[Secure-testing-commits] r18948 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Sun Apr 15 17:15:48 UTC 2012
Author: geissert
Date: 2012-04-15 17:15:48 +0000 (Sun, 15 Apr 2012)
New Revision: 18948
Modified:
data/CVE/list
Log:
linux, libarchive, perl, libvirt, dirmngr, openssl, vino, spring, etc
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-04-15 06:59:24 UTC (rev 18947)
+++ data/CVE/list 2012-04-15 17:15:48 UTC (rev 18948)
@@ -6514,8 +6514,13 @@
- linux-2.6 3.0.0-1
CVE-2011-4610
RESERVED
+ - jbossas4 <undetermined>
+ TODO: check
CVE-2011-4609
RESERVED
+ - eglibc <unfixed>
+ - glibc <unfixed>
+ TODO: check
CVE-2011-4608 (mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2011-4607 [http://seclists.org/oss-sec/2011/q4/500]
@@ -6546,6 +6551,8 @@
[squeeze] - pidgin 2.7.3-1+squeeze2
CVE-2011-4600
RESERVED
+ - libvirt <unfixed>
+ TODO: check
CVE-2011-4599
RESERVED
{DSA-2397-1}
@@ -6613,6 +6620,7 @@
- moodle <not-affected> (Only affects 2.x)
CVE-2011-4580
RESERVED
+ NOT-FOR-US: JBoss Enterprise Portal Platform
CVE-2011-4579 [SVQ1 issue]
RESERVED
{DSA-2378-1}
@@ -6636,6 +6644,7 @@
RESERVED
CVE-2011-4573
RESERVED
+ NOT-FOR-US: JBoss Operations Network
CVE-2011-4572 (Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF ...)
NOT-FOR-US: CF Image Hosting Script
CVE-2011-4571 (SQL injection vulnerability in the Estate Agent (com_estateagent) ...)
@@ -7987,8 +7996,12 @@
NOT-FOR-US: perl Batch::BatchRun CPAN module
CVE-2011-4116
RESERVED
+ - perl <unfixed>
+ TODO: check
CVE-2011-4115
RESERVED
+ - libparallel-forkmanager-perl <unfixed>
+ TODO: check
CVE-2011-4114 (The par_mktmpdir function in the PAR::Packer module before 1.012 for ...)
- libpar-packer-perl 1.012-1 (bug #650706)
[squeeze] - libpar-packer-perl 1.006-1+squeeze1
@@ -7996,6 +8009,8 @@
- drupal6-mod-views 2.14-1
CVE-2011-4112
RESERVED
+ - linux-2.6 <unfixed>
+ TODO: check
CVE-2011-4111
RESERVED
- qemu 0.15.1+dfsg-2
@@ -8090,6 +8105,7 @@
[lenny] - bzip2 <no-dsa> (Minor issue)
CVE-2011-4088
RESERVED
+ NOT-FOR-US: abrt/libreport
CVE-2011-4087
RESERVED
- linux-2.6 3.0.0-1
@@ -8097,8 +8113,11 @@
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.37)
CVE-2011-4086
RESERVED
+ - linux-2.6 <unfixed>
+ TODO: check
CVE-2011-4085
RESERVED
+ NOT-FOR-US: JBoss Enterprise SOA Platform
CVE-2011-4084
REJECTED
NOTE: Will be rejected to avoid confusion
@@ -8107,6 +8126,8 @@
NOT-FOR-US: RedHat sos
CVE-2011-4082
RESERVED
+ - phpldapadmin <unfixed>
+ TODO: check
CVE-2011-4081 [CRYPTO_GHASH issue]
RESERVED
- linux-2.6 3.0.0-6
@@ -11653,6 +11674,7 @@
- linux-2.6 <not-affected> (RHEL-specific backport issue)
CVE-2011-2941
RESERVED
+ NOT-FOR-US: JBoss Enterprise Portal Platform
CVE-2011-2940 (stunnel 4.40 and 4.41 might allow remote attackers to execute ...)
