diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-24 16:17:56 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-24 16:17:56 +0200 |
commit | 9ec1e4c263d8c3936840260dd4ec05ed8a8a9216 (patch) | |
tree | 2fffd62f666d746eb1c862089a2436dde34762fa /data/CVE/2013.list | |
parent | c0adeec9dbb1f0c55f961a286d8b3d575b6c2242 (diff) |
Use HTTPS transport for www.openwall.com/lists/oss-security URLs
Diffstat (limited to 'data/CVE/2013.list')
-rw-r--r-- | data/CVE/2013.list | 126 |
1 files changed, 63 insertions, 63 deletions
diff --git a/data/CVE/2013.list b/data/CVE/2013.list index d9de6da437..ba6019364e 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -87,7 +87,7 @@ CVE-2013-7459 (Heap-based buffer overflow in the ALGnew function in block_templa CVE-2013-7458 (linenoise, as used in Redis before 3.2.3, uses world-readable permissi ...) {DSA-3634-1 DLA-577-1} - redis 2:3.2.1-4 (bug #832460) - NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/1 + NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/1 CVE-2013-7457 (Unspecified vulnerability in the Qualcomm components in Android before ...) NOT-FOR-US: Qualcomm components for Android CVE-2013-7456 (gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1 ...) @@ -100,7 +100,7 @@ CVE-2013-7456 (gd_interpolation.c in the GD Graphics Library (aka libgd) before NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd NOTE: PHP bug: https://bugs.php.net/bug.php?id=72227 NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36 - NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3 + NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3 CVE-2013-7455 (Double free vulnerability in the DefaultICCintents function in cmscnvr ...) - lcms2 2.6-1 [wheezy] - lcms2 <not-affected> (vulnerable code not present, no cmsPipelineFree(Lut); in Error:-part) @@ -120,7 +120,7 @@ CVE-2013-7448 (Directory traversal vulnerability in wiki.c in didiwiki allows re {DSA-3485-1 DLA-424-1} - didiwiki 0.5-12 (bug #815111) NOTE: https://github.com/OpenedHand/didiwiki/pull/1/files - NOTE: http://www.openwall.com/lists/oss-security/2016/02/19/4 + NOTE: https://www.openwall.com/lists/oss-security/2016/02/19/4 CVE-2013-7447 (Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gd ...) {DLA-419-1} - gtk+2.0 2.24.30-1.1 (bug #799275) @@ -136,7 +136,7 @@ CVE-2013-7446 (Use-after-free vulnerability in net/unix/af_unix.c in the Linux k - linux-2.6 <removed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1273845 NOTE: https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8 - NOTE: http://www.openwall.com/lists/oss-security/2015/11/18/9 + NOTE: https://www.openwall.com/lists/oss-security/2015/11/18/9 NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec0d215f9420564fc8286dcf93d2d068bb53a07e (v2.6.26-rc9) NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c (v4.4-rc4) CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel throu ...) @@ -161,7 +161,7 @@ CVE-2013-7443 (Buffer overflow in the skip-scan optimization in SQLite 3.8.2 all NOTE: Fixed by: https://www.sqlite.org/src/info/ac5852d6403c9c96 NOTE: Introduced by: https://www.sqlite.org/src/info/b0bb975c0986fe01 NOTE: https://www.sqlite.org/src/info/520070ec7fbaac - NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/5 + NOTE: https://www.openwall.com/lists/oss-security/2015/07/14/5 CVE-2013-7442 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...) NOT-FOR-US: GE Healthcare Centricity PACS Workstation CVE-2013-7440 (The ssl.match_hostname function in CPython (aka Python) before 2.7.9 a ...) @@ -186,7 +186,7 @@ CVE-2013-7439 (Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLe - libx11 2:1.6.0-1 NOTE: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=56508 - NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/4 + NOTE: https://www.openwall.com/lists/oss-security/2015/04/08/4 NOTE: The following packages will be recompiled after the release of NOTE: the DSA for wheezy and the DLA for squeeze: NOTE: libxrender (1:0.9.7-1+deb7u2 / 0.9.6-1+squeeze1+build1) @@ -209,7 +209,7 @@ CVE-2013-7441 (The modern