[Secure-testing-commits] r16688 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed May 18 17:41:16 UTC 2011
Author: jmm
Date: 2011-05-18 17:41:12 +0000 (Wed, 18 May 2011)
New Revision: 16688
Modified:
data/CVE/list
Log:
- two new kernel issues
- new tomcat issue doesn't affect Debian versions
- feedparser CVEfied
- remove polarssl dupe, already CVEfied
- cyrus-imapd fixed, added bugnum
- new tor issue (no-dsa)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-05-17 21:15:40 UTC (rev 16687)
+++ data/CVE/list 2011-05-18 17:41:12 UTC (rev 16688)
@@ -433,12 +433,15 @@
RESERVED
CVE-2011-1928
RESERVED
-CVE-2011-1927
+CVE-2011-1927 [kernel remote DoS]
RESERVED
+ - linux-2.6 <unfixed> (high)
+ [squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
+ [lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-1926 [cyrus STARTTLS]
RESERVED
- - cyrus-imapd-2.2 <unfixed> (bug filed)
- - cyrus-imapd-2.4 <unfixed>
+ - cyrus-imapd-2.2 2.2.13p1-11 (bug #627081)
+ - cyrus-imapd-2.4 2.4.7-1
CVE-2011-1925
RESERVED
- nbd <unfixed> (bug #627042)
@@ -447,6 +450,9 @@
[lenny] - nbd <not-affected>
CVE-2011-1924
RESERVED
+ - tor 0.2.1.30-1
+ [squeeze] - tor <no-dsa> (Only affects the central Tor directory servers)
+ [lenny] - tor <no-dsa> (Only affects the central Tor directory servers)
CVE-2011-1923 [polarssl MITM]
RESERVED
- polarssl <unfixed> (bug #616114)
@@ -609,7 +615,7 @@
CVE-2011-1857
RESERVED
CVE-2011-1856 (Cross-site scripting (XSS) vulnerability in HP Business Availability ...)
- TODO: check
+ NOT-FOR-US: HP Business Availability
CVE-2011-1855 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x ...)
NOT-FOR-US: HP Network Node Manager
CVE-2011-1854 (Use-after-free vulnerability in HP Intelligent Management Center (IMC) ...)
@@ -880,6 +886,7 @@
- opcontrol <unfixed> (medium; bug #624212)
CVE-2011-1759
RESERVED
+ - linux-2.6 <unfixed>
CVE-2011-1758 [sssd: flaw handled cached passwords]
RESERVED
- sssd <not-affected> (Only affects version 1.5+)
@@ -1292,6 +1299,7 @@
RESERVED
CVE-2011-1582
RESERVED
+ - tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1581
RESERVED
- linux-2.6 <unfixed> (low)
@@ -1362,7 +1370,9 @@
CVE-2009-5066
RESERVED
CVE-2009-5065 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...)
- TODO: check
+ - feedparser <unfixed> (low; bug #617998)
+ [squeeze] - feedparser <no-dsa> (Minor issue)
+ [lenny] - feedparser <no-dsa> (Minor issue)
CVE-2011-XXXX [drupal6-mod-tagadelic XSS]
- drupal6-mod-tagadelic 1.3-1 (low)
NOTE: DRUPAL-SA-CONTRIB-2011-013
@@ -2511,12 +2521,6 @@
[squeeze] - feedparser <no-dsa> (Minor issue)
[lenny] - feedparser <no-dsa> (Minor issue)
NOTE: https://code.google.com/p/feedparser/issues/detail?id=91
-CVE-2011-XXXX [XSS vuln]
- - feedparser <unfixed> (low; bug #617998)
- [squeeze] - feedparser <no-dsa> (Minor issue)
- [lenny] - feedparser <no-dsa> (Minor issue)
- NOTE: CVE requested
- NOTE: http://code.google.com/p/feedparser/issues/detail?id=195
CVE-2011-1155 (The writeState function in logrotate.c in logrotate 3.7.9 and earlier ...)
- logrotate <unfixed>
CVE-2011-1154 (The shred_file function in logrotate.c in logrotate 3.7.9 and earlier ...)
@@ -2718,10 +2722,6 @@
NOT-FOR-US: pmwiki
CVE-2010-4747 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Wordpress plugin
-CVE-2011-XXXX [polarssl d-h man in the middle]
- - polarssl <unfixed> (bug #616114)
- NOTE: https://lists.ubuntu.com/archives/ubuntu-motu/2011-February/007026.html
- NOTE: http://polarssl.org/trac/wiki/SecurityAdvisory201101
CVE-2011-1105 (Multiple cross-site scripting (XSS) vulnerabilities in Mutare EVM ...)
NOT-FOR-US: Mutare EVM
CVE-2011-1104 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare ...)
More information about the Secure-testing-commits
mailing list