- stunnel4 3:4.42-1 (bug #638758)
[squeeze] - stunnel4 <not-affected> (Only 4.4x affected)
@@ -11708,6 +11730,8 @@
NOTE: http://bugs.linux-foundation.org/show_bug.cgi?id=936
CVE-2011-2923
RESERVED
+ - foomatic-filters <unfixed> (unimportant)
+ NOTE: debug mode-only
CVE-2011-2922
RESERVED
- ktsuss <removed>
@@ -11761,6 +11785,7 @@
- linux-2.6 3.0.0-2
CVE-2011-2908
RESERVED
+ NOT-FOR-US: JBoss Enterprise Application Platform
CVE-2011-2907 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource ...)
- torque 2.4.15+dfsg-1
[squeeze] - torque <no-dsa> (Not fixable, would need an update to a release with MUNGE support, clusters typically run in locked down environments)
@@ -11800,6 +11825,9 @@
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.27)
CVE-2011-2897
RESERVED
+ - gdk-pixbuf <unfixed>
+ TODO: check
+ TODO: check for other copies of the same codebase
CVE-2011-2896 (The LZW decompressor in the LWZReadByte function in giftoppm.c in the ...)
{DSA-2426-1 DSA-2354-1}
- cups 1.5.0-8
@@ -11809,6 +11837,7 @@
{DSA-2293-1}
- libxfont 1:1.4.4-1
CVE-2011-2894 (Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through ...)
+ - libspring-2.5-java <unfixed>
TODO: check
CVE-2011-2893 (The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows ...)
NOT-FOR-US: IBM Lotus Symphony
@@ -12360,16 +12389,24 @@
NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
CVE-2011-2732
RESERVED
+ - libspring-2.5-java <unfixed>
+ TODO: check
CVE-2011-2731
RESERVED
+ - libspring-2.5-java <unfixed>
+ TODO: check
CVE-2011-2730
RESERVED
+ - libspring-2.5-java <unfixed>
+ TODO: check
CVE-2011-2729 (native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 ...)
- commons-daemon 1.0.7-1
[squeeze] - commons-daemon <not-affected> (Support for libcap was only added in 1.0.6)
NOTE: According to http://tomcat.apache.org/security-7.html jsvc needs to be build againt libcap to be exploitable
CVE-2011-2728
RESERVED
+ - perl <unfixed> (unimportant)
+ NOTE: requires the attacker to manipulate glob flags
CVE-2011-2727
RESERVED
NOT-FOR-US: Tribiq CMS
@@ -12437,6 +12474,10 @@
- joomla <itp> (bug #571794)
CVE-2011-2709
RESERVED
+ - libgssglue <unfixed>
+ - heimdal <unfixed>
+ - krb5 <unfixed>
+ TODO: check
CVE-2011-2708
REJECTED
NOTE: duplicate of CVE-2011-2710, will be rejected
@@ -12926,6 +12967,7 @@
- libsoup2.4 2.34.3-1 (bug #635837)
CVE-2011-2523
RESERVED
+ - vsftpd <not-affected> (backdoored version)
CVE-2011-2522 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
{DSA-2290-1}
- samba 2:3.5.10~dfsg-1 (low)
@@ -12958,10 +13000,20 @@
- xml-security-c 1.6.1-1 (low; bug #632973)
CVE-2011-2515
RESERVED
+ - packagekit <unfixed>
+ TODO: check
CVE-2011-2514
RESERVED
+ - openjdk-6 6b21~pre1-1
+ - icedtea-web <unfixed>
+ NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
+ TODO: check
CVE-2011-2513
RESERVED
+ - openjdk-6 6b21~pre1-1
+ - icedtea-web <unfixed>
+ NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
+ TODO: check
CVE-2011-2512 [qemu-kvm: OOB memory access caused by negative vq notifies]
RESERVED
{DSA-2270-1}
@@ -12996,6 +13048,8 @@
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2504
RESERVED
+ - x11-apps <unfixed> (low)
+ TODO: check
CVE-2011-2503
RESERVED
{DSA-2348-1}
@@ -13061,6 +13115,8 @@
RESERVED
CVE-2011-2486
RESERVED
+ - nspluginwrapper <unfixed>
+ TODO: check
CVE-2011-2485 [excessive memory use due improper checking of certain return values in GIF image loader]
RESERVED
- gdk-pixbuf 2.23.3-3.1 (bug #631524)
@@ -13734,6 +13790,8 @@
- kvm <removed>
CVE-2011-2207
RESERVED
+ - dirmngr <unfixed>
+ TODO: check
CVE-2011-2206 (XMLParser.pm in DJabberd before 0.85 allows remote authenticated users ...)
