[Secure-testing-commits] r17423 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri Oct 14 15:57:21 UTC 2011
Author: jmm
Date: 2011-10-14 15:57:21 +0000 (Fri, 14 Oct 2011)
New Revision: 17423
Modified:
data/CVE/list
Log:
- new etherape issue (no-dsa)
- new cyrus issue (front desk, please create ticket)
- new webkit issues (likely also chromium)
- NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-10-14 09:02:12 UTC (rev 17422)
+++ data/CVE/list 2011-10-14 15:57:21 UTC (rev 17423)
@@ -1,12 +1,6 @@
CVE-2011-XXXX [Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-*]
TODO: check
NOTE: http://www.openwall.com/lists/oss-security/2011/10/12/5
-CVE-2011-XXXX [XSS in phorum before 5.2.18]
- TODO: check
- NOTE: http://www.openwall.com/lists/oss-security/2011/10/10/7
-CVE-2011-XXXX [fluxbb: only affected with FORUM_BEHIND_REVERSE_PROXY enabled]
- TODO: check
- NOTE: http://www.openwall.com/lists/oss-security/2011/10/10/9
CVE-2011-XXXX [media-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers]
TODO: check
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=285370
@@ -1148,27 +1142,22 @@
[lenny] - conky 1.6.0-2+lenny1
CVE-2011-3615 [unknown security issue in simple machines forum]
RESERVED
- TODO: check
- NOTE: http://www.openwall.com/lists/oss-security/2011/10/09/3
+ NOT-FOR-US: Simple Machines Forum
CVE-2011-3614 [vanilla plugin access control]
RESERVED
- NOTE: http://www.openwall.com/lists/oss-security/2011/10/09/2
+ NOT-FOR-US: Vanilla Forums
CVE-2011-3613 [vanilla forums cookie theft]
RESERVED
- TODO: check
- NOTE: http://www.openwall.com/lists/oss-security/2011/10/09/2
+ NOT-FOR-US: Vanilla Forums
CVE-2011-3612 [HTB22913: Multiple CSRF in UseBB]
RESERVED
- TODO: check
- NOTE: http://www.openwall.com/lists/oss-security/2011/10/09/1
+ NOT-FOR-US: UseBB
CVE-2011-3611 [HTB22914: Local File Inclusion in UseBB]
RESERVED
- TODO: check
- NOTE: http://www.openwall.com/lists/oss-security/2011/10/09/1
+ NOT-FOR-US: UseBB
CVE-2011-3610 [serendipity freetag plugin before 3.30 and probably others]
RESERVED
- TODO: check
- NOTE: http://www.openwall.com/lists/oss-security/2011/10/08/2
+ NOT-FOR-US: Serendipity plugin
CVE-2011-3609
RESERVED
CVE-2011-3608
@@ -1276,12 +1265,17 @@
RESERVED
CVE-2011-3581
RESERVED
+ - ldns <unfixed>
+ NOTE: http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403
+ NOTE: https://secunia.com/advisories/46153/
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=741024
+ TODO: File bug
CVE-2011-3580 (IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote ...)
- TODO: check
+ NOT-FOR-US: IceWarp Mail Server
CVE-2011-3579 (server/webmail.php in IceWarp WebMail in IceWarp Mail Server before ...)
- TODO: check
+ NOT-FOR-US: IceWarp Mail Server
CVE-2011-3578 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ TODO: check, whether this was fixed in the DSA for CVE-2011-3357
CVE-2004-2770
REJECTED
CVE-2011-3577 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 ...)
@@ -1437,11 +1431,11 @@
CVE-2011-3503 (Untrusted search path vulnerability in eSignal 10.6.2425.1208, and ...)
NOT-FOR-US: eSignal
CVE-2011-3502 (The web server in Cogent DataHub 7.1.1.63 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: Cogent DataHub
CVE-2011-3501 (Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: Cogent DataHub
CVE-2011-3500 (Directory traversal vulnerability in the web server in Cogent DataHub ...)
- TODO: check
+ NOT-FOR-US: Cogent DataHub
CVE-2011-3499 (Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote ...)
