Use HTTPS transport for www.openwall.com/lists/oss-security URLs

author: Salvatore Bonaccorso <carnil@debian.org> 2020-08-24 16:17:56 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-08-24 16:17:56 +0200
commit: 9ec1e4c263d8c3936840260dd4ec05ed8a8a9216 (patch)
tree: 2fffd62f666d746eb1c862089a2436dde34762fa /data/CVE/2012.list
parent: c0adeec9dbb1f0c55f961a286d8b3d575b6c2242 (diff)
1 files changed, 113 insertions, 113 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 2a753a17db..373c688e5b 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -61,7 +61,7 @@ CVE-2012-6706 (A VMSF_DELTA memory corruption was discovered in unrar before 5.5
 	- libclamunrar 0.99-4 (bug #867223)
 	[stretch] - libclamunrar 0.99-3+deb9u1
 	[jessie] - libclamunrar 0.99-0+deb8u3
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/9
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/9
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd
 CVE-2012-6705 (Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Stat ...)
@@ -118,12 +118,12 @@ CVE-2012-6696 (inspircd in Debian before 2.0.7 does not properly handle unsigned
 	{DSA-3226-1 DLA-276-1}
 	- inspircd 2.0.16-1 (bug #780880)
 	NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/29/5
 CVE-2012-6697 (InspIRCd before 2.0.7 allows remote attackers to cause a denial of ser ...)
 	{DSA-3226-1 DLA-276-1}
 	- inspircd 2.0.16-1 (bug #780880)
 	NOTE: https://github.com/inspircd/inspircd/commit/58c893e834ff20495d007709220881a3ff13f423
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/29/5
 CVE-2012-6690
 	RESERVED
 CVE-2012-6688
@@ -134,7 +134,7 @@ CVE-2012-6689 (The netlink_sendmsg function in net/netlink/af_netlink.c in the L
 	[wheezy] - linux 3.2.30-1
 	- linux-2.6 <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=848949
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/13
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/13
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef (v3.6-rc5)
 CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause  ...)
 	{DLA-431-1 DLA-430-1}
@@ -143,7 +143,7 @@ CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to c
 	- libfcgi-perl 0.78-2 (bug #815840)
 	[jessie] - libfcgi-perl 0.77-1+deb8u1
 	[wheezy] - libfcgi-perl <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/4
 CVE-2012-XXXX [Insufficient validation of USB device descriptors]
 	- oss4 4.2-build2010-2 (bug #775662)
 	[wheezy] - oss4 <no-dsa> (Minor issue)
@@ -1050,7 +1050,7 @@ CVE-2012-6303 (Heap-based buffer overflow in the GetWavHeader function in generi
 	[squeeze] - snack 2.2.10-dfsg1-9+squeeze1
 	- wavesurfer <not-affected> (originally reported in wavesurfer, but actually a bug in libsnack, see bug #695615)
 	NOTE: http://secunia.com/advisories/49889/
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/10/2
 CVE-2012-6302 (Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soap ...)
 	NOT-FOR-US: Soapbox
 CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote attackers to ca ...)
@@ -1508,7 +1508,7 @@ CVE-2012-6111 (gnome-keyring does not discard stored secrets when using gnome_ke
 	- gnome-keyring 3.8.2-1 (low; bug #697896)
 	[squeeze] - gnome-keyring <no-dsa> (Minor issue)
 	[wheezy] - gnome-keyring <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/11/5
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/11/5
 CVE-2012-6109 (lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x  ...)
 	- ruby-rack 1.4.1-2.1 (bug #698440)
 	- librack-ruby <removed>
@@ -1607,8 +1607,8 @@ CVE-2012-6084 (modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybd
 	{DSA-2612-1}
 	- charybdis 3.3.0-7.1 (bug #697092)
 	- ircd-ratbox 3.0.7.dfsg-3 (bug #697093)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/1
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/2
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/01/2
 CVE-2012-6083 (Freeciv before 2.3.3 allows remote attackers to cause a denial of serv ...)
 	- freeciv 2.3.4-1 (low; bug #696306)
 	[squeeze] - freeciv <no-dsa> (Minor issue)
@@ -1630,13 +1630,13 @@ CVE-2012-6080 (Directory traversal vulnerability in the _do_attachment_move func
 	NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
 CVE-2012-6079 (W3 Total Cache before 0.9.2.5 exposes sensitive cached database inform ...)
