[Secure-testing-commits] r15990 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Jan 27 20:04:35 UTC 2011
Author: jmm
Date: 2011-01-27 20:04:26 +0000 (Thu, 27 Jan 2011)
New Revision: 15990
Modified:
data/CVE/list
Log:
- hplip fixed
- otrs issues don't affect Lenny
- qemu unimportant
- update bip description
- mark remaining webkit/lenny issues as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-01-27 17:03:49 UTC (rev 15989)
+++ data/CVE/list 2011-01-27 20:04:26 UTC (rev 15990)
@@ -1820,7 +1820,7 @@
- ccid 1.3.11-2 (unimportant; bug #607780)
NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356
NOTE: Theoretical attack
-CVE-2011-XXXX [unspecified denial of service]
+CVE-2011-XXXX [remote DoS when case of the characters of a nickname is modified]
- bip 0.8.7-1
[squeeze] - bip 0.8.2-1squeeze3
[lenny] - bip <not-affected> (Vulnerable code not present)
@@ -1948,8 +1948,9 @@
RESERVED
CVE-2011-0011 [qemu-kvm: Setting VNC password to empty string silently disables all authentication]
RESERVED
- - qemu <unfixed> (bug #611134)
- - kvm <removed> (bug #611134)
+ - qemu <unfixed> (unimportant; bug #611134)
+ - kvm <removed> (unimportant; bug #611134)
+ NOTE: Harmless implementation bug, see discussion in #611134
CVE-2011-0010 (check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is ...)
- sudo 1.7.4p4-6 (bug #609641)
[lenny] - sudo <not-affected> (Only affects 1.7.x)
@@ -2570,7 +2571,7 @@
CVE-2010-4268 (SQL injection vulnerability in the Pulse Infotech Flip Wall ...)
NOT-FOR-US: Pulse Infotech
CVE-2010-4267 (Stack-based buffer overflow in the hpmud_get_pml function in ...)
- - hplip <unfixed> (bug #610960)
+ - hplip 3.10.6-2 (bug #610960)
CVE-2010-4266
RESERVED
CVE-2010-4265 (The ...)
@@ -2717,6 +2718,7 @@
- yui 2.8.2r1~squeeze-1 (bug #603513)
CVE-2010-4206 (Array index error in the FEBlend::apply function in ...)
- webkit 1.2.6-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 6.0.472.63~r59945-2
NOTE: http://trac.webkit.org/changeset/70652
CVE-2010-4205 (Google Chrome before 7.0.517.44 does not properly handle the data ...)
@@ -2726,6 +2728,7 @@
NOTE: http://trac.webkit.org/changeset/70550
CVE-2010-4204 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before ...)
- webkit 1.2.6-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 6.0.472.63~r59945-2
NOTE: https://bugs.webkit.org/show_bug.cgi?id=48281
NOTE: http://trac.webkit.org/changeset/70517
@@ -2746,11 +2749,13 @@
NOTE: http://trac.webkit.org/changeset/69936
CVE-2010-4198 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before ...)
- webkit 1.2.6-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 6.0.472.63~r59945-2
NOTE: http://trac.webkit.org/changeset/69735
NOTE: style fix change set: http://trac.webkit.org/changeset/69801
CVE-2010-4197 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...)
- webkit 1.2.6-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 6.0.472.63~r59945-2
NOTE: http://trac.webkit.org/changeset/70594
CVE-2010-4196
@@ -3042,6 +3047,7 @@
- linux-2.6 2.6.32-29 (low)
CVE-2010-4071 (Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS ...)
- otrs2 2.4.9+dfsg1-1
+ [lenny] - otrs2 <not-affected> (Only affects OTRS 2.4)
CVE-2010-4070 (Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper ...)
NOT-FOR-US: portmap.exe
CVE-2010-4069 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x ...)
@@ -3117,6 +3123,7 @@
NOT-FOR-US: Opera
CVE-2010-4042 (Google Chrome before 7.0.517.41 does not properly handle element maps, ...)
- webkit 1.2.6-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 6.0.472.63~r59945-1
NOTE: http://trac.webkit.org/changeset/68096
CVE-2010-4041 (The sandbox implementation in Google Chrome before 7.0.517.41 on Linux ...)
@@ -3708,6 +3715,7 @@
- freetype 2.4.2-2.1 (bug #602221)
CVE-2010-3813 (The WebCore::HTMLLinkElement::process function in ...)
- webkit 1.2.6-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <undetermined>
CVE-2010-3812 (Integer overflow in the Text::wholeText method in dom/Text.cpp in ...)
- webkit 1.2.6-1
@@ -4635,6 +4643,7 @@
NOT-FOR-US: Oracle Siebel Suite
CVE-2010-3476 (Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before ...)
- otrs2 2.4.8+dfsg1-1
+ [lenny] - otrs2 <not-affected> (Only affects OTRS 2.3 and 2.4)
CVE-2010-3475 (IBM DB2 9.7 before FP3 does not properly enforce privilege ...)
NOT-FOR-US: IBM DB2
CVE-2010-3474 (IBM DB2 9.7 before FP3 does not perform the expected drops or ...)
@@ -8392,6 +8401,7 @@
RESERVED
CVE-2010-2080 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...)
- otrs2 2.4.8+dfsg1-1
+ [lenny] - otrs2 <not-affected> (Only affects OTRS 2.3 and 2.4)
CVE-2009-4879 (The Identity Server in Novell Access Manager before 3.1 SP1 allows ...)
NOT-FOR-US: Novell Access Manager
CVE-2009-4878 (Unspecified vulnerability in the Administration Console in Novell ...)
@@ -9177,6 +9187,7 @@
NOTE: Chromium uses a totally different regexp implementation.
CVE-2010-1791 (Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac ...)
- webkit 1.2.6-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <not-affected>
NOTE: this is specific to Safari's JavaScript engine
CVE-2010-1790 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
More information about the Secure-testing-commits
mailing list