NOT-FOR-US: Progea Movicon / PowerHMI
CVE-2011-3498 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and ...)
@@ -1455,7 +1449,7 @@
CVE-2011-3494 (WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to ...)
NOT-FOR-US: eSignal
CVE-2011-3493 (Multiple stack-based buffer overflows in the DH_OneSecondTick function ...)
- TODO: check
+ NOT-FOR-US: Cogent DataHub
CVE-2011-3492 (Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and ...)
NOT-FOR-US: Azeotech DAQFactory
CVE-2011-3491 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and ...)
@@ -1469,11 +1463,13 @@
CVE-2011-3487 (Directory traversal vulnerability in CarelDataServer.exe in Carel ...)
NOT-FOR-US: Carel PlantVisor
CVE-2011-3486 (Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Beckhoff TwinCAT
CVE-2011-3485
RESERVED
CVE-2011-3481 (The index_get_ids function in index.c in imapd in Cyrus IMAP Server ...)
- TODO: check
+ - cyrus-imapd-2.2 <unfixed>
+ - cyrus-imapd-2.4 2.4.11-1
+ - kolab-cyrus-imapd <unfixed>
CVE-2011-3480
RESERVED
CVE-2011-3479
@@ -1609,9 +1605,9 @@
CVE-2009-5099 (Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI ...)
TODO: check
CVE-2009-5098 (The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not ...)
- TODO: check
+ NOT-FOR-US: Palm WebOS
CVE-2009-5097 (Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, ...)
- TODO: check
+ NOT-FOR-US: Palm WebOS
CVE-2009-5096 (Cross-site scripting (XSS) vulnerability in the Flag Content module ...)
NOT-FOR-US: Drupal module Flag Content
NOTE: might get packaged
@@ -1759,9 +1755,9 @@
[lenny] - php5 <not-affected> (Introduced in 5.3.7)
CVE-2011-3378
RESERVED
- - rpm <unfixed> (low)
- NOTE: Marking as unimportant since rpm isn't used as a package manager
- TODO: File bug
+ - rpm <unfixed> (low; bug #645325)
+ [squeeze] - rpm <no-dsa> (rpm isn't used a a package manager, very limited attack vector)
+ [lenny] - rpm <no-dsa> (rpm isn't used a a package manager, very limited attack vector)
CVE-2011-3377
RESERVED
CVE-2011-3376
@@ -1787,7 +1783,9 @@
CVE-2011-3370
RESERVED
CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe before ...)
- TODO: check
+ - etherape <unfixed> (low; bug #645324)
+ [lenny] - etherape <no-dsa> (Minor issue)
+ [squeeze] - etherape <no-dsa> (Minor issue)
CVE-2011-3368 (The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, ...)
- apache2 2.2.21-2 (medium)
NOTE: http://article.gmane.org/gmane.comp.apache.announce/61
@@ -1907,7 +1905,7 @@
CVE-2011-3333
RESERVED
CVE-2011-3332 (Stack-based buffer overflow in Iceni Argus 6.20 and earlier and Infix ...)
- TODO: check
+ NOT-FOR-US: Iceni Argus
CVE-2011-3331
RESERVED
CVE-2011-3330
@@ -2103,32 +2101,40 @@
CVE-2011-3245
RESERVED
CVE-2011-3244 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2011-3243
RESERVED
CVE-2011-3242
RESERVED
CVE-2011-3241 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2011-3240
RESERVED
CVE-2011-3239 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2011-3238 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2011-3237 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2011-3236 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2011-3235 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle boxes, ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/92132
CVE-2011-3233 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2011-3232 (YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, ...)
- xulrunner <not-affected> (Only affects Firefox >= 4)
- iceweasel 7.0-1
@@ -2161,7 +2167,7 @@
CVE-2011-3220
RESERVED
CVE-2011-3219 (Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, ...)
- TODO: check
+ NOT-FOR-US: Apple CoreMedia
CVE-2011-3218
RESERVED
CVE-2011-3217
More information about the Secure-testing-commits
mailing list