 	NOT-FOR-US: W3 Total Cache
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/3
 CVE-2012-6078 (W3 Total Cache before 0.9.2.5 generates hash keys insecurely which all ...)
 	NOT-FOR-US: W3 Total Cache
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/3
 CVE-2012-6077 (W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve pass ...)
 	NOT-FOR-US: W3 Total Cache
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/3
 CVE-2012-6076 (Inkscape before 0.48.4 reads .eps files from /tmp instead of the curre ...)
 	- inkscape 0.48.3.1-1.3 (low; bug #654341)
 	[squeeze] - inkscape <no-dsa> (Minor issue)
@@ -1647,20 +1647,20 @@ CVE-2012-6075 (Buffer overflow in the e1000_receive function in the e1000 device
 	- qemu-kvm 1.1.2+dfsg-4 (bug #696051)
 	- xen 4.1.3-8
 	[squeeze] - xen <not-affected> (In Squeeze the code is in the package xen-qemu-dm-4.0)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/1
 CVE-2012-6074 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenk ...)
 	- jenkins 1.447.2+dfsg-3 (bug #696816)
 	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/28/1
 CVE-2012-6073 (Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS befor ...)
 	- jenkins 1.447.2+dfsg-3 (bug #696816)
 	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/28/1
 CVE-2012-6072 (CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS befo ...)
 	- jenkins 1.447.2+dfsg-3 (bug #696816)
 	- jenkins-winstone 0.9.10-jenkins-37+dfsg-2 (bug #696974)
 	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/28/1
 CVE-2012-6071 (nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. ...)
 	- nusoap 0.7.3-5 (low; bug #696707)
 	[squeeze] - nusoap <no-dsa> (Minor issue)
@@ -2637,7 +2637,7 @@ CVE-2012-5667 (Multiple integer overflows in GNU Grep before 2.11 might allow co
 	[squeeze] - grep 2.6.3-3+squeeze1
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
 	NOTE: patch http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/22/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/22/1
 CVE-2012-5666 (Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js  ...)
 	- owncloud 4.0.8debian-1.3 (bug #696574)
 	[wheezy] - owncloud 4.0.4debian2-3.2
@@ -2648,7 +2648,7 @@ CVE-2012-5664
 	REJECTED
 CVE-2012-5663 (The isearch package (textproc/isearch) before 1.47.01nb1 uses the temp ...)
 	NOT-FOR-US: Isearch
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/21/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/21/1
 CVE-2012-5662 (x3270 before 3.3.12ga12 does not verify that the server hostname match ...)
 	- ibm-3270 3.3.14ga11-1 (bug #706547)
 	[wheezy] - ibm-3270 <no-dsa> (Non-free not supported)
@@ -2664,7 +2664,7 @@ CVE-2012-5658 (rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug
 CVE-2012-5657 (The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Z ...)
 	{DSA-2602-1}
 	- zendframework 1.11.13-1.1 (bug #696483)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/20/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/20/2
 	NOTE: http://framework.zend.com/security/advisory/ZF2012-05
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=889037
 	NOTE: http://secunia.com/advisories/51583
@@ -2791,7 +2791,7 @@ CVE-2012-5618 (Ushahidi before 2.6.1 has insufficient entropy for forgot-passwor
 CVE-2012-5617 (gksu-polkit: permissive PolicyKit policy configuration file allows pri ...)
 	- gksu-polkit <removed> (bug #695807)
 	[squeeze] - gksu-polkit <end-of-life> (Unsupported in squeeze-lts)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/12/8
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/12/8
 CVE-2012-5616 (Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly  ...)
 	NOT-FOR-US: CloudStack
 CVE-2012-5615 (Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.2 ...)
@@ -2810,7 +2810,7 @@ CVE-2012-5614 (Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and Maria
 	[squeeze] - mysql-5.1 5.1.73-1
 	NOTE: https://mariadb.atlassian.net/browse/MDEV-3910
 	NOTE: http://seclists.org/fulldisclosure/2012/Dec/7
-	NOTE: http://www.openwall.com/lists/oss-security/2013/02/28/10
+	NOTE: https://www.openwall.com/lists/oss-security/2013/02/28/10
 CVE-2012-5613
 	- mysql-5.1 <unfixed> (unimportant; bug #695001)
 	- mysql-5.5 <removed> (unimportant; bug #695001)
@@ -2828,23 +2828,23 @@ CVE-2012-5611 (Stack-based buffer overflow in the acl_get function in Oracle MyS
 CVE-2012-5610 (Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud b ...)
