From 9ec1e4c263d8c3936840260dd4ec05ed8a8a9216 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 24 Aug 2020 16:17:56 +0200 Subject: Use HTTPS transport for www.openwall.com/lists/oss-security URLs --- data/CVE/2012.list | 226 ++++++++++++++++++++++++++--------------------------- 1 file changed, 113 insertions(+), 113 deletions(-) (limited to 'data/CVE/2012.list') diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 2a753a17db..373c688e5b 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -61,7 +61,7 @@ CVE-2012-6706 (A VMSF_DELTA memory corruption was discovered in unrar before 5.5 - libclamunrar 0.99-4 (bug #867223) [stretch] - libclamunrar 0.99-3+deb9u1 [jessie] - libclamunrar 0.99-0+deb8u3 - NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/9 + NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/9 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6 NOTE: https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd CVE-2012-6705 (Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Stat ...) @@ -118,12 +118,12 @@ CVE-2012-6696 (inspircd in Debian before 2.0.7 does not properly handle unsigned {DSA-3226-1 DLA-276-1} - inspircd 2.0.16-1 (bug #780880) NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89 - NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5 + NOTE: https://www.openwall.com/lists/oss-security/2015/03/29/5 CVE-2012-6697 (InspIRCd before 2.0.7 allows remote attackers to cause a denial of ser ...) {DSA-3226-1 DLA-276-1} - inspircd 2.0.16-1 (bug #780880) NOTE: https://github.com/inspircd/inspircd/commit/58c893e834ff20495d007709220881a3ff13f423 - NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5 + NOTE: https://www.openwall.com/lists/oss-security/2015/03/29/5 CVE-2012-6690 RESERVED CVE-2012-6688 @@ -134,7 +134,7 @@ CVE-2012-6689 (The netlink_sendmsg function in net/netlink/af_netlink.c in the L [wheezy] - linux 3.2.30-1 - linux-2.6 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=848949 - NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/13 + NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/13 NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef (v3.6-rc5) CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause ...) {DLA-431-1 DLA-430-1} @@ -143,7 +143,7 @@ CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to c - libfcgi-perl 0.78-2 (bug #815840) [jessie] - libfcgi-perl 0.77-1+deb8u1 [wheezy] - libfcgi-perl (Minor issue) - NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/4 + NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/4 CVE-2012-XXXX [Insufficient validation of USB device descriptors] - oss4 4.2-build2010-2 (bug #775662) [wheezy] - oss4 (Minor issue) @@ -1050,7 +1050,7 @@ CVE-2012-6303 (Heap-based buffer overflow in the GetWavHeader function in generi [squeeze] - snack 2.2.10-dfsg1-9+squeeze1 - wavesurfer (originally reported in wavesurfer, but actually a bug in libsnack, see bug #695615) NOTE: http://secunia.com/advisories/49889/ - NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/12/10/2 CVE-2012-6302 (Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soap ...) NOT-FOR-US: Soapbox CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote attackers to ca ...) @@ -1508,7 +1508,7 @@ CVE-2012-6111 (gnome-keyring does not discard stored secrets when using gnome_ke - gnome-keyring 3.8.2-1 (low; bug #697896) [squeeze] - gnome-keyring (Minor issue) [wheezy] - gnome-keyring (Minor issue) - NOTE: http://www.openwall.com/lists/oss-security/2013/01/11/5 + NOTE: https://www.openwall.com/lists/oss-security/2013/01/11/5 CVE-2012-6109 (lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x ...) - ruby-rack 1.4.1-2.1 (bug #698440) - librack-ruby @@ -1607,8 +1607,8 @@ CVE-2012-6084 (modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybd {DSA-2612-1} - charybdis 3.3.0-7.1 (bug #697092) - ircd-ratbox 3.0.7.dfsg-3 (bug #697093) - NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/1 - NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/2 + NOTE: https://www.openwall.com/lists/oss-security/2013/01/01/1 + NOTE: https://www.openwall.com/lists/oss-security/2013/01/01/2 CVE-2012-6083 (Freeciv before 2.3.3 allows remote attackers to cause a denial of serv ...) - freeciv 2.3.4-1 (low; bug #696306) [squeeze] - freeciv (Minor issue) @@ -1630,13 +1630,13 @@ CVE-2012-6080 (Directory traversal vulnerability in the _do_attachment_move func NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52 CVE-2012-6079 (W3 Total Cache before 0.9.2.5 exposes sensitive cached database inform ...) NOT-FOR-US: W3 Total Cache - NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3 + NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/3 CVE-2012-6078 (W3 Total Cache before 0.9.2.5 generates hash keys insecurely which all ...) NOT-FOR-US: W3 Total Cache - NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3 + NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/3 CVE-2012-6077 (W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve pass ...) NOT-FOR-US: W3 Total Cache - NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3 + NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/3 CVE-2012-6076 (Inkscape before 0.48.4 reads .eps files from /tmp instead of the curre ...) - inkscape 0.48.3.1-1.3 (low; bug #654341) [squeeze] - inkscape (Minor issue) @@ -1647,20 +1647,20 @@ CVE-2012-6075 (Buffer overflow in the e1000_receive function in the e1000 device - qemu-kvm 1.1.2+dfsg-4 (bug #696051) - xen 4.1.3-8 [squeeze] - xen (In Squeeze the code is in the package xen-qemu-dm-4.0) - NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/1 CVE-2012-6074 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenk ...) - jenkins 1.447.2+dfsg-3 (bug #696816) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 - NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/12/28/1 CVE-2012-6073 (Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS befor ...) - jenkins 1.447.2+dfsg-3 (bug #696816) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 - NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/12/28/1 CVE-2012-6072 (CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS befo ...) - jenkins 1.447.2+dfsg-3 (bug #696816) - jenkins-winstone 0.9.10-jenkins-37+dfsg-2 (bug #696974) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 - NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/12/28/1 CVE-2012-6071 (nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. ...) - nusoap 0.7.3-5 (low; bug #696707) [squeeze] - nusoap (Minor issue) @@ -2637,7 +2637,7 @@ CVE-2012-5667 (Multiple integer overflows in GNU Grep before 2.11 might allow co [squeeze] - grep 2.6.3-3+squeeze1 NOTE: https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473 NOTE: patch http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189 - NOTE: http://www.openwall.com/lists/oss-security/2012/12/22/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/12/22/1 CVE-2012-5666 (Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js ...) - owncloud 4.0.8debian-1.3 (bug #696574) [wheezy] - owncloud 4.0.4debian2-3.2 @@ -2648,7 +2648,7 @@ CVE-2012-5664 REJECTED CVE-2012-5663 (The isearch package (textproc/isearch) before 1.47.01nb1 uses the temp ...) NOT-FOR-US: Isearch - NOTE: http://www.openwall.com/lists/oss-security/2012/12/21/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/12/21/1 CVE-2012-5662 (x3270 before 3.3.12ga12 does not verify that the server hostname match ...) - ibm-3270 3.3.14ga11-1 (bug #706547) [wheezy] - ibm-3270 (Non-free not supported) @@ -2664,7 +2664,7 @@ CVE-2012-5658 (rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug CVE-2012-5657 (The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Z ...) {DSA-2602-1} - zendframework 1.11.13-1.1 (bug #696483) - NOTE: http://www.openwall.com/lists/oss-security/2012/12/20/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/12/20/2 NOTE: http://framework.zend.com/security/advisory/ZF2012-05 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=889037 NOTE: http://secunia.com/advisories/51583 @@ -2791,7 +2791,7 @@ CVE-2012-5618 (Ushahidi before 2.6.1 has insufficient entropy for forgot-passwor CVE-2012-5617 (gksu-polkit: permissive PolicyKit policy configuration file allows pri ...) - gksu-polkit (bug #695807) [squeeze] - gksu-polkit (Unsupported in squeeze-lts) - NOTE: http://www.openwall.com/lists/oss-security/2012/12/12/8 + NOTE: https://www.openwall.com/lists/oss-security/2012/12/12/8 CVE-2012-5616 (Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly ...) NOT-FOR-US: CloudStack CVE-2012-5615 (Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.2 ...) @@ -2810,7 +2810,7 @@ CVE-2012-5614 (Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and Maria [squeeze] - mysql-5.1 5.1.73-1 NOTE: https://mariadb.atlassian.net/browse/MDEV-3910 NOTE: http://seclists.org/fulldisclosure/2012/Dec/7 - NOTE: http://www.openwall.com/lists/oss-security/2013/02/28/10 + NOTE: https://www.openwall.com/lists/oss-security/2013/02/28/10 CVE-2012-5613 - mysql-5.1 (unimportant; bug #695001) - mysql-5.5 (unimportant; bug #695001) @@ -2828,23 +2828,23 @@ CVE-2012-5611 (Stack-based buffer overflow in the acl_get function in Oracle MyS CVE-2012-5610 (Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud b ...) - owncloud 4.0.8debian-1.1 (bug #693990) [wheezy] - owncloud 4.0.4debian2-3.1 - NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5609 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud befo ...) - owncloud 4.0.8debian-1.1 (bug #693990) [wheezy] - owncloud 4.0.4debian2-3.1 - NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5608 (Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/setti ...) - owncloud 4.0.8debian-1.1 (bug #693990) [wheezy] - owncloud 4.0.4debian2-3.1 - NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5607 (The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4 ...) - owncloud 4.0.8debian-1.1 (bug #693990) [wheezy] - owncloud 4.0.4debian2-3.1 - NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5606 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...) - owncloud 4.0.8debian-1.1 (bug #693990) [wheezy] - owncloud 4.0.4debian2-3.1 - NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5605 (Grinder in Red Hat CloudForms before 1.1 uses world-writable permissio ...) NOT-FOR-US: Red Hat CloudForms CVE-2012-5604 (The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when u ...) @@ -2902,7 +2902,7 @@ CVE-2012-5581 (Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 {DSA-2589-1} - tiff 4.0.2-1 (bug #694693) - tiff3 3.9.6-10 - NOTE: http://www.openwall.com/lists/oss-security/2012/11/28/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/11/28/1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=867235 CVE-2012-5580 (Format string vulnerability in the print_proxies function in bin/proxy ...) - libproxy 0.3.1-4 (low) @@ -2924,7 +2924,7 @@ CVE-2012-5576 (Multiple stack-based buffer overflows in file-xwd.c in the X Wind [squeeze] - gimp 2.6.10-1+squeeze4 NOTE: Upstream fix http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=687392 - NOTE: http://www.openwall.com/lists/oss-security/2012/11/21/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/11/21/2 CVE-2012-5575 (Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x befo ...) NOT-FOR-US: Apache CXF CVE-2012-5574 (lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote a ...) @@ -4792,12 +4792,12 @@ CVE-2012-4754 (Multiple untrusted search path vulnerabilities in MindManager 201 CVE-2012-4410 REJECTED CVE-2012-4753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...) - NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17 + NOTE: https://www.openwall.com/lists/oss-security/2012/09/05/17 NOTE: False assignment, will be rejected, see #688123 CVE-2012-4752 (appconfig.php in ownCloud before 4.0.6 does not properly restrict acce ...) - owncloud 4.0.7debian-1 [wheezy] - owncloud 4.0.4debian2-2 - NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17 + NOTE: https://www.openwall.com/lists/oss-security/2012/09/05/17 CVE-2012-4751 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...) - otrs2 3.1.7+dfsg1-6 [squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4 @@ -5555,7 +5555,7 @@ CVE-2012-4437 (Cross-site scripting (XSS) vulnerability in the SmartyException c - smarty (bug #702710) [squeeze] - smarty 2.6.26-0.2+squeeze1 [squeeze] - smarty3 (Unsupported in squeeze-lts) - NOTE: http://www.openwall.com/lists/oss-security/2012/09/19/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/09/19/1 NOTE: http://secunia.com/advisories/50589/ NOTE: http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt NOTE: http://code.google.com/p/smarty-php/source/detail?r=4658 @@ -5613,7 +5613,7 @@ CVE-2012-4426 (Multiple format string vulnerabilities in mcrypt 2.6.8 and earlie [squeeze] - mcrypt (minor issue, it doesn't affect libmcrypt) CVE-2012-4425 (libgio, when used in setuid or other privileged programs in spice-gtk ...) - spice-gtk 0.12-5 (bug #689155) - NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18 + NOTE: https://www.openwall.com/lists/oss-security/2012/09/13/18 CVE-2012-4424 (Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library ...) {DLA-165-1} - eglibc @@ -5623,7 +5623,7 @@ CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before 0. - libvirt 0.9.12-5 (bug #687598) [squeeze] - libvirt (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=857133 - NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/11 + NOTE: https://www.openwall.com/lists/oss-security/2012/09/13/11 CVE-2012-4422 (wp-admin/plugins.php in WordPress before 3.4.2, when the multisite fea ...) - wordpress 3.4.2+dfsg-1 CVE-2012-4421 (The create_post function in wp-includes/class-wp-atom-server.php in Wo ...) @@ -5633,7 +5633,7 @@ CVE-2012-4420 (An information disclosure flaw was found in the way the Java Virt CVE-2012-4419 (The compare_tor_addr_to_addr_policy function in or/policies.c in Tor b ...) {DSA-2548-1} - tor 0.2.3.22-rc-1 - NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/5 + NOTE: https://www.openwall.com/lists/oss-security/2012/09/12/5 NOTE: https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes NOTE: https://gitweb.torproject.org/tor.git/commitdiff/973c18bf0e84d14d8006a9ae97fde7f7fb97e404 NOTE: https://gitweb.torproject.org/tor.git/commitdiff/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5 @@ -5656,7 +5656,7 @@ CVE-2012-4414 (Multiple SQL injection vulnerabilities in the replication code in - mysql-5.5 5.5.30+dfsg-1 (bug #687485) CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens when g ...) - keystone 2012.1.1-6 (bug #687428) - NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/7 + NOTE: https://www.openwall.com/lists/oss-security/2012/09/12/7 CVE-2012-4412 (Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc ...) {DLA-165-1} - eglibc @@ -5750,32 +5750,32 @@ CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not proper - mediawiki 1:1.19.2-1 (bug #686330) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823 - NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6 + NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4381 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in t ...) - mediawiki 1:1.19.2-1 (bug #686330) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184 - NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6 + NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4380 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attack ...) - mediawiki 1:1.19.2-1 (bug #686330) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39824 - NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6 + NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4379 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a rest ...) - mediawiki 1:1.19.2-1 (bug #686330) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39180 - NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6 + NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4378 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki befor ...) - mediawiki 1:1.19.2-1 (bug #686330) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=37587 - NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6 + NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4377 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 an ...) - mediawiki 1:1.19.2-1 (bug #686330) [squeeze] - mediawiki (Introduced in 1.16) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39700 - NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6 + NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4376 RESERVED CVE-2012-4375 @@ -6628,14 +6628,14 @@ CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1. - wireshark 1.8.2-1 [squeeze] - wireshark (Vulnerable code not present) NOTE: http://www.wireshark.org/security/wnpa-sec-2012-12.html - NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/2 CVE-2012-4048 (The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9 ...) {DSA-2590-1} - wireshark 1.8.2-1 (bug #680056) NOTE: http://www.wireshark.org/security/wnpa-sec-2012-11.html - NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/2 CVE-2012-4033 (Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin be ...) NOT-FOR-US: Zingiri not in Debian CVE-2012-4032 (Open redirect vulnerability in the login page in WebsitePanel before 1 ...) @@ -6704,12 +6704,12 @@ CVE-2012-4003 (Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJE - glpi 0.83.31-1 (unimportant) NOTE: Only supported behind an authenticated HTTP zone NOTE: https://forge.indepnet.net/projects/glpi/versions/771 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/13/1 CVE-2012-4002 (Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI b ...) - glpi 0.83.31-1 (unimportant) NOTE: Only supported behind an authenticated HTTP zone NOTE: https://forge.indepnet.net/projects/glpi/versions/771 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/13/1 CVE-2012-4001 (The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server d ...) NOT-FOR-US: mod_pagespeed CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var f ...) @@ -7847,7 +7847,7 @@ CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privilege - glib2.0 2.33.12+really2.32.4-2 [squeeze] - glib2.0 (Vulnerable code not present) NOTE: fixed in 2.34.0-1 from experimental - NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6 + NOTE: https://www.openwall.com/lists/oss-security/2012/09/12/6 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=697105 NOTE: http://stealth.openwall.net/null/dzug.c CVE-2012-3523 (The STARTTLS implementation in nnrpd in INN before 2.5.3 does not prop ...) @@ -7985,7 +7985,7 @@ CVE-2012-3482 (Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in CVE-2012-3481 (Integer overflow in the ReadImage function in plug-ins/common/file-gif ...) - gimp 2.8.2-1 (bug #685397) [squeeze] - gimp 2.6.10-1+squeeze4 - NOTE: http://www.openwall.com/lists/oss-security/2012/08/20/8 + NOTE: https://www.openwall.com/lists/oss-security/2012/08/20/8 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=776572 CVE-2012-3480 (Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, ...) {DLA-165-1} @@ -7995,8 +7995,8 @@ CVE-2012-3479 (lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically e {DSA-2603-1} - emacs23 23.4+1-4 (bug #684695) - emacs24 24.2+1-1 (bug #684694) - NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/1 - NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/08/13/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/08/13/2 CVE-2012-3478 (rssh 2.3.3 and earlier allows local users to bypass intended restricte ...) {DSA-2530-1} - rssh 2.3.3-5 @@ -8039,7 +8039,7 @@ CVE-2012-3464 (Cross-site scripting (XSS) vulnerability in activesupport/lib/act CVE-2012-3463 (Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...) - rails (Only affects RoR 3.x) - ruby-actionpack-3.2 3.2.6-4 (bug #684454) - NOTE: http://www.openwall.com/lists/oss-security/2012/08/09/8 + NOTE: https://www.openwall.com/lists/oss-security/2012/08/09/8 CVE-2012-3462 (A flaw was found in SSSD version 1.9.0. The SSSD's access-provider log ...) - sssd 1.10.0-1 NOTE: https://pagure.io/SSSD/sssd/issue/1470 @@ -8078,8 +8078,8 @@ CVE-2012-3450 (pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5 - php5 5.4.4-1 (bug #683694) NOTE: http://seclists.org/bugtraq/2012/Jun/60 NOTE: https://bugs.php.net/bug.php?id=61755 - NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/3 - NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/7 + NOTE: https://www.openwall.com/lists/oss-security/2012/08/02/3 + NOTE: https://www.openwall.com/lists/oss-security/2012/08/02/7 CVE-2012-3449 (Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/op ...) - openvswitch 1.4.2+git20120612-8 (bug #683665) CVE-2012-3448 (Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote at ...) @@ -8098,20 +8098,20 @@ CVE-2012-3444 (The get_image_dimensions function in the image-handling functiona {DSA-2529-1} - python-django 1.4.1-1 (bug #683364) NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/ - NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/2 CVE-2012-3443 (The django.forms.ImageField class in the form system in Django before ...) {DSA-2529-1} - python-django 1.4.1-1 (bug #683364) NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/ - NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/2 CVE-2012-3442 (The (1) django.http.HttpResponseRedirect and (2) django.http.HttpRespo ...) {DSA-2529-1} - python-django 1.4.1-1 (bug #683364) NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/ - NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/2 CVE-2012-3441 (The database creation script (module/idoutils/db/scripts/create_mysqld ...) - icinga (Debian uses dbconfig, which does the right thing, bug #683320) CVE-2012-3440 (A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (R ...) @@ -8146,7 +8146,7 @@ CVE-2012-3430 (The rds_recvmsg function in net/rds/recv.c in the Linux kernel be - linux 3.2.29-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-36 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/26/3 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/26/3 CVE-2012-3429 (The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb ...) NOT-FOR-US: Dynamic LDAP backend plugin for BIND CVE-2012-3428 (The IronJacamar container before 1.0.12.Final for JBoss Application Se ...) @@ -8190,7 +8190,7 @@ CVE-2012-3414 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFU NOTE: https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/ CVE-2012-3413 (The HTMLQuoteColorer::process function in messageviewer/htmlquotecolor ...) - kdepim (Only affects kdepim >= 4.6) - NOTE: CVE-request http://www.openwall.com/lists/oss-security/2012/07/13/3 + NOTE: CVE-request https://www.openwall.com/lists/oss-security/2012/07/13/3 NOTE: https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54 NOTE: https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1022690 CVE-2012-3412 (The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before ...) @@ -8216,16 +8216,16 @@ CVE-2012-3408 (lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Pupp NOTE: Fixed in 2.7.18 by updated docs CVE-2012-3407 (plow has local buffer overflow vulnerability ...) NOT-FOR-US: plow - NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/6 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/16 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/6 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/16 CVE-2012-3406 (The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka ...) {DSA-3169-1 DLA-165-1} - eglibc - glibc 2.19-14 (low; bug #681888) NOTE: Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5985c6ea868db23380977a35a2167549f9a3653b NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=826943 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/5 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/17 CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...) {DLA-165-1} - glibc 2.13-35 (low; bug #681473) @@ -8234,8 +8234,8 @@ CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a4647e727a2a52e1259474c13f4b13288938bed4 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833704 NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1d498daa95384e5c9ad5bcb35e7a996e5869ac39 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/5 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/17 CVE-2012-3404 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...) - glibc 2.13-35 (low; bug #681473) - eglibc 2.13-35 (low; bug #681473) @@ -8243,8 +8243,8 @@ CVE-2012-3404 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12445 NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=84a4211850e3d23a9d3a4f3b294752a3b30bc0ff NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833703 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/5 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/17 