[Secure-testing-commits] r17950 - data/CVE

Florian Weimer fw at alioth.debian.org
Sat Dec 31 17:12:55 UTC 2011 

Author: fw
Date: 2011-12-31 17:12:55 +0000 (Sat, 31 Dec 2011)
New Revision: 17950

Modified:
   data/CVE/list
Log:
CVE-2011-5025: yaws
CVE-2011-5021: php-ids <itp>
CVE-2009-5110: dhttpd
CVE-2007-6750: apache2


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-12-31 16:59:28 UTC (rev 17949)
+++ data/CVE/list	2011-12-31 17:12:55 UTC (rev 17950)
@@ -31,15 +31,15 @@
 CVE-2011-5026 (Cross-site scripting (XSS) vulnerability in Winn GuestBook before ...)
 	NOT-FOR-US: Winn Guestbook
 CVE-2011-5025 (Multiple cross-site scripting (XSS) vulnerabilities in the wiki ...)
-	TODO: check
+	- yaws <unfixed>
 CVE-2011-5024 (Cross-site scripting (XSS) vulnerability in mmsearch/design in the ...)
-	TODO: check
+	NOT-FOR-US: ht://Dig integration for Mailman
 CVE-2011-5023 (Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows ...)
-	TODO: check
+	NOT-FOR-US: Pligg CMS
 CVE-2011-5022 (SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows ...)
-	TODO: check
+	NOT-FOR-US: Pligg CMS
 CVE-2011-5021 (PHPIDS before 0.7 does not properly implement Regular Expression ...)
-	TODO: check
+	- php-ids <itp> (bug #488848)
 CVE-2011-5020
 	RESERVED
 CVE-2011-5019
@@ -57,29 +57,29 @@
 CVE-2011-5013
 	RESERVED
 CVE-2011-5012 (Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll ...)
-	TODO: check
+	NOT-FOR-US: Attachmate Reflection
 CVE-2011-5011 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: xt:Commerce
 CVE-2011-5010 (apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows ...)
-	TODO: check
+	NOT-FOR-US: Ctek SkyRouter
 CVE-2011-5009 (The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 ...)
-	TODO: check
+	NOT-FOR-US: 3S CoDeSys
 CVE-2011-5008 (Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 ...)
-	TODO: check
+	NOT-FOR-US: 3S CoDeSys
 CVE-2011-5007 (Stack-based buffer overflow in the CmpWebServer component in 3S ...)
-	TODO: check
+	NOT-FOR-US: 3S CoDeSys
 CVE-2011-5006 (Stack-based buffer overflow in QQPlayer 3.2.845 allows remote ...)
-	TODO: check
+	NOT-FOR-US: QQPlayer
 CVE-2011-5005 (Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier ...)
-	TODO: check
+	NOT-FOR-US: QuiXplorer
 CVE-2011-5004 (Unrestricted file upload vulnerability in models/importcsv.php in the ...)
-	TODO: check
+	NOT-FOR-US: Joomla extension
 CVE-2011-5003 (Stack-based buffer overflow in the Phonetic Indexer ...)
-	TODO: check
+	NOT-FOR-US: Avid Media Composer
 CVE-2011-5002 (Multiple stack-based buffer overflows in Final Draft 8 before 8.02 ...)
-	TODO: check
+	NOT-FOR-US: Final Draft
 CVE-2011-5001 (Stack-based buffer overflow in the CGenericScheduler::AddTask function ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro Control Manager
 CVE-2011-5000
 	RESERVED
 CVE-2011-4999
@@ -277,15 +277,19 @@
 CVE-2011-4898
 	RESERVED
 CVE-2010-5081 (Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 ...)
-	TODO: check
+	NOT-FOR-US: Mini-Stream RM-MP3 Converter
 CVE-2009-5111 (GoAhead WebServer allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOT-FOR-US: GoAhead WebServer
 CVE-2009-5110 (dhttpd allows remote attackers to cause a denial of service (daemon ...)
-	TODO: check
+	- dhttpd <unfixed> (low; bug #533665)
+	[etch] - dhttpd <no-dsa> (Minor issue)
+	[lenny] - dhttpd <no-dsa> (Minor issue)
 CVE-2009-5109 (Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows ...)
-	TODO: check
+	NOT-FOR-US: Mini-Stream Ripper
 CVE-2007-6750 (The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a ...)
-	TODO: check
+	- apache2 2.2.15-3 (medium; bug #533661)
+	- apache <removed> (medium; bug #533662)
+	[lenny] - apache2 <no-dsa> (Minor issue)
 CVE-2011-XXXX [php5 session id is world-readable]
 	- php5 <unfixed> (low; bug #653169)
 CVE-2011-4904
@@ -36267,15 +36271,9 @@
 	[etch] - pcsc-lite <not-affected> (directory introduced in 1.5.0)
 	[lenny] - pcsc-lite <not-affected> (directory introduced in 1.5.0)
 CVE-2009-XXXX ["slowloris" denial-of-service vulnerabilty in webservers]
-	- apache2 2.2.15-3 (medium; bug #533661)
-	- apache <removed> (medium; bug #533662)
-	[lenny] - apache2 <no-dsa> (Minor issue)
 	- squid <not-affected>
 	- squid3 <not-affected>
 	NOTE: http://www.squid-cache.org/bugs/show_bug.cgi?id=2694
-	- dhttpd <unfixed> (unimportant; bug #533665)
-	[etch] - dhttpd <no-dsa> (Minor issue)
-	[lenny] - dhttpd <no-dsa> (Minor issue)
 	- lighttpd <not-affected>
 CVE-2009-2107 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
 	NOT-FOR-US: Webmedia Explorer

More information about the Secure-testing-commits mailing list