[Secure-testing-commits] r16155 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Feb 15 21:17:12 UTC 2011
Author: joeyh
Date: 2011-02-15 21:17:02 +0000 (Tue, 15 Feb 2011)
New Revision: 16155
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-02-15 20:16:09 UTC (rev 16154)
+++ data/CVE/list 2011-02-15 21:17:02 UTC (rev 16155)
@@ -1,3 +1,105 @@
+CVE-2011-1033 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server ...)
+ TODO: check
+CVE-2011-1032 (IBM Lotus Connections 3.0, when IBM WebSphere Application Server ...)
+ TODO: check
+CVE-2011-1031 (The feh_unique_filename function in utils.c in feh 1.11.2 and earlier ...)
+ TODO: check
+CVE-2011-1030 (Cross-site scripting (XSS) vulnerability in the Wikis component in IBM ...)
+ TODO: check
+CVE-2011-1029 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...)
+ TODO: check
+CVE-2011-1028
+ RESERVED
+CVE-2011-1027
+ RESERVED
+CVE-2011-1026
+ RESERVED
+CVE-2011-1025
+ RESERVED
+CVE-2011-1024
+ RESERVED
+CVE-2011-1023
+ RESERVED
+CVE-2011-1022
+ RESERVED
+CVE-2011-1021
+ RESERVED
+CVE-2011-1020
+ RESERVED
+CVE-2011-1019
+ RESERVED
+CVE-2011-1018
+ RESERVED
+CVE-2011-1017
+ RESERVED
+CVE-2011-1016
+ RESERVED
+CVE-2011-1015
+ RESERVED
+CVE-2011-1014
+ RESERVED
+CVE-2011-1013
+ RESERVED
+CVE-2011-1012
+ RESERVED
+CVE-2011-1011
+ RESERVED
+CVE-2011-1010
+ RESERVED
+CVE-2011-1009
+ RESERVED
+CVE-2011-1008
+ RESERVED
+CVE-2011-1007
+ RESERVED
+CVE-2011-1006
+ RESERVED
+CVE-2011-1005
+ RESERVED
+CVE-2011-1004
+ RESERVED
+CVE-2011-1003
+ RESERVED
+CVE-2011-1002
+ RESERVED
+CVE-2011-1001
+ RESERVED
+CVE-2011-1000
+ RESERVED
+CVE-2011-0999
+ RESERVED
+CVE-2011-0998
+ RESERVED
+CVE-2011-0997
+ RESERVED
+CVE-2011-0996
+ RESERVED
+CVE-2011-0995
+ RESERVED
+CVE-2011-0994
+ RESERVED
+CVE-2011-0993
+ RESERVED
+CVE-2011-0992
+ RESERVED
+CVE-2011-0991
+ RESERVED
+CVE-2011-0990
+ RESERVED
+CVE-2011-0989
+ RESERVED
+CVE-2011-0988
+ RESERVED
+CVE-2010-4733 (WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway ...)
+ TODO: check
+CVE-2010-4732 (cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, ...)
+ TODO: check
+CVE-2010-4731 (Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA ...)
+ TODO: check
+CVE-2010-4730 (Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA ...)
+ TODO: check
+CVE-2008-7274 (IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login ...)
+ TODO: check
CVE-2011-XXXX [unspecified XSS vulnerability]
- mailman <unfixed>
NOTE: present in 2.1.14 and earlier
@@ -31,9 +133,9 @@
NOTE: http://www.smarty.net/forums/viewtopic.php?t=18815
NOTE: http://code.google.com/p/smarty-php/source/detail?r=3989
TODO: check
-CVE-2011-0987 [phpmyadmin sql inj PMASA-2011-2]
+CVE-2011-0987 (The PMA_Bookmark_get function in libraries/bookmark.lib.php in ...)
- phpmyadmin 4:3.3.9.2-1
-CVE-2011-0986 [phpmyadmin path disclosure PMASA-2011-1]
+CVE-2011-0986 (phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not ...)
