[Secure-testing-commits] r16434 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Mar 25 15:30:54 UTC 2011 

Author: jmm
Date: 2011-03-25 15:30:45 +0000 (Fri, 25 Mar 2011)
New Revision: 16434

Modified:
   data/CVE/list
Log:
- tomcat issue only affects tomcat 7
- two new kernel issues
- new issues in loggerhead (fixed), mahara (fixed), tiff (unfixed)  and vlc (unfixed)
- NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-03-24 22:18:57 UTC (rev 16433)
+++ data/CVE/list	2011-03-25 15:30:45 UTC (rev 16434)
@@ -96,8 +96,10 @@
 	RESERVED
 CVE-2011-1477
 	RESERVED
+	- linux-2.6 <unfixed> 
 CVE-2011-1476
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2011-1475
 	RESERVED
 CVE-2011-1474
@@ -281,7 +283,7 @@
 CVE-2011-1420
 	RESERVED
 CVE-2011-1419 (Apache Tomcat 7.x before 7.0.11, when web.xml has no security ...)
-	TODO: check
+	- tomcat6 <not-affected> (Only affects Tomcat 7)
 CVE-2011-1418 (The stateless address autoconfiguration (aka SLAAC) functionality in ...)
 	NOT-FOR-US: Apple iOS
 CVE-2011-1417 (QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in ...)
@@ -291,7 +293,7 @@
 CVE-2011-1415
 	REJECTED
 CVE-2010-4757 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2011-1414 (Cross-site scripting (XSS) vulnerability in the tibbr web server, as ...)
 	NOT-FOR-US: TIBCO tibbr
 CVE-2011-1413 (Google Chrome before 10.0.648.127 on Linux does not properly mitigate ...)
@@ -881,6 +883,7 @@
 	RESERVED
 CVE-2011-1167
 	RESERVED
+	- tiff <unfixed> (bug filed)
 CVE-2011-1166
 	RESERVED
 CVE-2011-1165
@@ -1170,7 +1173,6 @@
 	TODO: This issue will be assigned to glibc, probably. Not confirmed yet.
 	NOTE: http://seclists.org/oss-sec/2011/q1/368
 CVE-2011-1088 (Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity ...)
-	TODO: check
 	- tomcat6 <not-affected> (Only affects Tomcat 7)
 CVE-2011-1087
 	RESERVED
@@ -2162,6 +2164,7 @@
 	RESERVED
 CVE-2011-0728
 	RESERVED
+	- loggerhead 1.18.1-1
 CVE-2011-0727
 	RESERVED
 CVE-2011-0726
@@ -2948,8 +2951,10 @@
 	NOTE: Debian-specific
 CVE-2011-0440
 	RESERVED
+	- mahara 1.2.7-1
 CVE-2011-0439
 	RESERVED
+	- mahara 1.2.7-1
 CVE-2011-0438 (nslcd/pam.c in nss-pam-ldapd 0.8.0 PAM module returns a success code ...)
 	- nss-pam-ldapd <not-affected> (Only affects 0.8.0, which was only uploaded to experimental)
 CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management implementation ...)
@@ -7923,8 +7928,10 @@
 	NOT-FOR-US: VMware Workstation
 CVE-2010-3276
 	RESERVED
+	- vlc <unfixed>
 CVE-2010-3275
 	RESERVED
+	- vlc <unfixed>
 CVE-2010-3274 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: ZOHO ManageEngine
 CVE-2010-3273 (ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows ...)

More information about the Secure-testing-commits mailing list