[Secure-testing-commits] r16660 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed May 11 21:16:44 UTC 2011
Author: joeyh
Date: 2011-05-11 21:16:28 +0000 (Wed, 11 May 2011)
New Revision: 16660
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-05-11 15:45:29 UTC (rev 16659)
+++ data/CVE/list 2011-05-11 21:16:28 UTC (rev 16660)
@@ -1,3 +1,431 @@
+CVE-2011-2081 (MediaCAST 8 and earlier does not properly handle requests for ...)
+ TODO: check
+CVE-2011-2080 (Multiple SQL injection vulnerabilities in MediaCAST 8 and earlier ...)
+ TODO: check
+CVE-2011-2079 (MediaCAST 8 and earlier allows remote attackers to have an unspecified ...)
+ TODO: check
+CVE-2011-2078 (Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta ...)
+ TODO: check
+CVE-2011-2077 (The default configuration of the New Atlanta BlueDragon administrative ...)
+ TODO: check
+CVE-2011-2076 (MediaCAST 8 and earlier stores passwords in cleartext, which makes it ...)
+ TODO: check
+CVE-2011-2075 (Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 ...)
+ TODO: check
+CVE-2011-2074 (Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 ...)
+ TODO: check
+CVE-2011-2073
+ RESERVED
+CVE-2011-2072
+ RESERVED
+CVE-2011-2071
+ RESERVED
+CVE-2011-2070
+ RESERVED
+CVE-2011-2069
+ RESERVED
+CVE-2011-2068
+ RESERVED
+CVE-2011-2067
+ RESERVED
+CVE-2011-2066
+ RESERVED
+CVE-2011-2065
+ RESERVED
+CVE-2011-2064
+ RESERVED
+CVE-2011-2063
+ RESERVED
+CVE-2011-2062
+ RESERVED
+CVE-2011-2061
+ RESERVED
+CVE-2011-2060
+ RESERVED
+CVE-2011-2059
+ RESERVED
+CVE-2011-2058
+ RESERVED
+CVE-2011-2057
+ RESERVED
+CVE-2011-2056
+ RESERVED
+CVE-2011-2055
+ RESERVED
+CVE-2011-2054
+ RESERVED
+CVE-2011-2053
+ RESERVED
+CVE-2011-2052
+ RESERVED
+CVE-2011-2051
+ RESERVED
+CVE-2011-2050
+ RESERVED
+CVE-2011-2049
+ RESERVED
+CVE-2011-2048
+ RESERVED
+CVE-2011-2047
+ RESERVED
+CVE-2011-2046
+ RESERVED
+CVE-2011-2045
+ RESERVED
+CVE-2011-2044
+ RESERVED
+CVE-2011-2043
+ RESERVED
+CVE-2011-2042
+ RESERVED
+CVE-2011-2041
+ RESERVED
+CVE-2011-2040
+ RESERVED
+CVE-2011-2039
+ RESERVED
+CVE-2011-2038
+ RESERVED
+CVE-2011-2037
+ RESERVED
+CVE-2011-2036
+ RESERVED
+CVE-2011-2035
+ RESERVED
+CVE-2011-2034
+ RESERVED
+CVE-2011-2033
+ RESERVED
+CVE-2011-2032
+ RESERVED
+CVE-2011-2031
+ RESERVED
+CVE-2011-2030
+ RESERVED
+CVE-2011-2029
+ RESERVED
+CVE-2011-2028
+ RESERVED
+CVE-2011-2027
+ RESERVED
+CVE-2011-2026
+ RESERVED
+CVE-2011-2025
+ RESERVED
+CVE-2011-2024
+ RESERVED
+CVE-2011-2023
+ RESERVED
+CVE-2011-2022 (The agp_generic_remove_memory function in drivers/char/agp/generic.c ...)