CVE-2012-3403 (Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP ...) - gimp 2.8.2-1 (bug #685397) [squeeze] - gimp 2.6.10-1+squeeze4 @@ -8309,16 +8309,16 @@ CVE-2012-3386 (The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12. [squeeze] - automake1.9 1.9.6+nogfdl-3.1+squeeze1 CVE-2012-3385 (WordPress before 3.4.1 does not properly restrict access to post conte ...) - wordpress 3.4.1+dfsg-1 (bug #680721) - NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/02/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/08/1 CVE-2012-3384 (Cross-site request forgery (CSRF) vulnerability in the customizer in W ...) - wordpress 3.4.1+dfsg-1 (bug #680721) - NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/02/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/08/1 CVE-2012-3383 (The map_meta_cap function in wp-includes/capabilities.php in WordPress ...) - wordpress 3.4.1+dfsg-1 (bug #680721) - NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/02/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/08/1 CVE-2012-3382 (Cross-site scripting (XSS) vulnerability in the ProcessRequest functio ...) {DSA-2512-1} - mono 2.10.8.1-5 (bug #681095) @@ -8328,8 +8328,8 @@ CVE-2012-3381 (sfcb in sblim-sfcb places a zero-length directory name in the LD_ NOT-FOR-US: sblim-sfcb NOTE: https://bugzilla.suse.com/show_bug.cgi?id=770234 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=838160 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/7 - NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/8 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/06/7 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/06/8 CVE-2012-3380 (Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Nax ...) - nginx 1.2.1-2 [squeeze] - nginx (naxsi package was introduced in 1.1.18-1) @@ -8362,7 +8362,7 @@ CVE-2012-3372 (** DISPUTED ** The default configuration of Cyberoam UTM applianc NOTE: http://seclists.org/bugtraq/2012/Jul/20 CVE-2012-3371 (The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Ess ...) - nova 2012.1.1-5 (bug #681301) - NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/13 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/13 NOTE: https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d NOTE: https://github.com/openstack/nova/commit/25f5bd31805bd21d7b7e3583c775252aa8f737e9 NOTE: https://bugs.launchpad.net/nova/+bug/1017795 @@ -8405,7 +8405,7 @@ CVE-2012-3359 (Luci in Red Hat Conga stores the user's username and password in CVE-2012-3358 (Multiple heap-based buffer overflows in the j2k_read_sot function in j ...) {DSA-2629-1} - openjpeg 1.3+dfsg-4.4 (bug #681075) - NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/1 NOTE: Upstream patch: http://code.google.com/p/openjpeg/source/detail?r=1727 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835767 CVE-2012-3357 (The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1. ...) @@ -8428,7 +8428,7 @@ CVE-2012-3355 ((1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) Lyric NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835076 CVE-2012-3354 (doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain P ...) - dokuwiki 0.0.20130510a-1 (unimportant) - NOTE: http://www.openwall.com/lists/oss-security/2012/06/24/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/06/24/2 CVE-2012-3353 (The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling J ...) NOT-FOR-US: Apache Sling CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open ...) @@ -8450,7 +8450,7 @@ CVE-2012-3346 RESERVED CVE-2012-3345 (ioquake3 before r2253 allows local users to overwrite arbitrary files ...) - ioquake3 1.36+svn2224-4 - NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/3 + NOTE: https://www.openwall.com/lists/oss-security/2012/06/15/3 CVE-2012-3344 RESERVED CVE-2012-3343 (Cross-site request forgery (CSRF) vulnerability in Microdasys before 3 ...) @@ -9816,7 +9816,7 @@ CVE-2012-2764 (Untrusted search path vulnerability in Google Chrome before 20.0. CVE-2012-2763 (Buffer overflow in the readstr_upto function in plug-ins/script-fu/tin ...) - gimp 2.8.0-1 (unimportant) NOTE: Only exploitable in rare/theoretical setups - NOTE: http://www.openwall.com/lists/oss-security/2012/05/31/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/05/31/1 NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfubof.c CVE-2012-2762 (SQL injection vulnerability in include/functions_trackbacks.inc.php in ...) @@ -9846,8 +9846,8 @@ CVE-2012-2751 (ModSecurity before 2.6.6, when used with PHP, does not properly h {DSA-2506-1} - modsecurity-apache 2.6.6-1 (bug #678527) - libapache-mod-security (bug #678529) - NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1 - NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/2 CVE-2012-2750 (Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown imp ...) {DSA-2780-1} - mysql-5.5 5.5.23-1 @@ -9875,11 +9875,11 @@ CVE-2012-2744 (net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel befor CVE-2012-2743 (Revelation 0.4.13-2 and earlier does not iterate through SHA hashing a ...) - revelation 0.4.11-10 (low; bug #633088) [squeeze] - revelation (Minor issue) - NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/06/18/1 CVE-2012-2742 (Revelation 0.4.13-2 and earlier uses only the first 32 characters of a ...) - revelation 0.4.11-10 (bug #633088) [squeeze] - revelation (Minor issue) - NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/06/18/1 CVE-2012-2741 (Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ i ...) - phplist (bug #612288) CVE-2012-2740 (SQL injection vulnerability in public_html/lists/admin in phpList befo ...) @@ -9890,15 +9890,15 @@ CVE-2012-2739 (Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build NOTE: Upstream disputes this and states it needs to be fixed in Java apps itself NOTE: http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html NOTE: http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html - NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/12 - NOTE: http://www.openwall.com/lists/oss-security/2012/06/17/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/06/15/12 + NOTE: https://www.openwall.com/lists/oss-security/2012/06/17/1 CVE-2012-2738 (The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote au ...) - vte 1:0.28.2-5 (bug #677717) - vte3 1:0.32.2-1 [squeeze] - vte 1:0.24.3-4 CVE-2012-2737 (The user_change_icon_file_authorized_cb function in /usr/libexec/accou ...) - accountsservice 0.6.21-6 (bug #679429) - NOTE: http://www.openwall.com/lists/oss-security/2012/06/28/9 + NOTE: https://www.openwall.com/lists/oss-security/2012/06/28/9 NOTE: http://cgit.freedesktop.org/accountsservice/commit/?id=69b526a6cd4c078732068de2ba393cf9242a404b NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=832532 CVE-2012-2736 (In NetworkManager 0.9.2.0, when a new wireless network was created wit ...) @@ -10007,8 +10007,8 @@ CVE-2012-2690 (virt-edit in libguestfs before 1.18.0 does not preserve the permi NOTE: Upstream patch https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html NOTE: https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=788642 - NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/1 - NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/5 + NOTE: https://www.openwall.com/lists/oss-security/2012/06/11/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/06/11/5 CVE-2012-2689 RESERVED CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function in the s ...) @@ -10798,7 +10798,7 @@ CVE-2012-2353 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote au CVE-2012-2352 (The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in ...) {DSA-2477-1} - sympa 6.1.11~dfsg-1 (bug #672893; high) - NOTE: http://www.openwall.com/lists/oss-security/2012/05/12/8 + NOTE: https://www.openwall.com/lists/oss-security/2012/05/12/8 CVE-2012-2351 (The default configuration of the auth/saml plugin in Mahara before 1.4 ...) {DSA-2467-1} - mahara 1.4.2-1 @@ -10822,23 +10822,23 @@ CVE-2012-2343 CVE-2012-2342 REJECTED CVE-2012-2341 (Cross-site request forgery (CSRF) vulnerability in the Take Control mo ...) - NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6 - NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/6 + NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/2 NOT-FOR-US: Drupal Take Control CVE-2012-2340 (The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not sp ...) - NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6 - NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/6 + NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/2 NOT-FOR-US: Drupal Contact Forms CVE-2012-2339 (Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1. ...) - NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6 - NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2 + NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/6 + NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/2 NOT-FOR-US: Drupal Glossary CVE-2012-2338 (SQL injection vulnerability in includes/picture.class.php in Galette 0 ...) NOT-FOR-US: Galette NOTE: http://redmine.ulysses.fr/issues/250 NOTE: http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba - NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/5 - NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/1 + NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/5 + NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/1 CVE-2012-2337 (sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does no ...) {DSA-2478-1} - sudo 1.8.3p2-1.1 (bug #673766) @@ -10882,15 +10882,15 @@ CVE-2012-2328 (internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Ins CVE-2012-2327 (MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obt ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ - NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14 + NOTE: https://www.openwall.com/lists/oss-security/2012/05/07/14 CVE-2012-2326 (Cross-site scripting (XSS) vulnerability in the Admin