 	- owncloud 4.0.8debian-1.1 (bug #693990)
 	[wheezy] - owncloud 4.0.4debian2-3.1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2
 CVE-2012-5609 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud befo ...)
 	- owncloud 4.0.8debian-1.1 (bug #693990)
 	[wheezy] - owncloud 4.0.4debian2-3.1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2
 CVE-2012-5608 (Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/setti ...)
 	- owncloud 4.0.8debian-1.1 (bug #693990)
 	[wheezy] - owncloud 4.0.4debian2-3.1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2
 CVE-2012-5607 (The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4 ...)
 	- owncloud 4.0.8debian-1.1 (bug #693990)
 	[wheezy] - owncloud 4.0.4debian2-3.1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2
 CVE-2012-5606 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
 	- owncloud 4.0.8debian-1.1 (bug #693990)
 	[wheezy] - owncloud 4.0.4debian2-3.1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2
 CVE-2012-5605 (Grinder in Red Hat CloudForms before 1.1 uses world-writable permissio ...)
 	NOT-FOR-US: Red Hat CloudForms
 CVE-2012-5604 (The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when u ...)
@@ -2902,7 +2902,7 @@ CVE-2012-5581 (Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2
 	{DSA-2589-1}
 	- tiff 4.0.2-1 (bug #694693)
 	- tiff3 3.9.6-10
-	NOTE: http://www.openwall.com/lists/oss-security/2012/11/28/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/11/28/1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=867235
 CVE-2012-5580 (Format string vulnerability in the print_proxies function in bin/proxy ...)
 	- libproxy 0.3.1-4 (low)
@@ -2924,7 +2924,7 @@ CVE-2012-5576 (Multiple stack-based buffer overflows in file-xwd.c in the X Wind
 	[squeeze] - gimp 2.6.10-1+squeeze4
 	NOTE: Upstream fix http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=687392
-	NOTE: http://www.openwall.com/lists/oss-security/2012/11/21/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/11/21/2
 CVE-2012-5575 (Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x befo ...)
 	NOT-FOR-US: Apache CXF
 CVE-2012-5574 (lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote a ...)
@@ -4792,12 +4792,12 @@ CVE-2012-4754 (Multiple untrusted search path vulnerabilities in MindManager 201
 CVE-2012-4410
 	REJECTED
 CVE-2012-4753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/05/17
 	NOTE: False assignment, will be rejected, see #688123
 CVE-2012-4752 (appconfig.php in ownCloud before 4.0.6 does not properly restrict acce ...)
 	- owncloud 4.0.7debian-1
 	[wheezy] - owncloud 4.0.4debian2-2
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/05/17
 CVE-2012-4751 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
 	- otrs2 3.1.7+dfsg1-6
 	[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
@@ -5555,7 +5555,7 @@ CVE-2012-4437 (Cross-site scripting (XSS) vulnerability in the SmartyException c
 	- smarty <removed> (bug #702710)
 	[squeeze] - smarty 2.6.26-0.2+squeeze1
 	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/19/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/19/1
 	NOTE: http://secunia.com/advisories/50589/
 	NOTE: http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt
 	NOTE: http://code.google.com/p/smarty-php/source/detail?r=4658
@@ -5613,7 +5613,7 @@ CVE-2012-4426 (Multiple format string vulnerabilities in mcrypt 2.6.8 and earlie
 	[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)
 CVE-2012-4425 (libgio, when used in setuid or other privileged programs in spice-gtk  ...)
 	- spice-gtk 0.12-5 (bug #689155)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/13/18
 CVE-2012-4424 (Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library ...)
 	{DLA-165-1}
 	- eglibc <removed>
@@ -5623,7 +5623,7 @@ CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before 0.
 	- libvirt 0.9.12-5 (bug #687598)
 	[squeeze] - libvirt <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=857133
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/11
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/13/11
 CVE-2012-4422 (wp-admin/plugins.php in WordPress before 3.4.2, when the multisite fea ...)
