[Secure-testing-commits] r17178 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Sep 6 21:14:17 UTC 2011
Author: joeyh
Date: 2011-09-06 21:14:16 +0000 (Tue, 06 Sep 2011)
New Revision: 17178
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-09-06 15:10:52 UTC (rev 17177)
+++ data/CVE/list 2011-09-06 21:14:16 UTC (rev 17178)
@@ -1,3 +1,109 @@
+CVE-2011-3389
+ RESERVED
+CVE-2011-3388
+ RESERVED
+CVE-2011-3387 (The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote ...)
+ TODO: check
+CVE-2011-3386 (Unspecified vulnerability in Medtronic Paradigm wireless insulin pump ...)
+ TODO: check
+CVE-2011-3385 (Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, ...)
+ TODO: check
+CVE-2011-3384
+ RESERVED
+CVE-2011-3383
+ RESERVED
+CVE-2011-3382
+ RESERVED
+CVE-2011-3381
+ RESERVED
+CVE-2011-3380
+ RESERVED
+CVE-2011-3379
+ RESERVED
+CVE-2011-3378
+ RESERVED
+CVE-2011-3377
+ RESERVED
+CVE-2011-3376
+ RESERVED
+CVE-2011-3375
+ RESERVED
+CVE-2011-3374
+ RESERVED
+CVE-2011-3373
+ RESERVED
+CVE-2011-3372
+ RESERVED
+CVE-2011-3371
+ RESERVED
+CVE-2011-3370
+ RESERVED
+CVE-2011-3369
+ RESERVED
+CVE-2011-3368
+ RESERVED
+CVE-2011-3367
+ RESERVED
+CVE-2011-3366
+ RESERVED
+CVE-2011-3365
+ RESERVED
+CVE-2011-3364
+ RESERVED
+CVE-2011-3363
+ RESERVED
+CVE-2011-3362
+ RESERVED
+CVE-2011-3361
+ RESERVED
+CVE-2011-3360
+ RESERVED
+CVE-2011-3359
+ RESERVED
+CVE-2011-3358
+ RESERVED
+CVE-2011-3357
+ RESERVED
+CVE-2011-3356
+ RESERVED
+CVE-2011-3355
+ RESERVED
+CVE-2011-3354
+ RESERVED
+CVE-2011-3353
+ RESERVED
+CVE-2011-3352
+ RESERVED
+CVE-2011-3351
+ RESERVED
+CVE-2011-3350
+ RESERVED
+CVE-2011-3349
+ RESERVED
+CVE-2011-3348
+ RESERVED
+CVE-2011-3347
+ RESERVED
+CVE-2011-3346
+ RESERVED
+CVE-2011-3345
+ RESERVED
+CVE-2011-3344
+ RESERVED
+CVE-2011-3343
+ RESERVED
+CVE-2011-3342
+ RESERVED
+CVE-2011-3341
+ RESERVED
+CVE-2011-3340
+ RESERVED
+CVE-2010-4832
+ RESERVED
+CVE-2010-4831
+ RESERVED
+CVE-2009-5086 (Cross-site scripting (XSS) vulnerability in Appliance Configuration ...)
+ TODO: check
CVE-2011-XXXX [vsftpd namespace DoS]
- vsftpd 2.3.4-1 (bug #6293731)
CVE-2011-XXXX [multiple mantis issues]
@@ -341,8 +447,8 @@
CVE-2011-3191
RESERVED
- linux-2.6 <unfixed>
-CVE-2011-3190
- RESERVED
+CVE-2011-3190 (Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 ...)
+ TODO: check
CVE-2011-3189 (The crypt function in PHP 5.3.7, when the MD5 hash type is used, ...)
- php5 5.3.8-1
[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
@@ -489,12 +595,12 @@
NOT-FOR-US: Tivoli
CVE-2011-XXXX [Fix decode_xs n-byte heap-overflow security bug in Unicode.xs]
- perl 5.12.4-4
-CVE-2011-3134
- RESERVED
-CVE-2011-3133
- RESERVED
-CVE-2011-3132
- RESERVED
+CVE-2011-3134 (Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, ...)