style negotiation in Network Block Device (nbd-server) {DSA-3271-1} - nbd 1:3.4-1 (bug #781547) [squeeze] - nbd <not-affected> (Named export introduced in 2.9.17) - NOTE: http://www.openwall.com/lists/oss-security/2015/05/19/6 + NOTE: https://www.openwall.com/lists/oss-security/2015/05/19/6 CVE-2013-7435 (The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2. ...) NOT-FOR-US: Evergreen library CVE-2013-7434 @@ -232,12 +232,12 @@ CVE-2013-7436 (noVNC before 0.5 does not set the secure flag for a cookie in an - novnc 1:0.4+dfsg+1+20131010+gitf68af8af3d-4 (bug #778618) [wheezy] - novnc <not-affected> (Only an issue in combination with later OpenStack components) NOTE: https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd - NOTE: http://www.openwall.com/lists/oss-security/2015/02/17/1 + NOTE: https://www.openwall.com/lists/oss-security/2015/02/17/1 CVE-2013-7425 RESERVED CVE-2013-XXXX [TOCTOU race when expanding JAR files] - libbluray 0.7.0-1 (unimportant) - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/9 + NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/06/9 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=959433 NOTE: libbluray is only in wheezy and later and the issue is neutered by the kernel hardening for /tmp NOTE: Affected code removed in 0.7.0-1 @@ -246,7 +246,7 @@ CVE-2013-7437 (Multiple integer overflows in potrace 1.11 allow remote attackers - potrace 1.12-1 (bug #778646) [squeeze] - potrace <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=955808 - NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/12 + NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/12 CVE-2013-7449 (The ssl_do_connect function in common/server.c in HexChat before 2.10. ...) - xchat 2.8.8-10 (bug #776609) [jessie] - xchat <no-dsa> (Minor issue) @@ -276,7 +276,7 @@ CVE-2013-7423 (The send_dg function in resolv/res_send.c in GNU C Library (aka g - eglibc <removed> NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f9d2d03254a58d92635a311a42253eeed5a40a47 NOTE: Upstream report: https://sourceware.org/bugzilla/show_bug.cgi?id=15946 - NOTE: http://www.openwall.com/lists/oss-security/2015/01/28/16 + NOTE: https://www.openwall.com/lists/oss-security/2015/01/28/16 CVE-2013-7421 (The Crypto API in the Linux kernel before 3.18.5 allows local users to ...) {DSA-3170-1} - linux 3.16.7-ckt4-2 @@ -290,7 +290,7 @@ CVE-2013-7422 (Integer underflow in regcomp.c in Perl before 5.20, as used in Ap [wheezy] - perl <no-dsa> (Minor issue) [squeeze] - perl <no-dsa> (Minor issue) NOTE: https://rt.perl.org/Public/Bug/Display.html?id=119505 - NOTE: http://www.openwall.com/lists/oss-security/2015/01/23/9 + NOTE: https://www.openwall.com/lists/oss-security/2015/01/23/9 CVE-2013-XXXX [lhasa: several directory traversal vulnerabilities] - lhasa 0.2.0-1 [wheezy] - lhasa <no-dsa> (Minor issue) @@ -577,7 +577,7 @@ CVE-2013-7338 (Python before 3.3.4 RC1 allows remote attackers to cause a denial CVE-2013-XXXX [libclamunrar: double-free error libclamunrar_iface/unrar_iface.c] - libclamunrar 0.97.7+dfsg-1 (bug #770647) [wheezy] - libclamunrar <no-dsa> (Non-free not supported, also minor issue) - NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6 + NOTE: https://www.openwall.com/lists/oss-security/2013/11/29/6 CVE-2013-XXXX [staden-io-lib buffer overflow] - staden-io-lib 1.13.3-2 (low; bug #729276) [squeeze] - staden-io-lib <no-dsa> (Minor issue) @@ -1194,7 +1194,7 @@ CVE-2013-7108 (Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earli [squeeze] - nagios3 <no-dsa> (Minor issue) [wheezy] - nagios3 <no-dsa> (Minor issue) NOTE: https://dev.icinga.org/issues/5251 - NOTE: separate CVE requested for nagios, http://www.openwall.com/lists/oss-security/2013/12/23/4 + NOTE: separate CVE requested for nagios, https://www.openwall.com/lists/oss-security/2013/12/23/4 NOTE: Fixed by https://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/ CVE-2013-7107 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1 ...) {DSA-2956-1} @@ -1356,7 +1356,7 @@ CVE-2013-7060 (Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allow