[Secure-testing-commits] r17539 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Nov 1 19:59:29 UTC 2011
Author: jmm
Date: 2011-11-01 19:59:29 +0000 (Tue, 01 Nov 2011)
New Revision: 17539
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- new kernel issue
- new asterisk issue (might not affect stable/oldstale, maintainer checking with upstream)
- new zope issue (doesn't affect oldstable, not in stable, fixed in sid)
- bugs filed for rekonq and ldns
- rekonq not affected
- "new" Mozilla issue, I poked Mike
- NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-11-01 06:38:19 UTC (rev 17538)
+++ data/CVE/list 2011-11-01 19:59:29 UTC (rev 17539)
@@ -1,9 +1,9 @@
CVE-2011-4213 (The sandbox environment in the Google App Engine Python SDK before ...)
- TODO: check
+ NOT-FOR-US: Google App Engine
CVE-2011-4212 (The sandbox environment in the Google App Engine Python SDK before ...)
- TODO: check
+ NOT-FOR-US: Google App Engine
CVE-2011-4211 (The FakeFile implementation in the sandbox environment in the Google ...)
- TODO: check
+ NOT-FOR-US: Google App Engine
CVE-2011-4210
RESERVED
CVE-2011-4209
@@ -136,11 +136,11 @@
CVE-2011-4174
RESERVED
CVE-2011-4173 (Cross-site request forgery (CSRF) vulnerability in Simple Machines ...)
- TODO: check
+ NOT-FOR-US: Simple Machines Forum
CVE-2011-4172 (Multiple cross-site scripting (XSS) vulnerabilities in KENT-WEB WEB ...)
- TODO: check
+ NOT-FOR-US: KENT WEB FORUM
CVE-2011-4171 (Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM ...)
- TODO: check
+ NOT-FOR-US: WebSphere
CVE-2011-4170 (Cross-site scripting (XSS) vulnerability in the ...)
- empathy <unfixed>
CVE-2011-4169
@@ -183,13 +183,13 @@
- krb5 <unfixed> (low; bug #646367)
[lenny] - krb5 <not-affected> (introduced in 1.8)
CVE-2010-4967 (SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 ...)
- TODO: check
+ NOT-FOR-US: ATCOM Netvolution
CVE-2010-4966 (Cross-site scripting (XSS) vulnerability in default.asp in ATCOM ...)
- TODO: check
+ NOT-FOR-US: ATCOM Netvolution
CVE-2009-5103 (Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP ...)
- TODO: check
+ NOT-FOR-US: ATCOM Netvolution
CVE-2009-5102 (SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ...)
- TODO: check
+ NOT-FOR-US: ATCOM Netvolution
CVE-2011-4150
RESERVED
CVE-2011-4149
@@ -327,6 +327,9 @@
RESERVED
CVE-2011-4087
RESERVED
+ - linux-2.6 3.0.0-1
+ [squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.37)
+ [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.37)
CVE-2011-4086
RESERVED
CVE-2011-4085
@@ -390,7 +393,7 @@
CVE-2011-4065
RESERVED
CVE-2011-4063 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x ...)
- TODO: check
+ - asterisk <unfixed> (bug #647252)
CVE-2011-4062 (Buffer overflow in the "linux emulation" support in FreeBSD 7.3 and ...)
{DSA-2325-1}
- kfreebsd-10 10.0~svn226224-1
@@ -605,17 +608,17 @@
CVE-2010-4905 (SQL injection vulnerability in article_details.php in Softbiz Article ...)
NOT-FOR-US: Softbiz
CVE-2010-4904 (SQL injection vulnerability in the Aardvertiser (com_aardvertiser) ...)
- TODO: check
+ NOT-FOR-US: Aardvertiser
CVE-2010-4903 (SQL injection vulnerability in index.php in CubeCart 4.3.3 allows ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2010-4902 (Multiple SQL injection vulnerabilities in the Clantools ...)
- TODO: check
+ NOT-FOR-US: Joomla extension
CVE-2010-4901 (Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in ...)
NOT-FOR-US: MySource Matrix
CVE-2010-4900 (Open redirect vulnerability in c.php in CMS WebManager-Pro 8.1 and ...)
NOT-FOR-US: CMS WebManager-Pro
CVE-2010-4899 (SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1 ...)
- TODO: check
+ NOT-FOR-US: CMS WebManager-Pro
CVE-2010-4898 (SQL injection vulnerability in the Gantry (com_gantry) component ...)
TODO: check
CVE-2010-4897 (SQL injection vulnerability in comment.php in BlueCMS 1.6 allows ...)
@@ -776,11 +779,11 @@
CVE-2011-3982 (The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 ...)