+ TODO: check
+CVE-2011-2021
+ RESERVED
+CVE-2011-2020
+ RESERVED
+CVE-2011-2019
+ RESERVED
+CVE-2011-2018
+ RESERVED
+CVE-2011-2017
+ RESERVED
+CVE-2011-2016
+ RESERVED
+CVE-2011-2015
+ RESERVED
+CVE-2011-2014
+ RESERVED
+CVE-2011-2013
+ RESERVED
+CVE-2011-2012
+ RESERVED
+CVE-2011-2011
+ RESERVED
+CVE-2011-2010
+ RESERVED
+CVE-2011-2009
+ RESERVED
+CVE-2011-2008
+ RESERVED
+CVE-2011-2007
+ RESERVED
+CVE-2011-2006
+ RESERVED
+CVE-2011-2005
+ RESERVED
+CVE-2011-2004
+ RESERVED
+CVE-2011-2003
+ RESERVED
+CVE-2011-2002
+ RESERVED
+CVE-2011-2001
+ RESERVED
+CVE-2011-2000
+ RESERVED
+CVE-2011-1999
+ RESERVED
+CVE-2011-1998
+ RESERVED
+CVE-2011-1997
+ RESERVED
+CVE-2011-1996
+ RESERVED
+CVE-2011-1995
+ RESERVED
+CVE-2011-1994
+ RESERVED
+CVE-2011-1993
+ RESERVED
+CVE-2011-1992
+ RESERVED
+CVE-2011-1991
+ RESERVED
+CVE-2011-1990
+ RESERVED
+CVE-2011-1989
+ RESERVED
+CVE-2011-1988
+ RESERVED
+CVE-2011-1987
+ RESERVED
+CVE-2011-1986
+ RESERVED
+CVE-2011-1985
+ RESERVED
+CVE-2011-1984
+ RESERVED
+CVE-2011-1983
+ RESERVED
+CVE-2011-1982
+ RESERVED
+CVE-2011-1981
+ RESERVED
+CVE-2011-1980
+ RESERVED
+CVE-2011-1979
+ RESERVED
+CVE-2011-1978
+ RESERVED
+CVE-2011-1977
+ RESERVED
+CVE-2011-1976
+ RESERVED
+CVE-2011-1975
+ RESERVED
+CVE-2011-1974
+ RESERVED
+CVE-2011-1973
+ RESERVED
+CVE-2011-1972
+ RESERVED
+CVE-2011-1971
+ RESERVED
+CVE-2011-1970
+ RESERVED
+CVE-2011-1969
+ RESERVED
+CVE-2011-1968
+ RESERVED
+CVE-2011-1967
+ RESERVED
+CVE-2011-1966
+ RESERVED
+CVE-2011-1965
+ RESERVED
+CVE-2011-1964
+ RESERVED
+CVE-2011-1963
+ RESERVED
+CVE-2011-1962
+ RESERVED
+CVE-2011-1961
+ RESERVED
+CVE-2011-1960
+ RESERVED
+CVE-2011-1959
+ RESERVED
+CVE-2011-1958
+ RESERVED
+CVE-2011-1957
+ RESERVED
+CVE-2011-1956
+ RESERVED
+CVE-2011-1955
+ RESERVED
+CVE-2011-1954
+ RESERVED
+CVE-2011-1953
+ RESERVED
+CVE-2011-1952
+ RESERVED
+CVE-2011-1951
+ RESERVED
+CVE-2011-1950
+ RESERVED
+CVE-2011-1949
+ RESERVED
+CVE-2011-1948
+ RESERVED
+CVE-2011-1947
+ RESERVED
+CVE-2011-1946
+ RESERVED
+CVE-2011-1945
+ RESERVED
+CVE-2011-1944
+ RESERVED
+CVE-2011-1943
+ RESERVED
+CVE-2011-1942
+ RESERVED
+CVE-2011-1941
+ RESERVED
+CVE-2011-1940
+ RESERVED
+CVE-2011-1939
+ RESERVED
+CVE-2011-1938
+ RESERVED
+CVE-2011-1937
+ RESERVED
+CVE-2011-1936
+ RESERVED
+CVE-2011-1935
+ RESERVED
+CVE-2011-1934
+ RESERVED
+CVE-2011-1933
+ RESERVED
+CVE-2011-1932
+ RESERVED
+CVE-2011-1931
+ RESERVED
+CVE-2011-1930
+ RESERVED
+CVE-2011-1929
+ RESERVED
+CVE-2011-1928
+ RESERVED
+CVE-2011-1927
+ RESERVED
+CVE-2011-1926
+ RESERVED
+CVE-2011-1925
+ RESERVED
+CVE-2011-1924
+ RESERVED
+CVE-2011-1923
+ RESERVED
+CVE-2011-1922
+ RESERVED
+CVE-2011-1921
+ RESERVED
+CVE-2011-1920
+ RESERVED
+CVE-2011-1919
+ RESERVED
+CVE-2011-1918
+ RESERVED
+CVE-2011-1917
+ RESERVED
+CVE-2011-1916
+ RESERVED
+CVE-2011-1915
+ RESERVED
+CVE-2011-1914
+ RESERVED
+CVE-2011-1913
+ RESERVED
+CVE-2011-1912
+ RESERVED
+CVE-2011-1911
+ RESERVED
+CVE-2011-1910
+ RESERVED
+CVE-2011-1909
+ RESERVED
+CVE-2011-1908
+ RESERVED
+CVE-2011-1906 (Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific ...)
