[Secure-testing-commits] r17480 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sun Oct 23 16:03:12 UTC 2011
Author: gilbert-guest
Date: 2011-10-23 16:03:12 +0000 (Sun, 23 Oct 2011)
New Revision: 17480
Modified:
data/CVE/list
Log:
kerberos issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-10-23 15:23:54 UTC (rev 17479)
+++ data/CVE/list 2011-10-23 16:03:12 UTC (rev 17480)
@@ -1,5 +1,6 @@
CVE-2011-4151 (The krb5_db2_lockout_audit function in the Key Distribution Center ...)
- TODO: check
+ - krb5 <unfixed> (low; bug #646367)
+ [lenny] - krb5 <not-affected> (introduced in 1.8)
CVE-2010-4967 (SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 ...)
TODO: check
CVE-2010-4966 (Cross-site scripting (XSS) vulnerability in default.asp in ATCOM ...)
@@ -7211,18 +7212,18 @@
CVE-2011-1530
RESERVED
CVE-2011-1529 (The lookup_lockout_policy function in the Key Distribution Center ...)
- - krb5 <unfixed>
+ - krb5 <unfixed> (low; bug #646367)
[lenny] - krb5 <not-affected> (Introduced in 1.8)
CVE-2011-1528 (The krb5_ldap_lockout_audit function in the Key Distribution Center ...)
- - krb5 <unfixed>
+ - krb5 <unfixed> (low; bug #646367)
[lenny] - krb5 <not-affected> (Introduced in 1.8)
CVE-2011-1527 (The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT ...)
- - krb5 <unfixed>
+ - krb5 <unfixed> (low; bug #646367)
[squeeze] - krb5 <not-affected> (Introduced in 1.9)
[lenny] - krb5 <not-affected> (Introduced in 1.9)
CVE-2011-1526 (ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 ...)
{DSA-2283-1}
- - krb5-appl <unfixed>
+ - krb5-appl 1:1.0.1-1.1
CVE-2011-1525 (Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer ...)
NOT-FOR-US: RealPlayer
CVE-2011-1524 (Cross-site scripting (XSS) vulnerability in the management login GUI ...)
More information about the Secure-testing-commits
mailing list