NOT-FOR-US: Djabberd
CVE-2011-2205 (Prosody before 0.8.1 does not properly detect recursion during entity ...)
@@ -13783,6 +13841,8 @@
NOTE: for details
CVE-2011-2187
RESERVED
+ - xscreensaver <unfixed>
+ TODO: check
CVE-2011-2186
RESERVED
CVE-2011-2181 (Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) ...)
@@ -13791,6 +13851,9 @@
NOT-FOR-US: A Really Simple Chat
CVE-2011-2177
RESERVED
+ - libreoffice <undetermined>
+ - openoffice.org <undetermined>
+ NOTE: no known details
CVE-2011-2176 (GNOME NetworkManager before 0.8.6 does not properly enforce the ...)
- network-manager 0.9.0-1 (low; bug #631520)
[squeeze] - network-manager <no-dsa> (Minor issue)
@@ -14471,6 +14534,8 @@
[squeeze] - phpmyadmin <no-dsa> (may be bundled with future issues)
CVE-2011-1939
RESERVED
+ - zendframework <unfixed>
+ TODO: check
CVE-2011-1938 (Stack-based buffer overflow in the socket_connect function in ...)
{DSA-2399-1}
- php5 5.3.6-13 (low)
@@ -14479,6 +14544,8 @@
NOT-FOR-US: Webmin
CVE-2011-1936
RESERVED
+ - linux-2.6 <unfixed>
+ TODO: check
CVE-2011-1935 [packet truncation in libpcap]
RESERVED
- libpcap 1.1.1-4 (low; bug #623868)
@@ -15002,8 +15069,12 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29
CVE-2011-1780
RESERVED
+ - linux-2.6 <unfixed>
+ TODO: check
CVE-2011-1779
RESERVED
+ - libarchive <unfixed>
+ TODO: check
CVE-2011-1778
RESERVED
{DSA-2413-1}
@@ -15056,6 +15127,8 @@
[lenny] - exim4 <not-affected> (vulnerable code not present)
CVE-2011-1763
RESERVED
+ - linux-2.6 <unfixed>
+ TODO: check
CVE-2011-1762
RESERVED
CVE-2011-1761 [modplug ABC buffer overflow]
@@ -15325,6 +15398,8 @@
[lenny] - glibc <no-dsa> (Minor issue)
NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8126d90480fa
CVE-2011-1658 (ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier ...)
+ - eglibc <unfixed>
+ - glibc <removed>
TODO: check
CVE-2011-1657 (The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions ...)
- php5 <unfixed> (unimportant)
@@ -15857,6 +15932,7 @@
NOT-FOR-US: JBoss Seam
CVE-2011-1483
RESERVED
+ NOT-FOR-US: JBoss Enterprise Web Platform
CVE-2011-1482 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: PHP-Nuke
CVE-2011-1481 (Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi ...)
@@ -15888,6 +15964,8 @@
NOTE: http://seclists.org/oss-sec/2011/q1/579
CVE-2011-1473
RESERVED
+ - openssl <unfixed>
+ TODO: check
CVE-2011-1472 (The Nokia E75 phone with firmware before 211.12.01 allows physically ...)
NOT-FOR-US: Nokia E75 phone
CVE-2009-5062 (IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX ...)
@@ -16818,8 +16896,12 @@
- xen-3 <removed>
CVE-2011-1165
RESERVED
+ - vino <unfixed>
+ TODO: check
CVE-2011-1164
RESERVED
+ - vino <unfixed>
+ TODO: check
CVE-2011-1163 (The osf_partition function in fs/partitions/osf.c in the Linux kernel ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-1
More information about the Secure-testing-commits
mailing list