diff options
author | Joey Hess <joeyh@debian.org> | 2012-05-11 21:14:23 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2012-05-11 21:14:23 +0000 |
commit | f899dbbf55ae91ebfc56cc6f529860bf147c6b76 (patch) | |
tree | 8b39b31e2cc7dbc9929921cf880af39a9e5c8e00 | |
parent | f699f8b912f30d4920d1f14f5d6d1edbe286eb66 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@19224 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/2002.list | 2 | ||||
-rw-r--r-- | data/CVE/2003.list | 4 | ||||
-rw-r--r-- | data/CVE/2011.list | 9 | ||||
-rw-r--r-- | data/CVE/2012.list | 291 |
4 files changed, 265 insertions, 41 deletions
diff --git a/data/CVE/2002.list b/data/CVE/2002.list index e199d57d49..f88955e702 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -1228,7 +1228,7 @@ CVE-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and NOT-FOR-US: MyNewsGroups CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote ...) - monkey 0.9.2-1 - NOTE: Vulnerable code verified not be present in any Debian version + NOTE: Vulnerable code verified not be present in any Debian version CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute ...) NOT-FOR-US: WS_FTP Pro CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly ...) diff --git a/data/CVE/2003.list b/data/CVE/2003.list index d4b2dfb243..926712f0ce 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -2334,9 +2334,9 @@ CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication modu CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...) {DSA-335} - mantis 0.17.5-6 -CVE-2003-0498 (CachÃ© Database 5.x installs the /cachesys/csp directory with insecure ...) +CVE-2003-0498 (Caché Database 5.x installs the /cachesys/csp directory with insecure ...) NOT-FOR-US: Intersystems Cache database -CVE-2003-0497 (CachÃ© Database 5.x installs /cachesys/bin/cache with world-writable ...) +CVE-2003-0497 (Caché Database 5.x installs /cachesys/bin/cache with world-writable ...) NOT-FOR-US: Intersystems Cache database CVE-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...) NOT-FOR-US: Microsoft diff --git a/data/CVE/2011.list b/data/CVE/2011.list index f7d6452ec5..d1ca062de7 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -305,9 +305,11 @@ CVE-2011-4958 [silverstripe:XSS] NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2011-4957 RESERVED + {DSA-2670-1} - wordpress 3.2.1+dfsg-1 CVE-2011-4956 RESERVED + {DSA-2670-1} - wordpress 3.2.1+dfsg-1 CVE-2011-4955 RESERVED @@ -5111,21 +5113,27 @@ CVE-2011-3131 RESERVED - xen 4.1.2-1 CVE-2011-3130 (wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before ...) + {DSA-2670-1} - wordpress 3.2.1+dfsg-1 NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce CVE-2011-3129 (The file upload functionality WordPress 3.1 before 3.1.3 and 3.2 ...) + {DSA-2670-1} - wordpress 3.2.1+dfsg-1 NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce CVE-2011-3128 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached ...) + {DSA-2670-1} - wordpress 3.2.1+dfsg-1 NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce CVE-2011-3127 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent ...) + {DSA-2670-1} - wordpress 3.2.1+dfsg-1 NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce CVE-2011-3126 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote ...) + {DSA-2670-1} - wordpress 3.2.1+dfsg-1 NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce CVE-2011-3125 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...) + {DSA-2670-1} - wordpress 3.2.1+dfsg-1 NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce CVE-2011-3124 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, ...) @@ -5133,6 +5141,7 @@ CVE-2011-3124 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Lin CVE-2011-3123 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, ...) NOT-FOR-US: InfoSphere CVE-2011-3122 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...) + {DSA-2670-1} - wordpress 3.2.1+dfsg-1 NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce NOTE: original advisory seems to be http://technet.microsoft.com/en-us/security/msvr/msvr11-010 diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 3b38a49916..9fdbe2ee02 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -1,3 +1,217 @@ +CVE-2012-2623 + RESERVED +CVE-2012-2622 + RESERVED +CVE-2012-2621 + RESERVED +CVE-2012-2620 + RESERVED +CVE-2012-2619 + RESERVED +CVE-2012-2618 + RESERVED +CVE-2012-2617 + RESERVED +CVE-2012-2616 + RESERVED +CVE-2012-2615 + RESERVED +CVE-2012-2614 + RESERVED +CVE-2012-2613 + RESERVED +CVE-2012-2612 + RESERVED +CVE-2012-2611 + RESERVED +CVE-2012-2610 + RESERVED +CVE-2012-2609 + RESERVED +CVE-2012-2608 + RESERVED +CVE-2012-2607 + RESERVED +CVE-2012-2606 + RESERVED +CVE-2012-2605 + RESERVED +CVE-2012-2604 + RESERVED +CVE-2012-2603 + RESERVED +CVE-2012-2602 + RESERVED +CVE-2012-2601 + RESERVED +CVE-2012-2600 + RESERVED +CVE-2012-2599 + RESERVED +CVE-2012-2598 + RESERVED +CVE-2012-2597 + RESERVED +CVE-2012-2596 + RESERVED +CVE-2012-2595 + RESERVED +CVE-2012-2594 + RESERVED +CVE-2012-2593 + RESERVED +CVE-2012-2592 + RESERVED +CVE-2012-2591 + RESERVED +CVE-2012-2590 + RESERVED +CVE-2012-2589 + RESERVED +CVE-2012-2588 + RESERVED +CVE-2012-2587 + RESERVED +CVE-2012-2586 + RESERVED +CVE-2012-2585 + RESERVED +CVE-2012-2584 + RESERVED +CVE-2012-2583 + RESERVED +CVE-2012-2582 + RESERVED +CVE-2012-2581 + RESERVED +CVE-2012-2580 + RESERVED +CVE-2012-2579 + RESERVED +CVE-2012-2578 + RESERVED +CVE-2012-2577 + RESERVED +CVE-2012-2576 + RESERVED +CVE-2012-2575 + RESERVED +CVE-2012-2574 + RESERVED +CVE-2012-2573 + RESERVED +CVE-2012-2572 + RESERVED +CVE-2012-2571 + RESERVED +CVE-2012-2570 + RESERVED +CVE-2012-2569 + RESERVED +CVE-2012-2568 + RESERVED +CVE-2012-2567 + RESERVED +CVE-2012-2566 + RESERVED +CVE-2012-2565 + RESERVED +CVE-2012-2564 + RESERVED +CVE-2012-2563 + RESERVED +CVE-2012-2562 + RESERVED +CVE-2012-2561 + RESERVED +CVE-2012-2560 + RESERVED +CVE-2012-2559 + RESERVED +CVE-2012-2558 + RESERVED +CVE-2012-2557 + RESERVED +CVE-2012-2556 + RESERVED +CVE-2012-2555 + RESERVED +CVE-2012-2554 + RESERVED +CVE-2012-2553 + RESERVED +CVE-2012-2552 + RESERVED +CVE-2012-2551 + RESERVED +CVE-2012-2550 + RESERVED +CVE-2012-2549 + RESERVED +CVE-2012-2548 + RESERVED +CVE-2012-2547 + RESERVED +CVE-2012-2546 + RESERVED +CVE-2012-2545 + RESERVED +CVE-2012-2544 + RESERVED +CVE-2012-2543 + RESERVED +CVE-2012-2542 + RESERVED +CVE-2012-2541 + RESERVED +CVE-2012-2540 + RESERVED +CVE-2012-2539 + RESERVED +CVE-2012-2538 + RESERVED +CVE-2012-2537 + RESERVED +CVE-2012-2536 + RESERVED +CVE-2012-2535 + RESERVED +CVE-2012-2534 + RESERVED +CVE-2012-2533 + RESERVED +CVE-2012-2532 + RESERVED +CVE-2012-2531 + RESERVED +CVE-2012-2530 + RESERVED +CVE-2012-2529 + RESERVED +CVE-2012-2528 + RESERVED +CVE-2012-2527 + RESERVED +CVE-2012-2526 + RESERVED +CVE-2012-2525 + RESERVED +CVE-2012-2524 + RESERVED +CVE-2012-2523 + RESERVED +CVE-2012-2522 + RESERVED +CVE-2012-2521 + RESERVED +CVE-2012-2520 + RESERVED +CVE-2012-2519 + RESERVED +CVE-2012-2518 + RESERVED +CVE-2012-2517 + RESERVED CVE-2012-2516 RESERVED CVE-2012-2515 @@ -221,16 +435,22 @@ CVE-2012-2406 CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement ...) - gallery2 <undetermined> CVE-2012-2404 (wp-comments-post.php in WordPress before 3.3.2 supports offsite ...) + {DSA-2670-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2403 (wp-includes/formatting.php in WordPress before 3.3.2 attempts to ...) + {DSA-2670-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2402 (wp-admin/plugins.php in WordPress before 3.3.2 allows remote ...) + {DSA-2670-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2401 (Plupload before 1.5.4, as used in wp-includes/js/plupload/ in ...) + {DSA-2670-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2400 (Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress ...) + {DSA-2670-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2399 (Unspecified vulnerability in wp-includes/js/swfupload/swfupload.swf in ...) + {DSA-2670-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x ...) - asterisk 1:1.8.11.1~dfsg-1 (bug #670180) @@ -365,12 +585,10 @@ CVE-2012-2338 RESERVED CVE-2012-2337 RESERVED -CVE-2012-2336 - RESERVED +CVE-2012-2336 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...) - php5 5.4.3 (unimportant) NOTE: Rather harmless bug -CVE-2012-2335 - RESERVED +CVE-2012-2335 (php-wrapper.fcgi does not properly handle command-line arguments, ...) NOT-FOR-US: Incomplete wrapper provided by PHP as workaround for CVE-2012-1823/CVE-2012-2311 CVE-2012-2334 RESERVED @@ -396,8 +614,7 @@ CVE-2012-2330 [node.js <0.6.17/0.7.8 HTTP server information disclosure] - nodejs 0.6.17~dfsg1-1 NOTE: http://blog.nodejs.org/2012/05/07/http-server-security-vulnerability-please-upgrade-to-0-6-17/ NOTE: https://github.com/joyent/node/commit/c9a231d -CVE-2012-2329 [buffer overflow vulnerability in the apache_request_headers()] - RESERVED +CVE-2012-2329 (Buffer overflow in the apache_request_headers function in ...) - php5 5.4.3-1 [squeeze] - php5 <not-affected> (Vulnerable code not present) NOTE: 5.4.x only @@ -446,8 +663,7 @@ CVE-2012-2313 [more tight ioctl permissions in dl2k driver] CVE-2012-2312 RESERVED - jbossas4 <not-affected> (Only affects JBoss 7) -CVE-2012-2311 [PHP-CGI query string parameter vulnerability] - RESERVED +CVE-2012-2311 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...) {DSA-2465-1} - php5 5.4.3-1 (bug #671880) NOTE: This CVE ID is for the initial incomplete fix for CVE-2012-1823 @@ -1589,8 +1805,7 @@ CVE-2012-1825 RESERVED CVE-2012-1824 RESERVED -CVE-2012-1823 [PHP-CGI query string parameter vulnerability] - RESERVED +CVE-2012-1823 (sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when ...) {DSA-2465-1} - php5 5.4.3-1 NOTE: http://ompldr.org/vZGxxaQ https://bugs.php.net/bug.php?id=61910 @@ -4316,10 +4531,10 @@ CVE-2012-0678 RESERVED CVE-2012-0677 RESERVED -CVE-2012-0676 - RESERVED -CVE-2012-0675 - RESERVED +CVE-2012-0676 (WebKit in Apple Safari before 5.1.7 does not properly track state ...) + TODO: check +CVE-2012-0675 (Time Machine in Apple Mac OS X before 10.7.4 does not require ...) + TODO: check CVE-2012-0674 (Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the ...) TODO: check CVE-2012-0673 @@ -4344,34 +4559,34 @@ CVE-2012-0664 RESERVED CVE-2012-0663 RESERVED -CVE-2012-0662 - RESERVED -CVE-2012-0661 - RESERVED -CVE-2012-0660 - RESERVED -CVE-2012-0659 - RESERVED -CVE-2012-0658 - RESERVED -CVE-2012-0657 - RESERVED -CVE-2012-0656 - RESERVED -CVE-2012-0655 - RESERVED -CVE-2012-0654 - RESERVED +CVE-2012-0662 (Integer overflow in the Security Framework in Apple Mac OS X before ...) + TODO: check +CVE-2012-0661 (Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x ...) + TODO: check +CVE-2012-0660 (Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows ...) + TODO: check +CVE-2012-0659 (Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows ...) + TODO: check +CVE-2012-0658 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows ...) + TODO: check +CVE-2012-0657 (Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS ...) + TODO: check +CVE-2012-0656 (Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before ...) + TODO: check +CVE-2012-0655 (libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict ...) + TODO: check +CVE-2012-0654 (libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized ...) + TODO: check CVE-2012-0653 RESERVED -CVE-2012-0652 - RESERVED -CVE-2012-0651 - RESERVED +CVE-2012-0652 (Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or ...) + TODO: check +CVE-2012-0651 (The directory server in Directory Service in Apple Mac OS X 10.6.8 ...) + TODO: check CVE-2012-0650 RESERVED -CVE-2012-0649 - RESERVED +CVE-2012-0649 (Race condition in the initialization routine in blued in Bluetooth in ...) + TODO: check CVE-2012-0648 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) - webkit <undetermined> CVE-2012-0647 (WebKit in Apple Safari before 5.1.4 does not properly handle redirects ...) |