NOT-FOR-US: Plone CVE-2013-7049 (Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as ...) NOTE: vulnerable code not found in Debian - NOTE: http://www.openwall.com/lists/oss-security/2013/12/11/14 + NOTE: https://www.openwall.com/lists/oss-security/2013/12/11/14 NOT-FOR-US: FiSH Plugin for ZNC IRC Bouncer CVE-2013-7048 (OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlie ...) - nova 2013.2.2 (bug #732022) @@ -7467,7 +7467,7 @@ CVE-2013-4550 (Bip before 0.8.9, when running as a daemon, writes SSL handshake [squeeze] - bip <no-dsa> (Minor issue) NOTE: Upstream commit: https://projects.duckcorp.org/projects/bip/repository/revisions/df45c4c2d6f892e3e1dec23ce0ed2575b53a7d8c NOTE: https://projects.duckcorp.org/issues/261 - NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: http://www.openwall.com/lists/oss-security/2014/01/02/9 + NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: https://www.openwall.com/lists/oss-security/2014/01/02/9 CVE-2013-4549 (QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers t ...) - qtbase-opensource-src 5.1.1+dfsg-6 - qt4-x11 4:4.8.5+git192-g085f851+dfsg-1 (low; bug #750141) @@ -7688,7 +7688,7 @@ CVE-2013-4509 (The default configuration of IBUS 1.5.4, and possibly 1.5.2 and e - ibus-chewing 1.4.3-4 (low; bug #730781) [wheezy] - ibus-chewing <not-affected> (Only in combination with Ibus 1.5.4, which is not in stable) [squeeze] - ibus-chewing <not-affected> (Only in combination with Ibus 1.5.4, which is not in oldstable) - NOTE: http://www.openwall.com/lists/oss-security/2013/11/04/2 + NOTE: https://www.openwall.com/lists/oss-security/2013/11/04/2 NOTE: This is rather a bug in the various IBus engines not in ibus itself, asked maintainers to investigate affected engines, NOTE: can be assigned to affected engines once more info is available NOTE: Introduced in 1.5, so stable/oldstable not affected @@ -8244,7 +8244,7 @@ CVE-2013-4350 (The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kern - linux-2.6 <not-affected> (Vulnerable code not present) - linux 3.11.5-1 [wheezy] - linux 3.2.53-1 - NOTE: http://www.openwall.com/lists/oss-security/2013/09/13/2 + NOTE: https://www.openwall.com/lists/oss-security/2013/09/13/2 NOTE: http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=95ee62083cb6453e056562d91f597552021e6ae7 CVE-2013-4349 REJECTED @@ -8255,12 +8255,12 @@ CVE-2013-4348 (The skb_flow_dissect function in net/core/flow_dissector.c in the CVE-2013-4347 (The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier func ...) - python-oauth2 <removed> (low; bug #722657) [wheezy] - python-oauth2 <no-dsa> (Minor issue) - NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5 + NOTE: https://www.openwall.com/lists/oss-security/2013/09/12/5 NOTE: https://github.com/simplegeo/python-oauth2/issues/9 CVE-2013-4346 (The Server.verify_request function in SimpleGeo python-oauth2 does not ...) - python-oauth2 <removed> (low; bug #722656) [wheezy] - python-oauth2 <no-dsa> (Minor issue) - NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5 + NOTE: https://www.openwall.com/lists/oss-security/2013/09/12/5 NOTE: https://github.com/simplegeo/python-oauth2/issues/129 CVE-2013-4345 (Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c ...) {DSA-2906-1} @@ -8360,7 +8360,7 @@ CVE-2013-4319 (pbs_mom in Terascale Open-Source Resource and Queue Manager (aka NOTE: http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html CVE-2013-4318 (File injection vulnerability in Ruby gem Features 0.3.0 allows remote ...) NOT-FOR-US: Ruby gem Features - NOTE: http://www.openwall.com/lists/oss-security/2013/09/09/9 + NOTE: https://www.openwall.com/lists/oss-security/2013/09/09/9 CVE-2013-4317 (In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API ...) NOT-FOR-US: CloudStack CVE-2013-4316 (Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation ...) @@ -13634,7 +13634,7 @@ CVE-2013-2221 (Heap-based buffer overflow in the ZRtp::storeMsgTemp function in CVE-2013-2220 (Buffer overflow in the radius_get_vendor_attr function in the Radius e ...) {DSA-2726-1} - php-radius 