[Secure-testing-commits] r17415 - data/CVE
Helmut Grohne
helmut-guest at alioth.debian.org
Thu Oct 13 14:55:08 UTC 2011
Author: helmut-guest
Date: 2011-10-13 14:55:07 +0000 (Thu, 13 Oct 2011)
New Revision: 17415
Modified:
data/CVE/list
Log:
CVE update, mostly NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-10-13 13:15:16 UTC (rev 17414)
+++ data/CVE/list 2011-10-13 14:55:07 UTC (rev 17415)
@@ -1284,11 +1284,11 @@
CVE-2004-2770
REJECTED
CVE-2011-3577 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Commerce
CVE-2011-3576 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Domino
CVE-2011-3575 (Stack-based buffer overflow in the NSFComputeEvaluateExt function in ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Domino
CVE-2011-3574
RESERVED
CVE-2011-3573
@@ -1434,7 +1434,7 @@
- ffmpeg <removed>
- ffmpeg-debian <end-of-life>
CVE-2011-3503 (Untrusted search path vulnerability in eSignal 10.6.2425.1208, and ...)
- TODO: check
+ NOT-FOR-US: eSignal
CVE-2011-3502 (The web server in Cogent DataHub 7.1.1.63 and earlier allows remote ...)
TODO: check
CVE-2011-3501 (Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote ...)
@@ -1442,31 +1442,31 @@
CVE-2011-3500 (Directory traversal vulnerability in the web server in Cogent DataHub ...)
TODO: check
CVE-2011-3499 (Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: Progea Movicon / PowerHMI
CVE-2011-3498 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and ...)
- TODO: check
+ NOT-FOR-US: Progea Movicon / PowerHMI
CVE-2011-3497 (service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3496 (service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3495 (Multiple directory traversal vulnerabilities in service.exe in ...)
- TODO: check
+ NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3494 (WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: eSignal
CVE-2011-3493 (Multiple stack-based buffer overflows in the DH_OneSecondTick function ...)
TODO: check
CVE-2011-3492 (Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and ...)
- TODO: check
+ NOT-FOR-US: Azeotech DAQFactory
CVE-2011-3491 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and ...)
- TODO: check
+ NOT-FOR-US: Progea Movicon / PowerHMI
CVE-2011-3490 (Multiple stack-based buffer overflows in service.exe in Measuresoft ...)
- TODO: check
+ NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3489 (RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and ...)
- TODO: check
+ NOT-FOR-US: Rockwell RSLogix
CVE-2011-3488 (Use-after-free vulnerability in Equis MetaStock 11 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: Equis MetaStock
CVE-2011-3487 (Directory traversal vulnerability in CarelDataServer.exe in Carel ...)
- TODO: check
+ NOT-FOR-US: Carel PlantVisor
CVE-2011-3486 (Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to ...)
TODO: check
CVE-2011-3485
@@ -1586,21 +1586,21 @@
CVE-2011-3425
RESERVED
CVE-2011-3424 (Session fixation vulnerability in the Managed File Transfer server in ...)
- TODO: check
+ NOT-FOR-US: TIBCO Managed File Transfer Internet Server
CVE-2011-3423 (Cross-site scripting (XSS) vulnerability in the Managed File Transfer ...)
- TODO: check
+ NOT-FOR-US: TIBCO Managed File Transfer Internet Server
CVE-2010-4839 (SQL injection vulnerability in the Event Registration plugin 5.32 and ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin Event Registration
CVE-2010-4838 (SQL injection vulnerability in the JSupport (com_jsupport) component ...)
- TODO: check
+ - joomla <itp> (bug #571794)
CVE-2010-4837 (Cross-site scripting (XSS) vulnerability in the JSupport ...)
- TODO: check
+ - joomla <itp> (bug #571794)
CVE-2010-4836 (Cross-site scripting (XSS) vulnerability in register.html in PHPShop ...)
- TODO: check
+ NOT-FOR-US: PHPShop
CVE-2010-4835 (Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 ...)
- TODO: check
+ NOT-FOR-US: OneOrZero AIMS
CVE-2010-4834 (Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS ...)
- TODO: check
+ NOT-FOR-US: OneOrZero AIMS
CVE-2009-5101 (Pentaho BI Server 1.7.0.1062 and earlier includes the session ID ...)
TODO: check
CVE-2009-5100 (Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete ...)
@@ -1612,7 +1612,8 @@
CVE-2009-5097 (Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, ...)
TODO: check
CVE-2009-5096 (Cross-site scripting (XSS) vulnerability in the Flag Content module ...)
- TODO: check
+ NOT-FOR-US: Drupal module Flag Content
+ NOTE: might get packaged
CVE-2011-XXXX [Django several vulnerabilities]
- python-django 1.3.1-1 (bug #641405)
NOTE: https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
@@ -1696,17 +1697,17 @@
CVE-2011-3393 (Multiple cross-site scripting (XSS) vulnerabilities in findagent.php ...)
