[Secure-testing-commits] r16398 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Mar 17 21:15:01 UTC 2011
Author: joeyh
Date: 2011-03-17 21:14:54 +0000 (Thu, 17 Mar 2011)
New Revision: 16398
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-03-17 16:19:47 UTC (rev 16397)
+++ data/CVE/list 2011-03-17 21:14:54 UTC (rev 16398)
@@ -1,3 +1,42 @@
+CVE-2011-1432 (The STARTTLS implementation in SCO SCOoffice Server does not properly ...)
+ TODO: check
+CVE-2011-1431 (The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the ...)
+ TODO: check
+CVE-2011-1430 (The STARTTLS implementation in the server in Ipswitch IMail 11.03 and ...)
+ TODO: check
+CVE-2011-1429 (Mutt does not verify that the smtps server hostname matches the domain ...)
+ TODO: check
+CVE-2011-1428 (Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does ...)
+ TODO: check
+CVE-2011-1427 (Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite ...)
+ TODO: check
+CVE-2011-1426
+ RESERVED
+CVE-2011-1425
+ RESERVED
+CVE-2011-1424
+ RESERVED
+CVE-2011-1423
+ RESERVED
+CVE-2011-1422
+ RESERVED
+CVE-2011-1421
+ RESERVED
+CVE-2011-1420
+ RESERVED
+CVE-2011-1419 (Apache Tomcat 7.x before 7.0.11, when web.xml has no security ...)
+ TODO: check
+CVE-2011-1418 (The stateless address autoconfiguration (aka SLAAC) functionality in ...)
+ TODO: check
+CVE-2011-1417 (Unspecified vulnerability in MobileSafari in Apple iOS 4.2.1 on the ...)
+ TODO: check
+CVE-2011-1416 (The Research In Motion (RIM) BlackBerry Torch 9800 with firmware ...)
+ TODO: check
+CVE-2011-1415
+ REJECTED
+ TODO: check
+CVE-2010-4757 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 ...)
+ TODO: check
CVE-2011-1414
RESERVED
CVE-2011-1413 (Google Chrome before 10.0.648.127 on Linux does not properly mitigate ...)
@@ -255,8 +294,7 @@
RESERVED
CVE-2011-1291
RESERVED
-CVE-2011-1290
- RESERVED
+CVE-2011-1290 (Integer overflow in WebKit, as used on the Research In Motion (RIM) ...)
{DSA-2192-1}
- chromium-browser 10.0.648.133~r77742-1
- webkit <unfixed>
@@ -598,8 +636,8 @@
RESERVED
CVE-2011-1154
RESERVED
-CVE-2011-1153
- RESERVED
+CVE-2011-1153 (Multiple format string vulnerabilities in phar_object.c in the phar ...)
+ TODO: check
CVE-2011-1152
RESERVED
CVE-2011-1151
@@ -610,12 +648,10 @@
RESERVED
CVE-2011-1148
RESERVED
-CVE-2011-1147 [Multiple array overflow and crash vulnerabilities in UDPTL code]
- RESERVED
+CVE-2011-1147 (Multiple stack-based and heap-based buffer overflows in the (1) ...)
- asterisk <undetermined> (bug #614580)
TODO: check vuln versions
-CVE-2011-1146 [libvirt: several API calls do not honour read-only connection]
- RESERVED
+CVE-2011-1146 (libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly ...)
- libvirt 0.8.8-3 (low; bug #617773)
[lenny] - libvirt <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=683650
@@ -815,21 +851,19 @@
[squeeze] - eglibc <no-dsa> (Minor issue)
NOTE: http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904
NOTE: http://bugs.gentoo.org/show_bug.cgi?id=330923
-CVE-2011-1094 [KDE SSL name check issue]
- RESERVED
+CVE-2011-1094 (kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not ...)
- kde4libs <unfixed>
- kdelibs <undetermined>
NOTE: http://seclists.org/oss-sec/2011/q1/434
TODO: file a bug in BTS, check severity. check if kdelibs is affected too.
CVE-2011-1093
RESERVED
-CVE-2011-1092 [PHP: shmop_read, missing sanity check]
- RESERVED
+CVE-2011-1092 (Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows ...)
