[Secure-testing-commits] r15977 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Jan 26 21:15:18 UTC 2011 

Author: joeyh
Date: 2011-01-26 21:15:17 +0000 (Wed, 26 Jan 2011)
New Revision: 15977

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-26 21:01:44 UTC (rev 15976)
+++ data/CVE/list	2011-01-26 21:15:17 UTC (rev 15977)
@@ -1,3 +1,21 @@
+CVE-2011-0649
+	RESERVED
+CVE-2011-0648
+	RESERVED
+CVE-2011-0647
+	RESERVED
+CVE-2011-0646 (SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows ...)
+	TODO: check
+CVE-2011-0645 (SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows ...)
+	TODO: check
+CVE-2011-0644 (SQL injection vulnerability in include/admin/model_field.class.php in ...)
+	TODO: check
+CVE-2011-0643 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2011-0642 (Cross-site request forgery (CSRF) vulnerability in news/admin.php in ...)
+	TODO: check
+CVE-2011-0641 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2011-0640 (The default configuration of udev on Linux does not warn the user ...)
 	NOTE: Not much that could sensibly be fixed here
 CVE-2011-0639 (Apple Mac OS X does not properly warn the user before enabling ...)
@@ -1091,7 +1109,7 @@
 	RESERVED
 CVE-2011-0274 (Cross-site scripting (XSS) vulnerability in HP Business Availability ...)
 	NOT-FOR-US: HP Business Availability
-CVE-2011-0273 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.11 ...)
+CVE-2011-0273 (Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell ...)
 	NOT-FOR-US: HP OpenView Storage Data Protector
 CVE-2011-0272 (Unspecified vulnerability in HP LoadRunner 9.52 allows remote ...)
 	NOT-FOR-US: HP LoadRunner
@@ -1907,8 +1925,7 @@
 	RESERVED
 CVE-2011-XXXX [VLC heap corruption in subtitle decoder]
 	- vlc 1.1.3-1squeeze2
-CVE-2011-0021 [VLC CDG]
-	RESERVED
+CVE-2011-0021 (Multiple heap-based buffer overflows in cdg.c in the CDG decoder in ...)
 	- vlc 1.1.3-1squeeze2
 	NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab
 CVE-2011-0020 (Heap-based buffer overflow in the pango_ft2_font_render_box_glyph ...)
@@ -1940,9 +1957,9 @@
 	- sudo 1.7.4p4-6 (bug #609641)
 	[lenny] - sudo <not-affected> (Only affects 1.7.x)
 	NOTE: http://www.sudo.ws/sudo/alerts/runas_group_pw.html
-CVE-2011-0009
-	RESERVED
+CVE-2011-0009 (Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before ...)
 	{DSA-2150-1}
+	TODO: check
 CVE-2011-0008 (A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on ...)
 	- sudo <not-affected> (Fedora-specific issue)
 CVE-2011-0007 (pimd 2.1.5 and possibly earlier versions allows user-assisted local ...)
@@ -2584,8 +2601,7 @@
 	{DSA-2138-1}
 	NOTE: http://core.trac.wordpress.org/changeset/16625
 	- wordpress 3.0.2-1 (bug #605603)
-CVE-2010-4256 [linux: pipe_fcntl local DoS]
-	RESERVED
+CVE-2010-4256 (The pipe_fcntl function in fs/pipe.c in the Linux kernel before 2.6.37 ...)
 	- linux-2.6 <unfixed>
 CVE-2010-4255 (The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and ...)
 	- xen 4.0.1-2 (bug #609531)
@@ -8798,7 +8814,7 @@
 	NOT-FOR-US: Consona
 CVE-2010-1905 (Multiple cross-site scripting (XSS) vulnerabilities in Consona Live ...)
 	NOT-FOR-US: Consona
-CVE-2010-1904 (SQL injection vulnerability in EMC RSA Key Manager Client 1.5.x allows ...)
+CVE-2010-1904 (SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client ...)
 	NOT-FOR-US: EMC RSA key manager
 CVE-2010-1903 (Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, ...)
 	NOT-FOR-US: Microsoft Word

More information about the Secure-testing-commits mailing list