[Secure-testing-commits] r16410 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Mar 21 21:14:36 UTC 2011
Author: joeyh
Date: 2011-03-21 21:14:34 +0000 (Mon, 21 Mar 2011)
New Revision: 16410
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-03-21 15:52:09 UTC (rev 16409)
+++ data/CVE/list 2011-03-21 21:14:34 UTC (rev 16410)
@@ -1,3 +1,127 @@
+CVE-2011-1471 (Integer signedness error in zip_stream.c in the Zip extension in PHP ...)
+ TODO: check
+CVE-2011-1470 (The Zip extension in PHP before 5.3.6 allows context-dependent ...)
+ TODO: check
+CVE-2011-1469 (Unspecified vulnerability in the Streams component in PHP before 5.3.6 ...)
+ TODO: check
+CVE-2011-1468 (Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 ...)
+ TODO: check
+CVE-2011-1467 (Unspecified vulnerability in the NumberFormatter::setSymbol (aka ...)
+ TODO: check
+CVE-2011-1466 (Integer overflow in the SdnToJulian function in the Calendar extension ...)
+ TODO: check
+CVE-2011-1465 (The SPDY implementation in net/http/http_network_transaction.cc in ...)
+ TODO: check
+CVE-2011-1464 (Buffer overflow in the strval function in PHP before 5.3.6, when the ...)
+ TODO: check
+CVE-2011-1463
+ RESERVED
+CVE-2011-1462
+ RESERVED
+CVE-2011-1461
+ RESERVED
+CVE-2011-1460
+ RESERVED
+CVE-2011-1459
+ RESERVED
+CVE-2011-1458
+ RESERVED
+CVE-2011-1457
+ RESERVED
+CVE-2011-1456
+ RESERVED
+CVE-2011-1455
+ RESERVED
+CVE-2011-1454
+ RESERVED
+CVE-2011-1453
+ RESERVED
+CVE-2011-1452
+ RESERVED
+CVE-2011-1451
+ RESERVED
+CVE-2011-1450
+ RESERVED
+CVE-2011-1449
+ RESERVED
+CVE-2011-1448
+ RESERVED
+CVE-2011-1447
+ RESERVED
+CVE-2011-1446
+ RESERVED
+CVE-2011-1445
+ RESERVED
+CVE-2011-1444
+ RESERVED
+CVE-2011-1443
+ RESERVED
+CVE-2011-1442
+ RESERVED
+CVE-2011-1441
+ RESERVED
+CVE-2011-1440
+ RESERVED
+CVE-2011-1439
+ RESERVED
+CVE-2011-1438
+ RESERVED
+CVE-2011-1437
+ RESERVED
+CVE-2011-1436
+ RESERVED
+CVE-2011-1435
+ RESERVED
+CVE-2011-1434
+ RESERVED
+CVE-2011-1433 (The (1) AgentInterface and (2) CustomerInterface components in Open ...)
+ TODO: check
+CVE-2010-4768 (Open Ticket Request System (OTRS) before 2.3.5 does not properly ...)
+ TODO: check
+CVE-2010-4767 (Open Ticket Request System (OTRS) before 2.3.6 does not properly ...)
+ TODO: check
+CVE-2010-4766 (The AgentTicketForward feature in Open Ticket Request System (OTRS) ...)
+ TODO: check
+CVE-2010-4765 (Race condition in the Kernel::System::Main::FileWrite method in Open ...)
+ TODO: check
+CVE-2010-4764 (Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, ...)
+ TODO: check
+CVE-2010-4763 (The ACL-customer-status Ticket Type setting in Open Ticket Request ...)
+ TODO: check
+CVE-2010-4762 (Cross-site scripting (XSS) vulnerability in the rich-text-editor ...)
+ TODO: check
+CVE-2010-4761 (The customer-interface ticket-print dialog in Open Ticket Request ...)
+ TODO: check
+CVE-2010-4760 (Open Ticket Request System (OTRS) before 3.0.0-beta6 adds ...)
+ TODO: check
+CVE-2010-4759 (Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly ...)
+ TODO: check
+CVE-2010-4758 (installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an ...)
+ TODO: check
+CVE-2009-5057 (The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 ...)
+ TODO: check
+CVE-2009-5056 (Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly ...)
+ TODO: check
+CVE-2009-5055 (Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on ...)
+ TODO: check
+CVE-2008-7283 (Open Ticket Request System (OTRS) before 2.2.6, when customer group ...)
+ TODO: check
+CVE-2008-7282 (Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open ...)
+ TODO: check
+CVE-2008-7281 (Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing ...)
+ TODO: check
+CVE-2008-7280 (Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket ...)
+ TODO: check
+CVE-2008-7279 (The CustomerInterface component in Open Ticket Request System (OTRS) ...)
+ TODO: check
+CVE-2008-7278 (The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, ...)
+ TODO: check
+CVE-2008-7277 (Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw ...)
+ TODO: check
+CVE-2008-7276 (Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) ...)
+ TODO: check
+CVE-2008-7275 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...)
