[Secure-testing-commits] r15838 - in data: CVE DSA

Raphael Geissert geissert at alioth.debian.org
Thu Jan 13 04:43:50 UTC 2011 

Author: geissert
Date: 2011-01-13 04:43:46 +0000 (Thu, 13 Jan 2011)
New Revision: 15838

Modified:
   data/CVE/list
   data/DSA/list
Log:
new sssd issues, kvm/qemu, eclipse, libuser
dpkg got another id


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-12 22:17:10 UTC (rev 15837)
+++ data/CVE/list	2011-01-13 04:43:46 UTC (rev 15838)
@@ -41,7 +41,8 @@
 CVE-2011-0403 (Untrusted search path vulnerability in ImgBurn.exe in [VENDOR] ImgBurn ...)
 	NOT-FOR-US: ImgBurn
 CVE-2011-0402 (dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted ...)
-	TODO: check
+	{DSA-2142-1}
+	- dpkg 1.15.8.8
 CVE-2011-0401 (Piwik before 1.1 does not properly limit the number of files stored ...)
 	- piwik <itp> (bug #506933)
 CVE-2011-0400 (Cookie.php in Piwik before 1.1 does not set the secure flag for the ...)
@@ -413,8 +414,9 @@
 	RESERVED
 	- linux-2.6 2.6.32-30
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
-CVE-2010-4647
+CVE-2010-4647 [eclipse: Help Content web application vulnerable to XSS]
 	RESERVED
+	- eclipse <unfixed>
 CVE-2010-4646
 	RESERVED
 CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 ...)
@@ -1133,7 +1135,7 @@
 CVE-2009-5032 (The encrypted e-mail feature in IBM Lotus Notes Traveler before ...)
 	NOT-FOR-US: IBM Lotus Notes Traveler
 CVE-2010-XXXX [TYPO3-SA-2010-022]
-	- typo3-src 4.3.9+dfsg1-1
+	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
 CVE-2011-0045
 	RESERVED
 CVE-2011-0044
@@ -1333,8 +1335,11 @@
 	RESERVED
 CVE-2011-0012
 	RESERVED
-CVE-2011-0011
+CVE-2011-0011 [qemu-kvm: Setting VNC password to empty string silently disables all authentication]
 	RESERVED
+	- qemu <unfixed>
+	- kvm <removed>
+	TODO: check
 CVE-2011-0010
 	RESERVED
 	- sudo 1.7.4p4-6 (bug #609641)
@@ -1359,8 +1364,10 @@
 	{DTSA-207-1}
 	- mediawiki <unfixed>
 	[lenny] - mediawiki <no-dsa> (Fixed in next point update)
-CVE-2011-0002
+CVE-2011-0002 [libuser creates LDAP users with a default password]
 	RESERVED
+	- libuser <unfixed>
+	TODO: check
 CVE-2011-0001
 	RESERVED
 CVE-2010-4499 (Session fixation vulnerability in Collaborative Information Manager ...)
@@ -1767,8 +1774,10 @@
 	[lenny] - linux-2.6 <not-affected> (Driver introduced in 2.6.32)
 CVE-2010-4342 (The aun_incoming function in net/econet/af_econet.c in the Linux ...)
 	- linux-2.6 2.6.32-30
-CVE-2010-4341
+CVE-2010-4341 [DoS in sssd PAM responder can prevent logins]
 	RESERVED
+	- sssd <unfixed>
+	TODO: check
 CVE-2010-4333 (Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers ...)
 	NOT-FOR-US: Pointter PHP Micro-Blogging Social Network
 CVE-2010-4332 (Pointter PHP Content Management System 1.0 allows remote attackers to ...)
@@ -14695,7 +14704,8 @@
 	- eglibc 2.10.2-4 (medium; bug #560333)
 	- glibc <removed> (medium)
 CVE-2010-0014 (System Security Services Daemon (SSSD) before 1.0.1, when the krb5 ...)
-	NOT-FOR-US: sssd
+	- sssd <unfixed>
+	TODO: check
 CVE-2010-0013 (Directory traversal vulnerability in slp.c in the MSN protocol plugin ...)
 	- pidgin 2.6.5-1 (medium; bug #563206)
 	[lenny] - pidgin <not-affected> (vulnerable code not present)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2011-01-12 22:17:10 UTC (rev 15837)
+++ data/DSA/list	2011-01-13 04:43:46 UTC (rev 15838)
@@ -2,7 +2,7 @@
 	{CVE-2010-3847 CVE-2010-3856}
 	[lenny] - glibc 2.7-18lenny7
 [06 Jan 2011] DSA-2142-1 dpkg - directory traversal
-	{CVE-2010-1679}
+	{CVE-2010-1679 CVE-2011-0402}
 	[lenny] - dpkg 1.14.31
 [06 Jan 2011] DSA-2141-3 apache2 - protocol design flaw
 	{CVE-2009-3555}

More information about the Secure-testing-commits mailing list