Add new CVE identifiers

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@24731 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Salvatore Bonaccorso <carnil@debian.org> 2013-12-13 07:28:16 +0000
committer: Salvatore Bonaccorso <carnil@debian.org> 2013-12-13 07:28:16 +0000
commit: c5cfef1711cb70b29b33a355cbb47e906dac697e (patch)
tree: 1da207002907e13bea596fbcfd6a3cd75b8d4e8d /data
parent: 414c62bea01afd49c5e51a489b54902d3850341a (diff)
4 files changed, 207 insertions, 155 deletions
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index 0e6ef37374..9cbe625e4a 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -1,6 +1,7 @@
 CVE-2004-XXXX [base-passwd: sets valid shells for system services]
 	- bass-passwd <unfixed> (low; bug #274229)
 CVE-2004-2776
+	RESERVED
 	NOT-FOR-US: Montitorix
 CVE-2004-2775
 	RESERVED
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 5fbc7d1b25..db8386355c 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -644,8 +644,7 @@ CVE-2011-4973 [mod_nss FakeBasicAuth authentication bypass]
 CVE-2011-4972 [CKEditor module for Drupal access bypass]
 	RESERVED
 	NOT-FOR-US: Drupal module
-CVE-2011-4971 [memcached: remote DoS]
-	RESERVED
+CVE-2011-4971 (Multiple integer signedness errors in the (1) process_bin_sasl_auth, ...)
 	- memcached <unfixed> (bug #706426)
 CVE-2011-4970 [Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM)]
 	RESERVED
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index e40c899d13..f401371f56 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -8792,8 +8792,8 @@ CVE-2012-3049
 	RESERVED
 CVE-2012-3048
 	RESERVED
-CVE-2012-3047
-	RESERVED
+CVE-2012-3047 (Cross-site scripting (XSS) vulnerability in the web-wizard setup page ...)
+	TODO: check
 CVE-2012-3046
 	RESERVED
 CVE-2012-3045
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 9675a36a59..0b97833ca5 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1,3 +1,71 @@
+CVE-2013-7083
+	RESERVED
+CVE-2013-7068
+	RESERVED
+CVE-2013-7067
+	RESERVED
+CVE-2013-7066
+	RESERVED
+CVE-2013-7065
+	RESERVED
+CVE-2013-7064
+	RESERVED
+CVE-2013-7063
+	RESERVED
+CVE-2013-7059
+	RESERVED
+CVE-2013-7058
+	RESERVED
+CVE-2013-7057
+	RESERVED
+CVE-2013-7056
+	RESERVED
+CVE-2013-7055
+	RESERVED
+CVE-2013-7054
+	RESERVED
+CVE-2013-7053
+	RESERVED
+CVE-2013-7052
+	RESERVED
+CVE-2013-7051
+	RESERVED
+CVE-2013-7047
+	RESERVED
+CVE-2013-7046
+	RESERVED
+CVE-2013-7045
+	RESERVED
+CVE-2013-7044
+	RESERVED
+CVE-2013-7043 (Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco ...)
+	TODO: check
+CVE-2013-7042 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses ...)
+	TODO: check
+CVE-2013-7037
+	RESERVED
+CVE-2013-7036
+	RESERVED
+CVE-2013-7035
+	RESERVED
+CVE-2013-7034
+	RESERVED
+CVE-2013-7033
+	RESERVED
+CVE-2013-7032
+	RESERVED
+CVE-2013-7031
+	RESERVED
+CVE-2013-7030 (** DISPUTED ** The TFTP service in Cisco Unified Communications ...)
+	TODO: check
+CVE-2013-7029
+	RESERVED
+CVE-2013-7028
+	RESERVED
+CVE-2013-7027 (The ieee80211_radiotap_iterator_init function in ...)
+	TODO: check
+CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before ...)
