[Secure-testing-commits] r16412 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Mar 22 08:15:42 UTC 2011 

Author: jmm
Date: 2011-03-22 08:15:30 +0000 (Tue, 22 Mar 2011)
New Revision: 16412

Modified:
   data/CVE/list
Log:
- qmail CVEfied
- new tomcat issue specific to tomcat7
- kernel updates
- libxslt fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-03-21 22:51:50 UTC (rev 16411)
+++ data/CVE/list	2011-03-22 08:15:30 UTC (rev 16412)
@@ -129,7 +129,9 @@
 CVE-2011-1432 (The STARTTLS implementation in SCO SCOoffice Server does not properly ...)
 	TODO: check
 CVE-2011-1431 (The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the ...)
-	TODO: check
+	- qmail <unfixed>
+	[lenny] - qmail <no-dsa> (non-free doesn't get security support)
+	[squeeze] - qmail <no-dsa> (non-free doesn't get security support)
 CVE-2011-1430 (The STARTTLS implementation in the server in Ipswitch IMail 11.03 and ...)
 	TODO: check
 CVE-2011-1429 (Mutt does not verify that the smtps server hostname matches the domain ...)
@@ -162,7 +164,6 @@
 	TODO: check
 CVE-2011-1415
 	REJECTED
-	TODO: check
 CVE-2010-4757 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 ...)
 	TODO: check
 CVE-2011-1414
@@ -613,7 +614,7 @@
 	- webkit <unfixed>
 	NOTE: http://trac.webkit.org/changeset/79476
 CVE-2011-1202 (Unspecified vulnerability in the XSLT implementation in Google Chrome ...)
-	- libxslt <unfixed> (bug #617413)
+	- libxslt 1.1.26-7 (bug #617413)
 	NOTE: http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
 	[squeeze] - libxslt <no-dsa> (minor issue)
 	[lenny] - libxslt <no-dsa> (minor issue)
@@ -733,6 +734,9 @@
 	RESERVED
 CVE-2011-1169
 	RESERVED
+	- linux-2.6 <unfixed>
+	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.35)
+	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35)
 CVE-2011-1168
 	RESERVED
 CVE-2011-1167
@@ -1023,6 +1027,7 @@
 	NOTE: http://seclists.org/oss-sec/2011/q1/368
 CVE-2011-1088 (Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity ...)
 	TODO: check
+	- tomcat6 <not-affected> (Only affects Tomcat 7)
 CVE-2011-1087
 	RESERVED
 CVE-2011-1086
@@ -1052,7 +1057,7 @@
 	RESERVED
 CVE-2011-1076
 	RESERVED
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.38-1
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
 CVE-2011-1075
@@ -2878,9 +2883,6 @@
 	NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded
 	NOTE: http://www.postfix.org/announcements/postfix-2.7.3.html
 	NOTE: http://www.postfix.org/CVE-2011-0411.html
-	- qmail <unfixed>
-	[lenny] - qmail <no-dsa> (non-free doesn't get security support)
-	[squeeze] - qmail <no-dsa> (non-free doesn't get security support)
 	NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q
 CVE-2011-0410 (CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for ...)
 	NOT-FOR-US: CollabNet ScrumWorks Basic

More information about the Secure-testing-commits mailing list