+ TODO: check
+CVE-2011-1905 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2011-1904 (An unspecified function in the web interface in Proofpoint Messaging ...)
+ TODO: check
+CVE-2011-1903 (SQL injection vulnerability in an unspecified function in Proofpoint ...)
+ TODO: check
+CVE-2011-1902 (Directory traversal vulnerability in the web interface in Proofpoint ...)
+ TODO: check
+CVE-2011-1901 (The mail-filter web interface in Proofpoint Messaging Security Gateway ...)
+ TODO: check
+CVE-2011-1900 (Directory traversal vulnerability in NTWebServer in InduSoft Web ...)
+ TODO: check
+CVE-2011-1899
+ RESERVED
+CVE-2011-1898
+ RESERVED
+CVE-2011-1897
+ RESERVED
+CVE-2011-1896
+ RESERVED
+CVE-2011-1895
+ RESERVED
+CVE-2011-1894
+ RESERVED
+CVE-2011-1893
+ RESERVED
+CVE-2011-1892
+ RESERVED
+CVE-2011-1891
+ RESERVED
+CVE-2011-1890
+ RESERVED
+CVE-2011-1889
+ RESERVED
+CVE-2011-1888
+ RESERVED
+CVE-2011-1887
+ RESERVED
+CVE-2011-1886
+ RESERVED
+CVE-2011-1885
+ RESERVED
+CVE-2011-1884
+ RESERVED
+CVE-2011-1883
+ RESERVED
+CVE-2011-1882
+ RESERVED
+CVE-2011-1881
+ RESERVED
+CVE-2011-1880
+ RESERVED
+CVE-2011-1879
+ RESERVED
+CVE-2011-1878
+ RESERVED
+CVE-2011-1877
+ RESERVED
+CVE-2011-1876
+ RESERVED
+CVE-2011-1875
+ RESERVED
+CVE-2011-1874
+ RESERVED
+CVE-2011-1873
+ RESERVED
+CVE-2011-1872
+ RESERVED
+CVE-2011-1871
+ RESERVED
+CVE-2011-1870
+ RESERVED
+CVE-2011-1869
+ RESERVED
+CVE-2011-1868
+ RESERVED
+CVE-2010-4804
+ RESERVED
CVE-2011-XXXX
- libmodplug <unfixed> (low; bug #625966)
CVE-2011-XXXX [fglrx-driver xauth cookie leak]
@@ -8,7 +436,7 @@
CVE-2011-XXXX
- openssh <not-affected> (Only affects platforms w/o /dev/random)
NOTE: http://www.openssh.com/txt/portable-keysign-rand-helper.adv
-CVE-2011-1907
+CVE-2011-1907 (ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset ...)
- bind9 <not-affected> (Only affects 9.8.0, never uploaded to the archive)
NOTE: https://www.isc.org/CVE-2011-1907
CVE-2011-1765 [IE6 XSS protection was incomplete]
@@ -146,12 +574,12 @@
NOT-FOR-US: MG User-Fotoalbum module for PHP-Fusion
CVE-2010-4790 (Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and ...)
