[Secure-testing-commits] r16296 - data/CVE

Thu Mar 3 21:15:21 UTC 2011

Author: joeyh
Date: 2011-03-03 21:15:11 +0000 (Thu, 03 Mar 2011)
New Revision: 16296

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2011-03-03 20:48:01 UTC (rev 16295)
+++ data/CVE/list	2011-03-03 21:15:11 UTC (rev 16296)
@@ -1,3 +1,35 @@
+CVE-2011-1144 (The installer in PEAR 1.9.2 and earlier allows local users to ...)
+	TODO: check
+CVE-2011-1143 (epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark ...)
+	TODO: check
+CVE-2011-1142 (Stack consumption vulnerability in the dissect_ber_choice function in ...)
+	TODO: check
+CVE-2011-1141 (epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through ...)
+	TODO: check
+CVE-2011-1140 (Multiple stack consumption vulnerabilities in the ...)
+	TODO: check
+CVE-2011-1139 (wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through ...)
+	TODO: check
+CVE-2011-1138 (Off-by-one error in the dissect_6lowpan_iphc function in ...)
+	TODO: check
+CVE-2011-1131
+	RESERVED
+CVE-2011-1130
+	RESERVED
+CVE-2011-1129
+	RESERVED
+CVE-2011-1128
+	RESERVED
+CVE-2011-1127
+	RESERVED
+CVE-2011-1126
+	RESERVED
+CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or libc6) ...)
+	TODO: check
+CVE-2010-4755 (The (1) remote_glob function in sftp-glob.c and the (2) process_put ...)
+	TODO: check
+CVE-2010-4754 (The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, ...)
+	TODO: check
 CVE-2011-1125 (Google Chrome before 9.0.597.107 does not properly perform layout, ...)
 	TODO: check
 CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before 9.0.597.107 ...)
@@ -136,8 +168,8 @@
 	RESERVED
 CVE-2011-1073
 	RESERVED
-CVE-2011-1072
-	RESERVED
+CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to overwrite ...)
+	TODO: check
 CVE-2011-1071 [eglibc: memory corruption]
 	RESERVED
 	- glibc <removed>
@@ -339,15 +371,13 @@
 	- request-tracker3.8 <unfixed>
 CVE-2011-1006
 	RESERVED
-CVE-2011-1005 [Ruby Exception methods can bypass $SAFE]
-	RESERVED
+CVE-2011-1005 (The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through ...)
 	- ruby1.8 1.8.7.334-1 (bug #615517)
 	[lenny] - ruby1.8 <no-dsa> (Minor issue)
 	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
 	- ruby1.9 <not-affected>
 	- ruby1.9.1 <not-affected>
-CVE-2011-1004 [Ruby FileUtils.remove_entry_secure symlink attack]
-	RESERVED
+CVE-2011-1004 (The FileUtils.remove_entry_secure method in Ruby 1.8.6 through ...)
 	- ruby1.8 1.8.7.334-1 (bug #615518)
 	[lenny] - ruby1.8 <no-dsa> (Minor issue)
 	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
@@ -405,30 +435,35 @@
 CVE-2008-7274 (IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2011-1132 [kfreebsd dos]
+	RESERVED
 	- kfreebsd-8 <unfixed> (low; bug #613312; bug #611476)
 	[squeeze] - kfreebsd-8 <no-dsa> (Can be fixed through a point update)
 	[lenny] - kfreebsd-8 <no-dsa> (Not-supported in Lenny)
 	- kfreebsd-7 <unfixed> (bug #613312)
 	[lenny] - kfreebsd-7 <no-dsa> (Not supported in Lenny)
 CVE-2011-1133 [xinha XSS mode param]
+	RESERVED
 	- serendipity <unfixed> (bug #611661)
 	[lenny] - serendipity <not-affected> (Xinha not yet included)
 	- openacs <unfixed>
 	- dotlrn <unfixed>
 	NOTE: http://secunia.com/advisories/40669/
 CVE-2011-1134 [xinha XSS image manager]
+	RESERVED
 	- serendipity <unfixed> (bug #611661)
 	[lenny] - serendipity <not-affected> (Xinha not yet included)
 	- openacs <unfixed>
 	- dotlrn <unfixed>
 	NOTE: http://secunia.com/advisories/40669/
 CVE-2011-1135 [xinha multiple vulns]
+	RESERVED
 	- serendipity <unfixed> (bug #611661)
 	[lenny] - serendipity <not-affected> (Xinha not yet included)
 	- openacs <unfixed>
 	- dotlrn <unfixed>
 	NOTE: http://secunia.com/advisories/40669/
 CVE-2011-1137 [proftpd mod_sftp DoS]
+	RESERVED
 	- proftpd-dfsg <unfixed>
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3586
 	NOTE: http://www.exploit-db.com/exploits/16129/
@@ -924,6 +959,7 @@
 	- wordpress 3.0.5+dfsg-1
 	NOTE: http://codex.wordpress.org/Version_3.0.5
 CVE-2011-1136 [tesseract tempfile]
+	RESERVED
 	- tesseract 2.04-2.1 (low; bug #612032)
 	[squeeze] - tesseract <no-dsa> (Minor issue)
 	[lenny] - tesseract <no-dsa> (Minor issue)
@@ -961,8 +997,8 @@
 	RESERVED
 CVE-2011-0763
 	RESERVED
-CVE-2011-0762
-	RESERVED
+CVE-2011-0762 (The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 ...)