+ TODO: check
CVE-2011-XXXX [apache2-mpm-itk config misparsing]
- apache2 <unfixed> (bug #618857; medium)
[lenny] - apache2 <not-affected> (different source package in lenny: apache2-mpm-itk)
@@ -668,8 +792,7 @@
RESERVED
CVE-2011-1149
RESERVED
-CVE-2011-1148 [substr_replace use after free]
- RESERVED
+CVE-2011-1148 (Use-after-free vulnerability in the substr_replace function in PHP ...)
- php5 <unfixed> (unimportant)
NOTE: only exploitable by malicious scripts
CVE-2011-1147 (Multiple stack-based and heap-based buffer overflows in the (1) ...)
@@ -914,8 +1037,8 @@
CVE-2011-1082
RESERVED
- linux-2.6 2.6.38-1 (low)
-CVE-2011-1081
- RESERVED
+CVE-2011-1081 (modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote ...)
+ TODO: check
CVE-2011-1080
RESERVED
- linux-2.6 <unfixed> (low)
@@ -1075,17 +1198,15 @@
NOT-FOR-US: IBM
CVE-2011-1028
RESERVED
-CVE-2011-1027
- RESERVED
+CVE-2011-1027 (Off-by-one error in the convert_query_hexchar function in html.c in ...)
+ TODO: check
CVE-2011-1026
RESERVED
-CVE-2011-1025 [rootpw is not verified with slapd.conf]
- RESERVED
+CVE-2011-1025 (bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require ...)
- openldap <unfixed> (low; bug #617606)
[squeeze] - openldap <no-dsa> (Minor issue)
[lenny] - openldap <not-affected> (Vulnerable code not present, introduced in 2.4.12)
-CVE-2011-1024 [forwarded bind failure messages cause success]
- RESERVED
+CVE-2011-1024 (chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a ...)
- openldap <unfixed> (low; bug #617606)
[lenny] - openldap <no-dsa> (Minor issue)
[squeeze] - openldap <no-dsa> (Minor issue)
@@ -1952,8 +2073,7 @@
[squeeze] - linux-2.6 2.6.32-31
CVE-2011-0709 (The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux ...)
- linux-2.6 <not-affected> (Introduced in 2.6.35-rc1 and fixed in 2.6.35-rc5)
-CVE-2011-0708 [exif data processing DoS (limited abitrary memory access)]
- RESERVED
+CVE-2011-0708 (exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms ...)
- php5 <unfixed>
CVE-2011-0707 (Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py ...)
{DSA-2170-1}
@@ -2722,8 +2842,7 @@
NOT-FOR-US: PolyVision RoomWizard
CVE-2011-0422
RESERVED
-CVE-2011-0421 [ZipArchive segfault with FL_UNCHANGED on empty archive]
- RESERVED
+CVE-2011-0421 (The _zip_name_locate function in zip_name_locate.c in the Zip ...)
- php5 <unfixed>
NOTE: http://svn.php.net/viewvc?view=revision&revision=307867
CVE-2011-0420 (The grapheme_extract function in the Internationalization extension ...)
@@ -3097,8 +3216,7 @@
NOTE: CVE ID requested
CVE-2011-0285
RESERVED
-CVE-2011-0284 [krb5 kdc double-free]
- RESERVED
+CVE-2011-0284 (Double free vulnerability in the prepare_error_as function in ...)
- krb5 1.8.3+dfsg-6 (low; bug #618517)
[squeeze] - krb5 <no-dsa> (Will be fixed through a point update)
[lenny] - krb5 <no-dsa> (Will be fixed through a point update)
@@ -3470,7 +3588,7 @@
RESERVED
CVE-2011-0193
RESERVED
-CVE-2011-0192 (Buffer overflow in LibTIFF in ImageIO in Apple iTunes before 10.2 on ...)
+CVE-2011-0192 (Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other ...)
- tiff 3.9.4-7
CVE-2011-0191 (Buffer overflow in LibTIFF in ImageIO in Apple iTunes before 10.2 on ...)
- tiff 3.9.4-1
@@ -3846,7 +3964,7 @@
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.12-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in Mozilla ...)
+CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in ...)
{DSA-2187-1 DSA-2186-1 DSA-2180-1}
- icedove 3.0.11-2
[lenny] - icedove <end-of-life>
@@ -3942,7 +4060,7 @@
CVE-2010-4567 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and ...)
- bugzilla <unfixed> (high; bug #611176)
NOTE: http://www.bugzilla.org/security/3.2.9/
-CVE-2010-4566 (Unspecified vulnerability in the NT4 authentication component in ...)
+CVE-2010-4566 (The web authentication form in the NT4 authentication component in ...)
NOT-FOR-US: Citrix Acces Gateway
CVE-2010-4565 (The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) ...)
{DSA-2153-1}
@@ -4329,7 +4447,7 @@
CVE-2010-4490 (Google Chrome before 8.0.552.215 allows remote attackers to cause a ...)
- chromium-browser 6.0.472.63~r59945-3
- webkit <not-affected> (chromium specific issue)
-CVE-2010-4489 (Google Chrome before 8.0.552.215 does not properly handle WebM video, ...)
+CVE-2010-4489 (libvpx, as used in Google Chrome before 8.0.552.215 and possibly other ...)
- chromium-browser <not-affected>
- webkit <not-affected>
- libvpx 0.9.5-1 (bug #610510)
More information about the Secure-testing-commits
mailing list