summaryrefslogtreecommitdiffstats
path: root/data/CVE/2013.list
diff options
context:
space:
mode:
Diffstat (limited to 'data/CVE/2013.list')
-rw-r--r--data/CVE/2013.list157
1 files changed, 85 insertions, 72 deletions
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index b76a41dcb3..9fc3286a3f 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1,3 +1,11 @@
+CVE-2013-20004 (StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak. ...)
+ NOT-FOR-US: StarWind
+CVE-2013-20003 (Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (usin ...)
+ NOT-FOR-US: Z-Wave devices
+CVE-2013-20002 (Elemin allows remote attackers to upload and execute arbitrary PHP cod ...)
+ NOT-FOR-US: Elemin
+CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...)
+ NOT-FOR-US: OpenZFS
CVE-2013-7491 (An issue was discovered in the DBI module before 1.628 for Perl. Stack ...)
- libdbi-perl 1.628-1
NOTE: https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d
@@ -8,12 +16,13 @@ CVE-2013-7490 (An issue was discovered in the DBI module before 1.632 for Perl.
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=86744
CVE-2013-7489 (The Beaker library through 1.11.0 for Python is affected by deserializ ...)
- beaker <unfixed> (bug #966197)
+ [bullseye] - beaker <no-dsa> (Minor issue)
[buster] - beaker <no-dsa> (Minor issue)
[stretch] - beaker <no-dsa> (Minor issue)
NOTE: https://github.com/bbangert/beaker/issues/191
NOTE: https://www.openwall.com/lists/oss-security/2020/05/14/11
CVE-2013-7488 (perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 ...)
- - libconvert-asn1-perl <unfixed> (bug #956186)
+ - libconvert-asn1-perl 0.27-3 (bug #956186)
[buster] - libconvert-asn1-perl <no-dsa> (Minor issue)
[stretch] - libconvert-asn1-perl <no-dsa> (Minor issue)
[jessie] - libconvert-asn1-perl <no-dsa> (Minor issue)
@@ -25,10 +34,13 @@ CVE-2013-7486 (Cross-site scripting (XSS) vulnerability in the backend in Open-X
CVE-2013-7485 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...)
NOT-FOR-US: Open-Xchange App Suite
CVE-2013-7484 (Zabbix before 5.0 represents passwords in the users table with unsalte ...)
- - zabbix <unfixed>
+ - zabbix 1:5.0.0+dfsg-1
[buster] - zabbix <no-dsa> (Minor issue)
[stretch] - zabbix <no-dsa> (Minor issue)
[jessie] - zabbix <no-dsa> (Minor issue)
+ NOTE: https://support.zabbix.com/browse/ZBX-16551
+ NOTE: https://support.zabbix.com/browse/ZBXNEXT-1898
+ NOTE: https://www.zabbix.com/documentation/5.0/manual/introduction/whatsnew500#stronger_cryptography_for_passwords
CVE-2013-7483 (The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. ...)
NOT-FOR-US: slidedeck2 plugin for WordPress
CVE-2013-7482 (The reflex-gallery plugin before 1.4.3 for WordPress has XSS. ...)
@@ -59,7 +71,7 @@ CVE-2013-7470 (cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel
- linux 3.11.7-1
NOTE: Fixed by: https://git.kernel.org/linus/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b
CVE-2013-7469 (Seafile through 6.2.11 always uses the same Initialization Vector (IV) ...)
- - seafile <unfixed> (bug #923009)
+ - seafile 7.0.2-1 (bug #923009)
[buster] - seafile <ignored> (Minor issue)
NOTE: https://github.com/haiwen/seafile/issues/350
CVE-2013-7468 (Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the in ...)
@@ -91,7 +103,7 @@ CVE-2013-7459 (Heap-based buffer overflow in the ALGnew function in block_templa
NOTE: Fixed by: https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
NOTE: All users of pycrypto's AES module in Debian that allow the mode
NOTE: of operation to be specified from outside check for ECB explicitly
- NOTE: and create the objects without specifying an IV.
