[Secure-testing-commits] r16019 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Jan 31 21:14:54 UTC 2011 

Author: joeyh
Date: 2011-01-31 21:14:53 +0000 (Mon, 31 Jan 2011)
New Revision: 16019

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-31 18:42:50 UTC (rev 16018)
+++ data/CVE/list	2011-01-31 21:14:53 UTC (rev 16019)
@@ -1,3 +1,67 @@
+CVE-2011-0679 (IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web ...)
+	TODO: check
+CVE-2011-0678 (Unrestricted file upload vulnerability in the EasyEdit module in ...)
+	TODO: check
+CVE-2011-0677
+	RESERVED
+CVE-2011-0676
+	RESERVED
+CVE-2011-0675
+	RESERVED
+CVE-2011-0674
+	RESERVED
+CVE-2011-0673
+	RESERVED
+CVE-2011-0672
+	RESERVED
+CVE-2011-0671
+	RESERVED
+CVE-2011-0670
+	RESERVED
+CVE-2011-0669
+	RESERVED
+CVE-2011-0668
+	RESERVED
+CVE-2011-0667
+	RESERVED
+CVE-2011-0666
+	RESERVED
+CVE-2011-0665
+	RESERVED
+CVE-2011-0664
+	RESERVED
+CVE-2011-0663
+	RESERVED
+CVE-2011-0662
+	RESERVED
+CVE-2011-0661
+	RESERVED
+CVE-2011-0660
+	RESERVED
+CVE-2011-0659
+	RESERVED
+CVE-2011-0658
+	RESERVED
+CVE-2011-0657
+	RESERVED
+CVE-2011-0656
+	RESERVED
+CVE-2011-0655
+	RESERVED
+CVE-2011-0654
+	RESERVED
+CVE-2011-0653
+	RESERVED
+CVE-2011-0652 (lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 ...)
+	TODO: check
+CVE-2011-0651 (Buffer overflow in the key exchange functionality in Icon Labs ...)
+	TODO: check
+CVE-2011-0650 (Cross-site request forgery (CSRF) vulnerability in Greenbone Security ...)
+	TODO: check
+CVE-2010-4710 (Cross-site scripting (XSS) vulnerability in the addItem method in the ...)
+	TODO: check
+CVE-2010-4709 (Heap-based buffer overflow in Automated Solutions Modbus/TCP Master ...)
+	TODO: check
 CVE-2011-XXXX [Reoccurance of CVE-2005-3534]
 	- nbd 1:2.9.16-8 (bug #611187)
 CVE-2011-XXXX [yet another weborf DoS]
@@ -56,8 +120,7 @@
 CVE-2011-XXXX [shibboleth Single TransientID Mapped to Multiple Principals]
 	NOTE: Not packaged in Debian, separate package Shibboleth IdP
 	NOTE: http://shibboleth.internet2.edu/secadv/secadv_20110113.txt
-CVE-2011-0520 [maradns crash with long queries]
-	RESERVED
+CVE-2011-0520 (The compress_add_dlabel_points function in dns/Compress.c in MaraDNS ...)
 	- maradns 1.4.03-1.1 (bug #610834)
 CVE-2011-0634
 	RESERVED
@@ -709,12 +772,12 @@
 	NOT-FOR-US: Linksys router
 CVE-2011-0351
 	RESERVED
-CVE-2011-0350
-	RESERVED
-CVE-2011-0349
-	RESERVED
-CVE-2011-0348
-	RESERVED
+CVE-2011-0350 (Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 ...)
+	TODO: check
+CVE-2011-0349 (Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 ...)
+	TODO: check
+CVE-2011-0348 (Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before ...)
+	TODO: check
 CVE-2011-0347 (Microsoft Internet Explorer on Windows XP allows remote attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-0346 (Use-after-free vulnerability in the ReleaseInterface function in ...)
@@ -909,8 +972,7 @@
 	NOTE: sgid games is dropped before buffer overflow
 CVE-2011-XXXX [Crash with long GGI_DISPLAY environment variable]
 	- libggi <unfixed> (bug #608981)
-CVE-2011-0343 [syslog-ng log permissions]
-	RESERVED
+CVE-2011-0343 (Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on ...)
