[Secure-testing-commits] r16366 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Mar 11 21:26:10 UTC 2011 

Author: jmm
Date: 2011-03-11 21:26:10 +0000 (Fri, 11 Mar 2011)
New Revision: 16366

Modified:
   data/CVE/list
Log:
- NFUs
- openldap bug
- Debian's cron not affected


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-03-11 21:15:34 UTC (rev 16365)
+++ data/CVE/list	2011-03-11 21:26:10 UTC (rev 16366)
@@ -183,39 +183,39 @@
 CVE-2011-1323
 	RESERVED
 CVE-2011-1322 (The SOAP with Attachments API for Java (SAAJ) implementation in the ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1321 (The AuthCache purge implementation in the Security component in IBM ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1320 (The Security component in IBM WebSphere Application Server (WAS) ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1319 (The Security component in IBM WebSphere Application Server (WAS) ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1318 (Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1317 (Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1316 (The Session Initiation Protocol (SIP) Proxy in the HTTP Transport ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1315 (Memory leak in the messaging engine in IBM WebSphere Application ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1314 (The Service Integration Bus (SIB) messaging engine in IBM WebSphere ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1313 (Double free vulnerability in IBM WebSphere Application Server (WAS) ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1312 (The Administrative Console component in IBM WebSphere Application ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1311 (The Security component in IBM WebSphere Application Server (WAS) ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1310 (The Administrative Scripting Tools component in IBM WebSphere ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1309 (The Plug-in component in IBM WebSphere Application Server (WAS) before ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1308 (Cross-site scripting (XSS) vulnerability in the Installation ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1307 (The installer in IBM WebSphere Application Server (WAS) before ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-1306 (Unspecified vulnerability in the Scratchpad application in Google ...)
-	TODO: check
+	NOT-FOR-US: Google ChromeOS
 CVE-2011-XXXX [gmime segfault]
 	- gmime2.4 <unfixed> (bug #616366)
 CVE-2011-1305
@@ -734,19 +734,19 @@
 CVE-2011-1106 (Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server ...)
 	NOT-FOR-US: IBM Lotus Sametime
 CVE-2010-4753 (Cross-site scripting (XSS) vulnerability in LightNEasy.php in ...)
-	TODO: check
+	NOT-FOR-US: LightNEasy
 CVE-2010-4752 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, ...)
-	TODO: check
+	NOT-FOR-US: LightNEasy
 CVE-2010-4751 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, ...)
-	TODO: check
+	NOT-FOR-US: LightNEasy
 CVE-2010-4750 (Cross-site request forgery (CSRF) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: BLOG:CMS
 CVE-2010-4749 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS ...)
-	TODO: check
+	NOT-FOR-US: BLOG:CMS
 CVE-2010-4748 (Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki ...)
-	TODO: check
+	NOT-FOR-US: pmwiki
 CVE-2010-4747 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2011-XXXX [polarssl d-h man in the middle]
 	- polarssl <unfixed> (bug #616114)
 	NOTE: https://lists.ubuntu.com/archives/ubuntu-motu/2011-February/007026.html
@@ -847,9 +847,9 @@
 CVE-2011-1075
 	RESERVED
 CVE-2011-1074 (crontab.c in crontab in FreeBSD allows local users to determine the ...)
-	TODO: check
+	- cron <not-affected> (Debian's cron not affected)
 CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users ...)
-	TODO: check
+	- cron <not-affected> (Debian's cron not affected)
 CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to overwrite ...)
 	TODO: apparenty not in Debian. Raphael, can you confirm?
 CVE-2011-1071 [eglibc: memory corruption]
@@ -995,12 +995,12 @@
 	RESERVED
 CVE-2011-1025 [rootpw is not verified with slapd.conf]
 	RESERVED
-	- openldap <unfixed> (low)
+	- openldap <unfixed> (low; bug #617606)
 	[squeeze] - openldap <no-dsa> (Minor issue)
 	[lenny] - openldap <not-affected> (Vulnerable code not present, introduced in 2.4.12)
 CVE-2011-1024 [forwarded bind failure messages cause success]
 	RESERVED
-	- openldap <unfixed> (low)
+	- openldap <unfixed> (low; bug #617606)
 	[lenny] - openldap <no-dsa> (Minor issue)
 	[squeeze] - openldap <no-dsa> (Minor issue)
 CVE-2011-1023

More information about the Secure-testing-commits mailing list