+ NOTE: and create the objects without specifying an IV.
CVE-2013-7458 (linenoise, as used in Redis before 3.2.3, uses world-readable permissi ...)
{DSA-3634-1 DLA-577-1}
- redis 2:3.2.1-4 (bug #832460)
@@ -148,12 +160,12 @@ CVE-2013-7446 (Use-after-free vulnerability in net/unix/af_unix.c in the Linux k
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec0d215f9420564fc8286dcf93d2d068bb53a07e (v2.6.26-rc9)
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c (v4.4-rc4)
CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel throu ...)
- - linux <unfixed>
+ - linux <unfixed> (bug #1000886)
+ [bullseye] - linux <ignored> (Minor issue, requires invasive changes)
[buster] - linux <ignored> (Minor issue, requires invasive changes)
[stretch] - linux <ignored> (Minor issue, requires invasive changes)
[jessie] - linux <ignored> (Minor issue, requires invasive changes)
[wheezy] - linux <no-dsa> (Minor issue, requires invasive changes)
- [jessie] - linux-4.9 <ignored> (Minor issue, requires invasive changes)
- linux-2.6 <removed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=60533
CVE-2013-7444 (The Special:Contributions page in MediaWiki before 1.22.0 allows remot ...)
@@ -280,8 +292,8 @@ CVE-2013-7424 (The getaddrinfo function in glibc before 2.15, when compiled with
CVE-2013-7423 (The send_dg function in resolv/res_send.c in GNU C Library (aka glibc ...)
{DLA-165-1}
- glibc 2.19-1 (bug #722075)
- [wheezy] - eglibc 2.13-38+deb7u5
- eglibc <removed>
+ [wheezy] - eglibc 2.13-38+deb7u5
NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f9d2d03254a58d92635a311a42253eeed5a40a47
NOTE: Upstream report: https://sourceware.org/bugzilla/show_bug.cgi?id=15946
NOTE: https://www.openwall.com/lists/oss-security/2015/01/28/16
@@ -1131,9 +1143,8 @@ CVE-2013-7116
REJECTED
CVE-2013-7115
REJECTED
-CVE-2013-7109 (OpenStack Swift as of 2013-12-15 mishandles PYTHON_EGG_CACHE ...)
- - glance 2012.1~e4-1
- NOTE: https://github.com/openstack/glance/commit/804396204e23ebb
+CVE-2013-7109
+ REJECTED
CVE-2013-7105 (Buffer overflow in the Interstage HTTP Server log functionality, as us ...)
NOT-FOR-US: Fujitsu Interstage HTTP Server
CVE-2013-7104 (McAfee Email Gateway 7.6 allows remote authenticated administrators to ...)
@@ -2730,15 +2741,15 @@ CVE-2013-6508
CVE-2013-6507
REJECTED
CVE-2013-6506
- RESERVED
+ REJECTED
CVE-2013-6505
- RESERVED
+ REJECTED
CVE-2013-6504
- RESERVED
+ REJECTED
CVE-2013-6503
- RESERVED
+ REJECTED
CVE-2013-6502
- RESERVED
+ REJECTED
CVE-2013-6501 (The default soap.wsdl_cache_dir setting in (1) php.ini-production and ...)
- php5 <removed> (unimportant)
NOTE: Rendererd unexpoitable by kernel level hardening for tmp races
@@ -3151,7 +3162,7 @@ CVE-2013-6396 (The OpenStack Python client library for Swift (python-swiftclient
- python-swiftclient 1:2.0.2-1 (bug #730626)
NOTE: https://bugs.launchpad.net/python-swiftclient/+bug/1199783
CVE-2013-6395 (Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web ...)
