[Secure-testing-commits] r16669 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon May 16 16:50:10 UTC 2011 

Author: jmm
Date: 2011-05-16 16:50:09 +0000 (Mon, 16 May 2011)
New Revision: 16669

Modified:
   data/CVE/list
Log:
another chrome/webkit issue
sync tracker from kernel-sec repo
new CVE for incomplete fix for old kde metalink issue
historic mojo issue
one util-linux issue actually a non-issue
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-05-16 08:45:02 UTC (rev 16668)
+++ data/CVE/list	2011-05-16 16:50:09 UTC (rev 16669)
@@ -1,19 +1,20 @@
 CVE-2011-2081 (MediaCAST 8 and earlier does not properly handle requests for ...)
-	TODO: check
+	NOT-FOR-US: MediaCAST
 CVE-2011-2080 (Multiple SQL injection vulnerabilities in MediaCAST 8 and earlier ...)
-	TODO: check
+	NOT-FOR-US: MediaCAST
 CVE-2011-2079 (MediaCAST 8 and earlier allows remote attackers to have an unspecified ...)
-	TODO: check
+	NOT-FOR-US: MediaCAST
 CVE-2011-2078 (Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta ...)
-	TODO: check
+	NOT-FOR-US: New Atlanta BlueDragon
 CVE-2011-2077 (The default configuration of the New Atlanta BlueDragon administrative ...)
-	TODO: check
+	NOT-FOR-US: New Atlanta BlueDragon
 CVE-2011-2076 (MediaCAST 8 and earlier stores passwords in cleartext, which makes it ...)
-	TODO: check
+	NOT-FOR-US: MediaCAST
 CVE-2011-2075 (Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-2074 (Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 ...)
-	TODO: check
+	NOT-FOR-US: Skype
 CVE-2011-2073
 	RESERVED
 CVE-2011-2072
@@ -117,7 +118,7 @@
 CVE-2011-2023
 	RESERVED
 CVE-2011-2022 (The agp_generic_remove_memory function in drivers/char/agp/generic.c ...)
-	TODO: check
+	- linux-2.6 2.6.38-5
 CVE-2011-2021
 	RESERVED
 CVE-2011-2020
@@ -347,19 +348,19 @@
 CVE-2011-1908
 	RESERVED
 CVE-2011-1906 (Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific ...)
-	TODO: check
+	NOT-FOR-US: Trustwave WebDefend Enterprise
 CVE-2011-1905 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint Messaging Security Gateway
 CVE-2011-1904 (An unspecified function in the web interface in Proofpoint Messaging ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint Messaging Security Gateway
 CVE-2011-1903 (SQL injection vulnerability in an unspecified function in Proofpoint ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint Messaging Security Gateway
 CVE-2011-1902 (Directory traversal vulnerability in the web interface in Proofpoint ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint Messaging Security Gateway
 CVE-2011-1901 (The mail-filter web interface in Proofpoint Messaging Security Gateway ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint Messaging Security Gateway
 CVE-2011-1900 (Directory traversal vulnerability in NTWebServer in InduSoft Web ...)
-	TODO: check
+	NOT-FOR-US: InduSoft Web Studio
 CVE-2011-1899
 	RESERVED
 CVE-2011-1898
@@ -500,7 +501,7 @@
 CVE-2011-1843 (Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow ...)
 	TODO: check
 CVE-2011-1842 (dbus_backend/lsd.py in the D-Bus backend in language-selector before ...)
-	TODO: check
+	NOT-FOR-US: Ubuntu-specific language-selector package
 CVE-2011-1841 (Cross-site scripting (XSS) vulnerability in the link_to helper in ...)
 	- libmojolicious-perl 1.12-1
 CVE-2011-1840
@@ -534,7 +535,7 @@
 CVE-2010-4802 (Commands.pm in Mojolicious before 0.999928 does not properly perform ...)
 	- libmojolicious-perl 0.999929-1
 CVE-2009-5074 (Unspecified vulnerability in the MojoX::Dispatcher::Static ...)
-	TODO: check
+	- libmojolicious-perl <not-affected> (Fixed before initial upload)
 CVE-2011-XXXX [spip DoS]
 	- spip <unfixed>
 	[squeeze] - spip 2.1.1-3squeeze1
@@ -575,11 +576,11 @@
 CVE-2010-4790 (Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and ...)
 	NOT-FOR-US: FilterFTP
 CVE-2011-1826 (Open redirect vulnerability in the Administrative Console in CA Arcot ...)
-	TODO: check
+	NOT-FOR-US: CA Arcot WebFort Versatile Authentication Server
 CVE-2011-1825 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: CA Arcot WebFort Versatile Authentication Server
 CVE-2011-1824 (The VEGAOpBitmap::AddLine function in Opera before 10.61 does not ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2011-1823
 	RESERVED
 CVE-2011-1822 (The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 ...)
@@ -675,9 +676,9 @@
 CVE-2007-6742 (The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 ...)
 	NOT-FOR-US: Tivoli
 CVE-2011-1789 (The self-extracting installer in the vSphere Client Installer package ...)
-	TODO: check
+	NOT-FOR-US: vSphere
 CVE-2011-1788 (vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before ...)
-	TODO: check
+	NOT-FOR-US: vCenter
 CVE-2011-1787
 	RESERVED
 CVE-2011-1786 (lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 ...)
@@ -771,9 +772,9 @@
 	TODO: check
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=697975
 CVE-2011-1748 (The raw_release function in net/can/raw.c in the Linux kernel before ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2011-1747 (The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not ...)
-	TODO: check
+	- linux-2.6 <unfixed> (low)
 CVE-2011-1746 (Multiple integer overflows in the (1) agp_allocate_memory and (2) ...)
 	- linux-2.6 2.6.38-5
 CVE-2011-1745 (Integer overflow in the agp_generic_insert_memory function in ...)
@@ -940,7 +941,7 @@
 CVE-2011-1677 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ ...)
 	TODO: check
 CVE-2011-1676 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp ...)
-	TODO: check
+	NOTE: This was found to be a non-issue, see http://thread.gmane.org/gmane.comp.security.oss.general/4374/focus=4983
 CVE-2011-1675 (mount in util-linux 2.19 and earlier attempts to append to the ...)
 	TODO: check
 CVE-2011-1674 (The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote ...)
@@ -1124,7 +1125,7 @@
 CVE-2011-1594
 	RESERVED
 CVE-2011-1593 (Multiple integer overflows in the next_pidmap function in kernel/pid.c ...)
-	TODO: check
+	- linux-2.6 2.6.38-4
 CVE-2011-1592 (The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x ...)
 	- wireshark <not-affected> (Windows-specific)
 CVE-2011-1591 (Stack-based buffer overflow in the DECT dissector in ...)
@@ -1143,7 +1144,8 @@
 CVE-2011-1587 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, ...)
 	- mediawiki <not-affected> (Incomplete fix never used in Debian)
 CVE-2011-1586 (Directory traversal vulnerability in the ...)
-	TODO: check
+	- kdenetwork <unfixed>
+	[lenny] - kdenetwork <not-affected> (Metalink plugin not yet present)
 CVE-2011-1585
 	RESERVED
 	- linux-2.6 <unfixed>

More information about the Secure-testing-commits mailing list