[Secure-testing-commits] r16180 - data/CVE

Wed Feb 16 21:16:19 UTC 2011

Author: joeyh
Date: 2011-02-16 21:16:10 +0000 (Wed, 16 Feb 2011)
New Revision: 16180

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2011-02-16 21:11:32 UTC (rev 16179)
+++ data/CVE/list	2011-02-16 21:16:10 UTC (rev 16180)
@@ -1,3 +1,19 @@
+CVE-2011-1034 (Cross-site scripting (XSS) vulnerability in the UI in IBM Rational ...)
+	TODO: check
+CVE-2010-4740 (Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC ...)
+	TODO: check
+CVE-2010-4739 (SQL injection vulnerability in the Maian Media Silver (com_maianmedia) ...)
+	TODO: check
+CVE-2010-4738 (Multiple SQL injection vulnerabilities in Rae Media INC Real Estate ...)
+	TODO: check
+CVE-2010-4737 (SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb ...)
+	TODO: check
+CVE-2010-4736 (SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and ...)
+	TODO: check
+CVE-2010-4735 (SQL injection vulnerability in shoppingcart.asp in Ecommercemax ...)
+	TODO: check
+CVE-2010-4734 (Multiple cross-site scripting (XSS) vulnerabilities in the comment ...)
+	TODO: check
 CVE-2011-1033 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server ...)
 	TODO: check
 CVE-2011-1032 (IBM Lotus Connections 3.0, when IBM WebSphere Application Server ...)
@@ -134,18 +150,22 @@
 	NOTE: http://code.google.com/p/smarty-php/source/detail?r=3989
 	TODO: check
 CVE-2011-0987 (The PMA_Bookmark_get function in libraries/bookmark.lib.php in ...)
+	{DSA-2167-1}
 	- phpmyadmin 4:3.3.9.2-1
 CVE-2011-0986 (phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not ...)
 	- phpmyadmin 4:3.3.9.2-1 (unimportant)
 	NOTE: Path disclosure; paths in Debian are public info already
 CVE-2011-0985 (Google Chrome before 9.0.597.94 does not properly perform process ...)
+	{DSA-2166-1}
 	- chromium-browser 9.0.597.98~r74359-1
 	- webkit <not-affected> (Chromium specific)
 CVE-2011-0984 (Google Chrome before 9.0.597.94 does not properly handle plug-ins, ...)
+	{DSA-2166-1}
 	- chromium-browser 9.0.597.98~r74359-1
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/76264
 CVE-2011-0983 (Google Chrome before 9.0.597.94 does not properly handle anonymous ...)
+	{DSA-2166-1}
 	- chromium-browser 9.0.597.98~r74359-1
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/75810
@@ -155,6 +175,7 @@
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/76990
 CVE-2011-0981 (Google Chrome before 9.0.597.94 does not properly perform event ...)
+	{DSA-2166-1}
 	- chromium-browser 9.0.597.98~r74359-1
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/76708
@@ -559,6 +580,7 @@
 	[squeeze] - chromium-browser <not-affected>
 	- webkit <not-affected> (chromium specific)
 CVE-2011-0783 (Unspecified vulnerability in Google Chrome before 9.0.597.84 allows ...)
+	{DSA-2166-1}
 	- chromium-browser 9.0.597.84~r72991-1
 	- webkit <not-affected> (chromium specific)
 CVE-2011-0782 (Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate ...)
@@ -574,10 +596,12 @@
 	- chromium-browser 9.0.597.84~r72991-1
 	- webkit <not-affected> (chromium specific)
 CVE-2011-0778 (Google Chrome before 9.0.597.84 does not properly restrict drag and ...)
+	{DSA-2166-1}
 	- chromium-browser 9.0.597.84~r72991-1
 	- webkit <undetermined> 
 	NOTE: http://trac.webkit.org/changeset/71925
 CVE-2011-0777 (Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows ...)
+	{DSA-2166-1}
 	- chromium-browser 9.0.597.84~r72991-1
 	- webkit <undetermined> 
 	NOTE: http://trac.webkit.org/changeset/72230
@@ -952,8 +976,8 @@
 	RESERVED
 CVE-2011-0655
 	RESERVED
-CVE-2011-0654
-	RESERVED
+CVE-2011-0654 (Heap-based buffer overflow in Mrxsmb.sys in Microsoft Windows Server ...)
+	TODO: check
 CVE-2011-0653
 	RESERVED
 CVE-2011-0652 (lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 ...)
@@ -1010,10 +1034,12 @@
 	[lenny] - pam <no-dsa> (Minor issue)
 	[squeeze] - pam <no-dsa> (Minor issue)
 CVE-2010-4705 (Integer overflow in the vorbis_residue_decode_internal function in ...)
+	{DSA-2165-1}
 	- ffmpeg <not-affected> (issue introduced in 0.6.x series; bug #611495)
 	- ffmpeg-debian <not-affected> (issue introduced in 0.6.x series)
 	NOTE: recheck when 0.6.x gets uploaded
 CVE-2010-4704 (libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and ...)
+	{DSA-2165-1}
 	- ffmpeg <unfixed> (low; bug #611495)
 	- ffmpeg-debian <removed> (low)
 	NOTE: this is a crash found by fuzzing and not clearly exploitable (can be combined with other fixes so low urgency)
@@ -1517,8 +1543,10 @@
 	RESERVED
 CVE-2011-0431
 	RESERVED
+	{DSA-2168-1}
 CVE-2011-0430
 	RESERVED
+	{DSA-2168-1}
 CVE-2011-0429
 	RESERVED
 CVE-2011-0428
@@ -5880,6 +5908,7 @@
 	[lenny] - pam <not-affected> (Affected functionality introduced in 1.1.2, see #599832)
 	NOTE: 20100924164823.GA21584 at openwall.com
 CVE-2010-3429 (flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in ...)
+	{DSA-2165-1}
 	- ffmpeg 4:0.5.2-6 (bug #598590)
 	- ffmpeg-debian <removed>
 	NOTE: http://www.ocert.org/advisories/ocert-2010-004.html
@@ -7239,8 +7268,8 @@
 	- hsolink <removed>
 CVE-2010-2929 (Untrusted search path vulnerability in hsolinkcontrol in hsolink ...)
 	- hsolink <removed>
-CVE-2010-2928
-	RESERVED
+CVE-2010-2928 (The vCenter Tomcat Management Application in VMware vCenter Server 4.1 ...)
+	TODO: check
 CVE-2010-2927 (The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) ...)
 	NOT-FOR-US: Tivoli
 CVE-2009-4976 (Cross-site scripting (XSS) vulnerability in webkitpart.cpp in ...)