- - ganglia-web <unfixed> (unimportant; bug #730507)
+ - ganglia-web 3.6.1-1 (unimportant; bug #730507)
[squeeze] - ganglia <not-affected> (Vulnerable code not present)
NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
- ganglia 3.6.0-1
@@ -3159,6 +3170,7 @@ CVE-2013-6395 (Cross-site scripting (XSS) vulnerability in header.php in Ganglia
NOTE: ganglia-web and ganglia are now two separate source packages
NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
NOTE: https://github.com/ganglia/ganglia-web/issues/218
+ NOTE: https://github.com/ganglia/ganglia-web/commit/fbdf26542510c01931dac7856bb908f651ad05e6
CVE-2013-6394 (Percona XtraBackup before 2.1.6 uses a constant string for the initial ...)
- percona-xtrabackup 2.1.6-2 (bug #730544)
CVE-2013-6393 (The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0 ...)
@@ -3473,8 +3485,8 @@ CVE-2013-6278
RESERVED
CVE-2013-6277 (QNAP VioCard 300 has hardcoded RSA private keys. ...)
NOT-FOR-US: QNAP
-CVE-2013-6276
- RESERVED
+CVE-2013-6276 (** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 ...)
+ NOT-FOR-US: QNAP
CVE-2013-6274
RESERVED
CVE-2013-6273
@@ -7053,20 +7065,18 @@ CVE-2013-4720 (SQL injection vulnerability in the WEC Discussion Forum extension
NOT-FOR-US: WEC Discussion Forum
CVE-2013-4719 (SQL injection vulnerability in the SEO Pack for tt_news extension befo ...)
NOT-FOR-US: SEO Pack for tt_news extension for TYPO3
-CVE-2013-4718 [XSS]
- RESERVED
+CVE-2013-4718 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
NOT-FOR-US: OTRS ITSM
-CVE-2013-4717 [SQL injection]
- RESERVED
+CVE-2013-4717 (Multiple SQL injection vulnerabilities in Open Ticket Request System ( ...)
{DSA-2733-1}
- otrs2 3.2.9-1
NOTE: http://web.archive.org/web/20131023033811/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-05/
CVE-2013-4716 (Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and ...)
NOT-FOR-US: Tattyan HP TOWN
CVE-2013-4715 (SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6. ...)
- NOT-FOR-US: Tiki Wiki
+ - tikiwiki <removed>
CVE-2013-4714 (Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 ...)
- NOT-FOR-US: Tiki Wiki
+ - tikiwiki <removed>
CVE-2013-4713 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk w ...)
NOT-FOR-US: I-O DATA DEVICE RockDisk
CVE-2013-4712 (I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlie ...)
@@ -7546,8 +7556,7 @@ CVE-2013-4537 (The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4536
- RESERVED
+CVE-2013-4536 (An user able to alter the savevm data (either on the disk or over the ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -7995,7 +8004,7 @@ CVE-2013-4421 (The buf_decompress function in packet.c in Dropbear SSH Server be
- dropbear 2012.55-1.4 (low; bug #726019)
[squeeze] - dropbear <no-dsa> (Minor issue)
[wheezy] - dropbear <no-dsa> (Minor issue)
- NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f
+ NOTE: https://hg.ucc.asn.au/dropbear/rev/0bf76f54de6f
CVE-2013-4420 (Multiple directory traversal vulnerabilities in the (1) tar_extract_gl ...)
{DSA-2863-1}
- libtar 1.2.20-2 (bug #731860)
@@ -8106,7 +8115,7 @@ CVE-2013-4388 (Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4a
{DSA-2973-1}
- vlc 2.1.0-1 (bug #726528)
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
- NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not prop ...)
{DLA-0015-1}
- linux-2.6 <removed>
@@ -8191,7 +8200,7 @@ CVE-2013-4365 (Heap-based buffer overflow in the fcgid_header_bucket_read functi
CVE-2013-4364 ((1) oo-analytics-export and (2) oo-analytics-import in the openshift-o ...)
NOT-FOR-US: OpenShift
CVE-2013-4363 (Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION ...)
