[Secure-testing-commits] r17525 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Sat Oct 29 13:30:32 UTC 2011 

Author: jmm
Date: 2011-10-29 13:30:31 +0000 (Sat, 29 Oct 2011)
New Revision: 17525

Modified:
   data/CVE/list
Log:
- new flood of moodle issues
- new unimportant ocsinventory issue
- new tor issues
- revised kfreebsd fix
- nss CVEfied



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-10-29 13:20:04 UTC (rev 17524)
+++ data/CVE/list	2011-10-29 13:30:31 UTC (rev 17525)
@@ -1,3 +1,51 @@
+CVE-2011-XXXX [MSA-11-0018]
+	- moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0019]
+	- moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0020]
+	- moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0021]
+	- moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0022]
+	- moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0023]
+	- moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0024]
+	- moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0025]
+	- moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0026]
+	- moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0027]
+	- moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0028]
+	- moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0029]
+	- moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0030]
+	- moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0031]
+	- moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0032]
+	- moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0033]
+	- moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0034]
+	- moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0035]
+	- moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0036]
+	- moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0037]
+	- moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0038]
+	- moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0039]
+	- moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0040]
+	- moodle <unfixed>
+CVE-2011-XXXX [MSA-11-0041]
+	- moodle <not-affected> (Only affects 2.x)
 CVE-2011-4208
 	RESERVED
 CVE-2011-4207
@@ -121,14 +169,6 @@
 	RESERVED
 CVE-2011-4152
 	RESERVED
-CVE-2011-XXXX [nss: Did honour /pkcs11.txt and /secmod.db files by initializatio]
-	- nss <unfixed> (low)
-	[lenny] - nss <no-dsa> (Minor issue)
-	[squeeze] - nss <no-dsa> (Minor issue)
-	- chromium-browser <unfixed> (low)
-	[lenny] - chromium-browser <no-dsa> (attacker needs to get malicious file into cwd first)
-	[squeeze] - chromium-browser <no-dsa> (attacker needs to get malicious file into cwd first)
-	NOTE: http://seclists.org/fulldisclosure/2011/Oct/734
 CVE-2011-4151 (The krb5_db2_lockout_audit function in the Key Distribution Center ...)
 	- krb5 <unfixed> (low; bug #646367)
 	[lenny] - krb5 <not-affected> (introduced in 1.8)
@@ -340,7 +380,7 @@
 	{DSA-2325-1}
 	- kfreebsd-10 10.0~svn226224-1
 	- kfreebsd-9 9.0~svn225873-1 
-	- kfreebsd-8 8.2-9 (bug #645377)
+	- kfreebsd-8 8.2-11 (bug #645377)
 	- kfreebsd-7 <removed>
 CVE-2011-4061 (Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) ...)
 	NOT-FOR-US: DB2
@@ -634,7 +674,8 @@
 CVE-2010-4870 (SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows ...)
 	TODO: check
 CVE-2011-4024 (Cross-site scripting (XSS) vulnerability in ocsinventory in OCS ...)
-	TODO: check
+	- ocsinventory-server 2.0.2-1 (unimportant)
+	NOTE: Authentication is needed, only supported in trusted environments, see debtags
 CVE-2011-4023
 	RESERVED
 CVE-2011-4022
@@ -1494,7 +1535,14 @@
 CVE-2011-3641
 	RESERVED
 CVE-2011-3640 (** DISPUTED ** Untrusted search path vulnerability in Mozilla Network ...)
-	TODO: check
+	- nss <unfixed> (low)
+	[lenny] - nss <no-dsa> (Minor issue)
+	[squeeze] - nss <no-dsa> (Minor issue)
+	TODO: File bug for NSS
+	- chromium-browser <unfixed> (low)
+	[lenny] - chromium-browser <no-dsa> (attacker needs to get malicious file into cwd first)
+	[squeeze] - chromium-browser <no-dsa> (attacker needs to get malicious file into cwd first)
+	NOTE: http://seclists.org/fulldisclosure/2011/Oct/734
 CVE-2011-3639
 	RESERVED
 CVE-2011-3638
@@ -3544,6 +3592,7 @@
 CVE-2011-2908
 	RESERVED
 CVE-2011-2907 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource ...)
+	TODO: Check status for stable
 	- torque 2.4.15+dfsg-1
 CVE-2011-2906
 	RESERVED
@@ -4013,9 +4062,11 @@
 CVE-2011-2769
 	RESERVED
 	{DSA-2331-1}
+	- tor 0.2.2.34-1
 CVE-2011-2768
 	RESERVED
 	{DSA-2331-1}
+	- tor 0.2.2.34-1
 CVE-2011-2767
 	RESERVED
 CVE-2011-2766 (The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by ...)

More information about the Secure-testing-commits mailing list