[Secure-testing-commits] r16791 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Jun 10 08:27:46 UTC 2011 

Author: jmm
Date: 2011-06-10 08:27:46 +0000 (Fri, 10 Jun 2011)
New Revision: 16791

Modified:
   data/CVE/list
Log:
updates from Helmut Grohne (thanks), with some additional changes by
myself on top of it
(front desk: please file bug/create ticket for wireshark and add the
gimp issue to the existing ticket)




Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-06-09 19:48:28 UTC (rev 16790)
+++ data/CVE/list	2011-06-10 08:27:46 UTC (rev 16791)
@@ -1,3 +1,11 @@
+CVE-2011-2468
+	NOT-FOR-US: AnyMacro Mail System G4X
+CVE-2011-2395
+	NOT-FOR-US: Cisco
+CVE-2011-2383
+	NOT-FOR-US: Microsoft
+CVE-2011-2382
+	NOT-FOR-US: Microsoft
 CVE-2011-2194  [vlc xspf integer overflow]
 	- vlc <unfixed>
 	[lenny] - vlc <not-affected> (Vulnerable code not present)
@@ -33,6 +41,11 @@
 	NOT-FOR-US: WalRack
 CVE-2011-2214
 	NOT-FOR-US: 7T Interactive Graphical SCADA System
+CVE-2011-2175 (Integer underflow in the visual_read function in wiretap/visual.c ...)
+	- wireshark <unfixed> (unimportant)
+	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
+CVE-2011-2174 (Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c ...)
+	- wireshark <unfixed>
 CVE-2011-2173
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2011-2172
@@ -232,8 +245,8 @@
 	RESERVED
 CVE-2011-2108
 	RESERVED
-CVE-2011-2107
-	RESERVED
+CVE-2011-2107 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 ...)
+	NOT-FOR-US: Adobe Flash Player
 CVE-2011-2106
 	RESERVED
 CVE-2011-2105
@@ -529,8 +542,9 @@
 	RESERVED
 CVE-2011-1960
 	RESERVED
-CVE-2011-1959
-	RESERVED
+CVE-2011-1959 (The snoop_read function in wiretap/snoop.c ... does not properly handle certain virtualizable buffers ...)
+	- wireshark <unfixed> (unimportant)
+	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
 CVE-2011-1958
 	RESERVED
 CVE-2011-1957
@@ -1243,7 +1257,7 @@
 CVE-2011-1712 (The txXPathNodeUtils::getXSLTId function in ...)
 	- iceweasel <unfixed> (unimportant)
 CVE-2011-1711
-	RESERVED
+	NOT-FOR-US: Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer
 CVE-2011-1710
 	RESERVED
 CVE-2011-1709
@@ -2741,8 +2755,9 @@
 	- linux-2.6 2.6.38-4
 CVE-2011-1179 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly ...)
 	NOT-FOR-US: SPICE Firefox plug-in
-CVE-2011-1178
-	RESERVED
+CVE-2011-1178 (Multiple integer overflows in the load_image function in file-pcx.c ...)
+	- gimp 2.6.10-1
+	NOTE: Likely fixed earlier, but only the squeeze version was checked 
 CVE-2011-1177
 	RESERVED
 CVE-2011-1176 (The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk ...)

More information about the Secure-testing-commits mailing list