- - rubygems <removed> (unimportant; bug #722361)
+ - rubygems 3.2.0~rc.1-1 (unimportant; bug #722361)
- libgems-ruby <removed> (unimportant; bug #722361)
NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
NOTE: it a potential elevated CPU consumption doesn't add any extra harm
@@ -8481,7 +8490,7 @@ CVE-2013-4288 (Race condition in PolicyKit (aka polkit) allows local users to by
[squeeze] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API)
[wheezy] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API)
CVE-2013-4287 (Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN ...)
- - rubygems <removed> (unimportant; bug #722361)
+ - rubygems 3.2.0~rc.1-1 (unimportant; bug #722361)
- libgems-ruby <removed> (unimportant; bug #722361)
NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
NOTE: it a potential elevated CPU consumption doesn't add any extra harm
@@ -8846,7 +8855,7 @@ CVE-2013-4170
CVE-2013-4169 (GNOME Display Manager (gdm) before 2.21.1 allows local users to change ...)
- gdm <removed> (unimportant)
- gdm3 <not-affected> (Only affected older gdm < 2.21.1)
- NOTE: In Debian /tmp/.X11-unix is created by /etc/init.d/x11-common
+ NOTE: In Debian /tmp/.X11-unix is created by /etc/init.d/x11-common
CVE-2013-4168 (Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the sta ...)
{DLA-348-1}
- smokeping 2.6.8-2 (low)
@@ -10092,7 +10101,7 @@ CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FF
{DSA-3003-1}
- ffmpeg <not-affected> (CD Graphics Video Decoder not present in 0.5 ffmpeg)
- libav 6:10.4-1
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a1599f3f7ea8478d1f6a95e59e3bc6bc86d5f812
CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg befo ...)
- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
@@ -10102,7 +10111,7 @@ CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:10.4-1
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=70cd3b8e659c3522eea5c16a65d14b8658894a94
CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before 1.2.1 ...)
- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
@@ -10112,7 +10121,7 @@ CVE-2013-3670 (The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:10-1
[wheezy] - libav <not-affected> (Vulnerable code not present in 0.8)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652
NOTE: [Anton] not present in 0.8, 10 or master; possibly present in 9
CVE-2013-3669
RESERVED
@@ -11027,7 +11036,7 @@ CVE-2013-3246 (Stack-based buffer overflow in xnview.exe in XnView before 2.03 a
CVE-2013-3245 (** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media P ...)
- vlc 2.0.7-1 (unimportant)
NOTE: Harmless crasher
- NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=59c9e8309d5b435a2d85c2c9eaae979ba56ccdd9
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=59c9e8309d5b435a2d85c2c9eaae979ba56ccdd9
NOTE: http://secunia.com/blog/372/
NOTE: http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia
CVE-2013-3244 (Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB ...)
@@ -12783,8 +12792,8 @@ CVE-2013-2514
RESERVED
CVE-2013-2513
RESERVED
-CVE-2013-2512
- RESERVED
+CVE-2013-2512 (The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitra ...)
+ NOT-FOR-US: Ruby ftpd gem
CVE-2013-2511
RESERVED
CVE-2013-2510
@@ -14009,7 +14018,7 @@ CVE-2013-2112 (The svnserve server in Subversion before 1.6.23 and 1.7.x before
CVE-2013-2111 (The IMAP functionality in Dovecot before 2.2.2 allows remote attackers ...)
- dovecot <not-affected> (vulnerable code appeared in 2.2)
[squeeze] - dovecot <not-affected> (vulnerable code appeared in 2.2)
- [wheezy] - dovecot <not-affected> (vulnerable code appeared in 2.2)
+ [wheezy] - dovecot <not-affected> (vulnerable code appeared in 2.2)
CVE-2013-2110 (Heap-based buffer overflow in the php_quot_print_encode function in ex ...)
- php5 5.5.0~rc3+dfsg-1
[wheezy] - php5 <not-affected> (Vulnerable code not present)
@@ -14927,6 +14936,7 @@ CVE-2013-1842 (SQL injection vulnerability in the Extbase Framework in TYPO3 4.5
- typo3-src 4.5.19+dfsg1-5 (bug #702574)
CVE-2013-1841 (Net-Server, when the reverse-lookups option is enabled, does not check ...)