+	TODO: check
 CVE-2013-7089 [dbg_printhex possible information leak]
 	- clamav 0.97.7+dfsg-1
 	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6804
@@ -16,51 +84,71 @@ CVE-2013-7085 [uscan: broken handling of filenames with whitespace]
 	[wheezy] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
 	[squeeze] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
 CVE-2013-7082
+	RESERVED
 	- typo3-src <unfixed> (bug #731999)
 CVE-2013-7081
+	RESERVED
 	- typo3-src <unfixed> (bug #731999)
 CVE-2013-7080
+	RESERVED
 	- typo3-src <unfixed> (bug #731999)
 CVE-2013-7079
+	RESERVED
 	- typo3-src <unfixed> (bug #731999)
 CVE-2013-7078
+	RESERVED
 	- typo3-src <unfixed> (bug #731999)
 CVE-2013-7077
+	RESERVED
 	- typo3-src <unfixed> (bug #731999)
 CVE-2013-7076
+	RESERVED
 	- typo3-src <unfixed> (bug #731999)
 CVE-2013-7075
+	RESERVED
 	- typo3-src <unfixed> (bug #731999)
 CVE-2013-7074
+	RESERVED
 	- typo3-src <unfixed> (bug #731999)
 CVE-2013-7073
+	RESERVED
 	- typo3-src <unfixed> (bug #731999)
 CVE-2013-7072
+	RESERVED
 	NOT-FOR-US: Monitorix
 CVE-2013-7071
+	RESERVED
 	NOT-FOR-US: Monitorix
 CVE-2013-7070
+	RESERVED
 	NOT-FOR-US: Monitorix
 CVE-2013-7062 [XSS]
+	RESERVED
 	TODO: check plone/zope
 CVE-2013-7061 [Privilege escalation through exposed underlying API]
+	RESERVED
 	TODO: check plone/zope
 CVE-2013-7060 [Filesystem path information leak]
+	RESERVED
 	TODO: check plone/zope
 CVE-2013-7049 [ZNC IRC Bouncer DoS in FiSH Plugin]
+	RESERVED
 	NOTE: vulnerable code not found in Debian
 	NOTE: http://www.openwall.com/lists/oss-security/2013/12/11/14
 	NOT-FOR-US: FiSH Plugin for ZNC IRC Bouncer
 CVE-2013-7048 [Nova live snapshots use an insecure local directory]
+	RESERVED
 	- nova <unfixed> (bug #732022)
 	[wheezy] - nova <not-affected> (Support for live snapshots added later)
 	NOTE: https://bugs.launchpad.net/nova/+bug/1227027
 CVE-2013-7050 [uscan: arbitrary code execution]
+	RESERVED
 	- devscripts 2.13.8 (bug #731849)
 	[wheezy] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
 	[squeeze] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
 	NOTE: http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=91f05b5
 CVE-2013-7069 [remote code execution via per-project .ackrc files]
+	RESERVED
 	- ack-grep 2.12-1 (bug #731848)
 	[wheezy] - ack-grep <not-affected> (don't support per-project .ackrc files)
 	[squeeze] - ack-grep <not-affected> (don't support per-project .ackrc files)
@@ -79,8 +167,10 @@ CVE-2013-7003
 	RESERVED
 	NOT-FOR-US: LiveZilla
 CVE-2013-7041 [password hashes aren't compared case-sensitively]
+	RESERVED
 	- pam <unfixed> (bug #731368)
 CVE-2013-7040
+	RESERVED
 	- python2.5 <removed>
 	- python2.6 <removed>
 	- python2.7 <unfixed>
@@ -89,11 +179,13 @@ CVE-2013-7040
 	- python3.3 <unfixed>
 	TODO: check
 CVE-2013-7039 [stack overflow in MHD_digest_auth_check()]
+	RESERVED
 	- libmicrohttpd 0.9.32-1 (low; bug #731933)
 	[squeeze] - libmicrohttpd <no-dsa> (Minor issue, only expoitable in corner cases)
 	[wheezy] - libmicrohttpd <no-dsa> (Minor issue, only expoitable in corner cases)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039390
 CVE-2013-7038 [out-of-bounds read in MHD_http_unescape()]
+	RESERVED
 	- libmicrohttpd 0.9.32-1 (low; bug #731933)
 	[squeeze] - libmicrohttpd <no-dsa> (Minor issue)
 	[wheezy] - libmicrohttpd <no-dsa> (Minor issue)
@@ -224,8 +316,7 @@ CVE-2013-6988
 	RESERVED
 CVE-2013-6987
 	RESERVED
-CVE-2013-6986
-	RESERVED
+CVE-2013-6986 (The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in ...)