 	- wordpress 3.4.2+dfsg-1
 CVE-2012-4421 (The create_post function in wp-includes/class-wp-atom-server.php in Wo ...)
@@ -5633,7 +5633,7 @@ CVE-2012-4420 (An information disclosure flaw was found in the way the Java Virt
 CVE-2012-4419 (The compare_tor_addr_to_addr_policy function in or/policies.c in Tor b ...)
 	{DSA-2548-1}
 	- tor 0.2.3.22-rc-1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/5
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/12/5
 	NOTE: https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
 	NOTE: https://gitweb.torproject.org/tor.git/commitdiff/973c18bf0e84d14d8006a9ae97fde7f7fb97e404
 	NOTE: https://gitweb.torproject.org/tor.git/commitdiff/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5
@@ -5656,7 +5656,7 @@ CVE-2012-4414 (Multiple SQL injection vulnerabilities in the replication code in
 	- mysql-5.5 5.5.30+dfsg-1 (bug #687485)
 CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens when g ...)
 	- keystone 2012.1.1-6 (bug #687428)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/7
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/12/7
 CVE-2012-4412 (Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc ...)
 	{DLA-165-1}
 	- eglibc <removed>
@@ -5750,32 +5750,32 @@ CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not proper
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
 CVE-2012-4381 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in t ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
 CVE-2012-4380 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attack ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39824
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
 CVE-2012-4379 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a rest ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39180
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
 CVE-2012-4378 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki befor ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=37587
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
 CVE-2012-4377 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 an ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <not-affected> (Introduced in 1.16)
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39700
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
 CVE-2012-4376
 	RESERVED
 CVE-2012-4375
@@ -6628,14 +6628,14 @@ CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.
 	- wireshark 1.8.2-1
 	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2012-12.html
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/2
 CVE-2012-4048 (The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9 ...)
 	{DSA-2590-1}
 	- wireshark 1.8.2-1 (bug #680056)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2012-11.html
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/2
 CVE-2012-4033 (Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin be ...)
 	NOT-FOR-US: Zingiri not in Debian
 CVE-2012-4032 (Open redirect vulnerability in the login page in WebsitePanel before 1 ...)
@@ -6704,12 +6704,12 @@ CVE-2012-4003 (Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJE
 	- glpi 0.83.31-1 (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
 	NOTE: https://forge.indepnet.net/projects/glpi/versions/771
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/13/1
 CVE-2012-4002 (Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI b ...)
 	- glpi 0.83.31-1 (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
 	NOTE: https://forge.indepnet.net/projects/glpi/versions/771
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/13/1
 CVE-2012-4001 (The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server d ...)
 	NOT-FOR-US: mod_pagespeed
 CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var f ...)
@@ -7847,7 +7847,7 @@ CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privilege
 	- glib2.0 2.33.12+really2.32.4-2
 	[squeeze] - glib2.0 <not-affected> (Vulnerable code not present)
 	NOTE: fixed in 2.34.0-1 from experimental
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/12/6
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=697105
 	NOTE: http://stealth.openwall.net/null/dzug.c
 CVE-2012-3523 (The STARTTLS implementation in nnrpd in INN before 2.5.3 does not prop ...)
@@ -7985,7 +7985,7 @@ CVE-2012-3482 (Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in
 CVE-2012-3481 (Integer overflow in the ReadImage function in plug-ins/common/file-gif ...)
 	- gimp 2.8.2-1 (bug #685397)
 	[squeeze] - gimp 2.6.10-1+squeeze4
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/20/8
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/20/8
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=776572
 CVE-2012-3480 (Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, ...)
 	{DLA-165-1}
@@ -7995,8 +7995,8 @@ CVE-2012-3479 (lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically e
 	{DSA-2603-1}
 	- emacs23 23.4+1-4 (bug #684695)
 	- emacs24 24.2+1-1 (bug #684694)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/13/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/13/2
 CVE-2012-3478 (rssh 2.3.3 and earlier allows local users to bypass intended restricte ...)
 	{DSA-2530-1}
 	- rssh 2.3.3-5
@@ -8039,7 +8039,7 @@ CVE-2012-3464 (Cross-site scripting (XSS) vulnerability in activesupport/lib/act
 CVE-2012-3463 (Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...)
