[Secure-testing-commits] r16222 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Feb 21 21:14:45 UTC 2011
Author: joeyh
Date: 2011-02-21 21:14:43 +0000 (Mon, 21 Feb 2011)
New Revision: 16222
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-02-21 19:47:14 UTC (rev 16221)
+++ data/CVE/list 2011-02-21 21:14:43 UTC (rev 16222)
@@ -1,3 +1,31 @@
+CVE-2011-1044 (The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c ...)
+ TODO: check
+CVE-2011-1043
+ RESERVED
+CVE-2011-1042 (Use-after-free vulnerability in flimflamd in flimflam in Google Chrome ...)
+ TODO: check
+CVE-2011-1041
+ RESERVED
+CVE-2011-1040
+ RESERVED
+CVE-2011-1039
+ RESERVED
+CVE-2011-1038
+ RESERVED
+CVE-2011-1037
+ RESERVED
+CVE-2011-1036
+ RESERVED
+CVE-2011-1035 (The password reset in PivotX before 2.2.4 allows remote attackers to ...)
+ TODO: check
+CVE-2010-4744 (Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have ...)
+ TODO: check
+CVE-2010-4743 (Heap-based buffer overflow in the getarena function in abc2ps.c in ...)
+ TODO: check
+CVE-2010-4742 (Stack-based buffer overflow in a certain ActiveX control in ...)
+ TODO: check
+CVE-2010-4741 (Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool ...)
+ TODO: check
CVE-2011-1034 (Cross-site scripting (XSS) vulnerability in the UI in IBM Rational ...)
NOT-FOR-US: IBM Rational Build Forge
CVE-2010-4740 (Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC ...)
@@ -85,8 +113,7 @@
- avahi <unfixed>
CVE-2011-1001
RESERVED
-CVE-2011-1000 [telepathy-gabble audio/video call intercepting]
- RESERVED
+CVE-2011-1000 (jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before ...)
{DSA-2169-1}
- telepathy-gabble 0.9.15-2
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=34048
@@ -654,7 +681,7 @@
[lenny] - aptitude <no-dsa> (Minor issue)
CVE-2011-0775 (pivotx/modules/module_image.php in PivotX 2.2.2 allows remote ...)
NOT-FOR-US: PivotX
-CVE-2011-0774 (PivotX 2.2.2 allows remote attackers to obtain sensitive information ...)
+CVE-2011-0774 (PivotX before 2.2.2 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: PivotX
CVE-2011-0773 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: PivotX
@@ -792,8 +819,7 @@
RESERVED
CVE-2011-0725
RESERVED
-CVE-2011-0724
- RESERVED
+CVE-2011-0724 (The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not ...)
- italc <not-affected> (Only Edubuntu Live DVD affected)
NOTE: https://bugs.launchpad.net/ubuntu/+source/italc/+bug/714864
NOTE: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001245.html
@@ -801,8 +827,7 @@
RESERVED
CVE-2011-0722
RESERVED
-CVE-2011-0721 [chfn/chsh newline injection]
- RESERVED
+CVE-2011-0721 (Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in ...)
{DSA-2164-1}
- shadow 1:4.1.4.2+svn3283-3
[lenny] - shadow <not-affected> (Vulnerable code not present)
@@ -834,17 +859,14 @@
RESERVED
- wireshark <unfixed>
NOTE: http://anonsvn.wireshark.org/viewvc?view=rev&revision=35953
-CVE-2011-0712 [ALSA: caiaq - Fix possible string-buffer overflow]
- RESERVED
+CVE-2011-0712 (Multiple buffer overflows in the caiaq Native Instruments USB audio ...)
- linux-2.6 <unfixed>
CVE-2011-0711
RESERVED
- linux-2.6 <unfixed> (low)
-CVE-2011-0710
- RESERVED
+CVE-2011-0710 (The task_show_regs function in arch/s390/kernel/traps.c in the Linux ...)
- linux-2.6 <unfixed> (low)
-CVE-2011-0709
- RESERVED
+CVE-2011-0709 (The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux ...)
- linux-2.6 <not-affected> (Introduced in 2.6.35-rc1 and fixed in 2.6.35-rc5)
CVE-2011-0708 [exif data processing DoS (limited abitrary memory access)]
RESERVED
@@ -856,8 +878,8 @@
NOTE: patch http://mail.python.org/pipermail/mailman-developers/attachments/20110218/15500b22/attachment.txt
NOTE: present in 2.1.14 and earlier
NOTE: http://mail.python.org/pipermail/mailman-developers/2011-February/021317.html
-CVE-2011-0706
- RESERVED
+CVE-2011-0706 (The "JNLPClassLoader" class in IcedTea-Web before 1.0.1, as used in ...)
+ TODO: check
CVE-2011-0705 [path traversal in SimpleHTTPServer]
RESERVED
- python3.2 <unfixed>
@@ -996,7 +1018,7 @@
RESERVED
CVE-2011-0655
RESERVED
-CVE-2011-0654 (Heap-based buffer overflow in Mrxsmb.sys in Microsoft Windows Server ...)
+CVE-2011-0654 (Integer underflow in the BowserWriteErrorLogEntry function in the ...)
TODO: check
CVE-2011-0653
RESERVED
@@ -1371,6 +1393,7 @@
CVE-2010-4701 (Heap-based buffer overflow in the CDrawPoly::Serialize function in ...)