NOT-FOR-US: FilterFTP
-CVE-2011-1826
- RESERVED
-CVE-2011-1825
- RESERVED
-CVE-2011-1824
- RESERVED
+CVE-2011-1826 (Open redirect vulnerability in the Administrative Console in CA Arcot ...)
+ TODO: check
+CVE-2011-1825 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
+CVE-2011-1824 (The VEGAOpBitmap::AddLine function in Opera before 10.61 does not ...)
+ TODO: check
CVE-2011-1823
RESERVED
CVE-2011-1822 (The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 ...)
@@ -246,13 +674,13 @@
NOT-FOR-US: Tivoli
CVE-2007-6742 (The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 ...)
NOT-FOR-US: Tivoli
-CVE-2011-1789
- RESERVED
-CVE-2011-1788
- RESERVED
+CVE-2011-1789 (The self-extracting installer in the vSphere Client Installer package ...)
+ TODO: check
+CVE-2011-1788 (vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before ...)
+ TODO: check
CVE-2011-1787
RESERVED
-CVE-2011-1786 (lsassd in Likewise Open, as distributed in VMware ESXi 4.1 and ESX ...)
+CVE-2011-1786 (lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 ...)
NOT-FOR-US: Likewise
CVE-2011-1785 (VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to ...)
NOT-FOR-US: VMware
@@ -342,15 +770,13 @@
RESERVED
TODO: check
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=697975
-CVE-2011-1748
- RESERVED
-CVE-2011-1747
- RESERVED
-CVE-2011-1746
- RESERVED
+CVE-2011-1748 (The raw_release function in net/can/raw.c in the Linux kernel before ...)
+ TODO: check
+CVE-2011-1747 (The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not ...)
+ TODO: check
+CVE-2011-1746 (Multiple integer overflows in the (1) agp_allocate_memory and (2) ...)
- linux-2.6 2.6.38-5
-CVE-2011-1745
- RESERVED
+CVE-2011-1745 (Integer overflow in the agp_generic_insert_memory function in ...)
- linux-2.6 2.6.38-5
CVE-2011-1744
RESERVED
@@ -368,24 +794,24 @@
RESERVED
CVE-2011-1737
RESERVED
-CVE-2011-1736
- RESERVED
-CVE-2011-1735
- RESERVED
-CVE-2011-1734
- RESERVED
-CVE-2011-1733
- RESERVED
-CVE-2011-1732
- RESERVED
-CVE-2011-1731
- RESERVED
-CVE-2011-1730
- RESERVED
-CVE-2011-1729
- RESERVED
-CVE-2011-1728
- RESERVED
+CVE-2011-1736 (Directory traversal vulnerability in OmniInet.exe in the Backup Client ...)
+ TODO: check
+CVE-2011-1735 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
+ TODO: check
+CVE-2011-1734 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
+ TODO: check
+CVE-2011-1733 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
+ TODO: check
+CVE-2011-1732 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
+ TODO: check
+CVE-2011-1731 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
+ TODO: check
+CVE-2011-1730 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
+ TODO: check
+CVE-2011-1729 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
+ TODO: check
+CVE-2011-1728 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
+ TODO: check
CVE-2011-1727 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, ...)
TODO: check
CVE-2011-1726 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, ...)
@@ -683,8 +1109,7 @@
{DSA-2225-1}
- asterisk 1:1.8.3.3-1
[lenny] - asterisk <not-affected> (Vulnerable code not present)
-CVE-2011-1598
- RESERVED
+CVE-2011-1598 (The bcm_release function in net/can/bcm.c in the Linux kernel before ...)
- linux-2.6 2.6.38-5
CVE-2011-1597
RESERVED
@@ -747,8 +1172,7 @@
RESERVED
- pure-ftpd 1.0.30-1
NOTE: http://www.pureftpd.org/project/pure-ftpd/news
-CVE-2011-1574
- RESERVED
+CVE-2011-1574 (Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in ...)