- phpmyadmin 4:3.3.9.2-1 (unimportant)
NOTE: Path disclosure; paths in Debian are public info already
CVE-2011-0985 (Google Chrome before 9.0.597.94 does not properly perform process ...)
@@ -565,7 +667,7 @@
- smarty3 <unfixed>
- smarty <unfixed>
TODO: check
-CVE-2011-0758 (The CA ETrust Secure Content Manager Common Services Transport ...)
+CVE-2011-0758 (The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager ...)
NOT-FOR-US: CA ETrust
CVE-2011-0757 (IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, ...)
NOT-FOR-US: IBM DB2
@@ -696,8 +798,7 @@
RESERVED
CVE-2011-0703
RESERVED
-CVE-2011-0702 [feh tempfile]
- RESERVED
+CVE-2011-0702 (The feh_unique_filename function in utils.c in feh before 1.11.2 might ...)
- feh <unfixed> (low; bug #612035)
[squeeze] - feh <no-dsa> (Minor issue)
[lenny] - feh <no-dsa> (Minor issue)
@@ -707,19 +808,16 @@
RESERVED
CVE-2011-0699
RESERVED
-CVE-2011-0698 [Directory-traversal vulnerability on Windows]
- RESERVED
+CVE-2011-0698 (Directory traversal vulnerability in Django 1.1.x before 1.1.4 and ...)
- python-django <not-affected> (Windows-specific)
NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
-CVE-2011-0697 [Potential XSS in file field rendering]
- RESERVED
+CVE-2011-0697 (Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 ...)
{DSA-2163-1}
- python-django <unfixed>
[lenny] - python-django <not-affected> (Vulnerable code not present)
NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
[squeeze] - python-django 1.2.3-3+squeeze1
-CVE-2011-0696 [Flaw in CSRF handling]
- RESERVED
+CVE-2011-0696 (Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly ...)
{DSA-2163-1}
- python-django <unfixed>
[lenny] - python-django <not-affected> (Vulnerable code not present)
@@ -751,7 +849,7 @@
NOT-FOR-US: Opera
CVE-2011-0683 (Opera before 11.01 does not properly restrict the use of opera: URLs, ...)
NOT-FOR-US: Opera
-CVE-2011-0682 (Opera before 11.01 does not properly handle large form inputs, which ...)
+CVE-2011-0682 (Integer truncation error in opera.dll in Opera before 11.01 allows ...)
NOT-FOR-US: Opera
CVE-2011-0681 (The Cascading Style Sheets (CSS) Extensions for XML implementation in ...)
NOT-FOR-US: Opera
@@ -950,7 +1048,7 @@
NOT-FOR-US: Adobe Flash Player
CVE-2011-0607 (Adobe Flash Player before 10.2.152.26 allows attackers to execute ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2011-0606 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
+CVE-2011-0606 (Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat ...)
NOT-FOR-US: Adobe Reader
CVE-2011-0605 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
NOT-FOR-US: Adobe Reader
@@ -962,11 +1060,11 @@
NOT-FOR-US: Adobe Reader
CVE-2011-0601
RESERVED
-CVE-2011-0600 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
+CVE-2011-0600 (The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x ...)
NOT-FOR-US: Adobe Reader
CVE-2011-0599 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
NOT-FOR-US: Adobe Reader
-CVE-2011-0598 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
+CVE-2011-0598 (Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before ...)
NOT-FOR-US: Adobe Reader
CVE-2011-0597
RESERVED
@@ -1052,7 +1150,7 @@
NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0556 (The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-0555 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...)
+CVE-2011-0555 (The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 ...)
NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0554
RESERVED
@@ -1339,10 +1437,10 @@
RESERVED
CVE-2011-0448
RESERVED
-CVE-2011-0447
- RESERVED
-CVE-2011-0446
- RESERVED
+CVE-2011-0447 (Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before ...)
