[Secure-testing-commits] r17758 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Dec 6 21:14:27 UTC 2011 

Author: joeyh
Date: 2011-12-06 21:14:27 +0000 (Tue, 06 Dec 2011)
New Revision: 17758

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-12-06 21:04:42 UTC (rev 17757)
+++ data/CVE/list	2011-12-06 21:14:27 UTC (rev 17758)
@@ -1,3 +1,7 @@
+CVE-2011-4678 (The password reset feature in One Click Orgs before 1.2.3 generates ...)
+	TODO: check
+CVE-2011-4677 (One Click Orgs before 1.2.3 does not have an off autocomplete ...)
+	TODO: check
 CVE-2011-4676
 	RESERVED
 CVE-2011-4675 (The pathname canonicalization functionality in ...)
@@ -256,14 +260,14 @@
 	RESERVED
 CVE-2011-4556
 	RESERVED
-CVE-2011-4555
-	RESERVED
-CVE-2011-4554
-	RESERVED
-CVE-2011-4553
-	RESERVED
-CVE-2011-4552
-	RESERVED
+CVE-2011-4555 (One Click Orgs before 1.2.3 does not require unique e-mail addresses ...)
+	TODO: check
+CVE-2011-4554 (One Click Orgs before 1.2.3 allows remote authenticated users to ...)
+	TODO: check
+CVE-2011-4553 (Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 ...)
+	TODO: check
+CVE-2011-4552 (Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs ...)
+	TODO: check
 CVE-2011-4551
 	RESERVED
 CVE-2011-4550
@@ -762,6 +766,7 @@
 	NOT-FOR-US: Apache MyFaces
 CVE-2011-4358 [Mojarra - includeViewParameters re-evaluates param/model values as EL expressions]
 	RESERVED
+	{DSA-2359-1}
 	- mojarra 2.0.3-2 (bug #650430)
 CVE-2011-4357 [clearsilver format string issue]
 	RESERVED
@@ -1499,8 +1504,7 @@
 CVE-2011-4131
 	RESERVED
 	- linux-2.6 <unfixed>
-CVE-2011-4130 [Response pool use-after-free memory corruption error]
-	RESERVED
+CVE-2011-4130 (Use-after-free vulnerability in the Response API in ProFTPD before ...)
 	{DSA-2346-2 DSA-2346-1}
 	- proftpd-dfsg 1.3.4~rc3-2 (high; bug #648373)
 	[lenny] - proftpd-dfsg <not-affected> (vulnerable functionality not present)

More information about the Secure-testing-commits mailing list