NOT-FOR-US: MYRE Real Estate
CVE-2009-5095 (PHP remote file inclusion vulnerability in index_inc.php in ea gBook ...)
- TODO: check
+ NOT-FOR-US: ea gBook
CVE-2009-5094 (SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate ...)
- TODO: check
+ NOT-FOR-US: CMS Faethon
CVE-2009-5093 (Directory traversal vulnerability in gastbuch.php in Gästebuch ...)
- TODO: check
+ NOT-FOR-US: Gastebuch
CVE-2009-5092 (Cross-site scripting (XSS) vulnerability in the management interface ...)
- TODO: check
+ NOT-FOR-US: Microsoft FAST ESP
CVE-2009-5091 (SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 ...)
- TODO: check
+ NOT-FOR-US: Vlinks
CVE-2009-5090 (SQL injection vulnerability in editcomments.php in Bloggeruniverse ...)
- TODO: check
+ NOT-FOR-US: Bloggeruniverse Beta 2
CVE-2009-5089 (Directory traversal vulnerability in index.php in IdeaCart 0.02 and ...)
NOT-FOR-US: IdeaCart
CVE-2009-5088 (SQL injection vulnerability in secure/index.php in IdeaCart 0.02 ...)
@@ -1724,7 +1725,7 @@
CVE-2011-3390 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
NOT-FOR-US: IBM OpenAdmin Too
CVE-2010-4833 (Untrusted search path vulnerability in ...)
- TODO: check
+ - gtk+2.0 <not-affected> (win32 specific)
CVE-2011-3350 [masqmail improper privilege dropping]
RESERVED
- masqmail 0.2.30-1 (low; bug #638002)
@@ -2259,7 +2260,8 @@
RESERVED
{DSA-2310-1 DSA-2303-1}
CVE-2011-3187 (The to_s method in ...)
- TODO: check
+ - rails <undetermined>
+ NOTE: 3.x only?
CVE-2011-3186 (CRLF injection vulnerability in ...)
{DSA-2301-1}
- rails 2.3.14
@@ -2980,7 +2982,7 @@
CVE-2011-2933
RESERVED
CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ - rails <undetermined>
CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags helper in ...)
{DSA-2301-1}
- rails 2.3.14
@@ -2988,7 +2990,7 @@
{DSA-2301-1}
- rails 2.3.14
CVE-2011-2929 (The template selection functionality in ...)
- TODO: check
+ - rails <undetermined>
CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux ...)
{DSA-2310-1 DSA-2303-1}
- linux-2.6 3.0.0-2
@@ -3508,9 +3510,9 @@
[squeeze] - openarena 0.8.5-5+squeeze1
- ioquake3 1.36+svn1946-4
CVE-2011-2763 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and ...)
- TODO: check
+ NOT-FOR-US: LifeSize Room appliance
CVE-2011-2762 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) ...)
- TODO: check
+ NOT-FOR-US: LifeSize Room appliance
CVE-2011-2761 (Google Chrome 14.0.794.0 does not properly handle a reload of a page ...)
- chromium-browser <undetermined>
[squeeze] - chromium-browser <not-affected>
@@ -3552,7 +3554,7 @@
CVE-2011-2747 (Google Picasa before 3.6 Build 105.67 does not properly handle invalid ...)
NOT-FOR-US: Google Picasa
CVE-2011-2746 (Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in ...)
- TODO: check
+ - otrs2 <undetermined>
CVE-2011-2745 (upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier ...)
NOT-FOR-US: Chyrp
CVE-2011-2744 (Directory traversal vulnerability in Chyrp 2.1 and earlier allows ...)
@@ -3568,7 +3570,7 @@
CVE-2011-2739
RESERVED
CVE-2011-2738 (Multiple unspecified vulnerabilities in Cisco Unified Service Monitor ...)
- TODO: check
+ NOT-FOR-US: Cisco Unified Service Monitor, CiscoWorks LAN Management Solution
CVE-2011-2737 (RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to ...)
NOT-FOR-US: RSA enVision
CVE-2011-2736 (RSA enVision 4.x before 4 SP4 P3 places cleartext administrative ...)
@@ -3644,6 +3646,7 @@
- openoffice.org 1:3.3.0-1
NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice
CVE-2011-2712 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...)
+ NOT-FOR-US: Apache Wicket
TODO: check
CVE-2011-2711 (Cross-site scripting (XSS) vulnerability in the print_fileinfo ...)
NOT-FOR-US: cgit
@@ -3676,7 +3679,8 @@
NOTE: http://www.nodefense.org/eglibc.txt
NOTE: fixed well before 2.13-10, but that is the present testing version that was available to check
CVE-2011-2701 (The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when ...)