+	TODO: check
 CVE-2011-0761
 	RESERVED
 CVE-2011-0760
@@ -1116,8 +1152,7 @@
 	RESERVED
 CVE-2011-0714
 	RESERVED
-CVE-2011-0713 [dct3trace buffer overflow]
-	RESERVED
+CVE-2011-0713 (Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 ...)
 	- wireshark <unfixed>
 	[lenny] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: http://anonsvn.wireshark.org/viewvc?view=rev&revision=35953
@@ -1553,7 +1588,7 @@
 	- openssh 1:5.8p1-2
 	[squeeze] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
 	[lenny] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
-CVE-2011-0538 (Wireshark 1.5.0, 1.4.3, and earlier frees an uninitialized pointer ...)
+CVE-2011-0538 (Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees ...)
 	- wireshark 1.4.3-3 (low; bug #613202)
 CVE-2011-0537 (Multiple directory traversal vulnerabilities in (1) ...)
 	- mediawiki <not-affected> (Only affected when running on Windows or Novell Netware)
@@ -1788,8 +1823,8 @@
 	RESERVED
 CVE-2011-0456
 	RESERVED
-CVE-2011-0455
-	RESERVED
+CVE-2011-0455 (Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 ...)
+	TODO: check
 CVE-2011-0454 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...)
 	TODO: check
 CVE-2011-0453 (F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not ...)
@@ -2909,57 +2944,48 @@
 	- pango1.0 1.28.3-2~sid1
 CVE-2011-0063
 	RESERVED
-CVE-2011-0062
-	RESERVED
+CVE-2011-0062 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- xulrunner <not-affected> (Only affects Firefox 3.6, not yet in unstable)
 	- iceweasel <not-affected> (Only affects Firefox 3.6, not yet in unstable)
-CVE-2011-0061
-	RESERVED
+CVE-2011-0061 (Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird ...)
 	- xulrunner <not-affected> (Only affects Firefox 3.6, not yet in unstable)
 	- iceweasel <not-affected> (Only affects Firefox 3.6, not yet in unstable)
 CVE-2011-0060
 	RESERVED
-CVE-2011-0059
-	RESERVED
+CVE-2011-0059 (Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox ...)
 	- xulrunner <removed>
 	- iceweasel 3.5.17-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.12-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0058
-	RESERVED
+CVE-2011-0058 (Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before ...)
 	- xulrunner <not-affected> (Windows-specific)
 	- iceweasel <not-affected> (Windows-specific)
-CVE-2011-0057
-	RESERVED
+CVE-2011-0057 (Use-after-free vulnerability in the Web Workers implementation in ...)
 	- xulrunner <removed>
 	- iceweasel 3.5.17-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.12-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0056
-	RESERVED
+CVE-2011-0056 (Buffer overflow in the JavaScript engine in Mozilla Firefox before ...)
 	- xulrunner <removed>
 	- iceweasel 3.5.17-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.12-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0055
-	RESERVED
+CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in Mozilla ...)
 	- xulrunner <removed>
 	- iceweasel 3.5.17-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.12-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0054
-	RESERVED
+CVE-2011-0054 (Buffer overflow in the JavaScript engine in Mozilla Firefox before ...)
 	- xulrunner <removed>
 	- iceweasel 3.5.17-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.12-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0053
-	RESERVED
+CVE-2011-0053 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- xulrunner <removed>
 	- iceweasel 3.5.17-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
@@ -2967,8 +2993,7 @@
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2011-0052
 	RESERVED
-CVE-2011-0051
-	RESERVED
+CVE-2011-0051 (Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey ...)
 	- xulrunner <removed>
 	- iceweasel 3.5.17-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
@@ -11369,7 +11394,7 @@
 	NOT-FOR-US: Apache ActiveMQ
 CVE-2010-1586 (Open redirect vulnerability in red2301.html in HP System Management ...)
 	NOT-FOR-US: HP System Management Homepage
-CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in Mozilla Firefox ...)
+CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in the ...)
 	- xulrunner <removed>
 	- iceweasel 3.5.17-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)