+ TODO: check
+CVE-2011-3133 (Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before ...)
+ TODO: check
+CVE-2011-3132 (Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server ...)
+ TODO: check
CVE-2011-3131
RESERVED
CVE-2011-3130 (wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before ...)
@@ -849,7 +955,7 @@
[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
- iceape <not-affected> (Only affects Firefox >= 4)
- icedove <not-affected> (Only affects Thunderbird 5)
-CVE-2011-2984 (Mozilla Firefox before 3.6.20, SeaMonkey 2.x, and possibly other ...)
+CVE-2011-2984 (Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before ...)
{DSA-2297-1 DSA-2296-1 DSA-2295-1}
- icedove 3.1.12-1
- xulrunner <removed>
@@ -858,7 +964,7 @@
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-5
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-2983 (Mozilla Firefox before 3.6.20, Thunderbird 2.x, SeaMonkey 1.x and 2.x, ...)
+CVE-2011-2983 (Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, ...)
{DSA-2297-1 DSA-2296-1 DSA-2295-1}
- icedove 3.1.12-1
- xulrunner <removed>
@@ -1080,8 +1186,7 @@
[lenny] - linux-2.6 <not-affected> (perf not yet present)
CVE-2011-2904 (Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix ...)
- zabbix 1:1.8.6-1
-CVE-2011-2903
- RESERVED
+CVE-2011-2903 (Heap-based buffer overflow in tcptrack before 1.4.2 might allow ...)
- tcptrack 1.4.2-1 (unimportant; bug #551092)
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=377917
CVE-2011-2902 [xpdf: insecure tempfile usage]
@@ -1095,8 +1200,7 @@
- xen-3 <removed>
CVE-2011-2900 (Stack-based buffer overflow in the (1) put_dir function in mongoose.c ...)
NOT-FOR-US: Mongoose
-CVE-2011-2899
- RESERVED
+CVE-2011-2899 (pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in ...)
- foomatic-gui 0.7.9.5 (low)
CVE-2011-2898
RESERVED
@@ -1464,10 +1568,10 @@
NOTE: Current openarena packages use the share ioquake3 engine
[squeeze] - openarena <no-dsa> (Minor issue, will be fixed in point update)
- ioquake3 1.36+svn1946-4
-CVE-2011-2763
- RESERVED
-CVE-2011-2762
- RESERVED
+CVE-2011-2763 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and ...)
+ TODO: check
+CVE-2011-2762 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) ...)
+ TODO: check
CVE-2011-2761 (Google Chrome 14.0.794.0 does not properly handle a reload of a page ...)
- chromium-browser <undetermined>
[squeeze] - chromium-browser <not-affected>
@@ -1912,8 +2016,8 @@
RESERVED
CVE-2011-2595
RESERVED
-CVE-2011-2594
- RESERVED
+CVE-2011-2594 (Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other ...)
+ TODO: check
CVE-2011-2593
RESERVED
CVE-2011-2592
@@ -1946,8 +2050,8 @@
RESERVED
CVE-2011-2578
RESERVED
-CVE-2011-2577
- RESERVED
+CVE-2011-2577 (Unspecified vulnerability in Cisco TelePresence C Series Endpoints, ...)
+ TODO: check
CVE-2011-2576
RESERVED
CVE-2011-2575
@@ -2073,8 +2177,7 @@
CVE-2011-2525
RESERVED
- linux-2.6 2.6.35-1
-CVE-2011-2524
- RESERVED
+CVE-2011-2524 (Directory traversal vulnerability in soup-uri.c in SoupServer in ...)
- libsoup2.4 2.34.3-1 (bug #635837)
CVE-2011-2523
RESERVED
@@ -2875,8 +2978,7 @@
NOT-FOR-US: A Really Simple Chat
CVE-2011-2177
RESERVED
-CVE-2011-2176 [NetworkManager: did not honour PolicyKit auth_admin action ...]
- RESERVED
+CVE-2011-2176 (GNOME NetworkManager before 0.8.6 does not properly enforce the ...)