 	- syslog-ng 3.1.3-2 (bug #608491)
 	[lenny] - syslog-ng <not-affected> (2.0 not affected, also Freebsd-specific, which is not supported in Lenny anyway)
 CVE-2010-XXXX [XSS in ftpls]
@@ -1007,8 +1069,7 @@
 CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 ...)
 	- subversion 1.6.12dfsg-3 (low; bug #608989)
 	[lenny] - subversion <no-dsa> (Minor issue)
-CVE-2010-4643
-	RESERVED
+CVE-2010-4643 (Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and ...)
 	{DSA-2151-1}
 	- openoffice.org 1:3.2.1-11+squeeze2
 CVE-2010-4642 (Cross-site scripting (XSS) vulnerability in XWiki Enterprise before ...)
@@ -1115,8 +1176,8 @@
 	RESERVED
 CVE-2011-0276
 	RESERVED
-CVE-2011-0275
-	RESERVED
+CVE-2011-0275 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, ...)
+	TODO: check
 CVE-2011-0274 (Cross-site scripting (XSS) vulnerability in HP Business Availability ...)
 	NOT-FOR-US: HP Business Availability
 CVE-2011-0273 (Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell ...)
@@ -1593,15 +1654,13 @@
 	RESERVED
 CVE-2011-0049
 	RESERVED
-CVE-2011-0048 [XSS]
-	RESERVED
+CVE-2011-0048 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and ...)
 	- bugzilla <unfixed>
 	TODO: check
 	NOTE: http://www.bugzilla.org/security/3.2.9/
 CVE-2011-0047
 	RESERVED
-CVE-2011-0046 [CSRF]
-	RESERVED
+CVE-2011-0046 (Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla ...)
 	- bugzilla <unfixed>
 	TODO: check
 	NOTE: http://www.bugzilla.org/security/3.2.9/
@@ -1626,8 +1685,7 @@
 	NOTE: http://codereview.chromium.org/4716006
 CVE-2010-4573 (The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is ...)
 	NOT-FOR-US: VMware ESXi
-CVE-2010-4572
-	RESERVED
+CVE-2010-4572 (CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, ...)
 	- perl <undetermined>
 	- libcgi-pm-perl <undetermined>
 	- libcgi-simple-perl <undetermined>
@@ -1636,18 +1694,14 @@
 	NOTE: http://www.bugzilla.org/security/3.2.9/
 CVE-2010-4571
 	RESERVED
-CVE-2010-4570 [XSS in dups detection]
-	RESERVED
+CVE-2010-4570 (Cross-site scripting (XSS) vulnerability in the duplicate-detection ...)
 	- bugzilla <not-affected> (vulnerable code introduced in 3.7)
-CVE-2010-4569 [XSS in username autocomplete]
-	RESERVED
+CVE-2010-4569 (Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, ...)
 	- bugzilla <not-affected> (vulnerable code introduced in 3.7)
-CVE-2010-4568 [account compromise]
-	RESERVED
+CVE-2010-4568 (Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; ...)
 	- bugzilla <unfixed> (high; bug #611176)
 	NOTE: http://www.bugzilla.org/security/3.2.9/
-CVE-2010-4567 [XSS]
-	RESERVED
+CVE-2010-4567 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and ...)
 	- bugzilla <unfixed>
 	TODO: check
 	NOTE: http://www.bugzilla.org/security/3.2.9/
@@ -1944,8 +1998,7 @@
 	- pango1.0 1.28.3-1+squeeze1 (bug #610792)
 CVE-2011-0019
 	RESERVED
-CVE-2011-0018
-	RESERVED
+CVE-2011-0018 (The email function in manage_sql.c in OpenVAS Manager 1.0.x through ...)
 	NOT-FOR-US: OpenVAS Manager
 CVE-2011-0017 [lack of return code checks for setuid/setgid]
 	RESERVED
@@ -2433,10 +2486,10 @@
 	RESERVED
 CVE-2010-4327
 	RESERVED
-CVE-2010-4326
-	RESERVED
-CVE-2010-4325
-	RESERVED
+CVE-2010-4326 (Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent ...)
+	TODO: check
+CVE-2010-4325 (Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in ...)