 	- rails <not-affected> (Only affects RoR 3.x)
 	- ruby-actionpack-3.2 3.2.6-4 (bug #684454)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/09/8
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/09/8
 CVE-2012-3462 (A flaw was found in SSSD version 1.9.0. The SSSD's access-provider log ...)
 	- sssd 1.10.0-1
 	NOTE: https://pagure.io/SSSD/sssd/issue/1470
@@ -8078,8 +8078,8 @@ CVE-2012-3450 (pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5
 	- php5 5.4.4-1 (bug #683694)
 	NOTE: http://seclists.org/bugtraq/2012/Jun/60
 	NOTE: https://bugs.php.net/bug.php?id=61755
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/3
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/7
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/02/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/02/7
 CVE-2012-3449 (Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/op ...)
 	- openvswitch 1.4.2+git20120612-8 (bug #683665)
 CVE-2012-3448 (Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote at ...)
@@ -8098,20 +8098,20 @@ CVE-2012-3444 (The get_image_dimensions function in the image-handling functiona
 	{DSA-2529-1}
 	- python-django 1.4.1-1 (bug #683364)
 	NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/2
 CVE-2012-3443 (The django.forms.ImageField class in the form system in Django before  ...)
 	{DSA-2529-1}
 	- python-django 1.4.1-1 (bug #683364)
 	NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/2
 CVE-2012-3442 (The (1) django.http.HttpResponseRedirect and (2) django.http.HttpRespo ...)
 	{DSA-2529-1}
 	- python-django 1.4.1-1 (bug #683364)
 	NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/2
 CVE-2012-3441 (The database creation script (module/idoutils/db/scripts/create_mysqld ...)
 	- icinga <not-affected> (Debian uses dbconfig, which does the right thing, bug #683320)
 CVE-2012-3440 (A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (R ...)
@@ -8146,7 +8146,7 @@ CVE-2012-3430 (The rds_recvmsg function in net/rds/recv.c in the Linux kernel be
 	- linux 3.2.29-1
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 2.6.32-36
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/26/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/26/3
 CVE-2012-3429 (The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb ...)
 	NOT-FOR-US: Dynamic LDAP backend plugin for BIND
 CVE-2012-3428 (The IronJacamar container before 1.0.12.Final for JBoss Application Se ...)
@@ -8190,7 +8190,7 @@ CVE-2012-3414 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFU
 	NOTE: https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/
 CVE-2012-3413 (The HTMLQuoteColorer::process function in messageviewer/htmlquotecolor ...)
 	- kdepim <not-affected> (Only affects kdepim >= 4.6)
-	NOTE: CVE-request http://www.openwall.com/lists/oss-security/2012/07/13/3
+	NOTE: CVE-request https://www.openwall.com/lists/oss-security/2012/07/13/3
 	NOTE: https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1022690
 CVE-2012-3412 (The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before  ...)
@@ -8216,16 +8216,16 @@ CVE-2012-3408 (lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Pupp
 	NOTE: Fixed in 2.7.18 by updated docs
 CVE-2012-3407 (plow has local buffer overflow vulnerability ...)
 	NOT-FOR-US: plow
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/6
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/16
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/16
 CVE-2012-3406 (The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka ...)
 	{DSA-3169-1 DLA-165-1}
 	- eglibc <removed>
 	- glibc 2.19-14 (low; bug #681888)
 	NOTE: Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5985c6ea868db23380977a35a2167549f9a3653b
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=826943
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/5
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/17
 CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...)
 	{DLA-165-1}
 	- glibc 2.13-35 (low; bug #681473)
@@ -8234,8 +8234,8 @@ CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C
 	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a4647e727a2a52e1259474c13f4b13288938bed4
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833704
 	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1d498daa95384e5c9ad5bcb35e7a996e5869ac39
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/5
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/17
 CVE-2012-3404 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...)
 	- glibc 2.13-35 (low; bug #681473)
 	- eglibc 2.13-35 (low; bug #681473)
@@ -8243,8 +8243,8 @@ CVE-2012-3404 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12445
 	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=84a4211850e3d23a9d3a4f3b294752a3b30bc0ff
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833703
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/5
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/17
 CVE-2012-3403 (Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP ...)
 	- gimp 2.8.2-1 (bug #685397)
 	[squeeze] - gimp 2.6.10-1+squeeze4
@@ -8309,16 +8309,16 @@ CVE-2012-3386 (The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.
