[Secure-testing-commits] r16344 - data/CVE

Wed Mar 9 21:15:13 UTC 2011

Author: joeyh
Date: 2011-03-09 21:15:05 +0000 (Wed, 09 Mar 2011)
New Revision: 16344

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2011-03-09 21:12:33 UTC (rev 16343)
+++ data/CVE/list	2011-03-09 21:15:05 UTC (rev 16344)
@@ -1,3 +1,37 @@
+CVE-2011-1322 (The SOAP with Attachments API for Java (SAAJ) implementation in the ...)
+	TODO: check
+CVE-2011-1321 (The AuthCache purge implementation in the Security component in IBM ...)
+	TODO: check
+CVE-2011-1320 (The Security component in IBM WebSphere Application Server (WAS) ...)
+	TODO: check
+CVE-2011-1319 (The Security component in IBM WebSphere Application Server (WAS) ...)
+	TODO: check
+CVE-2011-1318 (Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the ...)
+	TODO: check
+CVE-2011-1317 (Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the ...)
+	TODO: check
+CVE-2011-1316 (The Session Initiation Protocol (SIP) Proxy in the HTTP Transport ...)
+	TODO: check
+CVE-2011-1315 (Memory leak in the messaging engine in IBM WebSphere Application ...)
+	TODO: check
+CVE-2011-1314 (The Service Integration Bus (SIB) messaging engine in IBM WebSphere ...)
+	TODO: check
+CVE-2011-1313 (Double free vulnerability in IBM WebSphere Application Server (WAS) ...)
+	TODO: check
+CVE-2011-1312 (The Administrative Console component in IBM WebSphere Application ...)
+	TODO: check
+CVE-2011-1311 (The Security component in IBM WebSphere Application Server (WAS) ...)
+	TODO: check
+CVE-2011-1310 (The Administrative Scripting Tools component in IBM WebSphere ...)
+	TODO: check
+CVE-2011-1309 (The Plug-in component in IBM WebSphere Application Server (WAS) before ...)
+	TODO: check
+CVE-2011-1308 (Cross-site scripting (XSS) vulnerability in the Installation ...)
+	TODO: check
+CVE-2011-1307 (The installer in IBM WebSphere Application Server (WAS) before ...)
+	TODO: check
+CVE-2011-1306 (Unspecified vulnerability in the Scratchpad application in Google ...)
+	TODO: check
 CVE-2011-XXXX [gmime segfault]
 	- gmime2.4 <unfixed> (bug #616366)
 CVE-2011-1305
@@ -491,15 +525,15 @@
 	RESERVED
 	- kde4libs <unfixed>
 	- kdelibs <undetermined>
-    NOTE: http://seclists.org/oss-sec/2011/q1/434
-    TODO: file a bug in BTS, check severity. check if kdelibs is affected too.
+	NOTE: http://seclists.org/oss-sec/2011/q1/434
+	TODO: file a bug in BTS, check severity. check if kdelibs is affected too.
 CVE-2011-1093
 	RESERVED
 CVE-2011-1092 [PHP: shmop_read, missing sanity check]
 	RESERVED
 	- php5 <unfixed>
-    NOTE: http://seclists.org/oss-sec/2011/q1/430
-    TODO: determine severity. file a bts bug.
+	NOTE: http://seclists.org/oss-sec/2011/q1/430
+	TODO: determine severity. file a bts bug.
 CVE-2011-1091
 	RESERVED
 CVE-2011-1090
@@ -2263,20 +2297,16 @@
 	RESERVED
 CVE-2011-0438
 	RESERVED
-CVE-2011-0437
-	RESERVED
+CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management implementation ...)
 	{DSA-2179-1}
 	- dtc 0.32.10-1
-CVE-2011-0436 [new users' unencrypted passwords emailed to admin]
-	RESERVED
+CVE-2011-0436 (The register_user function in client/new_account_form.php in Domain ...)
 	{DSA-2179-1}
 	- dtc 0.32.10-1 (bug #614302)
-CVE-2011-0435
-	RESERVED
+CVE-2011-0435 (Domain Technologie Control (DTC) before 0.32.9 does not require ...)
 	{DSA-2179-1}
 	- dtc 0.32.10-1
-CVE-2011-0434
-	RESERVED
+CVE-2011-0434 (Multiple SQL injection vulnerabilities in Domain Technologie Control ...)
 	{DSA-2179-1}
 	- dtc 0.32.10-1
 CVE-2011-0433 [linetoken() buffer overflow]
@@ -2349,15 +2379,15 @@
 	RESERVED
 CVE-2011-0411
 	RESERVED
-        TODO: lots of various other packages potentially affected, need to check them, see http://www.kb.cert.org/vuls/id/555316
+	TODO: lots of various other packages potentially affected, need to check them, see http://www.kb.cert.org/vuls/id/555316
 	- postfix 2.8.0-1
 	NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded
 	NOTE: http://www.postfix.org/announcements/postfix-2.7.3.html
 	NOTE: http://www.postfix.org/CVE-2011-0411.html
-        - qmail <unfixed>
-        [lenny] - qmail <no-dsa> (non-free doesn't get security support)
-        [squeeze] - qmail <no-dsa> (non-free doesn't get security support)
-        NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q
+	- qmail <unfixed>
+	[lenny] - qmail <no-dsa> (non-free doesn't get security support)
+	[squeeze] - qmail <no-dsa> (non-free doesn't get security support)
+	NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q
