[Secure-testing-commits] r17418 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Oct 13 21:14:19 UTC 2011
Author: joeyh
Date: 2011-10-13 21:14:19 +0000 (Thu, 13 Oct 2011)
New Revision: 17418
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-10-13 15:23:10 UTC (rev 17417)
+++ data/CVE/list 2011-10-13 21:14:19 UTC (rev 17418)
@@ -107,7 +107,7 @@
NOT-FOR-US: clearBudget
CVE-2010-4923 (SQL injection vulnerability in book/detail.php in Virtue Netz Virtue ...)
TODO: check
-CVE-2010-4922 (SQL injection vulnerability in contentAE.asp in Allinta CMS 22.07.2010 ...)
+CVE-2010-4922 (Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow ...)
TODO: check
CVE-2010-4921 (SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady ...)
TODO: check
@@ -2085,8 +2085,8 @@
RESERVED
CVE-2011-3253
RESERVED
-CVE-2011-3252
- RESERVED
+CVE-2011-3252 (Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, ...)
+ TODO: check
CVE-2011-3251
RESERVED
CVE-2011-3250
@@ -2101,33 +2101,33 @@
RESERVED
CVE-2011-3245
RESERVED
-CVE-2011-3244
- RESERVED
+CVE-2011-3244 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
CVE-2011-3243
RESERVED
CVE-2011-3242
RESERVED
-CVE-2011-3241
- RESERVED
+CVE-2011-3241 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
CVE-2011-3240
RESERVED
-CVE-2011-3239
- RESERVED
-CVE-2011-3238
- RESERVED
-CVE-2011-3237
- RESERVED
-CVE-2011-3236
- RESERVED
-CVE-2011-3235
- RESERVED
+CVE-2011-3239 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
+CVE-2011-3238 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
+CVE-2011-3237 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
+CVE-2011-3236 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
+CVE-2011-3235 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle boxes, ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/92132
-CVE-2011-3233
- RESERVED
+CVE-2011-3233 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
CVE-2011-3232 (YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, ...)
- xulrunner <not-affected> (Only affects Firefox >= 4)
- iceweasel 7.0-1
@@ -2159,8 +2159,8 @@
RESERVED
CVE-2011-3220
RESERVED
-CVE-2011-3219
- RESERVED
+CVE-2011-3219 (Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, ...)
+ TODO: check
CVE-2011-3218
RESERVED
CVE-2011-3217
@@ -3278,8 +3278,8 @@
RESERVED
CVE-2011-2832
RESERVED
-CVE-2011-2831
- RESERVED
+CVE-2011-2831 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
CVE-2011-2830
RESERVED
CVE-2011-2829 (Integer overflow in Google Chrome before 13.0.782.215 on 32-bit ...)
@@ -3322,8 +3322,7 @@
[squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
- libxml2 2.7.8.dfsg-5 (bug #643648)
-CVE-2011-2820
- RESERVED
+CVE-2011-2820 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
[squeeze] - chromium-browser <not-affected>
CVE-2011-2819 (Google Chrome before 13.0.782.107 allows remote attackers to bypass ...)
- chromium-browser 13.0.782.107~r94237-1
@@ -3335,24 +3334,24 @@
- chromium-browser 13.0.782.107~r94237-1
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/91386
-CVE-2011-2817
- RESERVED
-CVE-2011-2816
- RESERVED
-CVE-2011-2815
- RESERVED
-CVE-2011-2814
- RESERVED
-CVE-2011-2813
- RESERVED
+CVE-2011-2817 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
+CVE-2011-2816 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
+CVE-2011-2815 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
+CVE-2011-2814 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
+CVE-2011-2813 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
CVE-2011-2812
RESERVED
-CVE-2011-2811
- RESERVED
+CVE-2011-2811 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
CVE-2011-2810
REJECTED
-CVE-2011-2809
- RESERVED
+CVE-2011-2809 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
CVE-2011-2808
RESERVED
CVE-2011-2807
@@ -4613,16 +4612,16 @@
- webkit <not-affected> (chromium specific)
CVE-2011-2357 (Cross-application scripting vulnerability in the Browser URL loading ...)
TODO: check
-CVE-2011-2356
- RESERVED
+CVE-2011-2356 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
CVE-2011-2355
RESERVED
-CVE-2011-2354
- RESERVED
+CVE-2011-2354 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
CVE-2011-2353
RESERVED
-CVE-2011-2352
- RESERVED
+CVE-2011-2352 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
CVE-2011-2351 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 ...)
- chromium-browser 12.0.742.112~r90304-1
[squeeze] - chromium-browser <not-affected>
@@ -4659,14 +4658,14 @@
NOT-FOR-US: Android SDK
CVE-2011-2343
RESERVED
-CVE-2011-2341
- RESERVED
+CVE-2011-2341 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
CVE-2011-2340
RESERVED
-CVE-2011-2339
- RESERVED
-CVE-2011-2338
- RESERVED
+CVE-2011-2339 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
+CVE-2011-2338 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
+ TODO: check
CVE-2011-2337
RESERVED
CVE-2011-2336
@@ -5059,7 +5058,7 @@
CVE-2011-2332 (Google V8, as used in Google Chrome before 12.0.742.91, allows remote ...)