- network-manager 0.9.0-1 (bug #631520)
TODO: check serverity
TODO: maintainer was consulted about the other affected versions.
@@ -3566,8 +3668,8 @@
NOT-FOR-US: libgnomesu
CVE-2011-1945 (The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and ...)
- openssl <unfixed> (low)
-CVE-2011-1944
- RESERVED
+CVE-2011-1944 (Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x ...)
+ TODO: check
CVE-2011-1943 (The destroy_one_secret function in nm-setting-vpn.c in libnm-util in ...)
- network-manager-openvpn <not-affected> (Affected code was only in experimental, see bug #628730)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=708876
@@ -4608,8 +4710,8 @@
{DSA-2264-1}
- linux-2.6 2.6.39-3 (low)
[squeeze] - linux-2.6 2.6.32-35
-CVE-2011-1576
- RESERVED
+CVE-2011-1576 (Red Hat Enterprise Virtualization (RHEV) Hypervisor allows remote ...)
+ TODO: check
CVE-2011-1575 (The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 ...)
- pure-ftpd 1.0.30-1
NOTE: http://www.pureftpd.org/project/pure-ftpd/news
@@ -4766,11 +4868,9 @@
RESERVED
- perl <unfixed> (unimportant; bug #628836)
NOTE: Only affects Perl builds with enabled assertions, i.e. the debugperl binary from perl-debug
-CVE-2009-5063
- RESERVED
+CVE-2009-5063 (Memory leak in pngwutil.c in libpng before 1.2.39beta5 allows ...)
- libpng 1.2.39-1 (unimportant)
-CVE-2006-7244
- RESERVED
+CVE-2006-7244 (Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions ...)
- libpng 1.2.39-1 (unimportant)
CVE-2011-1520 (The default configuration of the server console in IBM Lotus Domino ...)
NOT-FOR-US: Lotus Domino
@@ -5217,8 +5317,7 @@
CVE-2011-1412 (sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in ...)
- openarena <not-affected> (Vulnerable code not present, the version in sid uses ioquake3)
- ioquake3 1.36+svn1946-4
-CVE-2011-1411
- RESERVED
+CVE-2011-1411 (Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, ...)
{DSA-2284-1}
- opensaml2 2.4.3-1
CVE-2011-1410
@@ -7730,16 +7829,13 @@
CVE-2011-0544
RESERVED
- phpbb3 3.0.7-PL1-5 (bug #612477)
-CVE-2011-0543
- RESERVED
+CVE-2011-0543 (Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, ...)
- fuse 2.8.5-1 (bug #624551)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
-CVE-2011-0542
- RESERVED
+CVE-2011-0542 (fusermount in fuse 2.8.5 and earlier does not perform a chdir to / ...)
- fuse 2.8.5-1 (bug #624551)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
-CVE-2011-0541
- RESERVED
+CVE-2011-0541 (fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot ...)
- fuse 2.8.5-1 (bug #624551)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
CVE-2011-0540
@@ -8281,8 +8377,8 @@
NOT-FOR-US: Alcatel-Lucent OmniVista
CVE-2011-0344 (Multiple stack-based buffer overflows in unspecified CGI programs in ...)
NOT-FOR-US: Unified Maintenance Tool
-CVE-2011-0342
- RESERVED
+CVE-2011-0342 (Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ...)
+ TODO: check
CVE-2011-0341 (Stack-based buffer overflow in the pdfmoz_onmouse function in ...)
NOT-FOR-US: MuPDF plug-in for Firefox
CVE-2011-0340 (Multiple buffer overflows in the ISSymbol ActiveX control in ...)
@@ -8343,8 +8439,8 @@
RESERVED
CVE-2011-0312
RESERVED
-CVE-2011-0311
- RESERVED
+CVE-2011-0311 (The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in ...)
+ TODO: check
CVE-2011-0310 (Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote ...)
NOT-FOR-US: IBM WebSphere MQ
CVE-2011-0309
More information about the Secure-testing-commits
mailing list