 	NOT-FOR-US: ZippyYum
 CVE-2013-6984
 	RESERVED
@@ -355,8 +446,7 @@ CVE-2013-6922
 	RESERVED
 CVE-2013-6921
 	RESERVED
-CVE-2013-6985
-	RESERVED
+CVE-2013-6985 (SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth ...)
 	NOT-FOR-US: Enorth Webpublisher CMS
 CVE-2013-6920 (Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not ...)
 	NOT-FOR-US: Siemens
@@ -500,8 +590,8 @@ CVE-2013-6842
 	RESERVED
 CVE-2013-6841
 	RESERVED
-CVE-2013-6840
-	RESERVED
+CVE-2013-6840 (Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 ...)
+	TODO: check
 CVE-2013-6839
 	RESERVED
 	NOT-FOR-US: InstantCMS
@@ -571,8 +661,7 @@ CVE-2013-6812
 	RESERVED
 CVE-2013-6811
 	RESERVED
-CVE-2013-6810
-	RESERVED
+CVE-2013-6810 (The server in EMC Connectrix Manager Converged Network Edition (CMCNE) ...)
 	NOT-FOR-US: EMC Connectrix Manager Converged Network Edition
 CVE-2013-6809
 	RESERVED
@@ -806,8 +895,8 @@ CVE-2013-6710
 	RESERVED
 CVE-2013-6709
 	RESERVED
-CVE-2013-6708
-	RESERVED
+CVE-2013-6708 (Cisco Cloud Portal 9.4 allows remote attackers to read files of ...)
+	TODO: check
 CVE-2013-6707 (Memory leak in the connection-manager implementation in Cisco Adaptive ...)
 	NOT-FOR-US: Cisco
 CVE-2013-6706 (The Cisco Express Forwarding processing module in Cisco IOS XE allows ...)
@@ -876,20 +965,17 @@ CVE-2013-6675
 	RESERVED
 CVE-2013-6674
 	RESERVED
-CVE-2013-6673
-	RESERVED
+CVE-2013-6673 (Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
 	[squeeze] - iceape <end-of-life>
-CVE-2013-6672
-	RESERVED
+CVE-2013-6672 (Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow ...)
 	- iceweasel <not-affected> (Only affects Firefox 25)
 	- iceape <not-affected> (Only affects Firefox 25)
-CVE-2013-6671
-	RESERVED
+CVE-2013-6671 (The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
@@ -1443,15 +1529,13 @@ CVE-2013-6434
 	RESERVED
 CVE-2013-6433
 	RESERVED
-CVE-2013-6432 [ping: NULL pointer dereference on write to msg_name]
-	RESERVED
+CVE-2013-6432 (The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel ...)
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.11)
 	- linux-2.6 <not-affected> (Vulnerable code introduced in 3.11)
 	NOTE: Introduced by https://git.kernel.org/linus/6d0bfe22611602f36617bc7aa2ffa1bbb2f54c67
 	NOTE: fixed by https://git.kernel.org/linus/cf970c002d270c36202bd5b9c2804d3097a52da0
-CVE-2013-6431 [net: fib: fib6_add: potential NULL pointer dereference]
-	RESERVED
+CVE-2013-6431 (The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before ...)
 	- linux-2.6 <removed> (low)
 	- linux <unfixed> (low)
 	NOTE: fixed by https://git.kernel.org/linus/ae7b4e1f213aa659aedf9c6ecad0bf5f0476e1e2
@@ -1463,8 +1547,7 @@ CVE-2013-6428 [Heat ReST API doesn't respect tenant scoping]
 	RESERVED
 	- heat <unfixed> (bug #732033)
 	NOTE: https://launchpad.net/bugs/1256983
-CVE-2013-6427 [insecure auto update feature]
-	RESERVED
+CVE-2013-6427 (upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing ...)
 	- hplip <unfixed> (bug #731480)
 	[squeeze] - hplip <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=853405
@@ -1483,8 +1566,7 @@ CVE-2013-6423
 	RESERVED
 CVE-2013-6422
 	RESERVED
-CVE-2013-6421 [Command injection]
-	RESERVED
+CVE-2013-6421 (The unpack_zip function in archive_unpacker.rb in the sprout gem ...)
 	NOT-FOR-US: Ruby Gem sprout
 CVE-2013-6420 [php: memory corruption in openssl_x509_parse()]
 	RESERVED
@@ -1713,7 +1795,7 @@ CVE-2013-6358
 CVE-2013-6357 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the ...)