NOT-FOR-US: IBM AIX driver
CVE-2010-4869 (SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote ...)
- TODO: check
+ NOT-FOR-US: DBHcms
CVE-2010-4868 (Cross-site scripting (XSS) vulnerability in search.php3 (aka ...)
- TODO: check
+ NOT-FOR-US: W-Agora
CVE-2010-4867 (Directory traversal vulnerability in search.php3 (aka search.php) in ...)
- TODO: check
+ NOT-FOR-US: W-Agora
CVE-2010-4866 (SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows ...)
TODO: check
CVE-2010-4865 (SQL injection vulnerability in the JE Guestbook (com_jeguestbook) ...)
@@ -1757,7 +1760,8 @@
- kexec-tools <not-affected> (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439
CVE-2011-3587 (Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone ...)
- TODO: check
+ - zope2.10 <not-affected> (Introduced in 2.12)
+ - zope2.12 2.12.20-2
CVE-2011-3586
RESERVED
NOTE: Dupe of CVE-2011-3504, to be rejected
@@ -1781,11 +1785,10 @@
RESERVED
CVE-2011-3581
RESERVED
- - ldns <unfixed>
+ - ldns <unfixed> (bug #647297)
NOTE: http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403
NOTE: https://secunia.com/advisories/46153/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=741024
- TODO: File bug
CVE-2011-3580 (IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote ...)
NOT-FOR-US: IceWarp Mail Server
CVE-2011-3579 (server/webmail.php in IceWarp WebMail in IceWarp Mail Server before ...)
@@ -2335,8 +2338,7 @@
RESERVED
CVE-2011-3366
RESERVED
- - rekonq <unfixed>
- TODO: File bugs
+ - rekonq <not-affected> (Only affected the 0.8.x devel versions and was fixed before final 0.8 release, see bug #647298)
NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt
CVE-2011-3365
RESERVED
@@ -2480,15 +2482,15 @@
CVE-2011-3320
RESERVED
CVE-2011-3319 (Buffer overflow in the WRF parsing functionality in the Cisco WebEx ...)
- TODO: check
+ NOT-FOR-US: WebEx
CVE-2011-3318 (Cisco Video Surveillance 2421 and 2500 series cameras with software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2011-3317
RESERVED
CVE-2011-3316
RESERVED
CVE-2011-3315 (Directory traversal vulnerability in Cisco Unified Communications ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2011-3314
RESERVED
CVE-2011-3313
@@ -2636,15 +2638,15 @@
CVE-2011-3252 (Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, ...)
NOT-FOR-US: Apple iTunes
CVE-2011-3251 (Apple QuickTime before 7.7.1 on Windows allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2011-3250 (Integer overflow in Apple QuickTime before 7.7.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2011-3249 (Buffer overflow in Apple QuickTime before 7.7.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2011-3248 (Integer signedness error in Apple QuickTime before 7.7.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2011-3247 (Integer overflow in Apple QuickTime before 7.7.1 on Windows allows ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2011-3246 (CFNetwork in Apple iOS before 5 and Mac OS X 10.7 before 10.7.2 does ...)
NOT-FOR-US: Apple iOS
CVE-2011-3245 (The Keyboards component in Apple iOS before 5 displays the final ...)
@@ -2904,7 +2906,7 @@
CVE-2011-3164
RESERVED
CVE-2011-3163 (HP MFP Digital Sending Software 4.9x through 4.91.21 allows local ...)
- TODO: check
+ NOT-FOR-US: HP MFP Digital Sending Software
CVE-2011-3162 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
NOT-FOR-US: HP Data Protector
CVE-2011-3161 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
@@ -3248,7 +3250,7 @@
- chromium-browser 4.0.211.0
- webkit <not-affected>
CVE-2008-7293 (Mozilla Firefox before 4 cannot properly restrict modifications to ...)
- TODO: check
+ - iceweasel 4.0-1
CVE-2008-7292 (Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before ...)
- bugzilla 3.0.4-1
CVE-2011-3007 (The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint ...)
@@ -12483,7 +12485,6 @@
NOT-FOR-US: CA Internet Security Suite
CVE-2010-4501
REJECTED
- NOTE: Dupe of CVE-2010-4334
CVE-2010-4500 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY ...)
NOT-FOR-US: MRCGIGUY FreeTicket
CVE-2011-0025 (IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does ...)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2011-11-01 06:38:19 UTC (rev 17538)
+++ data/spu-candidates.txt 2011-11-01 19:59:29 UTC (rev 17539)
@@ -161,10 +161,6 @@
--
-cherokee (CVE-2011-2190)
-
---
-
masqmail (CVE-2011-XXXX)
#638002
More information about the Secure-testing-commits
mailing list