{DSA-2226-1}
- libmodplug 1:0.8.8.2-1 (low; bug #622091)
CVE-2011-1573
@@ -760,10 +1184,10 @@
NOTE: https://github.com/sitaramc/gitolite/commit/a33f0f85047834212ff4baf5b479c6cf3d2a6075
NOTE: https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc
[squeeze] - gitolite 1.5.4-2+squeeze1
-CVE-2011-1571
- RESERVED
-CVE-2011-1570
- RESERVED
+CVE-2011-1571 (Unspecified vulnerability in the XSL Content portlet in Liferay Portal ...)
+ TODO: check
+CVE-2011-1570 (Cross-site scripting (XSS) vulnerability in Liferay Portal Community ...)
+ TODO: check
CVE-2011-1569 (download.aspx in Douran Portal 3.9.7.8 allows remote attackers to ...)
NOT-FOR-US: Douran Portal
CVE-2011-1568 (Format string vulnerability in the logText function in shmemmgr9.dll ...)
@@ -829,8 +1253,8 @@
- eglibc 2.10.1-7
- glibc <removed> (unimportant)
NOTE: Obscure attack
-CVE-2011-1547
- RESERVED
+CVE-2011-1547 (Multiple stack consumption vulnerabilities in the kernel in NetBSD ...)
+ TODO: check
CVE-2011-1546 (Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase ...)
NOT-FOR-US: Aphpkb
CVE-2011-1545 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...)
@@ -959,14 +1383,14 @@
NOT-FOR-US: Kerio
CVE-2011-1505 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 ...)
NOT-FOR-US: IBM Lotus Quickr
-CVE-2011-1504
- RESERVED
-CVE-2011-1503
- RESERVED
-CVE-2011-1502
- RESERVED
+CVE-2011-1504 (Cross-site scripting (XSS) vulnerability in Liferay Portal Community ...)
+ TODO: check
+CVE-2011-1503 (The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x ...)
+ TODO: check
+CVE-2011-1502 (Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache ...)
+ TODO: check
CVE-2011-1501
- RESERVED
+ REJECTED
CVE-2011-1500 (PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict ...)
- pithos 0.3.8-1 (low)
CVE-2011-1499 (acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting ...)
@@ -1235,8 +1659,8 @@
NOTE: http://www.aleksey.com/xmlsec/news.html
CVE-2011-1424
RESERVED
-CVE-2011-1423
- RESERVED
+CVE-2011-1423 (Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention ...)
+ TODO: check
CVE-2011-1422 (Cross-site scripting (XSS) vulnerability in an unspecified Shockwave ...)
NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
CVE-2011-1421 (EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the ...)
@@ -1446,10 +1870,10 @@
RESERVED
CVE-2011-1325
RESERVED
-CVE-2011-1324
- RESERVED
-CVE-2011-1323
- RESERVED
+CVE-2011-1324 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2011-1323 (Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware ...)
+ TODO: check
CVE-2011-1322 (The SOAP with Attachments API for Java (SAAJ) implementation in the ...)
NOT-FOR-US: WebSphere
CVE-2011-1321 (The AuthCache purge implementation in the Security component in IBM ...)
@@ -1502,7 +1926,7 @@
CVE-2011-1301 (Use-after-free vulnerability in the GPU process in Google Chrome ...)
- chromium-browser 10.0.648.205~r81283-1
- webkit <undetermined>
-CVE-2011-1300 (The GPU process in Google Chrome before 10.0.648.205 on Windows allows ...)
+CVE-2011-1300 (The Program::getActiveUniformMaxLength function in ...)
TODO: check
CVE-2011-1299
RESERVED
@@ -1576,8 +2000,8 @@
RESERVED
CVE-2011-1272
RESERVED
-CVE-2011-1271
- RESERVED
+CVE-2011-1271 (The JIT compiler in Microsoft .NET Framework before 4 beta 2, when ...)
+ TODO: check
CVE-2011-1270
RESERVED
CVE-2011-1269
@@ -1704,12 +2128,12 @@
RESERVED
CVE-2011-1210
RESERVED
-CVE-2011-1209
- RESERVED
-CVE-2011-1208
- RESERVED
-CVE-2011-1207
- RESERVED
+CVE-2011-1209 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 ...)