 	NOT-FOR-US: Disputed non-issue in Tomcat
 CVE-2013-6356
-	RESERVED
+	REJECTED
 CVE-2013-6355
 	RESERVED
 CVE-2013-6354
@@ -1986,8 +2068,7 @@ CVE-2013-6239
 	RESERVED
 CVE-2013-6238
 	RESERVED
-CVE-2013-6237 [Clipboard security issue]
-	RESERVED
+CVE-2013-6237 (The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 ...)
 	NOT-FOR-US: ISL Light
 CVE-2013-6236
 	RESERVED
@@ -2015,8 +2096,7 @@ CVE-2013-6226 (Directory traversal vulnerability in ...)
 	NOT-FOR-US: Pydio (AjaXplorer) Zoho Editor plugin
 CVE-2013-6225
 	RESERVED
-CVE-2013-6224
-	RESERVED
+CVE-2013-6224 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla ...)
 	NOT-FOR-US: Livezilla
 CVE-2013-6223
 	RESERVED
@@ -2105,8 +2185,7 @@ CVE-2013-6182
 	RESERVED
 CVE-2013-6181
 	RESERVED
-CVE-2013-6180
-	RESERVED
+CVE-2013-6180 (EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness ...)
 	NOT-FOR-US: RSA Security Analytics
 CVE-2013-6179
 	RESERVED
@@ -2374,15 +2453,13 @@ CVE-2013-6056
 	RESERVED
 CVE-2013-6055
 	RESERVED
-CVE-2013-6054
-	RESERVED
+CVE-2013-6054 (Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and ...)
 	{DSA-2808-1}
 	- openjpeg <unfixed> (bug #731237)
 CVE-2013-6053
 	RESERVED
 	- openjpeg <not-affected> (only affects 1.5, in experimental)
-CVE-2013-6052
-	RESERVED
+CVE-2013-6052 (OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive ...)
 	{DSA-2808-1}
 	- openjpeg <unfixed> (bug #731237)
 CVE-2013-6051 [bgpd crash on valid BGP updates]
@@ -2409,8 +2486,7 @@ CVE-2013-6047 [XSS in site creation interface]
 	[wheezy] - ikiwiki-hosting <no-dsa> (Minor XSS)
 CVE-2013-6046
 	RESERVED
-CVE-2013-6045
-	RESERVED
+CVE-2013-6045 (Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might ...)
 	{DSA-2808-1}
 	- openjpeg <unfixed> (bug #731237)
 CVE-2013-6044 (The is_safe_url function in utils/http.py in Django 1.4.x before ...)
@@ -2424,8 +2500,7 @@ CVE-2013-6041
 	RESERVED
 CVE-2013-6040
 	RESERVED
-CVE-2013-6039
-	RESERVED
+CVE-2013-6039 (Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 ...)
 	NOT-FOR-US: NagiosQL
 CVE-2013-6038
 	RESERVED
@@ -3052,8 +3127,8 @@ CVE-2013-5765 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTool
 	NOT-FOR-US: Oracle PeopleSoft Products
 CVE-2013-5764
 	RESERVED
-CVE-2013-5763
-	RESERVED
+CVE-2013-5763 (Unspecified vulnerability in the Oracle Outside In Technology ...)
+	TODO: check
 CVE-2013-5762 (Unspecified vulnerability in the Oracle Siebel CTMS component in ...)
 	NOT-FOR-US: Oracle Siebel
 CVE-2013-5761 (Unspecified vulnerability in the Siebel Core - Server BizLogic Script ...)
@@ -3404,12 +3479,10 @@ CVE-2013-5621
 	REJECTED
 CVE-2013-5620
 	REJECTED
-CVE-2013-5619
-	RESERVED
+CVE-2013-5619 (Multiple integer overflows in the binary-search implementation in ...)
