side ...) NOT-FOR-US: Cisco WebEx Social @@ -7130,10 +7148,12 @@ CVE-2013-0803 CVE-2013-0802 RESERVED CVE-2013-0801 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) + {DSA-2699-1} - iceweasel 17.0.6esr-1 - icedove <unfixed> - iceape <unfixed> CVE-2013-0800 (Integer signedness error in the pixman_fill_sse2 function in ...) + {DSA-2699-1} - iceweasel 17.0.5esr-1 - icedove 17.0.5-1 - iceape <unfixed> @@ -7148,10 +7168,12 @@ CVE-2013-0798 (Mozilla Firefox before 20.0 on Android uses world-writable and .. CVE-2013-0797 (Untrusted search path vulnerability in the Mozilla Updater in Mozilla ...) - iceweasel <not-affected> (Only affects Firefox on Windows) CVE-2013-0796 (The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x ...) + {DSA-2699-1} - iceweasel 17.0.5esr-1 - icedove 17.0.5-1 - iceape <unfixed> CVE-2013-0795 (The System Only Wrapper (SOW) implementation in Mozilla Firefox before ...) + {DSA-2699-1} - icedove <unfixed> - iceape <unfixed> - iceweasel 17.0.5esr-1 @@ -7159,6 +7181,7 @@ CVE-2013-0794 (Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prev - iceweasel 17.0.5esr-1 (low) - iceape <unfixed> (low) CVE-2013-0793 (Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, ...) + {DSA-2699-1} - iceweasel 17.0.5esr-1 - icedove 17.0.5-1 - iceape <unfixed> @@ -7175,10 +7198,12 @@ CVE-2013-0789 (Multiple unspecified vulnerabilities in the browser engine in Moz - icedove <not-affected> (Only affects Firefox 19) - iceape <not-affected> (Only affects Firefox 19) CVE-2013-0788 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) + {DSA-2699-1} - iceweasel 17.0.5esr-1 - iceape <unfixed> - icedove 17.0.5-1 CVE-2013-0787 (Use-after-free vulnerability in the nsEditor::IsPreformatted function ...) + {DSA-2699-1} - iceweasel 17.0.5esr-1 - icedove 17.0.5-1 - iceape <unfixed> @@ -7196,11 +7221,13 @@ CVE-2013-0784 (Multiple unspecified vulnerabilities in the browser engine in Moz - iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental) - icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0783 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) + {DSA-2699-1} - iceweasel 17.0.5esr-1 (bug #703071) - icedove 17.0.5-1 - iceape <unfixed> NOTE: Fixed in experimental in 19.0-1, update when enters unstable CVE-2013-0782 (Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion ...) + {DSA-2699-1} - iceweasel 17.0.5esr-1 (bug #703071) - icedove 17.0.5-1 - iceape <unfixed> @@ -7210,6 +7237,7 @@ CVE-2013-0781 (Use-after-free vulnerability in the nsPrintEngine::CommonPrint .. - iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental) - icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0780 (Use-after-free vulnerability in the ...) + {DSA-2699-1} - iceweasel 17.0.5esr-1 (bug #703071) - icedove 17.0.5-1 - iceape <unfixed> @@ -7227,11 +7255,13 @@ CVE-2013-0777 (Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Pain - iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental) - icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0776 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, ...) + {DSA-2699-1} - iceweasel 17.0.5esr-1 (bug #703071) - icedove 17.0.5-1 - iceape <unfixed> NOTE: Fixed in experimental in 19.0-1, update when enters unstable CVE-2013-0775 (Use-after-free vulnerability in the ...) + {DSA-2699-1} - iceweasel 17.0.5esr-1 (bug #703071) - icedove 17.0.5-1 - iceape <unfixed> @@ -7241,6 +7271,7 @@ CVE-2013-0774 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, ...) - iceweasel <not-affected> (Introduced in Firefox 15) - icedove <not-affected> (Introduced in Firefox 15) CVE-2013-0773 (The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) ...) + {DSA-2699-1} - iceweasel 17.0.5esr-1 (bug #703071) - icedove 17.0.5-1 - iceape <unfixed> |