+	TODO: check
 CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form in the ...)
 	NOT-FOR-US: Novell Identity Manager
 CVE-2010-4323
@@ -2629,8 +2682,7 @@
 	- xen 4.0.1-2 (bug #609531)
 CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is ...)
 	- moon <not-affected> (Debian's version of Moonlight is not affected, see #608288)
-CVE-2010-4253
-	RESERVED
+CVE-2010-4253 (Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and ...)
 	{DSA-2151-1}
 	- openoffice.org 1:3.2.1-11+squeeze2
 CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly ...)
@@ -3588,7 +3640,7 @@
 CVE-2010-3861 (The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux ...)
 	- linux-2.6 2.6.32-29
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
-CVE-2010-3860 (IcedTea before 1.9.2, as based on OpenJDK 6, declares multiple ...)
+CVE-2010-3860 (IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before ...)
 	- openjdk-6 6b18-1.8.3-1
 CVE-2010-3859 (Multiple integer signedness errors in the TIPC implementation in the ...)
 	{DSA-2126-1}
@@ -4138,8 +4190,7 @@
 	- glpi <unfixed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
 	- moodle 1.9.9.dfsg2-2 (bug #601384)
-CVE-2010-3689
-	RESERVED
+CVE-2010-3689 (soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length ...)
 	{DSA-2151-1}
 	- openoffice.org 1:3.2.1-11+squeeze2
 CVE-2010-3687 (Unspecified vulnerability in the powermail extension 1.5.3 and earlier ...)
@@ -4743,24 +4794,19 @@
 	NOT-FOR-US: EnergyScripts Simple Download
 CVE-2010-3455 (Cross-site scripting (XSS) vulnerability in index.php in AChecker 1.0 ...)
 	NOT-FOR-US: AChecker
-CVE-2010-3454
-	RESERVED
+CVE-2010-3454 (Multiple off-by-one errors in the WW8DopTypography::ReadFromMem ...)
 	{DSA-2151-1}
 	- openoffice.org 1:3.2.1-11+squeeze2
-CVE-2010-3453
-	RESERVED
+CVE-2010-3453 (The WW8ListManager::WW8ListManager function in oowriter in ...)
 	{DSA-2151-1}
 	- openoffice.org 1:3.2.1-11+squeeze2
-CVE-2010-3452
-	RESERVED
+CVE-2010-3452 (Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x ...)
 	{DSA-2151-1}
 	- openoffice.org 1:3.2.1-11+squeeze2
-CVE-2010-3451
-	RESERVED
+CVE-2010-3451 (Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x ...)
 	{DSA-2151-1}
 	- openoffice.org 1:3.2.1-11+squeeze2
-CVE-2010-3450
-	RESERVED
+CVE-2010-3450 (Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) ...)
 	{DSA-2151-1}
 	- openoffice.org 1:3.2.1-11+squeeze2
 CVE-2010-3449 (Cross-site request forgery (CSRF) vulnerability in Redback before ...)
@@ -6177,7 +6223,7 @@
 CVE-2010-2936 (Integer overflow in simpress.bin in the Impress module in ...)
 	{DSA-2099-1}
 	- openoffice.org 1:3.2.1-6
-CVE-2010-2935 (simpress.bin in the Impress module in OpenOffice.org (OOo) 3.2.1 on ...)
+CVE-2010-2935 (simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x ...)
 	{DSA-2099-1}
 	- openoffice.org 1:3.2.1-6
 CVE-2010-2934 (Multiple unspecified vulnerabilities in ZNC 0.092 allow remote ...)
@@ -6609,12 +6655,12 @@
 	RESERVED
 CVE-2010-2780
 	RESERVED
-CVE-2010-2779
-	RESERVED
-CVE-2010-2778
-	RESERVED
-CVE-2010-2777
-	RESERVED
+CVE-2010-2779 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell ...)
+	TODO: check
+CVE-2010-2778 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell ...)
+	TODO: check
+CVE-2010-2777 (Stack-based buffer overflow in the IMAP server component in GroupWise ...)
+	TODO: check
 CVE-2010-2776
 	RESERVED
 CVE-2010-2775

More information about the Secure-testing-commits mailing list