+ TODO: check
+CVE-2011-0446 (Multiple cross-site scripting (XSS) vulnerabilities in the mail_to ...)
+ TODO: check
CVE-2010-4695 (A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as ...)
- gif2png 2.5.4-2 (low; bug #610479)
[lenny] - gif2png <no-dsa> (Minor issue)
@@ -2359,7 +2457,7 @@
RESERVED
CVE-2011-0093 (ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does ...)
NOT-FOR-US: Microsoft Visio
-CVE-2011-0092 (ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does ...)
+CVE-2011-0092 (The LZW stream decompression functionality in ORMELEMS.DLL in ...)
NOT-FOR-US: Microsoft Visio
CVE-2011-0091 (Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not ...)
NOT-FOR-US: Microsoft Windows
@@ -2595,7 +2693,7 @@
CVE-2010-XXXX [TYPO3-SA-2010-022]
- typo3-src 4.3.9+dfsg1-1 (bug #607286)
NOTE: CVE ID requested
-CVE-2011-0045 (The kernel in Microsoft Windows XP SP3 performs memory allocation ...)
+CVE-2011-0045 (The Trace Events functionality in the kernel in Microsoft Windows XP ...)
NOT-FOR-US: Microsoft Windows
CVE-2011-0044
RESERVED
@@ -6127,7 +6225,7 @@
NOT-FOR-US: RSA Authentication Agent 7.0 for Web
CVE-2010-3260
RESERVED
-CVE-2010-3259 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 ...)
+CVE-2010-3259 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, ...)
- chromium-browser 6.0.472.53~r57914-1
- webkit 1.2.5-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
@@ -6146,7 +6244,7 @@
- chromium-browser 6.0.472.53~r57914-1
- webkit <not-affected>
NOTE: chromium specific
-CVE-2010-3255 (Google Chrome before 6.0.472.53 does not properly handle counter ...)
+CVE-2010-3255 (Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not ...)
- chromium-browser 6.0.472.53~r57914-1
- webkit 1.2.5-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
@@ -6574,7 +6672,7 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=44096
NOTE: http://trac.webkit.org/changeset/65329
NOTE: http://trac.webkit.org/changeset/65325
-CVE-2010-3119 (Google Chrome before 5.0.375.127 does not properly support the Ruby ...)
+CVE-2010-3119 (Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not ...)
- chromium-browser 5.0.375.127~r55887-1
- webkit 1.2.4-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
@@ -6594,20 +6692,20 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=43147
NOTE: https://bugs.webkit.org/show_bug.cgi?id=43888
NOTE: http://trac.webkit.org/changeset/65280 vulnerable code not present in 1.2 series
-CVE-2010-3115 (Google Chrome before 5.0.375.127 does not properly implement the ...)
+CVE-2010-3115 (Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not ...)
- webkit 1.2.5-1 (bug #599830)
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.127~r55887-1
NOTE: http://trac.webkit.org/changeset/63925
NOTE: http://trac.webkit.org/changeset/64077
NOTE: only partially fixed: only 64077 applied in 1.2.4-1
-CVE-2010-3114 (The text-editing implementation in Google Chrome before 5.0.375.127 ...)
+CVE-2010-3114 (The text-editing implementation in Google Chrome before 5.0.375.127, ...)
- webkit 1.2.4-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.127~r55887-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=42655
NOTE: http://trac.webkit.org/changeset/63773
-CVE-2010-3113 (Google Chrome before 5.0.375.127 does not properly handle SVG ...)
+CVE-2010-3113 (Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not ...)
- webkit 1.2.5-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.127~r55887-1
@@ -10018,7 +10116,7 @@
- webkit 1.2.5-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <undetermined>
-CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
+CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
@@ -10037,7 +10135,7 @@
NOT-FOR-US: Apple iOS
CVE-2010-1808 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2, and ...)
+CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android ...)
- webkit 1.2.5-1 (bug #599830)
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <not-affected>
More information about the Secure-testing-commits
mailing list