- php5 <unfixed> (unimportant)
NOTE: only exploitable by malicious scripts
NOTE: http://seclists.org/oss-sec/2011/q1/430
-CVE-2011-1091
- RESERVED
+CVE-2011-1091 (libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 ...)
+ TODO: check
CVE-2011-1090
RESERVED
- linux-2.6 2.6.38-1 (low)
@@ -839,8 +873,8 @@
- eglibc <unfixed>
TODO: This issue will be assigned to glibc, probably. Not confirmed yet.
NOTE: http://seclists.org/oss-sec/2011/q1/368
-CVE-2011-1088
- RESERVED
+CVE-2011-1088 (Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity ...)
+ TODO: check
CVE-2011-1087
RESERVED
CVE-2011-1086
@@ -1181,8 +1215,7 @@
- openacs <not-affected> (PHP bindings not used)
- dotlrn <not-affected> (PHP bindings not used)
NOTE: http://secunia.com/advisories/40669/
-CVE-2011-1137 [proftpd mod_sftp DoS]
- RESERVED
+CVE-2011-1137 (Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d ...)
{DSA-2185-1}
- proftpd-dfsg 1.3.3d-4
[lenny] - proftpd-dfsg <not-affected> (Vulnerable code not present)
@@ -1412,8 +1445,8 @@
RESERVED
CVE-2011-0890
RESERVED
-CVE-2011-0889
- RESERVED
+CVE-2011-0889 (Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA ...)
+ TODO: check
CVE-2011-0888
RESERVED
CVE-2011-0887 (The web management portal on the SMC SMCD3G-CCR (aka Comcast Business ...)
@@ -1773,8 +1806,8 @@
- php5 <unfixed> (unimportant)
CVE-2011-0752 (The extract function in PHP before 5.2.15 does not prevent use of the ...)
- php5 5.3.3-7 (low)
-CVE-2011-0751
- RESERVED
+CVE-2011-0751 (Directory traversal vulnerability in nhttpd (aka Nostromo webserver) ...)
+ TODO: check
CVE-2011-0750
RESERVED
CVE-2011-0749
@@ -1785,8 +1818,8 @@
RESERVED
CVE-2011-0746
RESERVED
-CVE-2011-0745
- RESERVED
+CVE-2011-0745 (SugarCRM before 6.1.3 does not properly handle reloads and direct ...)
+ TODO: check
CVE-2011-0744
RESERVED
CVE-2011-0743
@@ -1866,8 +1899,7 @@
- linux-2.6 2.6.38-1 (low)
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.34)
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.34)
-CVE-2011-0715
- RESERVED
+CVE-2011-0715 (The mod_dav_svn module for the Apache HTTP Server, as distributed in ...)
{DSA-2181-1}
- subversion 1.6.16dfsg-1
CVE-2011-0714
@@ -1915,13 +1947,11 @@
- feh <unfixed> (low; bug #612035)
[squeeze] - feh <no-dsa> (Minor issue)
[lenny] - feh <no-dsa> (Minor issue)
-CVE-2011-0701
- RESERVED
+CVE-2011-0701 (wp-admin/async-upload.php in the media uploader in WordPress before ...)
{DSA-2190-1}
- wordpress 3.0.5+dfsg-1
[lenny] - wordpress <not-affected> (2.x version is not affected)
-CVE-2011-0700
- RESERVED
+CVE-2011-0700 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress ...)
{DSA-2190-1}
- wordpress 3.0.5+dfsg-1
[lenny] - wordpress <not-affected> (2.x version is not affected)
@@ -1945,8 +1975,7 @@
[lenny] - python-django <not-affected> (Vulnerable code not present)
NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
[squeeze] - python-django 1.2.3-3+squeeze1
-CVE-2011-0695 [panic in ib_cm:cm_work_handler]
- RESERVED
+CVE-2011-0695 (Race condition in the cm_work_handler function in the InfiniBand ...)
- linux-2.6 <unfixed>
CVE-2011-0694 (RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and ...)
NOT-FOR-US: RealPlayer
@@ -2059,8 +2088,8 @@
NOT-FOR-US: Automated Solutions Modbus/TCP Master
CVE-2011-0649 (Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through ...)
NOT-FOR-US: TIBCO Rendezvous
-CVE-2011-0648
- RESERVED
+CVE-2011-0648 (Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote ...)