 	- iceweasel <not-affected> (Only affects Firefox 25)
 	- iceape <not-affected> (Only affects Firefox 25)
-CVE-2013-5618
-	RESERVED
+CVE-2013-5618 (Use-after-free vulnerability in the nsNodeUtils::LastRelease function ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
@@ -3418,46 +3491,38 @@ CVE-2013-5618
 	[squeeze] - iceape <end-of-life>
 CVE-2013-5617
 	RESERVED
-CVE-2013-5616
-	RESERVED
+CVE-2013-5616 (Use-after-free vulnerability in the ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
 	[squeeze] - iceape <end-of-life>
-CVE-2013-5615
-	RESERVED
+CVE-2013-5615 (The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
 	[squeeze] - iceape <end-of-life>
-CVE-2013-5614
-	RESERVED
+CVE-2013-5614 (Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly ...)
 	- iceweasel <not-affected> (Only affects Firefox 25)
-CVE-2013-5613
-	RESERVED
+CVE-2013-5613 (Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
 	[squeeze] - iceape <end-of-life>
-CVE-2013-5612
-	RESERVED
+CVE-2013-5612 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
 	- iceweasel <not-affected> (Only affects Firefox 25)
-CVE-2013-5611
-	RESERVED
+CVE-2013-5611 (Mozilla Firefox before 26.0 does not properly remove the Application ...)
 	- iceweasel <not-affected> (Only affects Firefox 25)
-CVE-2013-5610
-	RESERVED
+CVE-2013-5610 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel <not-affected> (Only affects Firefox 25)
 	- iceape <not-affected> (Only affects Firefox 25)
 	- icedove <not-affected> (Only affects Firefox 25)
-CVE-2013-5609
-	RESERVED
+CVE-2013-5609 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
@@ -3875,8 +3940,8 @@ CVE-2013-5449 (Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM
 	NOT-FOR-US: IBM
 CVE-2013-5448 (Cross-site scripting (XSS) vulnerability in the Right Click Plugin ...)
 	NOT-FOR-US: IBM Security QRadar SIEM
-CVE-2013-5447
-	RESERVED
+CVE-2013-5447 (Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and ...)
+	TODO: check
 CVE-2013-5446 (The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 ...)
 	NOT-FOR-US: IBM WebSphere DataPower XC10 appliances
 CVE-2013-5445
@@ -3961,8 +4026,8 @@ CVE-2013-5406
 	RESERVED
 CVE-2013-5405
 	RESERVED
-CVE-2013-5404
-	RESERVED
+CVE-2013-5404 (Cross-site scripting (XSS) vulnerability in the search implementation ...)
+	TODO: check
 CVE-2013-5403 (Unspecified vulnerability on the IBM WebSphere DataPower XC10 ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2013-5402
@@ -4059,10 +4124,10 @@ CVE-2013-5357
 	RESERVED
 CVE-2013-5356
 	RESERVED
-CVE-2013-5355
-	RESERVED
-CVE-2013-5354
-	RESERVED
+CVE-2013-5355 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2013-5354 (Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow ...)
+	TODO: check
 CVE-2013-5353
 	RESERVED
 CVE-2013-5352
@@ -4101,15 +4166,13 @@ CVE-2013-5336
 	RESERVED
 CVE-2013-5335
 	RESERVED
-CVE-2013-5334
-	RESERVED
-CVE-2013-5333
-	RESERVED
-CVE-2013-5332
-	RESERVED
+CVE-2013-5334 (Adobe Shockwave Player before 12.0.7.148 allows attackers to execute ...)
+	TODO: check
+CVE-2013-5333 (Adobe Shockwave Player before 12.0.7.148 allows attackers to execute ...)
+	TODO: check
+CVE-2013-5332 (Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2013-5331
-	RESERVED
+CVE-2013-5331 (Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2013-5330 (Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before ...)
 	NOT-FOR-US: Adobe Flash
@@ -4641,8 +4704,8 @@ CVE-2013-5074
 	RESERVED
 CVE-2013-5073
 	RESERVED
-CVE-2013-5072
-	RESERVED
+CVE-2013-5072 (Cross-site scripting (XSS) vulnerability in Outlook Web Access in ...)
+	TODO: check
 CVE-2013-5071
 	RESERVED
 CVE-2013-5070
@@ -4667,43 +4730,42 @@ CVE-2013-5061
 	RESERVED
 CVE-2013-5060
 	RESERVED
-CVE-2013-5059
-	RESERVED
-CVE-2013-5058
-	RESERVED
+CVE-2013-5059 (Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web ...)
+	TODO: check
+CVE-2013-5058 (Integer overflow in the kernel-mode drivers in Microsoft Windows XP ...)
