[Secure-testing-commits] r16459 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Mar 30 21:16:13 UTC 2011
Author: joeyh
Date: 2011-03-30 21:16:10 +0000 (Wed, 30 Mar 2011)
New Revision: 16459
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-03-30 20:04:21 UTC (rev 16458)
+++ data/CVE/list 2011-03-30 21:16:10 UTC (rev 16459)
@@ -1,3 +1,49 @@
+CVE-2011-1547
+ RESERVED
+CVE-2011-1546
+ RESERVED
+CVE-2011-1545
+ RESERVED
+CVE-2011-1544
+ RESERVED
+CVE-2011-1543
+ RESERVED
+CVE-2011-1542
+ RESERVED
+CVE-2011-1541
+ RESERVED
+CVE-2011-1540
+ RESERVED
+CVE-2011-1539
+ RESERVED
+CVE-2011-1538
+ RESERVED
+CVE-2011-1537
+ RESERVED
+CVE-2011-1536
+ RESERVED
+CVE-2011-1535
+ RESERVED
+CVE-2011-1534
+ RESERVED
+CVE-2011-1533
+ RESERVED
+CVE-2011-1532
+ RESERVED
+CVE-2011-1531
+ RESERVED
+CVE-2011-1530
+ RESERVED
+CVE-2011-1529
+ RESERVED
+CVE-2011-1528
+ RESERVED
+CVE-2011-1527
+ RESERVED
+CVE-2011-1526
+ RESERVED
+CVE-2011-1525
+ RESERVED
CVE-2011-1524 (Cross-site scripting (XSS) vulnerability in the management login GUI ...)
NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2011-1523
@@ -144,8 +190,8 @@
RESERVED
CVE-2011-1473
RESERVED
-CVE-2011-1472
- RESERVED
+CVE-2011-1472 (The Nokia E75 phone with firmware before 211.12.01 allows physically ...)
+ TODO: check
CVE-2009-5062 (IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX ...)
NOT-FOR-US: IBM Lotus Quickr
CVE-2009-5061 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 ...)
@@ -776,8 +822,8 @@
RESERVED
CVE-2011-1206
RESERVED
-CVE-2011-1205
- RESERVED
+CVE-2011-1205 (Multiple buffer overflows in unspecified COM objects in Rational ...)
+ TODO: check
CVE-2011-1204 (Google Chrome before 10.0.648.127 does not properly handle attributes, ...)
- chromium-browser 10.0.648.127~r76697-1
[squeeze] - chromium-browser <no-dsa> (hard merge)
@@ -912,8 +958,7 @@
RESERVED
CVE-2011-1177
RESERVED
-CVE-2011-1176 [apache2-mpm-itk config misparsing]
- RESERVED
+CVE-2011-1176 (The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk ...)
{DSA-2202-1}
- apache2 2.2.17-2 (bug #618857; medium)
[lenny] - apache2 <not-affected> (different source package in lenny: apache2-mpm-itk)
@@ -1834,8 +1879,8 @@
RESERVED
CVE-2011-0893
RESERVED
-CVE-2011-0892
- RESERVED
+CVE-2011-0892 (Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and ...)
+ TODO: check
CVE-2011-0891
RESERVED
CVE-2011-0890 (HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, ...)
@@ -2262,8 +2307,7 @@
RESERVED
CVE-2011-0729
RESERVED
-CVE-2011-0728
- RESERVED
+CVE-2011-0728 (Cross-site scripting (XSS) vulnerability in templatefunctions.py in ...)
- loggerhead 1.18.1-1
CVE-2011-0727
RESERVED
@@ -2294,7 +2338,7 @@
NOT-FOR-US: Joomla JRadio addon
CVE-2010-4718 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Joomla Lyftenbloggie addon
-CVE-2011-0720 (Unspecified vulnerability in Plone 2.5 through 4.0 allows remote ...)
+CVE-2011-0720 (Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, ...)
- plone3 <removed>
TODO: check
CVE-2011-0719 (Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 ...)
@@ -3050,8 +3094,7 @@
NOT-FOR-US: tinyBB
CVE-2011-0442 (The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to ...)
NOT-FOR-US: EMC Avamar
-CVE-2011-0441 [arbitrary files removal via cronjob]
- RESERVED
+CVE-2011-0441 (The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows ...)
{DSA-2195-1}
- php5 5.3.6-1 (bug #618489)
NOTE: Debian-specific
@@ -3130,6 +3173,7 @@
CVE-2011-0415
RESERVED
CVE-2011-0414 (ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative ...)