+ TODO: check
CVE-2011-0647 (The irccd.exe service in EMC Replication Manager Client before 5.3 and ...)
NOT-FOR-US: EMC
CVE-2011-0646 (SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows ...)
@@ -2167,8 +2196,8 @@
RESERVED
CVE-2011-0610
RESERVED
-CVE-2011-0609
- RESERVED
+CVE-2011-0609 (Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and ...)
+ TODO: check
CVE-2011-0608 (Adobe Flash Player before 10.2.152.26 allows attackers to execute ...)
NOT-FOR-US: Adobe Flash Player
CVE-2011-0607 (Adobe Flash Player before 10.2.152.26 allows attackers to execute ...)
@@ -2553,10 +2582,10 @@
RESERVED
CVE-2011-0458
RESERVED
-CVE-2011-0457
- RESERVED
-CVE-2011-0456
- RESERVED
+CVE-2011-0457 (Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier ...)
+ TODO: check
+CVE-2011-0456 (Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote ...)
+ TODO: check
CVE-2011-0455 (Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 ...)
NOT-FOR-US: Things BBS
CVE-2011-0454 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...)
@@ -2596,16 +2625,15 @@
[lenny] - wireshark <not-affected> (Vulnerable code not present)
CVE-2011-0443 (SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, ...)
NOT-FOR-US: tinyBB
-CVE-2011-0442
- RESERVED
+CVE-2011-0442 (The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to ...)
+ TODO: check
CVE-2011-0441
RESERVED
CVE-2011-0440
RESERVED
CVE-2011-0439
RESERVED
-CVE-2011-0438
- RESERVED
+CVE-2011-0438 (nslcd/pam.c in nss-pam-ldapd 0.8.0 PAM module returns a success code ...)
- nss-pam-ldapd <not-affected> (Only affects 0.8.0, which was only uploaded to experimental)
CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management implementation ...)
{DSA-2179-1}
@@ -2626,8 +2654,7 @@
[squeeze] - vftool <no-dsa> (Minor issue)
[lenny] - vftool <no-dsa> (Minor issue)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=640923
-CVE-2011-0432
- RESERVED
+CVE-2011-0432 (Multiple SQL injection vulnerabilities in the get_userinfo method in ...)
{DSA-2177-1}
- pywebdav 0.9.4-3
CVE-2011-0431 (The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel ...)
@@ -2687,8 +2714,7 @@
NOTE: http://www.isc.org/software/dhcp/advisories/cve-2011-0413
CVE-2011-0412
RESERVED
-CVE-2011-0411
- RESERVED
+CVE-2011-0411 (The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x ...)
TODO: lots of various other packages potentially affected, need to check them, see http://www.kb.cert.org/vuls/id/555316
- postfix 2.8.0-1
NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded
@@ -2875,8 +2901,8 @@
NOT-FOR-US: Topaz Systems SigPlus
CVE-2011-0323 (Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other ...)
NOT-FOR-US: Topaz Systems SigPlus
-CVE-2011-0322
- RESERVED
+CVE-2011-0322 (Unspecified vulnerability in EMC RSA Access Manager Server 5.5.x, ...)
+ TODO: check
CVE-2011-0321 (librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before ...)
NOT-FOR-US: EMC NetWorker
CVE-2011-0320
@@ -3106,8 +3132,7 @@
CVE-2010-4652 (Heap-based buffer overflow in the sql_prepare_where function ...)
{DSA-2191-1}
- proftpd-dfsg 1.3.3a-6
-CVE-2010-4651 [patch directory traversal]
- RESERVED
+CVE-2010-4651 (Directory traversal vulnerability in util.c in GNU patch 2.6.1 and ...)
- patch <unfixed> (unimportant)
NOTE: Applying a patch blindly opens more severe security issues than only directory traversal...
NOTE: openwall ships a fix
@@ -3227,8 +3252,8 @@
NOT-FOR-US: IBM Rational ClearQuest
CVE-2010-4600 (Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest ...)
NOT-FOR-US: IBM Rational ClearQuest
-CVE-2011-0280
- RESERVED
+CVE-2011-0280 (Multiple cross-site scripting (XSS) vulnerabilities in HP Power ...)