 	NOT-FOR-US: Microsoft Windows Kernel
-CVE-2013-5057
-	RESERVED
-CVE-2013-5056
-	RESERVED
+CVE-2013-5057 (hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not ...)
+	TODO: check
+CVE-2013-5056 (Use-after-free vulnerability in the Scripting Runtime Object Library ...)
+	TODO: check
 CVE-2013-5055
 	RESERVED
-CVE-2013-5054
-	RESERVED
+CVE-2013-5054 (Microsoft Office 2013 and 2013 RT allows remote attackers to discover ...)
+	TODO: check
 CVE-2013-5053
 	RESERVED
-CVE-2013-5052
-	RESERVED
-CVE-2013-5051
-	RESERVED
+CVE-2013-5052 (Microsoft Internet Explorer 7 allows remote attackers to execute ...)
+	TODO: check
+CVE-2013-5051 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+	TODO: check
 CVE-2013-5050
 	RESERVED
-CVE-2013-5049
-	RESERVED
-CVE-2013-5048
-	RESERVED
-CVE-2013-5047
-	RESERVED
-CVE-2013-5046
-	RESERVED
-CVE-2013-5045
-	RESERVED
+CVE-2013-5049 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
+	TODO: check
+CVE-2013-5048 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+	TODO: check
+CVE-2013-5047 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+	TODO: check
+CVE-2013-5046 (Microsoft Internet Explorer 7 through 11 allows local users to bypass ...)
+	TODO: check
+CVE-2013-5045 (Microsoft Internet Explorer 10 and 11 allows local users to bypass the ...)
+	TODO: check
 CVE-2013-5044
 	RESERVED
 CVE-2013-5043
 	RESERVED
-CVE-2013-5042
-	RESERVED
+CVE-2013-5042 (Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR ...)
+	TODO: check
 CVE-2013-5041
 	RESERVED
 CVE-2013-5040
@@ -5787,8 +5849,7 @@ CVE-2013-4567
 	RESERVED
 	- mediawiki <unfixed> (bug #729629)
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
-CVE-2013-4566 [incorrect handling of NSSVerifyClient in directory context]
-	RESERVED
+CVE-2013-4566 (mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the ...)
 	- libapache2-mod-nss <unfixed> (low; bug #731627)
 	[wheezy] - libapache2-mod-nss <no-dsa> (Minor issue)
 CVE-2013-4565 [heap-based buffer overflow]
@@ -6148,8 +6209,7 @@ CVE-2013-4460 [XSS in account_sponsor_page.php project names]
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=16513
 CVE-2013-4459 (LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the ...)
 	- lightdm <not-affected> (Only in combination with guest profile, apparmor and 1.8.x branch)
-CVE-2013-4458 [Stack (frame) overflow in getaddrinfo() when called with AF_INET6]
-	RESERVED
+CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in ...)
 	- eglibc <unfixed> (low; bug #727181)
 	[wheezy] - eglibc <no-dsa> (Minor issue)
 	[squeeze] - eglibc <no-dsa> (Minor issue)
@@ -6309,8 +6369,7 @@ CVE-2013-4409 [unsanitized eval() vulnerability]
 	- python-django-djblets <removed> (low)
 	[squeeze] - python-django-djblets <no-dsa> (Minor issue)
 	NOTE: Fix: https://github.com/djblets/djblets/commit/36cd15763742652ca990f913b44e91c69c707269
-CVE-2013-4408
-	RESERVED
+CVE-2013-4408 (Buffer overflow in the dcerpc_read_ncacn_packet_done function in ...)
 	{DSA-2812-1}
 	- samba 2:4.0.13+dfsg-1
 	- samba4 <removed>
@@ -6775,8 +6834,7 @@ CVE-2013-4272 (The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x
 	NOT-FOR-US: Drupal addon
 CVE-2013-4271 (The default configuration of the ObjectRepresentation class in Restlet ...)
 	- restlet <itp> (bug #596472)
-CVE-2013-4270 [net: permissions flaw in /proc/sys/net]
-	RESERVED
+CVE-2013-4270 (The net_ctl_permissions function in net/sysctl_net.c in the Linux ...)