Control Panel (A ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ - NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14 + NOTE: https://www.openwall.com/lists/oss-security/2012/05/07/14 CVE-2012-2325 (SQL injection vulnerability in the User Inline Moderation feature in t ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ - NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14 + NOTE: https://www.openwall.com/lists/oss-security/2012/05/07/14 CVE-2012-2324 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) b ...) NOT-FOR-US: MyBB CVE-2012-2323 @@ -11289,7 +11289,7 @@ CVE-2012-2153 (Drupal 7.x before 7.14 does not properly restrict access to nodes CVE-2012-2152 (Stack-based buffer overflow in the get_packet method in socket.c in dh ...) {DSA-2498-1} - dhcpcd 1:3.2.3-11 (bug #671265) - NOTE: http://www.openwall.com/lists/oss-security/2012/05/02/4 + NOTE: https://www.openwall.com/lists/oss-security/2012/05/02/4 CVE-2012-2151 (Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x befo ...) {DSA-2461-1} - spip 2.1.13-1 (low; bug #671264) @@ -13544,11 +13544,11 @@ CVE-2012-1185 (Multiple integer overflows in (1) magick/profile.c or (2) magick/ CVE-2012-1184 (Stack-based buffer overflow in the ast_parse_digest function in main/u ...) - asterisk 1:1.8.10.0~dfsg-1 (bug #664411) [squeeze] - asterisk (HTTP digest authentication code not present) - NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10 + NOTE: https://www.openwall.com/lists/oss-security/2012/03/16/10 CVE-2012-1183 (Stack-based buffer overflow in the milliwatt_generate function in the ...) {DSA-2460-1} - asterisk 1:1.8.10.0~dfsg-1 (bug #664411) - NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10 + NOTE: https://www.openwall.com/lists/oss-security/2012/03/16/10 CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14 ...) {DSA-2450-1} - samba 2:3.6.4-1 (bug #668309) @@ -13570,14 +13570,14 @@ CVE-2012-1178 (The msn_oim_report_to_user function in oim.c in the MSN protocol CVE-2012-1177 (libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL ...) {DSA-2482-1} - libgdata 0.10.2-1 (bug #664032) - NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/3 + NOTE: https://www.openwall.com/lists/oss-security/2012/03/14/3 CVE-2012-1176 (Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi b ...) - pyfribidi 0.11.0-1 (bug #663189) [squeeze] - pyfribidi (Minor issue) CVE-2012-1175 (Integer overflow in the GnashImage::size method in libbase/GnashImage. ...) {DSA-2435-1} - gnash 0.8.10-5 (bug #664023) - NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/5 + NOTE: https://www.openwall.com/lists/oss-security/2012/03/14/5 CVE-2012-1174 (The rm_rf_children function in util.c in the systemd-logind login mana ...) - systemd 44-1 (bug #664364) CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow r ...) @@ -13605,12 +13605,12 @@ CVE-2012-1166 (The default keybindings for wwm in LTSP Display Manager (ldm) 2.2 CVE-2012-1165 (The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL befor ...) {DSA-2454-1} - openssl 1.0.0h-1 (low; bug #663642) - NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/3 + NOTE: https://www.openwall.com/lists/oss-security/2012/03/12/3 CVE-2012-1164 (slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a den ...) {DLA-203-1} - openldap 2.4.31-1 (low; bug #663644) [squeeze] - openldap (Minor issue) - NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/4 + NOTE: https://www.openwall.com/lists/oss-security/2012/03/12/4 CVE-2012-1163 (Integer overflow in the _zip_readcdir function in zip_open.c in libzip ...) - libzip 0.10.1-1 (bug #664990) [squeeze] - libzip (Only affects 0.10.x) @@ -14149,7 +14149,7 @@ CVE-2012-0947 (Heap-based buffer overflow in the vqa_decode_chunk function in th - libav 6:0.8.2-1 - ffmpeg 7:2.4.1-1 NOTE: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963 - NOTE: http://www.openwall.com/lists/oss-security/2012/05/03/4 + NOTE: https://www.openwall.com/lists/oss-security/2012/05/03/4 CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access arbi ...) - nvidia-graphics-drivers 295.40-1 [squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1 @@ -14283,7 +14283,7 @@ CVE-2012-0908 (Cross-site scripting (XSS) vulnerability in logout.php in SimpleS CVE-2012-0884 (The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 i ...) {DSA-2454-1} - openssl 1.0.0h-1 (low) - NOTE: "If a Linux distribution picks up the fix for CVE-2012-0884 then they will want to pick up change 22161 at the same time" -- http://www.openwall.com/lists/oss-security/2012/03/23/12 + NOTE: "If a Linux distribution picks up the fix for CVE-2012-0884 then they will want to pick up change 22161 at the same time" -- https://www.openwall.com/lists/oss-security/2012/03/23/12 CVE-2012-0883 (envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 place ...) - apache2 (LD_LIBRARY_PATH not set in debian package) CVE-2012-0882 (Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other v ...) -- cgit v1.2.3