- chromium-browser 12.0.742.91~r87961-1
- libv8 <undetermined>
-CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VLC 0.8.5 through ...)
+CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VideoLAN VLC media ...)
{DSA-2257-1}
- vlc 1.1.10-1
[lenny] - vlc <not-affected> (Vulnerable code not present)
@@ -6486,7 +6485,7 @@
NOT-FOR-US: Tracks
CVE-2011-1670 (Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra ...)
NOT-FOR-US: InTerra
-CVE-2011-1669 (Directory traversal vulnerability in wp-download.php in WP Custom ...)
+CVE-2011-1669 (Directory traversal vulnerability in wp-download.php in the WP Custom ...)
NOT-FOR-US: WP Custom Pages module for WordPress
CVE-2011-1668 (Cross-site scripting (XSS) vulnerability in search.php in AR Web ...)
NOT-FOR-US: AR Web Content Manager
@@ -6496,9 +6495,9 @@
NOT-FOR-US: Metaways Tine
CVE-2011-1665 (PHPBoost 3.0 stores sensitive information under the web root with ...)
NOT-FOR-US: PHPBoost
-CVE-2011-1664 (Cross-site request forgery (CSRF) vulnerability in Translation ...)
+CVE-2011-1664 (Cross-site request forgery (CSRF) vulnerability in the Translation ...)
NOT-FOR-US: Translation Management module for Drupal
-CVE-2011-1663 (SQL injection vulnerability in Translation Management module 6.x ...)
+CVE-2011-1663 (SQL injection vulnerability in the Translation Management module 6.x ...)
NOT-FOR-US: Translation Management module for Drupal
CVE-2011-1662 (Cross-site scripting (XSS) vulnerability in Translation Management ...)
NOT-FOR-US: Translation Management module for Drupal
@@ -9199,7 +9198,7 @@
NOT-FOR-US: PivotX
CVE-2011-0772 (Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, ...)
NOT-FOR-US: PivotX
-CVE-2011-0771 (Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not ...)
+CVE-2011-0771 (The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not ...)
NOT-FOR-US: Janrain Engage Drupal module
CVE-2011-0770 (Cross-site scripting (XSS) vulnerability in Windows Event Log ...)
NOT-FOR-US: Windows Event Log SmartConnector
@@ -10146,7 +10145,7 @@
CVE-2011-0439 (Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 ...)
{DSA-2206-1}
- mahara 1.2.7-1
-CVE-2011-0438 (nslcd/pam.c in nss-pam-ldapd 0.8.0 PAM module returns a success code ...)
+CVE-2011-0438 (nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success ...)
- nss-pam-ldapd <not-affected> (Only affects 0.8.0, which was only uploaded to experimental)
CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management implementation ...)
{DSA-2179-1}
@@ -10820,8 +10819,8 @@
NOT-FOR-US: HP OpenView
CVE-2011-0260
RESERVED
-CVE-2011-0259
- RESERVED
+CVE-2011-0259 (CoreFoundation, as used in Apple iTunes before 10.5, does not properly ...)
+ TODO: check
CVE-2011-0258 (Apple QuickTime before 7.7 on Windows allows remote attackers to ...)
NOT-FOR-US: Apple QuickTime
CVE-2011-0257 (Integer signedness error in Apple QuickTime before 7.7 allows remote ...)
@@ -12246,7 +12245,7 @@
[lenny] - openssl 0.9.8g-15+lenny11
NOTE: lenny was fixed as a side effect of the fix of CVE-2010-4180
NOTE: which disabled the bug compatibility code
-CVE-2010-4334 (IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, ...)
+CVE-2010-4334 (The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not ...)
- libio-socket-ssl-perl 1.35-1 (bug #606058)
[squeeze] - libio-socket-ssl-perl 1.33-1+squeeze1
[lenny] - libio-socket-ssl-perl <not-affected> (Vulnerable code not present)
@@ -16991,7 +16990,7 @@
NOT-FOR-US: Site2Nite Boat Classifieds
CVE-2010-2687 (SQL injection vulnerability in printdetail.asp in Site2Nite Boat ...)
NOT-FOR-US: Site2Nite Boat Classifieds
-CVE-2010-2686 (Multiple SQL injection vulnerabilities in clientes.asp in TopManage ...)
+CVE-2010-2686 (Multiple SQL injection vulnerabilities in clientes.asp in the TopManage ...)
NOT-FOR-US: SAP module
CVE-2010-2685 (siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not ...)
NOT-FOR-US: Customer Paradigm PageDirector CMS
More information about the Secure-testing-commits
mailing list