- libnet-server-perl <unfixed> (low; bug #702914)
+ [bullseye] - libnet-server-perl <ignored> (Minor issue)
[buster] - libnet-server-perl <ignored> (Minor issue)
[stretch] - libnet-server-perl <ignored> (Minor issue)
[jessie] - libnet-server-perl <ignored> (Minor issue)
@@ -14942,7 +14952,7 @@ CVE-2013-1839 (The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x
CVE-2013-1838 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) ...)
- nova 2012.1.1-15 (bug #703064)
CVE-2013-1837
- RESERVED
+ REJECTED
CVE-2013-1836 (Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ...)
- moodle 2.5-1 (bug #703870)
[squeeze] - moodle <not-affected> (Vulnerable code not present)
@@ -15087,7 +15097,7 @@ CVE-2013-1792 (Race condition in the install_user_keyrings function in security/
- linux 3.2.41-1
- linux-2.6 <removed>
CVE-2013-1791
- RESERVED
+ REJECTED
CVE-2013-1790 (poppler/Stream.cc in poppler before 0.22.1 allows context-dependent at ...)
{DSA-2719-1}
- poppler 0.18.4-6 (low; bug #702071)
@@ -16402,7 +16412,7 @@ CVE-2013-1430 (An issue was discovered in xrdp before 0.9.1. When successfully l
[wheezy] - xrdp <no-dsa> (Minor issue)
NOTE: https://github.com/neutrinolabs/xrdp/pull/497
NOTE: When successfully logging in using RDP into a xrdp session, the file
- NOTE: ~/.vnc/sesman_${username}_passwd is created. Its content is the
+ NOTE: ~/.vnc/sesman_${username}_passwd is created. Its content is the
NOTE: equivalent of the users clear text password, DES encrypted with a known
NOTE: key.
CVE-2013-1429 (Lintian before 2.5.12 allows remote attackers to gather information ab ...)
@@ -17190,12 +17200,12 @@ CVE-2013-1057 (Untrusted search path vulnerability in maas-import-pxe-files in M
NOT-FOR-US: Ubuntu MAAS
CVE-2013-1056 (X.org X server 1.13.3 and earlier, when not run as root, allows local ...)
- xorg-server <not-affected> (Ubuntu-specific patch, see http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1056.html)
-CVE-2013-1055
- RESERVED
-CVE-2013-1054
- RESERVED
-CVE-2013-1053
- RESERVED
+CVE-2013-1055 (The unity-firefox-extension package could be tricked into dropping a C ...)
+ NOT-FOR-US: unity-firefox-extension
+CVE-2013-1054 (The unity-firefox-extension package could be tricked into destroying t ...)
+ NOT-FOR-US: unity-firefox-extension
+CVE-2013-1053 (In crypt.c of remote-login-service, the cryptographic algorithm used t ...)
+ NOT-FOR-US: remote-login-service Ubuntu package
CVE-2013-1052 (pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the ...)
NOT-FOR-US: pam-xdg-support (Ubuntu-specific package)
CVE-2013-1051 (apt 0.8.16, 0.9.7, and possibly other versions does not properly handl ...)
@@ -17623,7 +17633,7 @@ CVE-2013-0873 (The read_header function in libavcodec/shorten.c in FFmpeg before
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:0.8.6-1 (bug #717009)
NOTE: Commit in libav trunk http://git.libav.org/?p=libav.git;a=commit;h=c10da30d8426a1f681d99a780b6e311f7fb4e5c5
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
NOTE: Fix needed for ffmpeg 0.5
CVE-2013-0872 (The swr_init function in libswresample/swresample.c in FFmpeg before 1 ...)
- ffmpeg <not-affected> (libswresample not yet present in ffmpeg/0.5)
@@ -17640,25 +17650,25 @@ CVE-2013-0869 (The field_end function in libavcodec/h264.c in FFmpeg before 1.1.
