[Secure-testing-commits] r18947 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Sun Apr 15 06:59:25 UTC 2012 

Author: geissert
Date: 2012-04-15 06:59:24 +0000 (Sun, 15 Apr 2012)
New Revision: 18947

Modified:
   data/CVE/list
Log:
nm, wpasupplicant, linux, condor, consolekit, policykit, mono, rsylog, etc


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-04-15 06:06:05 UTC (rev 18946)
+++ data/CVE/list	2012-04-15 06:59:24 UTC (rev 18947)
@@ -4851,6 +4851,7 @@
 CVE-2011-5001 (Stack-based buffer overflow in the CGenericScheduler::AddTask function ...)
 	NOT-FOR-US: Trend Micro Control Manager
 CVE-2011-5000 (The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and ...)
+	- openssh <unfixed>
 	TODO: check
 CVE-2011-4999
 	RESERVED
@@ -4965,6 +4966,8 @@
 	RESERVED
 CVE-2011-4945
 	RESERVED
+	- policykit <unfixed>
+	TODO: check
 CVE-2011-4944
 	RESERVED
 	- python2.7 2.7.3~rc2-2 (low; bug #650555)
@@ -5013,6 +5016,8 @@
 	NOTE: This has only marginal security impact
 CVE-2011-4930
 	RESERVED
+	- condor <unfixed>
+	TODO: check
 CVE-2011-4929
 	RESERVED
 	{DSA-2261-1}
@@ -5346,6 +5351,8 @@
 	[squeeze] - tremulous <no-dsa> (Contrib not supported)
 CVE-2010-5076
 	RESERVED
+	- qt4-x11 <undetermined>
+	NOTE: seems to have been fixed pre-squeeze
 CVE-2009-5108
 	RESERVED
 CVE-2009-5107
@@ -6456,6 +6463,8 @@
 	NOT-FOR-US: WordPress flash-album-gallery
 CVE-2011-4623
 	RESERVED
+	- rsyslog <unfixed>
+	TODO: check
 CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and ...)
 	{DSA-2389-1}
 	- linux-2.6 3.1.8-1
@@ -8135,6 +8144,9 @@
 	NOT-FOR-US: Flexera Macrovision InstallShield
 CVE-2006-7246
 	RESERVED
+	- wpasupplicant <unfixed>
+	- network-manager <unfixed>
+	TODO: check
 CVE-2011-4072
 	RESERVED
 CVE-2011-4071
@@ -10825,6 +10837,8 @@
 	NOT-FOR-US: Jcow
 CVE-2011-3201
 	RESERVED
+	- evolution <unfixed>
+	TODO: check
 CVE-2011-3200 (Stack-based buffer overflow in the parseLegacySyslogMsg function in ...)
 	- rsyslog 5.8.5-1 (low)
 	[squeeze] - rsyslog <no-dsa> (Minor issue)
@@ -11063,6 +11077,8 @@
 	NOT-FOR-US: TIBCO Spotfire Server
 CVE-2011-3131
 	RESERVED
+	- linux-2.6 <unfixed>
+	TODO: check
 CVE-2011-3130 (wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before ...)
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
@@ -17190,7 +17206,7 @@
 	TODO: recheck webkit 1.3 once it enters unstable
 	NOTE: http://trac.webkit.org/changeset/77705
 CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389 ...)
-	NOT-FOR-US: s389 LDAP server
+	NOT-FOR-US: 389 LDAP server
 CVE-2011-1058 (Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) ...)
 	{DSA-2321-1}
 	- moin 1.9.3-3
@@ -17429,12 +17445,16 @@
 CVE-2011-0993
 	RESERVED
 CVE-2011-0992 (Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 ...)
+	- mono <unfixed>
 	TODO: check
 CVE-2011-0991 (Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 ...)
+	- mono <unfixed>
 	TODO: check
 CVE-2011-0990 (Race condition in the FastCopy optimization in the Array.Copy method ...)
+	- mono <unfixed>
 	TODO: check
 CVE-2011-0989 (The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, ...)
+	- mono <unfixed>
 	TODO: check
 CVE-2011-0988 (pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and ...)
 	TODO: check
@@ -18273,6 +18293,7 @@
 	NOTE: Will be rejected
 CVE-2011-0704
 	RESERVED