 	- linux-2.6 <not-affected> (Introduced in 3.8)
 	- linux 3.11.5-1
 	[wheezy] - linux <not-affected> (Introduced in 3.8)
@@ -6801,7 +6859,7 @@ CVE-2013-4264 (The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg b
 	- ffmpeg <not-affected> (g2meet codec not present in 0.5 ffmpeg)
 	- libav <not-affected> (g2meet codec not present in libav)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2960576378d17d71cc8dccc926352ce568b5eec1
-CVE-2013-4263 (libavfilter in FFmpeg before 2.0.1 allows has unspecified impact and ...)
+CVE-2013-4263 (libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote ...)
 	- ffmpeg <not-affected> (Affected video filters not present in ffmpeg 0.5)
 	- libav <unfixed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e43a0a232dbf6d3c161823c2e07c52e76227a1bc
@@ -7753,8 +7811,8 @@ CVE-2013-3931
 	RESERVED
 CVE-2013-3930
 	RESERVED
-CVE-2013-3929
-	RESERVED
+CVE-2013-3929 (Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS ...)
+	TODO: check
 CVE-2013-3928
 	RESERVED
 CVE-2013-3927 (Unspecified vulnerability in the client library in Siemens COMOS 9.2 ...)
@@ -7795,24 +7853,24 @@ CVE-2013-3909 (Microsoft Internet Explorer 6 through 8 allows remote attackers t
 	NOT-FOR-US: Microsoft
 CVE-2013-3908 (Microsoft Internet Explorer 6 through 10 allows user-assisted remote ...)
 	NOT-FOR-US: Microsoft
-CVE-2013-3907
-	RESERVED
+CVE-2013-3907 (portcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...)
+	TODO: check
 CVE-2013-3906 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 ...)
 	NOT-FOR-US: Microsoft
 CVE-2013-3905 (Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does ...)
 	NOT-FOR-US: Microsoft
 CVE-2013-3904
 	RESERVED
-CVE-2013-3903
-	RESERVED
-CVE-2013-3902
-	RESERVED
+CVE-2013-3903 (Array index error in win32k.sys in the kernel-mode drivers in ...)
+	TODO: check
+CVE-2013-3902 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
+	TODO: check
 CVE-2013-3901
 	RESERVED
-CVE-2013-3900
-	RESERVED
-CVE-2013-3899
-	RESERVED
+CVE-2013-3900 (The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, ...)
+	TODO: check
+CVE-2013-3899 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
+	TODO: check
 CVE-2013-3898 (Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, ...)
 	NOT-FOR-US: Microsoft
 CVE-2013-3897 (Use-after-free vulnerability in the CDisplayPointer class in ...)
@@ -7853,8 +7911,8 @@ CVE-2013-3880 (The App Container feature in the kernel-mode drivers in Microsoft
 	NOT-FOR-US: Microsoft Windows
 CVE-2013-3879 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2013-3878
-	RESERVED
+CVE-2013-3878 (Stack-based buffer overflow in the LRPC client in Microsoft Windows XP ...)
+	TODO: check
 CVE-2013-3877
 	RESERVED
 CVE-2013-3876 (DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...)
@@ -8255,8 +8313,8 @@ CVE-2013-3712
 	RESERVED
 CVE-2013-3711
 	RESERVED
-CVE-2013-3710
-	RESERVED
+CVE-2013-3710 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate ...)
+	TODO: check
 CVE-2013-3709
 	RESERVED
 CVE-2013-3708 (The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 ...)
@@ -8443,10 +8501,10 @@ CVE-2013-3625 (An unspecified DLL file in Baramundi Management Suite 7.5 through
 	NOT-FOR-US: Baramundi Management Suite
 CVE-2013-3624 (The OS deployment feature in Baramundi Management Suite 7.5 through ...)
 	NOT-FOR-US: Baramundi Management Suite
-CVE-2013-3623
-	RESERVED
-CVE-2013-3622
-	RESERVED
+CVE-2013-3623 (Multiple stack-based buffer overflows in cgi/close_window.cgi in the ...)
+	TODO: check
+CVE-2013-3622 (Buffer overflow in logout.cgi in the Intelligent Platform Management ...)
+	TODO: check
 CVE-2013-3621
 	RESERVED
 CVE-2013-3620
@@ -9950,14 +10008,12 @@ CVE-2013-2931 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-2799-1}
 	- chromium-browser 31.0.1650.57-1
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-2930
-	RESERVED
+CVE-2013-2930 (The perf_trace_event_perm function in kernel/trace/trace_event_perf.c ...)
