[Secure-testing-commits] r16345 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Mar 9 21:18:22 UTC 2011 

Author: jmm
Date: 2011-03-09 21:18:17 +0000 (Wed, 09 Mar 2011)
New Revision: 16345

Modified:
   data/CVE/list
Log:
two openldap no-dsa issues
dotlrn/openacs not affected by xinha issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-03-09 21:15:05 UTC (rev 16344)
+++ data/CVE/list	2011-03-09 21:18:17 UTC (rev 16345)
@@ -583,7 +583,7 @@
 CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users ...)
 	TODO: check
 CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to overwrite ...)
-	TODO: check
+	TODO: apparenty not in Debian. Raphael, can you confirm?
 CVE-2011-1071 [eglibc: memory corruption]
 	RESERVED
 	- glibc <removed>
@@ -725,12 +725,14 @@
 	RESERVED
 CVE-2011-1025 [rootpw is not verified with slapd.conf]
 	RESERVED
-	- openldap <unfixed>
-	TODO: check
+	- openldap <unfixed> (low)
+	[squeeze] - openldap <no-dsa> (Minor issue)
+	[lenny] - openldap <not-affected> (Vulnerable code not present, introduced in 2.4.12)
 CVE-2011-1024 [forwarded bind failure messages cause success]
 	RESERVED
-	- openldap <unfixed>
-	TODO: check
+	- openldap <unfixed> (low)
+	[lenny] - openldap <no-dsa> (Minor issue)
+	[squeeze] - openldap <no-dsa> (Minor issue)
 CVE-2011-1023
 	RESERVED
 CVE-2011-1022 [failure to verify netlink messages]
@@ -862,22 +864,22 @@
 	RESERVED
 	- serendipity <unfixed> (bug #611661)
 	[lenny] - serendipity <not-affected> (Xinha not yet included)
-	- openacs <unfixed>
-	- dotlrn <unfixed>
+	- openacs <not-affected> (PHP bindings not used)
+	- dotlrn <not-affected> (PHP bindings not used)
 	NOTE: http://secunia.com/advisories/40669/
 CVE-2011-1134 [xinha XSS image manager]
 	RESERVED
 	- serendipity <unfixed> (bug #611661)
 	[lenny] - serendipity <not-affected> (Xinha not yet included)
-	- openacs <unfixed>
-	- dotlrn <unfixed>
+	- openacs <not-affected> (PHP bindings not used)
+	- dotlrn <not-affected> (PHP bindings not used)
 	NOTE: http://secunia.com/advisories/40669/
 CVE-2011-1135 [xinha multiple vulns]
 	RESERVED
 	- serendipity <unfixed> (bug #611661)
 	[lenny] - serendipity <not-affected> (Xinha not yet included)
-	- openacs <unfixed>
-	- dotlrn <unfixed>
+	- openacs <not-affected> (PHP bindings not used)
+	- dotlrn <not-affected> (PHP bindings not used)
 	NOTE: http://secunia.com/advisories/40669/
 CVE-2011-1137 [proftpd mod_sftp DoS]
 	RESERVED

More information about the Secure-testing-commits mailing list