+ TODO: check
CVE-2011-0279 (HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) ...)
NOT-FOR-US: HP Multifunction Peripheral
CVE-2011-0278 (Unspecified vulnerability in HP Web Jetadmin 10.2 Service Release 3 ...)
@@ -3450,35 +3475,35 @@
RESERVED
CVE-2011-0170 (Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes ...)
NOT-FOR-US: Apple iTunes
-CVE-2011-0169
- RESERVED
+CVE-2011-0169 (WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, ...)
+ TODO: check
CVE-2011-0168 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- webkit <undetermined>
- chromium-browser <undetermined>
-CVE-2011-0167
- RESERVED
-CVE-2011-0166
- RESERVED
+CVE-2011-0167 (The windows functionality in WebKit in Apple Safari before 5.0.4 ...)
+ TODO: check
+CVE-2011-0166 (The HTML5 drag and drop functionality in WebKit in Apple Safari before ...)
+ TODO: check
CVE-2011-0165 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0164 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- webkit <undetermined>
- chromium-browser <undetermined>
-CVE-2011-0163
- RESERVED
-CVE-2011-0162
- RESERVED
-CVE-2011-0161
- RESERVED
-CVE-2011-0160
- RESERVED
-CVE-2011-0159
- RESERVED
-CVE-2011-0158
- RESERVED
-CVE-2011-0157
- RESERVED
+CVE-2011-0163 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
+ TODO: check
+CVE-2011-0162 (Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not ...)
+ TODO: check
+CVE-2011-0161 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
+ TODO: check
+CVE-2011-0160 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
+ TODO: check
+CVE-2011-0159 (The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does ...)
+ TODO: check
+CVE-2011-0158 (MobileSafari in Apple iOS before 4.3 does not properly implement ...)
+ TODO: check
+CVE-2011-0157 (WebKit, as used in Apple iOS before 4.3, allows remote attackers to ...)
+ TODO: check
CVE-2011-0156 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- webkit <undetermined>
- chromium-browser <undetermined>
@@ -3736,8 +3761,8 @@
{DSA-2178-1}
- pango1.0 1.28.3-2~sid1
[lenny] - pango1.0 <not-affected> (introduced in code cleanup)
-CVE-2011-0063
- RESERVED
+CVE-2011-0063 (The _list_file_get function in lib/Majordomo.pm in Majordomo 2 ...)
+ TODO: check
CVE-2011-0062 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- xulrunner <not-affected> (Only affects Firefox 3.6, not yet in unstable)
- iceweasel <not-affected> (Only affects Firefox 3.6, not yet in unstable)
@@ -4224,8 +4249,8 @@
[lenny] - mediawiki 1:1.12.0-2lenny7
CVE-2011-0002 (libuser before 0.57 uses a cleartext password value of (1) !! or (2) x ...)
- libuser 1:0.56.9.dfsg.1-1.1 (bug #610034)
-CVE-2011-0001
- RESERVED
+CVE-2011-0001 (Double free vulnerability in the iscsi_rx_handler function ...)
+ TODO: check
CVE-2010-4499 (Session fixation vulnerability in Collaborative Information Manager ...)
NOT-FOR-US: TIBCO Collaborative Information Manager
CVE-2010-4498 (Unspecified vulnerability in Collaborative Information Manager server, ...)
@@ -6633,8 +6658,8 @@
- dhcp <not-affected> (Only affects DHCP 4.x)
CVE-2010-3610
RESERVED
-CVE-2010-3609
- RESERVED
+CVE-2010-3609 (Unspecified vulnerability in the Service Location Protocol daemon ...)
+ TODO: check
CVE-2010-3659 [Multiple security issues]
RESERVED
{DSA-2098-1}
@@ -40083,7 +40108,7 @@
- pidgin 2.4.3-1 (low; bug #488632)
- gaim <removed>
[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
-CVE-2008-2956 (Memory leak in Pidgin 2.0.0, and possibly other versions, allows ...)
+CVE-2008-2956 (** DISPUTED ** ...)
- pidgin <unfixed> (unimportant; bug #488632)
NOTE: Non-issue per analysis of Pidgin upstream developers, should be rejected
CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other versions, ...)
More information about the Secure-testing-commits
mailing list