 	- linux-2.6 <not-affected> (Introduced in v3.4)
 	[wheezy] - linux <not-affected> (Introduced in v3.4)
 	- linux 3.11.8-1
 	NOTE: Introduced by ced39002f5ea
-CVE-2013-2929
-	RESERVED
+CVE-2013-2929 (The Linux kernel before 3.12.2 does not properly use the get_dumpable ...)
 	- linux-2.6 <removed>
 	- linux 3.11.10-1
 CVE-2013-2928 (Multiple unspecified vulnerabilities in Google Chrome before ...)
@@ -10502,10 +10558,10 @@ CVE-2013-2754
 	RESERVED
 CVE-2013-2753
 	RESERVED
-CVE-2013-2752
-	RESERVED
-CVE-2013-2751
-	RESERVED
+CVE-2013-2752 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2013-2751 (Eval injection vulnerability in frontview/lib/np_handler.pl in the ...)
+	TODO: check
 CVE-2013-2750
 	RESERVED
 CVE-2013-2749
@@ -11889,7 +11945,7 @@ CVE-2013-2217 (cache.py in Suds 0.4, when tempdir is set to None, allows local u
 CVE-2013-2216
 	RESERVED
 CVE-2013-2215
-	RESERVED
+	REJECTED
 	NOTE: Asked to be rejected in oss-security mailing list
 CVE-2013-2214 [REJECTED: nagios3: information leak; works as designed]
 	RESERVED
@@ -12724,8 +12780,7 @@ CVE-2013-1979 (The scm_set_cred function in include/net/scm.h in the Linux kerne
 	{DSA-2669-1}
 	- linux 3.8.11-1
 	- linux-2.6 <not-affected> (Introduced in 2.6.36)
-CVE-2013-1978 [XWD plugin color map heap-based buffer overflow]
-	RESERVED
+CVE-2013-1978 (Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c ...)
 	{DSA-2813-1}
 	- gimp <unfixed> (bug #731305)
 CVE-2013-1977 (OpenStack devstack uses world-readable permissions for keystone.conf, ...)
@@ -12948,8 +13003,7 @@ CVE-2013-1914 (Stack-based buffer overflow in the getaddrinfo function in ...)
 	- eglibc 2.17-2 (low; bug #704623) 
 	[wheezy] - eglibc <no-dsa> (Minor issue)
 	[squeeze] - eglibc <no-dsa> (Minor issue)
-CVE-2013-1913 [xwd plugin g_new() integer overflow]
-	RESERVED
+CVE-2013-1913 (Integer overflow in the load_image function in file-xwd.c in the X ...)
 	{DSA-2813-1}
 	- gimp <unfixed> (bug #731305)
 CVE-2013-1912 (Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through ...)
@@ -13297,8 +13351,7 @@ CVE-2013-1813 (util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions
 	- busybox 1:1.20.0-8 (low; bug #701965)
 	[wheezy] - busybox <no-dsa> (Minor issue)
 	[squeeze] - busybox <no-dsa> (Minor issue)
-CVE-2013-1812
-	RESERVED
+CVE-2013-1812 (The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID ...)
 	- ruby-openid 2.1.8debian-6 (bug #702217)
 	- libopenid-ruby <removed> (bug #702217)
 	[squeeze] - libopenid-ruby 2.1.8debian-1+squeeze1
@@ -14503,8 +14556,7 @@ CVE-2013-1449
 	RESERVED
 CVE-2013-1448
 	RESERVED
-CVE-2013-1447
-	RESERVED
+CVE-2013-1447 (OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of ...)
 	{DSA-2808-1}
 	- openjpeg <unfixed> (bug #731237)
 CVE-2013-1446
author	Salvatore Bonaccorso <carnil@debian.org>	2013-12-13 07:28:16 +0000
committer	Salvatore Bonaccorso <carnil@debian.org>	2013-12-13 07:28:16 +0000
commit	c5cfef1711cb70b29b33a355cbb47e906dac697e (patch)
tree	1da207002907e13bea596fbcfd6a3cd75b8d4e8d /data
parent	414c62bea01afd49c5e51a489b54902d3850341a (diff)