+	NOT-FOR-US: 389 Directory Server
 CVE-2011-0703
 	RESERVED
 CVE-2011-0702 (The feh_unique_filename function in utils.c in feh before 1.11.2 might ...)
@@ -18482,6 +18503,7 @@
 CVE-2011-0634
 	REJECTED
 CVE-2011-0633 (The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in ...)
+	- libwww-perl <unfixed>
 	TODO: check
 CVE-2011-0632
 	RESERVED
@@ -18922,6 +18944,7 @@
 	NOT-FOR-US: OpenSUSE aaa_base package
 CVE-2011-0460
 	RESERVED
+	- kbd <not-affected> (SUSE-specific)
 CVE-2011-0459 (Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault ...)
 	NOT-FOR-US: Cyber-Ark
 CVE-2011-0458 (Untrusted search path vulnerability in the Locate on Disk feature in ...)
@@ -18929,6 +18952,7 @@
 CVE-2011-0457 (Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier ...)
 	NOT-FOR-US: e107
 CVE-2011-0456 (webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier ...)
+	- otrs2 <unfixed>
 	TODO: check
 CVE-2011-0455 (Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 ...)
 	NOT-FOR-US: Things BBS
@@ -19450,11 +19474,15 @@
 	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2010-4666
 	RESERVED
+	- libarchive <unfixed>
+	TODO: check
 CVE-2010-4665 (Integer overflow in the ReadDirectory function in tiffdump.c in ...)
 	- tiff <unfixed>
 	TODO: check
 CVE-2010-4664
 	RESERVED
+	- consolekit <undetermined>
+	TODO: check
 CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2010-4662
@@ -20705,6 +20733,7 @@
 	RESERVED
 	NOT-FOR-US: PyForum
 CVE-2009-5024 (ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb ...)
+	- viewvc <unfixed>
 	TODO: check
 CVE-2009-5023 [fail2ban: Insecure creating/writing to tmpfile]
 	RESERVED
@@ -20740,6 +20769,7 @@
 	[squeeze] - openjdk-6 <no-dsa> (bug #614151)
 	[lenny] - openjdk-6 <no-dsa> (bug #614151)
 CVE-2011-0024 (Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 ...)
+	- wireshark <unfixed>
 	TODO: check
 CVE-2011-0023
 	RESERVED
@@ -29790,6 +29820,8 @@
 	NOT-FOR-US: Heartlogic HL-SiteManager
 CVE-2010-1330
 	RESERVED
+	- jruby <undetermined>
+	TODO: check
 CVE-2010-1329 (Imperva SecureSphere Web Application Firewall and Database Firewall ...)
 	NOT-FOR-US: Imperva SecureSphere Web Application Firewall and Database Firewall
 CVE-2010-1328 (Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore ...)
@@ -31589,6 +31621,7 @@
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2010-0737
 	RESERVED
+	NOT-FOR-US: JBoss Operations Network
 CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform ...)
 	- viewvc 1.1.5-1 (bug #575787)
 CVE-2010-0735
@@ -32453,10 +32486,14 @@
 	TODO: recheck newer uploads
 CVE-2010-0430
 	RESERVED
+	- spice <undetermined>
+	TODO: check
 CVE-2010-0429 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) ...)
-	NOT-FOR-US: libspice
+	- spice <undetermined>
+	TODO: check
 CVE-2010-0428 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) ...)
-	NOT-FOR-US: libspice
+	- spice <undetermined>
+	TODO: check
 CVE-2010-0427 (sudo 1.6.x before 1.6.9p21, when the runas_default option is used, ...)
 	{DSA-2006-1}
 	- sudo 1.7.0-1
@@ -55652,6 +55689,7 @@
 	RESERVED
 CVE-2008-3277
 	RESERVED
+	- ibutils <not-affected> (RedHat-specific)
 CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in ...)
 	{DSA-1653-1 DSA-1636-1}
 	- linux-2.6 2.6.26-4

More information about the Secure-testing-commits mailing list