[Secure-testing-commits] r17552 - data/CVE

[Joey Hess]

Author: joeyh
Date: 2011-11-04 21:14:24 +0000 (Fri, 04 Nov 2011)
New Revision: 17552

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-11-04 17:38:31 UTC (rev 17551)
+++ data/CVE/list	2011-11-04 21:14:24 UTC (rev 17552)
@@ -1,3 +1,9 @@
+CVE-2011-4277 (Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum ...)
+	TODO: check
+CVE-2011-4276
+	RESERVED
+CVE-2011-4275
+	RESERVED
 CVE-2011-4274 (Cross-site scripting (XSS) vulnerability in the A-Form PC and ...)
 	TODO: check
 CVE-2011-4273 (Multiple cross-site scripting (XSS) vulnerabilities in GoAhead ...)
@@ -576,19 +582,16 @@
 CVE-2011-4103
 	RESERVED
 	- python-django-piston <unfixed> (bug #647315)
-CVE-2011-4102
-	RESERVED
+CVE-2011-4102 (Heap-based buffer overflow in the erf_read_header function in ...)
 	- wireshark 1.6.3-1
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-19.html
 	NOTE: http://anonsvn.wireshark.org/viewvc/trunk/wiretap/erf.c?r1=39508&r2=39507&pathrev=39508&view=patch
 	NOTE: Affects 1.0 and 1.2, the versions listed in the advisory are relative to the supported upstream branches
-CVE-2011-4101
-	RESERVED
+CVE-2011-4101 (The dissect_infiniband_common function in ...)
 	- wireshark 1.6.3-1 (unimportant)
 	NOTE: no code injection, not treated as a security issue, see README.Debian.security
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-18.html
-CVE-2011-4100
-	RESERVED
+CVE-2011-4100 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in ...)
 	- wireshark 1.6.3-1
 	[squeeze] - wireshark <not-affected> (Affects only 1.6.0-1.6.2)
 	[lenny] - wireshark <not-affected> (Affects only 1.6.0-1.6.2)
@@ -656,8 +659,8 @@
 	[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd)
 CVE-2011-4079 (Off-by-one error in the UTF8StringNormalize function in OpenLDAP ...)
 	- openldap <unfixed> (low; bug #647610)
-CVE-2011-4078
-	RESERVED
+CVE-2011-4078 (include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP ...)
+	TODO: check
 CVE-2011-4077
 	RESERVED
 	- linux-2.6 3.0.0-6
@@ -1049,16 +1052,16 @@
 	RESERVED
 CVE-2011-3997
 	RESERVED
-CVE-2011-3996
-	RESERVED
+CVE-2011-3996 (The LiveData Service in CSWorks before 2.0.4115.1 allows remote ...)
+	TODO: check
 CVE-2011-3995 (Unspecified vulnerability in Twilight Frontier Touhou Hisouten 1.06 ...)
 	TODO: check
-CVE-2011-3994
-	RESERVED
-CVE-2011-3993
-	RESERVED
-CVE-2011-3992
-	RESERVED
+CVE-2011-3994 (Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before ...)
+	TODO: check
+CVE-2011-3993 (SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, ...)
+	TODO: check
+CVE-2011-3992 (Buffer overflow in the SSH server functionality on the D-Link DES-3800 ...)
+	TODO: check
 CVE-2011-3991
 	RESERVED
 CVE-2011-3990
@@ -1067,10 +1070,10 @@
 	RESERVED
 CVE-2011-3988 (SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE ...)
 	TODO: check
-CVE-2011-3987
-	RESERVED
-CVE-2011-3986
-	RESERVED
+CVE-2011-3987 (dtsoftbus01.sys in DAEMON Tools Lite before 4.41.3, Pro Standard ...)
+	TODO: check
+CVE-2011-3986 (Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows ...)
+	TODO: check
 CVE-2011-3985
 	RESERVED
 CVE-2011-3984 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...)
@@ -2598,8 +2601,7 @@
 	NOT-FOR-US: Phorum
 CVE-2011-3380
 	RESERVED
-CVE-2011-3379
-	RESERVED
+CVE-2011-3379 (The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the ...)
 	- php5 <unfixed>
 	[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
 	[lenny] - php5 <not-affected> (Introduced in 5.3.7)
@@ -4400,12 +4402,15 @@
 	NOTE: http://mahara.org/interaction/forum/topic.php?id=4138
 CVE-2011-2773
 	RESERVED
+	{DSA-2334-1}
 	- mahara 1.4.1-1
 CVE-2011-2772
 	RESERVED
+	{DSA-2334-1}
 	- mahara 1.4.1-1
 CVE-2011-2771
 	RESERVED
+	{DSA-2334-1}
 	- mahara 1.4.1-1
 CVE-2011-2770 [man2html XSS]
 	RESERVED