+ {DSA-2208-1}
- bind9 1:9.7.3.dfsg-1
[lenny] - bind9 <not-affected> (Introduced in 9.7.1)
CVE-2011-0413 (The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV ...)
@@ -8043,10 +8087,10 @@
NOT-FOR-US: VMware Workstation
CVE-2010-3276 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...)
- vlc 1.1.8-1
- NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch
+ NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch
CVE-2010-3275 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...)
- vlc 1.1.8-1
- NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch
+ NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch
CVE-2010-3274 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: ZOHO ManageEngine
CVE-2010-3273 (ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows ...)
@@ -10921,6 +10965,7 @@
{DSA-2115-1}
- moodle 1.9.9-1 (bug #586280)
CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 ...)
+ {DSA-2207-1}
- tomcat5.5 <removed>
- tomcat6 6.0.28-1 (bug #588813)
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
@@ -12445,12 +12490,10 @@
CVE-2010-1676 (Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before ...)
{DSA-2136-1}
- tor 0.2.1.26-6
-CVE-2010-1675
- RESERVED
+CVE-2010-1675 (bgpd in Quagga before 0.99.18 allows remote attackers to cause a ...)
{DSA-2197-1}
- quagga 0.99.18-1
-CVE-2010-1674
- RESERVED
+CVE-2010-1674 (The extended-community parser in bgpd in Quagga before 0.99.18 allows ...)
{DSA-2197-1}
- quagga 0.99.18-1
CVE-2010-1673 [ikiwiki xss due to insufficient html scrubbing]
@@ -14130,6 +14173,7 @@
CVE-2010-1158 (Integer overflow in the regular expression engine in Perl 5.8.x allows ...)
- perl <not-affected> (re engine rewritten for 5.10 to address issues such as this; and proof-of-concept not effective)
CVE-2010-1157 (Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might ...)
+ {DSA-2207-1}
- tomcat6 6.0.26-5 (bug #587447; unimportant)
- tomcat5.5 <removed> (unimportant)
NOTE: Negligable information disclosure
@@ -22878,6 +22922,7 @@
- linux-2.6 2.6.31-1 (low)
- linux-2.6.24 <removed> (low)
CVE-2009-2902 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through ...)
+ {DSA-2207-1}
- tomcat6 6.0.24-1 (low)
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
- tomcat5.5 <removed>
@@ -23713,6 +23758,7 @@
[lenny] - gaim <not-affected> (Only a transitional package)
- gaim <removed>
CVE-2009-2693 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through ...)
+ {DSA-2207-1}
- tomcat6 6.0.24-1 (low)
[lenny] - tomcat6 <not-affected> (The package only ships the servlet packages)
- tomcat5.5 <removed>
@@ -29962,6 +30008,7 @@
- systemtap 0.0.20090314-2
[etch] - systemtap <not-affected> (vulnerable code not present)
CVE-2009-0783 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...)
+ {DSA-2207-1}
- tomcat5.5 <unfixed> (low; bug #532366)
- tomcat6 6.0.20-1 (low; bug #532362)
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
@@ -29969,6 +30016,7 @@
CVE-2009-0782
REJECTED
CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ...)
+ {DSA-2207-1}
- tomcat5.5 <unfixed> (unimportant; bug #532366)
- tomcat6 6.0.20-1 (unimportant; bug #532362)
- tomcat5 <removed> (unimportant; bug #532363)
@@ -31058,6 +31106,7 @@
- lcms 1.18.dfsg-1 (bug #522446)
- openjdk-6 <undetermined>
CVE-2009-0580 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...)
+ {DSA-2207-1}
- tomcat6 6.0.20-1 (low; bug #532362)
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
- tomcat5 <removed> (low; bug #532363)
@@ -33658,6 +33707,7 @@
- sudo 1.6.9p17-2 (medium)
[etch] - sudo <not-affected> (Vulnerable code not present)
CVE-2009-0033 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...)
+ {DSA-2207-1}
- tomcat6 6.0.28-1
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
- tomcat5 <removed> (medium; bug #532363)
@@ -33899,6 +33949,7 @@
{DSA-1708-1}
- git-core 1:1.5.6-1
CVE-2008-5515 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 ...)
+ {DSA-2207-1}
- tomcat5 <removed> (bug #532363)
- tomcat5.5 <unfixed> (bug #532366)
- tomcat6 6.0.20-1 (bug #532362)
More information about the Secure-testing-commits
mailing list