 	[squeeze] - automake1.9 1.9.6+nogfdl-3.1+squeeze1
 CVE-2012-3385 (WordPress before 3.4.1 does not properly restrict access to post conte ...)
 	- wordpress 3.4.1+dfsg-1 (bug #680721)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/02/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/08/1
 CVE-2012-3384 (Cross-site request forgery (CSRF) vulnerability in the customizer in W ...)
 	- wordpress 3.4.1+dfsg-1 (bug #680721)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/02/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/08/1
 CVE-2012-3383 (The map_meta_cap function in wp-includes/capabilities.php in WordPress ...)
 	- wordpress 3.4.1+dfsg-1 (bug #680721)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/02/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/08/1
 CVE-2012-3382 (Cross-site scripting (XSS) vulnerability in the ProcessRequest functio ...)
 	{DSA-2512-1}
 	- mono 2.10.8.1-5 (bug #681095)
@@ -8328,8 +8328,8 @@ CVE-2012-3381 (sfcb in sblim-sfcb places a zero-length directory name in the LD_
 	NOT-FOR-US: sblim-sfcb
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=770234
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=838160
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/7
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/8
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/06/7
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/06/8
 CVE-2012-3380 (Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Nax ...)
 	- nginx 1.2.1-2
 	[squeeze] - nginx <not-affected> (naxsi package was introduced in 1.1.18-1)
@@ -8362,7 +8362,7 @@ CVE-2012-3372 (** DISPUTED ** The default configuration of Cyberoam UTM applianc
 	NOTE: http://seclists.org/bugtraq/2012/Jul/20
 CVE-2012-3371 (The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Ess ...)
 	- nova 2012.1.1-5 (bug #681301)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/13
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/13
 	NOTE: https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d
 	NOTE: https://github.com/openstack/nova/commit/25f5bd31805bd21d7b7e3583c775252aa8f737e9
 	NOTE: https://bugs.launchpad.net/nova/+bug/1017795
@@ -8405,7 +8405,7 @@ CVE-2012-3359 (Luci in Red Hat Conga stores the user's username and password in
 CVE-2012-3358 (Multiple heap-based buffer overflows in the j2k_read_sot function in j ...)
 	{DSA-2629-1}
 	- openjpeg 1.3+dfsg-4.4 (bug #681075)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/1
 	NOTE: Upstream patch: http://code.google.com/p/openjpeg/source/detail?r=1727
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835767
 CVE-2012-3357 (The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1. ...)
@@ -8428,7 +8428,7 @@ CVE-2012-3355 ((1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) Lyric
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835076
 CVE-2012-3354 (doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain P ...)
 	- dokuwiki 0.0.20130510a-1 (unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/24/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/24/2
 CVE-2012-3353 (The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling J ...)
 	NOT-FOR-US: Apache Sling
 CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open ...)
@@ -8450,7 +8450,7 @@ CVE-2012-3346
 	RESERVED
 CVE-2012-3345 (ioquake3 before r2253 allows local users to overwrite arbitrary files  ...)
 	- ioquake3 1.36+svn2224-4
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/15/3
 CVE-2012-3344
 	RESERVED
 CVE-2012-3343 (Cross-site request forgery (CSRF) vulnerability in Microdasys before 3 ...)
@@ -9816,7 +9816,7 @@ CVE-2012-2764 (Untrusted search path vulnerability in Google Chrome before 20.0.
 CVE-2012-2763 (Buffer overflow in the readstr_upto function in plug-ins/script-fu/tin ...)
 	- gimp 2.8.0-1 (unimportant)
 	NOTE: Only exploitable in rare/theoretical setups
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/31/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/31/1
 	NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html
 	NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfubof.c
 CVE-2012-2762 (SQL injection vulnerability in include/functions_trackbacks.inc.php in ...)
@@ -9846,8 +9846,8 @@ CVE-2012-2751 (ModSecurity before 2.6.6, when used with PHP, does not properly h
 	{DSA-2506-1}
 	- modsecurity-apache 2.6.6-1 (bug #678527)
 	- libapache-mod-security <removed> (bug #678529)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/2
 CVE-2012-2750 (Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown imp ...)