+ TODO: check
+CVE-2011-1208 (IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and ...)
+ TODO: check
+CVE-2011-1207 (The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX ...)
+ TODO: check
CVE-2011-1206 (Stack-based buffer overflow in the server process in ibmslapd.exe in ...)
NOT-FOR-US: IBM Tivoli Directory Server
CVE-2011-1205 (Multiple buffer overflows in unspecified COM objects in Rational ...)
@@ -2190,8 +2614,7 @@
- pidgin 2.7.11-1 (low)
[lenny] - pidgin <no-dsa> (Minor issue)
[squeeze] - pidgin <no-dsa> (Minor issue)
-CVE-2011-1090
- RESERVED
+CVE-2011-1090 (The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux ...)
- linux-2.6 2.6.38-1 (low)
CVE-2011-1089 (The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 ...)
- glibc <removed>
@@ -2417,8 +2840,7 @@
- linux-2.6 2.6.38-5
CVE-2011-1016 (The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not ...)
- linux-2.6 2.6.38-1
-CVE-2011-1015 [path traversal in CGIHTTPServer]
- RESERVED
+CVE-2011-1015 (The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in ...)
- python2.6 <unfixed> (low; bug #614860)
[squeeze] - python2.6 <no-dsa> (Minor issue)
- python2.5 <unfixed> (low)
@@ -2430,8 +2852,7 @@
NOTE: http://bugs.python.org/issue2254
CVE-2011-1014
RESERVED
-CVE-2011-1013 [drm_modeset_ctl signedness issue]
- RESERVED
+CVE-2011-1013 (Integer signedness error in the drm_modeset_ctl function in (1) ...)
- linux-2.6 2.6.38-1
[wheezy] - linux-2.6 2.6.32-31
[squeeze] - linux-2.6 2.6.32-31
@@ -2755,14 +3176,12 @@
RESERVED
CVE-2011-0906
RESERVED
-CVE-2011-0905
- RESERVED
+CVE-2011-0905 (The rfbSendFramebufferUpdate function in ...)
- vino 2.28.2-3
- libvncserver <not-affected> (Performs sufficient range validation, but was initially reported as affected)
- kdenetwork 4:4.0
NOTE: Only affects the krfb from KDE 3.5
-CVE-2011-0904
- RESERVED
+CVE-2011-0904 (The rfbSendFramebufferUpdate function in ...)
- vino 2.28.2-3
- libvncserver <not-affected> (Performs sufficient range validation, but was initially reported as affected)
- kdenetwork 4:4.0
@@ -3159,8 +3578,8 @@
NOT-FOR-US: CA ETrust
CVE-2011-0757 (IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, ...)
NOT-FOR-US: IBM DB2
-CVE-2011-0756
- RESERVED
+CVE-2011-0756 (The application server in Trustwave WebDefend Enterprise before 5.0 ...)
+ TODO: check
CVE-2011-0755 (Integer overflow in the mt_rand function in PHP before 5.3.4 might ...)
- php5 5.3.5-1 (unimportant)
NOTE: Only exploitable with malicious script
@@ -3276,8 +3695,7 @@
CVE-2011-0715 (The mod_dav_svn module for the Apache HTTP Server, as distributed in ...)
{DSA-2181-1}
- subversion 1.6.16dfsg-1
-CVE-2011-0714
- RESERVED
+CVE-2011-0714 (Use-after-free vulnerability in a certain Red Hat patch for the RPC ...)
- linux-2.6 <not-affected> (This issue only affects Red Hat Enterprise Linux 6)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=678144
NOTE: http://seclists.org/oss-sec/2011/q1/438
@@ -4010,8 +4428,8 @@
[squeeze] - gif2png <no-dsa> (Minor issue)
CVE-2008-7271 (Multiple cross-site scripting (XSS) vulnerabilities in the Help ...)
- eclipse <not-affected> (Fixed before the version now in Squeeze)
-CVE-2011-0426
- RESERVED
+CVE-2011-0426 (Directory traversal vulnerability in vCenter Server in VMware vCenter ...)
+ TODO: check
CVE-2011-0445 (The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote ...)