1.2.5-2.4 (bug #714362) - NOTE: http://www.openwall.com/lists/oss-security/2013/06/28/2 + NOTE: https://www.openwall.com/lists/oss-security/2013/06/28/2 CVE-2013-2219 (The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server ...) - 389-ds-base 1.3.2.9-1 (bug #718325) CVE-2013-2218 (Double free vulnerability in the virConnectListAllInterfaces method in ...) @@ -13757,7 +13757,7 @@ CVE-2013-2186 (The DiskFileItem class in Apache Commons FileUpload, as used in R CVE-2013-2185 (** DISPUTED ** The readObject method in the DiskFileItem class in Apac ...) NOT-FOR-US: Red Hat JBoss Enterprise Application Platform NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=974813 - NOTE: http://www.openwall.com/lists/oss-security/2013/09/05/4 + NOTE: https://www.openwall.com/lists/oss-security/2013/09/05/4 CVE-2013-2184 (Movable Type before 5.2.6 does not properly use the Storable::thaw fun ...) {DSA-3183-1} - movabletype-opensource 5.2.7+dfsg-1 (bug #712602) @@ -13780,7 +13780,7 @@ CVE-2013-2179 (X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when perfo - xdm <not-affected> (Not affected when PAM is used) [squeeze] - xdm <not-affected> (same as above and glibc too old) [wheezy] - xdm <not-affected> (same as above and glibc too old) - NOTE: http://www.openwall.com/lists/oss-security/2013/06/11/5 + NOTE: https://www.openwall.com/lists/oss-security/2013/06/11/5 CVE-2013-2178 (The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and ap ...) {DSA-2708-1} - fail2ban 0.8.10-1 @@ -13942,7 +13942,7 @@ CVE-2013-2127 (Buffer overflow in the exposure correction code in LibRaw before - libraw <not-affected> (Only affects 0.15, 0.15 was only in experimental) - libkdcraw <not-affected> (embeds libraw 0.14) - darktable <not-affected> (embeds libraw 0.14) - NOTE: http://www.openwall.com/lists/oss-security/2013/05/28/3 + NOTE: https://www.openwall.com/lists/oss-security/2013/05/28/3 NOTE: https://github.com/LibRaw/LibRaw/commit/2f912f5b33582961b1cdbd9fd828589f8b78f21d CVE-2013-2126 (Multiple double free vulnerabilities in the LibRaw::unpack function in ...) - libraw 0.15.3-1 (low; bug #710353) @@ -13954,11 +13954,11 @@ CVE-2013-2126 (Multiple double free vulnerabilities in the LibRaw::unpack functi NOTE: Not suitable for code injection, no security impact for an enduser application like Darktable - kdegraphics <removed> [squeeze] - kdegraphics <not-affected> (embedded version of kdcraw+libraw too old) - NOTE: http://www.openwall.com/lists/oss-security/2013/05/28/3 + NOTE: https://www.openwall.com/lists/oss-security/2013/05/28/3 NOTE: https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6 CVE-2013-2125 (OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which al ...) - opensmtpd 5.3.3p1-1 - NOTE: http://www.openwall.com/lists/oss-security/2013/05/18/8 + NOTE: https://www.openwall.com/lists/oss-security/2013/05/18/8 CVE-2013-2124 (Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before ...) - libguestfs 1:1.20.8-1 (bug #710290) [wheezy] - libguestfs <not-affected> (Vulnerable code not present) @@ -14156,7 +14156,7 @@ CVE-2013-2070 (http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 [squeeze] - nginx <not-affected> (Vulnerable code not present) CVE-2013-2069 (Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18. ...) NOT-FOR-US: Red Hat livecd-tools - NOTE: http://www.openwall.com/lists/oss-security/2013/05/23/2 + NOTE: https://www.openwall.com/lists/oss-security/2013/05/23/2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=964299 CVE-2013-2068 (Multiple directory traversal vulnerabilities in the AgentController in ...) NOT-FOR-US: RedHat CloudForms Management Engine @@ -14197,7 +14197,7 @@ CVE-2013-2058 (The host_start function in drivers/usb/chipidea/host.c in the Lin - linux-2.6 <not-affected> (Vulnerable code not present) - linux 3.8-1 [wheezy] - linux <not-affected> (Vulnerable code not present) - NOTE: http://www.openwall.com/lists/oss-security/2013/05/03/2 + NOTE: https://www.openwall.com/lists/oss-security/2013/05/03/2 CVE-2013-2057 (YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Includ ...) NOT-FOR-US: YaBB CVE-2013-2056 (The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Sate ...) @@ -14274,7 +14274,7 @@ CVE-2013-2030 (keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizz NOTE: http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html CVE-2013-2029 (nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others ...) - nagios3 <not-affected> (Affected file nagios.upgrade_to_v3.sh not in Debian) - NOTE: http://www.openwall.com/lists/oss-security/2013/04/30/8 + NOTE: https://www.openwall.com/lists/oss-security/2013/04/30/8 CVE-2013-2028 (The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx ...) - nginx <not-affected> (Vulnerable code not present) CVE-2013-2027 (Jython 2.2.1 uses the current umask to set the privileges of the class ...) @@ -14300,12 +14300,12 @@ CVE-2013-2024 (OS command injection vulnerability in the "qs" procedure from the CVE-2013-2023 (Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in ...) - jquery-jplayer 2.1.0-2 NOTE: used for jPlayer 2.2.23 XSS - NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3 + NOTE: https://www.openwall.com/lists/oss-security/2013/05/05/3 CVE-2013-2022 (Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jp ...) - jquery-jplayer 2.1.0-2 NOTE: https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373 NOTE: used for jPlayer 2.2.20 XSS - NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3 + NOTE: https://www.openwall.com/lists/oss-security/2013/05/05/3 CVE-2013-2021 (pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause ...) - clamav 0.97.8+dfsg-1 [squeeze] - clamav 0.97.8+dfsg-1~squeeze1 @@ -14458,7 +14458,7 @@ CVE-2013-1978 (Heap-based buffer overflow in the read_xwd_cols function in file- - gimp 2.8.10-0.1 (bug #731305) CVE-2013-1977 (OpenStack devstack uses world-readable permissions for keystone.conf, ...) - keystone <not-affected> (permissions to /etc/keystone/keystone.conf restricted in postinst) - NOTE: http://www.openwall.com/lists/oss-security/2013/04/19/2 + NOTE: https://www.openwall.com/lists/oss-security/2013/04/19/2 CVE-2013-1976 (The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in ...) - tomcat6 <not-affected> (RedHat-specific issue) - tomcat7 <not-affected> (RedHat-specific issue) @@ -14549,7 +14549,7 @@ CVE-2013-1950 (The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows - libtirpc <not-affected> (regression code not present) NOTE: Regression introduced with 82cc2e6129c872c8be09381055f2fb5641c5e6fe NOTE: Regression fixed with a9f437119d79a438cb12e510f3cadd4060102c9f - NOTE: http://www.openwall.com/lists/oss-security/2013/04/22/9 + NOTE: https://www.openwall.com/lists/oss-security/2013/04/22/9 CVE-2013-1949 (Social Media Widget (social-media-widget) plugin 4.0 for WordPress con ...) NOT-FOR-US: Wordpress Social Media Widget CVE-2013-1948 (converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent ...) @@ -14602,13 +14602,13 @@ CVE-2013-1933 (The extract_from_ocr function in lib/docsplit/text_extractor.rb i NOT-FOR-US: Karteek Docsplit Ruby Gem CVE-2013-1932 (A cross-site scripting (XSS) vulnerability in the configuration report ...) - mantis <not-affected> (affects Mantis 1.2.13 only) - NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8 + NOTE: https://www.openwall.com/lists/oss-security/2013/04/04/8 CVE-2013-1931 (A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows r ...) - mantis <not-affected> (affects Mantis 1.2.14 only) - NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8 + NOTE: https://www.openwall.com/lists/oss-security/2013/04/04/8 CVE-2013-1930 (MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the wor ...) - mantis <not-affected> (affects only Mantis 1.2.12 and later) - NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8 + NOTE: https://www.openwall.com/lists/oss-security/2013/04/04/8 CVE-2013-1929 (Heap-based buffer overflow in the tg3_read_vpd function in drivers/net ...) {DSA-2669-1 DSA-2668-1} - linux 3.8.11-1 @@ -14731,7 +14731,7 @@ CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly val - mongodb 1:2.4.1-1 (bug #704042) [wheezy] - mongodb 1:2.0.6-1.1 [squeeze] - mongodb <no-dsa> (Minor isue, Spidermonkey in Lenny is EOLed) - NOTE: http://www.openwall.com/lists/oss-security/2013/03/25/7 + NOTE: https://www.openwall.com/lists/oss-security/2013/03/25/7 CVE-2013-1891 RESERVED CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...) @@ -14760,7 +14760,7 @@ CVE-2013-1884 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 th NOTE: http://subversion.apache.org/security/CVE-2013-1884-advisory.txt CVE-2013-1883 (Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote a ...) - mantis <not-affected> (only affects 1.2.12 to 1.2.14) - NOTE: http://www.openwall.com/lists/oss-security/2013/03/21/3 + NOTE: https://www.openwall.com/lists/oss-security/2013/03/21/3 CVE-2013-1882 RESERVED CVE-2013-1881 (GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary f ...) @@ -14785,7 +14785,7 @@ CVE-2013-1874 (Untrusted search path vulnerability in csi in Chicken before 4.8. - chicken 4.8.0.3-1 (low; bug #702410) [squeeze] - chicken <no-dsa> (Minor issue) [wheezy] - chicken <no-dsa> (Minor issue) - NOTE: http://www.openwall.com/lists/oss-security/2013/03/19/11 + NOTE: https://www.openwall.com/lists/oss-security/2013/03/19/11 CVE-2013-1873 [linux kernel kernel stack memory disclosure] REJECTED CVE-2013-1872 (The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent atta ...) @@ -14812,7 +14812,7 @@ CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revo - keystone <not-affected> (only affects folsom) NOTE: fixed in experimental with keystone/2012.2.3-2 CVE-2013-1864 (The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga ...) - NOTE: http://www.openwall.com/lists/oss-security/2013/03/15/6 + NOTE: https://www.openwall.com/lists/oss-security/2013/03/15/6 - ekiga 4.0.1-1 (low; bug #704133) [wheezy] - ekiga <no-dsa> (Minor issue) [squeeze] - ekiga <no-dsa> (Minor issue) @@ -14875,11 +14875,11 @@ CVE-2013-1852 (SQL injection vulnerability in leaguemanager.php in the LeagueMan CVE-2013-1851 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud befo ...) - owncloud 4.0.8debian-1.6 (bug #703094) NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-010/ - NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8 + NOTE: https://www.openwall.com/lists/oss-security/2013/03/14/8 CVE-2013-1850 (Multiple incomplete blacklist vulnerabilities in (1) import.php and (2 ...) - owncloud 4.0.8debian-1.6 (bug #703094) NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-009/ - NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8 + NOTE: https://www.openwall.com/lists/oss-security/2013/03/14/8 CVE-2013-1849 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through ...) {DLA-207-1} - subversion 1.7.9-1 (bug #704940) @@ -14890,7 +14890,7 @@ CVE-2013-1848 (fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect a - linux 3.2.41-1 - linux-2.6 <removed> [squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33) - NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/8 + NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/8 CVE-2013-1847 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through ...) {DLA-207-1} - subversion 1.7.9-1 (bug #704940) @@ -14982,7 +14982,7 @@ CVE-2013-1823 (Cross-site scripting (XSS) vulnerability in the Notifications for CVE-2013-1822 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x ...) - owncloud <not-affected> (owncloud stable4 (4.0.x) is not affected) NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-008/ - NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8 + NOTE: https://www.openwall.com/lists/oss-security/2013/03/14/8 CVE-2013-1821 (lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows ...) {DSA-2809-1 DSA-2738-1} - ruby1.9.1 1.9.3.194-8.1 (bug #702525) @@ -15055,17 +15055,17 @@ CVE-2013-1798 (The ioapic_read_indirect function in virt/kvm/ioapic.c in the Lin {DSA-2668-1} - linux 3.2.41-2 - linux-2.6 <removed> - NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9 + NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/9 CVE-2013-1797 (Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel ...) - linux 3.2.41-2 - linux-2.6 <removed> [squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport, KVM server not supported in squeeze-lts) - NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9 + NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/9 CVE-2013-1796 (The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux ker ...) {DSA-2669-1 DSA-2668-1} - linux 3.2.41-2 - linux-2.6 <removed> - NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9 + NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/9 CVE-2013-1795 (Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote att ...) {DSA-2638-1} - openafs 1.6.1-3 @@ -15132,7 +15132,7 @@ CVE-2013-1772 (The log_prefix function in kernel/printk.c in the Linux kernel 3. CVE-2013-1771 (The web server Monkeyd produces a world-readable log (/var/log/monkeyd ...) - monkey <removed> (low) [squeeze] - monkey <no-dsa> (Minor issue) - NOTE: http://www.openwall.com/lists/oss-security/2013/02/24/5 + NOTE: https://www.openwall.com/lists/oss-security/2013/02/24/5 CVE-2013-1770 (Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia ...) - ganglia 3.6.0-1 (low; bug #700158) [squeeze] - ganglia <no-dsa> (Minor issue) @@ -18264,7 +18264,7 @@ CVE-2013-0723 (Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spr CVE-2013-0722 (Stack-based buffer overflow in the scan_load_hosts function in ec_scan ...) - ettercap 1:0.7.5.1-2 (low; bug #697987) [squeeze] - ettercap 1:0.7.3-2.1+squeeze1 - NOTE: http://www.openwall.com/lists/oss-security/2013/01/10/2 + NOTE: https://www.openwall.com/lists/oss-security/2013/01/10/2 NOTE: http://www.exploit-db.com/exploits/23945/ NOTE: https://secunia.com/advisories/51731/ NOTE: Proposed patch http://www.securation.com/files/2013/01/ec.patch @@ -18905,7 +18905,7 @@ CVE-2013-0423 (Unspecified vulnerability in the Java Runtime Environment (JRE) c CVE-2013-0422 (Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remot ...) - openjdk-6 <not-affected> (Only affects Java 7) - openjdk-7 7u3-2.1.4-1 - NOTE: Exploitable on Linux http://www.openwall.com/lists/oss-security/2013/01/11/1 + NOTE: Exploitable on Linux https://www.openwall.com/lists/oss-security/2013/01/11/1 CVE-2013-0421 REJECTED CVE-2013-0420 (Unspecified vulnerability in the VirtualBox component in Oracle Virtua ...) @@ -19258,7 +19258,7 @@ CVE-2013-0288 (nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows contex - nss-pam-ldapd 0.8.10-3 (bug #690319) CVE-2013-0287 (The Simple Access Provider in System Security Services Daemon (SSSD) 1 ...) - sssd <not-affected> (Introduced in 1.9.0) - NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12 + NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/12 CVE-2013-0286 (Pinboard 1.0.6 theme for Wordpress has XSS. ...) NOT-FOR-US: Wordpress theme CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before ...) @@ -19387,7 +19387,7 @@ CVE-2013-0251 (Stack-based buffer overflow in llogincircuit.cc in latd 1.25 thro CVE-2013-0250 (The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 befor ...) - corosync <not-affected> (Introduced in v1.99.8-2-ge925f42; bug #699615) NOTE: https://github.com/corosync/corosync/commit/4378915a33ab7fbbb5874f79dd7cd71b014ef44e#L0R407 - NOTE: http://www.openwall.com/lists/oss-security/2013/02/01/1 + NOTE: https://www.openwall.com/lists/oss-security/2013/02/01/1 CVE-2013-0249 (Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message ...) - curl 7.29.0-1 (bug #700002) [squeeze] - curl <not-affected> (Only affects 7.26.0 to 7.28.1) @@ -19433,15 +19433,15 @@ CVE-2013-0238 (The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid be CVE-2013-0237 (Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode p ...) - wordpress 3.5.1+dfsg-1 (bug #698929) NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/ - NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7 + NOTE: https://www.openwall.com/lists/oss-security/2013/01/25/7 CVE-2013-0236 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...) - wordpress 3.5.1+dfsg-1 (bug #698927) NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/ - NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7 + NOTE: https://www.openwall.com/lists/oss-security/2013/01/25/7 CVE-2013-0235 (The XMLRPC API in WordPress before 3.5.1 allows remote attackers to se ...) - wordpress 3.5.1+dfsg-1 (bug #698916) NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/ - NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7 + NOTE: https://www.openwall.com/lists/oss-security/2013/01/25/7 CVE-2013-0234 (Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg ...) - elgg <itp> (bug #526197) CVE-2013-0233 (Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, ...) @@ -19475,13 +19475,13 @@ CVE-2013-0224 (The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using th NOT-FOR-US: Drupal addon CVE-2013-0223 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-depende ...) - coreutils <not-affected> (Affected patch not added to Debian package) - NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14 + NOTE: https://www.openwall.com/lists/oss-security/2013/01/21/14 CVE-2013-0222 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-depende ...) - coreutils <not-affected> (Affected patch not added to Debian package) - NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14 + NOTE: https://www.openwall.com/lists/oss-security/2013/01/21/14 CVE-2013-0221 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-depende ...) - coreutils <not-affected> (Affected patch not added to Debian package) - NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14 + NOTE: https://www.openwall.com/lists/oss-security/2013/01/21/14 CVE-2013-0220 (The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomnt ...) - sssd 1.8.4-2 (low; bug #698871) [squeeze] - sssd <not-affected> (autofs and ssh responders not yet present) @@ -19550,7 +19550,7 @@ CVE-2013-0198 (Dnsmasq before 2.66test2, when used with certain libvirt configur - dnsmasq 2.66-1 (low) [wheezy] - dnsmasq <no-dsa> (Minor issue) [squeeze] - dnsmasq <no-dsa> (Minor issue) - NOTE: http://www.openwall.com/lists/oss-security/2013/01/18/2 + NOTE: https://www.openwall.com/lists/oss-security/2013/01/18/2 CVE-2013-0197 (Cross-site scripting (XSS) vulnerability in the filter_draw_selection_ ...) - mantis <not-affected> (This only affects the 1.2.12 version, which isn't present in Debian, bug #698481) NOTE: http://www.mantisbt.org/bugs/view.php?id=15373 @@ -19683,7 +19683,7 @@ CVE-2013-0163 (OpenShift haproxy cartridge: predictable /tmp in set-proxy connec NOT-FOR-US: OpenShift haproxy cartridge CVE-2013-0162 (The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser ...) - ruby-parser 2.3.1-2 (bug #701637) - NOTE: http://www.openwall.com/lists/oss-security/2013/02/22/5 + NOTE: https://www.openwall.com/lists/oss-security/2013/02/22/5 CVE-2013-0161 (Havalite CMS 1.1.7 has a stored XSS vulnerability ...) NOT-FOR-US: Havalite CMS CVE-2013-0160 (The Linux kernel through 3.7.9 allows local users to obtain sensitive ...) @@ -19707,7 +19707,7 @@ CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails befo - ruby-activesupport-3.2 3.2.6-5 (bug #697790) NOTE: Starting with 2.3.14.1 rails is a transition package NOTE: http://www.insinuator.net/2013/01/rails-yaml/ - NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/14 + NOTE: https://www.openwall.com/lists/oss-security/2013/01/08/14 NOTE: experimental has 3.2.8-1 and should be affected too CVE-2013-0155 (Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x befo ...) {DSA-2609-1} @@ -19716,7 +19716,7 @@ CVE-2013-0155 (Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x - ruby-actionpack-3.2 3.2.6-5 (bug #697802) - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package - NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/13 + NOTE: https://www.openwall.com/lists/oss-security/2013/01/08/13 CVE-2013-0154 (The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debug ...) - xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental) CVE-2013-0153 (The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, wh ...) |