 	{DSA-2780-1}
 	- mysql-5.5 5.5.23-1
@@ -9875,11 +9875,11 @@ CVE-2012-2744 (net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel befor
 CVE-2012-2743 (Revelation 0.4.13-2 and earlier does not iterate through SHA hashing a ...)
 	- revelation 0.4.11-10 (low; bug #633088)
 	[squeeze] - revelation <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/18/1
 CVE-2012-2742 (Revelation 0.4.13-2 and earlier uses only the first 32 characters of a ...)
 	- revelation 0.4.11-10 (bug #633088)
 	[squeeze] - revelation <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/18/1
 CVE-2012-2741 (Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ i ...)
 	- phplist <itp> (bug #612288)
 CVE-2012-2740 (SQL injection vulnerability in public_html/lists/admin in phpList befo ...)
@@ -9890,15 +9890,15 @@ CVE-2012-2739 (Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build
 	NOTE: Upstream disputes this and states it needs to be fixed in Java apps itself
 	NOTE: http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
 	NOTE: http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/12
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/17/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/15/12
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/17/1
 CVE-2012-2738 (The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote au ...)
 	- vte 1:0.28.2-5 (bug #677717)
 	- vte3 1:0.32.2-1
 	[squeeze] - vte 1:0.24.3-4
 CVE-2012-2737 (The user_change_icon_file_authorized_cb function in /usr/libexec/accou ...)
 	- accountsservice 0.6.21-6 (bug #679429)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/28/9
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/28/9
 	NOTE: http://cgit.freedesktop.org/accountsservice/commit/?id=69b526a6cd4c078732068de2ba393cf9242a404b
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=832532
 CVE-2012-2736 (In NetworkManager 0.9.2.0, when a new wireless network was created wit ...)
@@ -10007,8 +10007,8 @@ CVE-2012-2690 (virt-edit in libguestfs before 1.18.0 does not preserve the permi
 	NOTE: Upstream patch https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html
 	NOTE: https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=788642
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/5
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/11/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/11/5
 CVE-2012-2689
 	RESERVED
 CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function in the s ...)
@@ -10798,7 +10798,7 @@ CVE-2012-2353 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote au
 CVE-2012-2352 (The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in ...)
 	{DSA-2477-1}
 	- sympa 6.1.11~dfsg-1 (bug #672893; high)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/12/8
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/12/8
 CVE-2012-2351 (The default configuration of the auth/saml plugin in Mahara before 1.4 ...)
 	{DSA-2467-1}
 	- mahara 1.4.2-1
@@ -10822,23 +10822,23 @@ CVE-2012-2343
 CVE-2012-2342
 	REJECTED
 CVE-2012-2341 (Cross-site request forgery (CSRF) vulnerability in the Take Control mo ...)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/2
 	NOT-FOR-US: Drupal Take Control
 CVE-2012-2340 (The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not sp ...)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/2
 	NOT-FOR-US: Drupal Contact Forms
 CVE-2012-2339 (Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1. ...)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/2
 	NOT-FOR-US: Drupal Glossary
 CVE-2012-2338 (SQL injection vulnerability in includes/picture.class.php in Galette 0 ...)
 	NOT-FOR-US: Galette
 	NOTE: http://redmine.ulysses.fr/issues/250
 	NOTE: http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/5
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/5
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/1
 CVE-2012-2337 (sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does no ...)
 	{DSA-2478-1}
 	- sudo 1.8.3p2-1.1 (bug #673766)
@@ -10882,15 +10882,15 @@ CVE-2012-2328 (internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Ins
 CVE-2012-2327 (MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obt ...)
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/07/14
 CVE-2012-2326 (Cross-site scripting (XSS) vulnerability in the Admin Control Panel (A ...)
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/07/14
 CVE-2012-2325 (SQL injection vulnerability in the User Inline Moderation feature in t ...)
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/07/14
 CVE-2012-2324 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) b ...)
 	NOT-FOR-US: MyBB
 CVE-2012-2323
@@ -11289,7 +11289,7 @@ CVE-2012-2153 (Drupal 7.x before 7.14 does not properly restrict access to nodes
 CVE-2012-2152 (Stack-based buffer overflow in the get_packet method in socket.c in dh ...)
 	{DSA-2498-1}
 	- dhcpcd 1:3.2.3-11 (bug #671265)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/02/4
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/02/4
 CVE-2012-2151 (Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x befo ...)
