[Secure-testing-commits] r16496 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Apr 8 14:04:18 UTC 2011 

Author: jmm
Date: 2011-04-08 14:04:10 +0000 (Fri, 08 Apr 2011)
New Revision: 16496

Modified:
   data/CVE/list
Log:
harmless ldd issue, already fixed in Squeeze
new t1lib issues, possibly needs a ticket, but didn't check further
NFUs



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-04-08 10:52:27 UTC (rev 16495)
+++ data/CVE/list	2011-04-08 14:04:10 UTC (rev 16496)
@@ -210,11 +210,11 @@
 CVE-2010-4778 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	TODO: check
 CVE-2011-1554 (Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before ...)
-	TODO: check
+	- t1lib <unfixed>
 CVE-2011-1553 (Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in ...)
-	TODO: check
+	- t1lib <unfixed>
 CVE-2011-1552 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other ...)
-	TODO: check
+	- t1lib <unfixed>
 CVE-2011-1551 (SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ ...)
 	- logrotate <unfixed>
 CVE-2011-1550 (The default configuration of logrotate on SUSE openSUSE Factory uses ...)
@@ -224,7 +224,9 @@
 CVE-2011-1548 (The default configuration of logrotate on Debian GNU/Linux uses root ...)
 	- logrotate <unfixed>
 CVE-2009-5064 (** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and ...)
-	TODO: check
+	- eglibc 2.10.1-7
+	- glibc <removed> (unimportant)
+	NOTE: Obscure attack
 CVE-2011-1547
 	RESERVED
 CVE-2011-1546 (Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase ...)
@@ -339,13 +341,13 @@
 CVE-2010-4773 (Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D ...)
 	NOT-FOR-US: Hitachi EUR Form, uCosminexus EUR Form Service
 CVE-2010-4772 (Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS ...)
-	TODO: check
+	NOT-FOR-US: S-CMS
 CVE-2010-4771 (SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows ...)
-	TODO: check
+	NOT-FOR-US: S-CMS
 CVE-2010-4770 (SQL injection vulnerability in index.php in CommodityRentals DVD ...)
 	NOT-FOR-US: CommodityRentals DVD Rentals Script
 CVE-2010-4769 (Directory traversal vulnerability in the Jimtawl (com_jimtawl) ...)
-	TODO: check
+	NOT-FOR-US: Jimtawl
 CVE-2011-1506 (The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and ...)
 	NOT-FOR-US: Kerio
 CVE-2011-1505 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 ...)

More information about the Secure-testing-commits mailing list