- TODO: check
+ - freeradius <not-affected>
+ NOTE: introduced in 2.1.11, even sid ships 2.1.10+dfsg-3+b2
CVE-2011-2700 (Multiple buffer overflows in the si4713_write_econtrol_string function ...)
{DSA-2303-1}
- linux-2.6 3.0.0-1
@@ -3804,7 +3808,8 @@
CVE-2011-2661 (Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in ...)
TODO: check
CVE-2011-2660 (The modify_resolvconf_suse script in the vpnc package before ...)
- TODO: check
+ - vpnc <not-affected>
+ NOTE: This only affects the SUSE packaging.
CVE-2011-2659
RESERVED
CVE-2011-2658
@@ -3816,27 +3821,27 @@
CVE-2011-2655
RESERVED
CVE-2011-2654 (The RPC implementation in the server in Novell Cloud Manager 1.1.2 ...)
- TODO: check
+ NOT-FOR-US: Novell Cloud Manager
CVE-2011-2653
RESERVED
CVE-2011-2652 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as ...)
- TODO: check
+ NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2651 (Unspecified vulnerability in the file browser in Kiwi before 3.74.2, ...)
- TODO: check
+ NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2650 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as ...)
- TODO: check
+ NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2649 (Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows ...)
- TODO: check
+ NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2648 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE ...)
- TODO: check
+ NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2647 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE ...)
- TODO: check
+ NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2646 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE ...)
- TODO: check
+ NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2645 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE ...)
- TODO: check
+ NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2644 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as ...)
- TODO: check
+ NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2643 (Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x ...)
- phpmyadmin 4:3.4.3.2-1
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -3969,7 +3974,8 @@
CVE-2011-2595 (Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build ...)
NOT-FOR-US: ACDSee FotoSlate
CVE-2011-2594 (Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other ...)
- TODO: check
+ NOT-FOR-US: KMPlayer
+ NOTE: This is http://www.kmplayer.com and not our kmplayer package.
CVE-2011-2593
RESERVED
CVE-2011-2592
@@ -4003,7 +4009,7 @@
CVE-2011-2578
RESERVED
CVE-2011-2577 (Unspecified vulnerability in Cisco TelePresence C Series Endpoints, ...)
- TODO: check
+ NOT-FOR-US: Cisco TelePresence
CVE-2011-2576
RESERVED
CVE-2011-2575
@@ -4074,6 +4080,8 @@
TODO: check
CVE-2011-2542
RESERVED
+ - libsoup2.4 <undetermined>
+ NOTE: sid is probably fixed
CVE-2011-2541
RESERVED
CVE-2011-2540
@@ -4876,9 +4884,9 @@
CVE-2011-2227 (Cross-site scripting (XSS) vulnerability in Novell Identity Manager ...)
TODO: check
CVE-2011-2226 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as ...)
- TODO: check
+ NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2225 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE ...)
- TODO: check
+ NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2224 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through ...)
NOT-FOR-US: Novell Data Synchronizer
CVE-2011-2223 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through ...)
@@ -4920,7 +4928,7 @@
[squeeze] - tomcat6 <no-dsa> (Minor issue)
- tomcat7 7.0.16-3 (low; bug #632882)
CVE-2011-2201 (The Data::FormValidator module 4.66 and earlier for Perl, when ...)
- TODO: check
+ - libdata-formvalidator-perl <undetermined>
CVE-2011-2200 (The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus ...)
- dbus 1.4.12-1 (low; bug #629938)
[squeeze] - dbus 1.2.24-4+squeeze1
@@ -6505,7 +6513,7 @@
CVE-2011-1658 (ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier ...)
TODO: check
CVE-2011-1657 (The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions ...)
- TODO: check
+ - php <undetermined>
CVE-2011-1656
RESERVED
CVE-2011-1655 (The management.asmx module in the Management Web Service in the ...)
@@ -10366,7 +10374,7 @@
CVE-2011-0344 (Multiple stack-based buffer overflows in unspecified CGI programs in ...)
NOT-FOR-US: Unified Maintenance Tool
CVE-2011-0342 (Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: InduSoft ISSymbol ActiveX
CVE-2011-0341 (Stack-based buffer overflow in the pdfmoz_onmouse function in ...)
NOT-FOR-US: MuPDF plug-in for Firefox
CVE-2011-0340 (Multiple buffer overflows in the ISSymbol ActiveX control in ...)
@@ -10428,7 +10436,7 @@
CVE-2011-0312
RESERVED
CVE-2011-0311 (The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in ...)
- TODO: check
+ NOT-FOR-US: IBM Java
CVE-2011-0310 (Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote ...)
NOT-FOR-US: IBM WebSphere MQ
CVE-2011-0309
More information about the Secure-testing-commits
mailing list