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:0.8.5-1
NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=706acb558a38eba633056773280155d66c2f4b24
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
NOTE: Fix needed in ffmpeg 0.5
CVE-2013-0868 (libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers ...)
{DSA-3003-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:10.3-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
CVE-2013-0867 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav <not-affected> (Code in libav is different/not affect as per libav h264 maintainer)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae
CVE-2013-0866 (The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1 ...)
{DSA-2793-1}
- ffmpeg <not-affected> (Code in 0.5 is different/not affected)
- libav 6:0.8.7-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96f452ac647dae33c53c242ef3266b65a9beafb6
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96f452ac647dae33c53c242ef3266b65a9beafb6
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a943a132f36f4df8fe2f749744677b71984abce7
CVE-2013-0865 (The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg befor ...)
{DSA-2855-1}
@@ -17678,14 +17688,14 @@ CVE-2013-0862 (Multiple integer overflows in the process_frame_obj function in l
CVE-2013-0861 (The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg bef ...)
- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
- libav <not-affected> (Affected code not present in libav 0.8.x)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343
NOTE: Affects the libav version in experimental
CVE-2013-0860 (The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpe ...)
{DSA-3003-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:10.1-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
NOTE: [Vittorio] not present in master and 10, fix pushed to 9 and 0.8
CVE-2013-0859 (The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg befor ...)
- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
@@ -17695,14 +17705,14 @@ CVE-2013-0858 (The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:9.9-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=50cf5a7fb78846fc39b3ecdaa896a10bcd74da2a
NOTE: Fixed in 0.8.9
CVE-2013-0857 (The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1. ...)
{DSA-2793-1}
- ffmpeg <not-affected> (IFF PBM/ILBM bitmap decoder not present in 0.5 ffmpeg)
- libav 6:9.9-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=7d65e960c72f36b73ae7fe84f8e427d758e61da9
NOTE: Fixed in 0.8.9
CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 ...)
@@ -17710,37 +17720,37 @@ CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:9.10-1
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=78aa2ed620178044a227fbbe48f749c0dc86023f
CVE-2013-0855 (Integer overflow in the alac_decode_close function in libavcodec/alac. ...)
- ffmpeg <not-affected> (0.5 series not affected)
- libav 6:9.9-1 (bug #717009)
[wheezy] - libav <not-affected> (0.8 series not affected)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3920d1387834e2bc334aff9f518f4beb24e470bd
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3920d1387834e2bc334aff9f518f4beb24e470bd
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=f7c5883126f9440547933eefcf000aa78af4821c
CVE-2013-0854 (The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c ...)
{DSA-2793-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:0.8.8-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=cfbd98abe82cfcb9984a18d08697251b72b110c8
CVE-2013-0853 (The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg be ...)
{DSA-2793-1}
- ffmpeg <not-affected> (Vulnerability introduced later)
- libav 6:0.8.8-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=ed50673066956d6f2201a57c3254569f2ab08d9d
CVE-2013-0852 (The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg ...)
{DSA-3003-1}
- ffmpeg <not-affected> (PGS subtitle decoder not present)
- libav 6:10.3-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061
CVE-2013-0851 (The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 a ...)
{DSA-3003-1}
- ffmpeg <not-affected> (Electronic Arts Madcow Video decoder not present in ffmpeg 0.5)
- libav 6:10.3-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d
NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f9204ec56a4cf73843d1e5b8563d3584c2c05b47 (v10)
NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e8ff7972064631afbdf240ec6bfd9dec30cf2ce8 (v9)
NOTE: https://git.libav.org/?p=libav.git;a=commit;h=187cfd3c13a1deb47661486824a5b8f41e158a7a (v0.8)
@@ -17749,39 +17759,39 @@ CVE-2013-0850 (The decode_slice_header function in libavcodec/h264.c in FFmpeg b
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:0.8.7-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6e5cdf26281945ddea3aaf5eca4d127791f23ca8
CVE-2013-0849 (The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg bef ...)