 	{DSA-2461-1}
 	- spip 2.1.13-1 (low; bug #671264)
@@ -13544,11 +13544,11 @@ CVE-2012-1185 (Multiple integer overflows in (1) magick/profile.c or (2) magick/
 CVE-2012-1184 (Stack-based buffer overflow in the ast_parse_digest function in main/u ...)
 	- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
 	[squeeze] - asterisk <not-affected> (HTTP digest authentication code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
+	NOTE: https://www.openwall.com/lists/oss-security/2012/03/16/10
 CVE-2012-1183 (Stack-based buffer overflow in the milliwatt_generate function in the  ...)
 	{DSA-2460-1}
 	- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
+	NOTE: https://www.openwall.com/lists/oss-security/2012/03/16/10
 CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14 ...)
 	{DSA-2450-1}
 	- samba 2:3.6.4-1 (bug #668309)
@@ -13570,14 +13570,14 @@ CVE-2012-1178 (The msn_oim_report_to_user function in oim.c in the MSN protocol
 CVE-2012-1177 (libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL  ...)
 	{DSA-2482-1}
 	- libgdata 0.10.2-1 (bug #664032)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/03/14/3
 CVE-2012-1176 (Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi b ...)
 	- pyfribidi 0.11.0-1 (bug #663189)
 	[squeeze] - pyfribidi <no-dsa> (Minor issue)
 CVE-2012-1175 (Integer overflow in the GnashImage::size method in libbase/GnashImage. ...)
 	{DSA-2435-1}
 	- gnash 0.8.10-5 (bug #664023)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/5
+	NOTE: https://www.openwall.com/lists/oss-security/2012/03/14/5
 CVE-2012-1174 (The rm_rf_children function in util.c in the systemd-logind login mana ...)
 	- systemd 44-1 (bug #664364)
 CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow r ...)
@@ -13605,12 +13605,12 @@ CVE-2012-1166 (The default keybindings for wwm in LTSP Display Manager (ldm) 2.2
 CVE-2012-1165 (The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL befor ...)
 	{DSA-2454-1}
 	- openssl 1.0.0h-1 (low; bug #663642)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/03/12/3
 CVE-2012-1164 (slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a den ...)
 	{DLA-203-1}
 	- openldap 2.4.31-1 (low; bug #663644)
 	[squeeze] - openldap <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/4
+	NOTE: https://www.openwall.com/lists/oss-security/2012/03/12/4
 CVE-2012-1163 (Integer overflow in the _zip_readcdir function in zip_open.c in libzip ...)
 	- libzip 0.10.1-1 (bug #664990)
 	[squeeze] - libzip <not-affected> (Only affects 0.10.x)
@@ -14149,7 +14149,7 @@ CVE-2012-0947 (Heap-based buffer overflow in the vqa_decode_chunk function in th
 	- libav 6:0.8.2-1
 	- ffmpeg 7:2.4.1-1
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/03/4
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/03/4
 CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access arbi ...)
 	- nvidia-graphics-drivers 295.40-1
 	[squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1
@@ -14283,7 +14283,7 @@ CVE-2012-0908 (Cross-site scripting (XSS) vulnerability in logout.php in SimpleS
 CVE-2012-0884 (The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 i ...)
 	{DSA-2454-1}
 	- openssl 1.0.0h-1 (low)
-	NOTE: "If a Linux distribution picks up the fix for CVE-2012-0884 then they will want to pick up change 22161 at the same time" -- http://www.openwall.com/lists/oss-security/2012/03/23/12
+	NOTE: "If a Linux distribution picks up the fix for CVE-2012-0884 then they will want to pick up change 22161 at the same time" -- https://www.openwall.com/lists/oss-security/2012/03/23/12
 CVE-2012-0883 (envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 place ...)
 	- apache2 <not-affected> (LD_LIBRARY_PATH not set in debian package)
 CVE-2012-0882 (Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other v ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2020-08-24 16:17:56 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-08-24 16:17:56 +0200
commit	9ec1e4c263d8c3936840260dd4ec05ed8a8a9216 (patch)
tree	2fffd62f666d746eb1c862089a2436dde34762fa /data/CVE/2012.list
parent	c0adeec9dbb1f0c55f961a286d8b3d575b6c2242 (diff)