- wireshark <not-affected> (Only affects Wireshark 1.4, fixed in experimental)
CVE-2011-0444 (Buffer overflow in the MAC-LTE dissector ...)
@@ -4261,8 +4679,8 @@
RESERVED
CVE-2011-0341
RESERVED
-CVE-2011-0340
- RESERVED
+CVE-2011-0340 (Multiple buffer overflows in the ISSymbol ActiveX control in ...)
+ TODO: check
CVE-2011-0339
RESERVED
CVE-2011-0338
@@ -5132,93 +5550,80 @@
RESERVED
CVE-2011-0082
RESERVED
-CVE-2011-0081
- RESERVED
+CVE-2011-0081 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <not-affected> (Only affects Firefox 4.0/3.6, not yet in unstable)
- iceweasel <not-affected> (Only affects Firefox 4.0/3.6, not yet in unstable)
-CVE-2011-0080
- RESERVED
+CVE-2011-0080 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0079
- RESERVED
+CVE-2011-0079 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in unstable)
- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in unstable)
-CVE-2011-0078
- RESERVED
+CVE-2011-0078 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0077
- RESERVED
+CVE-2011-0077 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0076
- RESERVED
+CVE-2011-0076 (Unspecified vulnerability in the Java Embedding Plugin (JEP) in ...)
- xulrunner <not-affected> (Only affects MacOS X)
- iceweasel <not-affected> (Only affects MacOS X)
-CVE-2011-0075
- RESERVED
+CVE-2011-0075 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0074
- RESERVED
+CVE-2011-0074 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0073
- RESERVED
+CVE-2011-0073 (Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0072
- RESERVED
+CVE-2011-0072 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0071
- RESERVED
+CVE-2011-0071 (Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0070
- RESERVED
+CVE-2011-0070 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0069
- RESERVED
+CVE-2011-0069 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <not-affected> (Vulnerable code not present)
- iceweasel 3.5.19-1
@@ -5229,24 +5634,21 @@
RESERVED
- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in unstable)
- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in unstable)
-CVE-2011-0067
- RESERVED
+CVE-2011-0067 (Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0066
- RESERVED
+CVE-2011-0066 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0065
- RESERVED
+CVE-2011-0065 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
- iceweasel 3.5.19-1
@@ -6396,8 +6798,8 @@
RESERVED
CVE-2010-4285
RESERVED
-CVE-2010-4284
- RESERVED
+CVE-2010-4284 (SQL injection vulnerability in the authentication form in the ...)
+ TODO: check
CVE-2010-4283 (PHP remote file inclusion vulnerability in extras/pandora_diag.php in ...)
NOT-FOR-US: Pandora FMS
CVE-2010-4282 (Multiple directory traversal vulnerabilities in Pandora FMS before ...)
@@ -18112,8 +18514,8 @@
NOTE: ACL bypass claimed to only affect >=9.7.2: https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
CVE-2010-0217
RESERVED
-CVE-2010-0216
- RESERVED
+CVE-2010-0216 (authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows ...)
+ TODO: check
CVE-2010-0215 (ActiveCollab before 2.3.2 allows remote authenticated users to bypass ...)
NOT-FOR-US: ActiveCollab
CVE-2010-0214 (The administrative interface on the PolyVision RoomWizard with ...)
@@ -31608,14 +32010,14 @@
CVE-2009-0670
RESERVED
CVE-2009-0669 (Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise ...)
- {DSA-1863-1}
+ {DSA-2234-1 DSA-1863-1}
- zope3 <removed> (bug #540462)
- zope2.11 2.11.4-1 (bug #540463)
- zope2.10 2.10.9-1 (bug #540464)
- zope2.9 <removed>
- zodb 1:3.8.2-1 (bug #540465)
CVE-2009-0668 (Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, ...)
- {DSA-1863-1}
+ {DSA-2234-1 DSA-1863-1}
- zope3 <removed> (medium; bug #540462)
- zope2.11 2.11.4-1 (medium; bug #540463)
- zope2.10 2.10.9-1 (medium; bug #540464)
More information about the Secure-testing-commits
mailing list