{DSA-2855-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:9.3-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=488f87be873506abb01d67708a67c10a4dd29283
CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 ...)
{DSA-3003-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:10.4-1
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a7153444df9040bf6ae103e0bbf6104b66f974cb
CVE-2013-0847 (The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1. ...)
- ffmpeg <not-affected> (Affected code not present in ffmpeg 0.5)
- libav <not-affected> (Code in libav is different, read_ttag)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952
CVE-2013-0846 (Array index error in the qdm2_decode_super_block function in libavcode ...)
{DSA-2855-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:9.3-1 (bug #717009)
- NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
+ NOTE: ffmpeg commit: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=39bec05ed42e505d17877b0c23f16322f9b5883b
NOTE: Needed for ffmpeg 0.5
CVE-2013-0845 (libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to ...)
{DSA-2855-1}
- ffmpeg <not-affected> (MPEG-4 ALS decoder not present in ffmpeg/0.5)
- libav 6:9.11-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0ceca269b66ec12a23bf0907bd2c220513cdbf16
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0ceca269b66ec12a23bf0907bd2c220513cdbf16
NOTE: Fixed in revisions: v9-2748-g2a0fb72, v9.10-7-g3f7d890
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=2a0fb72
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=3f7d890
@@ -17790,7 +17800,7 @@ CVE-2013-0844 (Off-by-one error in the adpcm_decode_frame function in libavcodec
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:9.10-1
- NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4
+ NOTE: ffmpeg commit: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4
NOTE: libav commit: https://git.libav.org/?p=libav.git;a=commitdiff;h=12576afe206d35231ccd61f9033c5fdab6a11e
NOTE: Fixed in 0.8.9
CVE-2013-0843 (content/renderer/media/webrtc_audio_renderer.cc in Google Chrome befor ...)
@@ -19097,7 +19107,7 @@ CVE-2013-0346 (** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions
CVE-2013-0345 (varnish 3.0.3 uses world-readable permissions for the /var/log/varnish ...)
- varnish <not-affected> (Logfiles are owned by varnishlog:varnishlog)
CVE-2013-0344
- RESERVED
+ REJECTED
CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux ...)
{DSA-2906-1}
- linux 3.10.11-1 (low)
@@ -19105,6 +19115,7 @@ CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the L
- linux-2.6 <removed> (low)
CVE-2013-0342 (The CreateID function in packet.py in pyrad before 2.1 uses sequential ...)
- pyrad <unfixed> (low; bug #701151)
+ [bullseye] - pyrad <ignored> (Minor issue)
[buster] - pyrad <ignored> (Minor issue)
[stretch] - pyrad <ignored> (Minor issue)
[jessie] - pyrad <no-dsa> (Minor issue)
@@ -19114,7 +19125,8 @@ CVE-2013-0342 (The CreateID function in packet.py in pyrad before 2.1 uses seque
CVE-2013-0341 [external entity expansion]
REJECTED
CVE-2013-0340 (expat 2.1.0 and earlier does not properly handle entities expansion un ...)
- - expat <unfixed> (unimportant)
+ [experimental] - expat 2.4.1-1
+ - expat 2.4.1-2 (unimportant; bug #1001864)
NOTE: Expat provides API to mitigate expansion attacks, ultimately under control of the app using Expat
NOTE: https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-0340.html
CVE-2013-0339 (libxml2 through 2.9.1 does not properly handle external entities expan ...)
@@ -19125,6 +19137,7 @@ CVE-2013-0338 (libxml2 2.9.0 and earlier allows context-dependent attackers to c
- libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260)
CVE-2013-0337 (The default configuration of nginx, possibly 1.3.13 and earlier, uses ...)
- nginx <unfixed> (low; bug #701112)
+ [bullseye] - nginx <ignored> (Minor issue)
[buster] - nginx <ignored> (Minor issue)
[stretch] - nginx <ignored> (Minor issue)
[jessie] - nginx <ignored> (Minor issue)

© 2014-2024 Faster IT GmbH | imprint | privacy policy