[Secure-testing-commits] r17578 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Nov 9 21:15:03 UTC 2011 

Author: joeyh
Date: 2011-11-09 21:15:01 +0000 (Wed, 09 Nov 2011)
New Revision: 17578

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-11-09 17:12:59 UTC (rev 17577)
+++ data/CVE/list	2011-11-09 21:15:01 UTC (rev 17578)
@@ -1333,8 +1333,8 @@
 	RESERVED
 CVE-2011-4001
 	RESERVED
-CVE-2011-4000
-	RESERVED
+CVE-2011-4000 (Buffer overflow in ChaSen 2.4.x allows remote attackers to execute ...)
+	TODO: check
 CVE-2011-3999
 	RESERVED
 CVE-2011-3998
@@ -2125,39 +2125,34 @@
 	RESERVED
 CVE-2011-3656
 	RESERVED
-CVE-2011-3655
-	RESERVED
+CVE-2011-3655 (Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 ...)
 	- xulrunner <not-affected> (Only affects Firefox >= 4)
 	- iceweasel 8.0-1
 	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	- iceape <not-affected> (Only affects Firefox >= 4)
-CVE-2011-3654
-	RESERVED
+CVE-2011-3654 (The browser engine in Mozilla Firefox before 8.0 and Thunderbird ...)
 	- xulrunner <not-affected> (Only affects Firefox >= 4)
 	- iceweasel 8.0-1
 	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	- iceape <not-affected> (Only affects Firefox >= 4)
-CVE-2011-3653
-	RESERVED
+CVE-2011-3653 (Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do ...)
 	- iceweasel <not-affected> (MacOS X-specific)
-CVE-2011-3652
-	RESERVED
+CVE-2011-3652 (The browser engine in Mozilla Firefox before 8.0 and Thunderbird ...)
 	- xulrunner <not-affected> (Only affects Firefox >= 4)
 	- iceweasel 8.0-1
 	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	- iceape <not-affected> (Only affects Firefox >= 4)
-CVE-2011-3651
-	RESERVED
+CVE-2011-3651 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- xulrunner <not-affected> (Only affects Firefox >= 4)
 	- iceweasel 8.0-1
 	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	- iceape <not-affected> (Only affects Firefox >= 4)
-CVE-2011-3650
-	RESERVED
+CVE-2011-3650 (Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird ...)
+	{DSA-2342-1 DSA-2341-1}
 	- icedove 3.1.15-1
 	[lenny] - icedove <end-of-life>
 	- xulrunner <removed>
@@ -2165,11 +2160,10 @@
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.14-9
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-3649
-	RESERVED
+CVE-2011-3649 (Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) ...)
 	- iceweasel <not-affected> (Windows-specific)
-CVE-2011-3648
-	RESERVED
+CVE-2011-3648 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
+	{DSA-2342-1 DSA-2341-1}
 	- icedove 3.1.15-1
 	[lenny] - icedove <end-of-life>
 	- xulrunner <removed>
@@ -2177,8 +2171,8 @@
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.14-9
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-3647
-	RESERVED
+CVE-2011-3647 (The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird ...)
+	{DSA-2342-1 DSA-2341-1}
 	- icedove 3.1.15-1
 	[lenny] - icedove <end-of-life>
 	- xulrunner <removed>
@@ -5612,14 +5606,14 @@
 	RESERVED
 CVE-2011-2450
 	RESERVED
-CVE-2011-2449
-	RESERVED
-CVE-2011-2448
-	RESERVED
-CVE-2011-2447
-	RESERVED
-CVE-2011-2446
-	RESERVED
+CVE-2011-2449 (The TextXtra module in Adobe Shockwave Player before 11.6.3.633 allows ...)
+	TODO: check
+CVE-2011-2448 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows ...)
+	TODO: check
+CVE-2011-2447 (Adobe Shockwave Player before 11.6.3.633 allows attackers to execute ...)
+	TODO: check
+CVE-2011-2446 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows ...)
+	TODO: check
 CVE-2011-2445
 	RESERVED
 CVE-2011-2444 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...)
@@ -6783,14 +6777,14 @@
 	RESERVED
 CVE-2011-2017
 	RESERVED
-CVE-2011-2016
-	RESERVED
+CVE-2011-2016 (Untrusted search path vulnerability in Windows Mail and Windows ...)
+	TODO: check
 CVE-2011-2015
 	RESERVED
-CVE-2011-2014
-	RESERVED
-CVE-2011-2013
-	RESERVED
+CVE-2011-2014 (The LDAP over SSL (aka LDAPS) implementation in Active Directory, ...)
+	TODO: check
+CVE-2011-2013 (Integer overflow in the TCP/IP implementation in Microsoft Windows ...)
+	TODO: check
 CVE-2011-2012 (Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, ...)
 	NOT-FOR-US: Microsoft Forefront
 CVE-2011-2011 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
@@ -6807,8 +6801,8 @@
 	RESERVED
 CVE-2011-2005 (afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2011-2004
-	RESERVED
+CVE-2011-2004 (Array index error in win32k.sys in the kernel-mode drivers in ...)
+	TODO: check
 CVE-2011-2003 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-2002 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...)

More information about the Secure-testing-commits mailing list