NOT-FOR-US: Microsoft Windows Fax Services Cover Page Editor
CVE-2011-0495 (Stack-based buffer overflow in the ast_uri_encode function in ...)
+ {DSA-2171-1}
- asterisk <unfixed> (bug #610487)
CVE-2011-0494 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access ...)
NOT-FOR-US: IBM Tivoli Access Manager
@@ -1503,8 +1526,8 @@
RESERVED
CVE-2011-0454
RESERVED
-CVE-2011-0453
- RESERVED
+CVE-2011-0453 (F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not ...)
+ TODO: check
CVE-2011-0452
RESERVED
CVE-2011-0451 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
@@ -1564,12 +1587,10 @@
TODO: check vftool (also against the older parseafm issue in evince)
CVE-2011-0432
RESERVED
-CVE-2011-0431
- RESERVED
+CVE-2011-0431 (The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel ...)
{DSA-2168-1}
- openafs 1.4.14+dfsg-1
-CVE-2011-0430
- RESERVED
+CVE-2011-0430 (Double free vulnerability in the Rx server process in OpenAFS 1.4.14, ...)
{DSA-2168-1}
- openafs 1.4.14+dfsg-1
CVE-2011-0429
@@ -1596,8 +1617,7 @@
RESERVED
- php5 <unfixed>
NOTE: http://svn.php.net/viewvc?view=revision&revision=307867
-CVE-2011-0420 [grapheme_extract null pointer deref]
- RESERVED
+CVE-2011-0420 (The grapheme_extract function in the Internationalization extension ...)
- php5 <unfixed> (low)
[lenny] - php5 <not-affected> (intl extension added in 5.3)
[squeeze] - php5 <no-dsa> (Minor issue)
@@ -1719,8 +1739,7 @@
RESERVED
CVE-2011-0365
RESERVED
-CVE-2011-0364
- RESERVED
+CVE-2011-0364 (The Management Console (webagent.exe) in Cisco Security Agent 5.1, ...)
NOT-FOR-US: Cisco Security Agent Management
CVE-2011-0363
RESERVED
@@ -2036,8 +2055,7 @@
RESERVED
- linux-2.6 2.6.32-30
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.29)
-CVE-2010-4649
- RESERVED
+CVE-2010-4649 (Integer overflow in the ib_uverbs_poll_cq function in ...)
{DSA-2153-1}
- linux-2.6 2.6.32-30
CVE-2010-4648
@@ -2633,8 +2651,7 @@
RESERVED
CVE-2011-0051
RESERVED
-CVE-2011-0050
- RESERVED
+CVE-2011-0050 (Cross-site scripting (XSS) vulnerability in the nonjs interface ...)
{DSA-2158-1}
- cgiirc <unfixed> (bug #612671)
CVE-2011-0049 (Directory traversal vulnerability in the _list_file_get function in ...)
@@ -2991,13 +3008,11 @@
CVE-2011-0015 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not ...)
{DSA-2148-1}
- tor 0.2.1.29-1
-CVE-2011-0014 [http://www.openssl.org/news/secadv_20110208.txt]
- RESERVED
+CVE-2011-0014 (ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c ...)
{DSA-2162-1}
- openssl 0.9.8o-5 (low)
[lenny] - openssl <not-affected> (Only 0.9.8h through 0.9.8q are affected)
-CVE-2011-0013 [tomcat HTML manager XSS]
- RESERVED
+CVE-2011-0013 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML ...)
{DSA-2160-1}
- tomcat5.5 <removed> (low)
[lenny] - tomcat5.5 <no-dsa> (Minor issue)
@@ -3125,7 +3140,7 @@
- openssh <not-affected> (J-PAKE not activated, see bug #606922)
CVE-2010-4477
RESERVED
-CVE-2010-4476 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
+CVE-2010-4476 (The Double.parseDouble method in Java Runtime Environment (JRE) in ...)
{DSA-2161-2 DSA-2161-1}
- openjdk-6 <unfixed> (bug #612660)
- sun-java6 6.24-1
@@ -3491,8 +3506,7 @@
CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton ...)
{DSA-2139-1}
- phpmyadmin 4:3.3.7-2
-CVE-2010-4328
- RESERVED
+CVE-2010-4328 (Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd ...)
NOT-FOR-US: Novell iPrint LPD
CVE-2010-4327 (Unspecified vulnerability in the NCP service in Novell eDirectory ...)
NOT-FOR-US: Novell eDirectory
@@ -3502,8 +3516,8 @@
NOT-FOR-US: Groupwise
CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form in the ...)
NOT-FOR-US: Novell Identity Manager
-CVE-2010-4323
- RESERVED
+CVE-2010-4323 (Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks ...)
+ TODO: check
CVE-2010-4322 (Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell ...)
NOT-FOR-US: Novell Vibe
CVE-2010-4321 (Stack-based buffer overflow in an ActiveX control in ienipp.ocx in ...)
@@ -5866,8 +5880,7 @@
{DSA-2126-1}
- linux-2.6 2.6.32-25
NOTE: http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=5591bf07225523600450edd9e6ad258bb877b779
-CVE-2010-3441
- RESERVED
+CVE-2010-3441 (Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote ...)
- abcm2ps 5.9.13-0.1 (low; bug #577014)
[lenny] - abcm2ps <no-dsa> (Minor issue)
CVE-2010-3440 [babiloo insecure downloading and unpacking of dictionary files]
More information about the Secure-testing-commits
mailing list