 CVE-2011-0410 (CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for ...)
 	NOT-FOR-US: CollabNet ScrumWorks Basic 
 CVE-2011-0409
@@ -2491,10 +2521,10 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-0346 (Use-after-free vulnerability in the ReleaseInterface function in ...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2011-0345
-	RESERVED
-CVE-2011-0344
-	RESERVED
+CVE-2011-0345 (Directory traversal vulnerability in the NMS server in Alcatel-Lucent ...)
+	TODO: check
+CVE-2011-0344 (Multiple stack-based buffer overflows in unspecified CGI programs in ...)
+	TODO: check
 CVE-2011-0342
 	RESERVED
 CVE-2011-0341
@@ -2885,8 +2915,8 @@
 	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2011-0280
 	RESERVED
-CVE-2011-0279
-	RESERVED
+CVE-2011-0279 (HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) ...)
+	TODO: check
 CVE-2011-0278 (Unspecified vulnerability in HP Web Jetadmin 10.2 Service Release 3 ...)
 	NOT-FOR-US: HP Web Jetadmin
 CVE-2011-0277 (Cross-site request forgery (CSRF) vulnerability in HP Power Manager ...)
@@ -3387,8 +3417,7 @@
 	RESERVED
 CVE-2011-0065
 	RESERVED
-CVE-2011-0064 [NULL pointer dereference in hb_buffer_add_glyph]
-	RESERVED
+CVE-2011-0064 (The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in ...)
 	{DSA-2178-1}
 	- pango1.0 1.28.3-2~sid1
 	[lenny] - pango1.0 <not-affected> (introduced in code cleanup)
@@ -3403,7 +3432,7 @@
 CVE-2011-0060
 	RESERVED
 CVE-2011-0059 (Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox ...)
-	{DSA-2180-1}
+	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
 	- icedove 3.0.11-2
 	[lenny] - icedove <end-of-life>
 	- xulrunner <removed>
@@ -3417,7 +3446,7 @@
 	- xulrunner <not-affected> (Windows-specific)
 	- iceweasel <not-affected> (Windows-specific)
 CVE-2011-0057 (Use-after-free vulnerability in the Web Workers implementation in ...)
-	{DSA-2180-1}
+	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
 	- icedove 3.0.11-2
 	[lenny] - icedove <end-of-life>
 	- xulrunner <not-affected> (Vulnerable code not present)
@@ -3426,7 +3455,7 @@
 	- iceape 2.0.12-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2011-0056 (Buffer overflow in the JavaScript engine in Mozilla Firefox before ...)
-	{DSA-2180-1}
+	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
 	- icedove 3.0.11-2
 	[lenny] - icedove <end-of-life>
 	- xulrunner <removed>
@@ -3436,7 +3465,7 @@
 	- iceape 2.0.12-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in Mozilla ...)
-	{DSA-2180-1}
+	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
 	- icedove 3.0.11-2
 	[lenny] - icedove <end-of-life>
 	- xulrunner <not-affected> (Vulnerable code not present)
@@ -3445,7 +3474,7 @@
 	- iceape 2.0.12-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2011-0054 (Buffer overflow in the JavaScript engine in Mozilla Firefox before ...)
-	{DSA-2180-1}
+	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
 	- icedove 3.0.11-2
 	[lenny] - icedove <end-of-life>
 	- xulrunner <not-affected> (Vulnerable code not present)
@@ -3454,7 +3483,7 @@
 	- iceape 2.0.12-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2011-0053 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	{DSA-2180-1}
+	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
 	- icedove 3.0.11-2
 	[lenny] - icedove <end-of-life>
 	- xulrunner <removed>
@@ -3466,7 +3495,7 @@
 CVE-2011-0052
 	RESERVED
 CVE-2011-0051 (Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey ...)
-	{DSA-2180-1}
+	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
 	- icedove 3.0.11-2
 	[lenny] - icedove <end-of-life>
 	- xulrunner <removed>
@@ -11872,7 +11901,7 @@
 CVE-2010-1586 (Open redirect vulnerability in red2301.html in HP System Management ...)
 	NOT-FOR-US: HP System Management Homepage
 CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in the ...)
-	{DSA-2180-1}
+	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
 	- icedove 3.0.11-2
 	[lenny] - icedove <end-of-life>
 	- xulrunner <removed>
@@ -21465,8 +21494,8 @@
 	NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
 CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in Symantec ...)
 	NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
-CVE-2009-3028
-	RESERVED
+CVE-2009-3028 (The Altiris eXpress NS SC Download ActiveX control in ...)
+	TODO: check
 CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection ...)
 	NOT-FOR-US: Symantec Backup Exec Continuous Protection Server
 CVE-2009-3025 (Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to ...)


