[Secure-testing-commits] r19881 - data/CVE
Helmut Grohne
helmut-guest at alioth.debian.org
Sat Aug 4 17:42:26 UTC 2012
Author: helmut-guest
Date: 2012-08-04 17:42:26 +0000 (Sat, 04 Aug 2012)
New Revision: 19881
Modified:
data/CVE/list
Log:
tikiwiki is not NFU but removed
hadoop is not NFU but itp
more webkit undetermined
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-08-04 17:22:00 UTC (rev 19880)
+++ data/CVE/list 2012-08-04 17:42:26 UTC (rev 19881)
@@ -316,7 +316,7 @@
CVE-2012-3997 (Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes ...)
NOT-FOR-US: Sticky Notes
CVE-2012-3996 (TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2012-3995
RESERVED
CVE-2012-3994
@@ -667,7 +667,7 @@
CVE-2012-3827
RESERVED
CVE-2011-5096 (Stack-based buffer overflow in cstore.exe in the Media Application ...)
- NOT-FOR-US: Not in Debian
+ NOT-FOR-US: Avaya Aura Application Server
CVE-2012-3826 (Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x ...)
- wireshark 1.6.8-1 (unimportant)
[squeeze] - wireshark <not-affected> (vulnerable code appeared in 1.4/1.6)
@@ -714,7 +714,7 @@
CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk Open ...)
- asterisk <unfixed> (bug #680470)
CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the ...)
- NOT-FOR-US: Not in Debian
+ NOT-FOR-US: Avaya IP Office Customer Call Reporter
CVE-2012-3810
RESERVED
CVE-2012-3809
@@ -1727,7 +1727,7 @@
NOTE: http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
NOTE: http://securitytracker.com/id/1027224
CVE-2012-3376 (DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens ...)
- NOT-FOR-US: Apache Hadoop
+ - hadoop <itp> (bug #535861)
NOTE: http://seclists.org/bugtraq/2012/Jul/48
CVE-2012-3375
RESERVED
@@ -2518,7 +2518,7 @@
CVE-2012-3008 (Stack-based buffer overflow in OSIsoft PI OPC DA Interface before ...)
NOT-FOR-US: OSIsoft PI OPC DA Interface
CVE-2012-3007 (Stack-based buffer overflow in slssvc.exe before 58.x in Invensys ...)
- NOT-FOR-US: Not in Debian
+ NOT-FOR-US: Invensys Wonderware SuiteLink
CVE-2012-3006 (The Innominate mGuard Smart HW before HW-101130 and BD before ...)
NOT-FOR-US: Innominate mGuard Smart
CVE-2012-3005 (Untrusted search path vulnerability in Invensys Wonderware InTouch ...)
@@ -2647,7 +2647,7 @@
RESERVED
CVE-2012-2945
RESERVED
- NOT-FOR-US: Hadoop
+ - hadoop <itp> (bug #535861)
CVE-2010-5140
RESERVED
CVE-2010-5139
@@ -3562,9 +3562,9 @@
CVE-2012-2561 (HP Business Service Management (BSM) 9.12 does not properly restrict ...)
NOT-FOR-US: HP Business Service Management
CVE-2012-2560 (Directory traversal vulnerability in WellinTech KingView 6.53 allows ...)
- NOT-FOR-US: Not in Debian
+ NOT-FOR-US: WellinTech KingView
CVE-2012-2559 (WellinTech KingHistorian 3.0 allows remote attackers to execute ...)
- NOT-FOR-US: Not in Debian
+ NOT-FOR-US: WellinTech KingHistorian
CVE-2012-2558
RESERVED
CVE-2012-2557
@@ -6134,7 +6134,7 @@
CVE-2012-1575 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before ...)
NOT-FOR-US: cumin
CVE-2012-1574 (The Kerberos/MapReduce security functionality in Apache Hadoop ...)
- NOT-FOR-US: Hadoop
+ - hadoop <itp> (bug #535861)
CVE-2012-1573 (gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before ...)
{DSA-2441-1}
- gnutls26 2.12.18-1 (high)
@@ -6258,7 +6258,7 @@
CVE-2012-1521 (Use-after-free vulnerability in the XML parser in Google Chrome before ...)
- chromium-browser 18.0.1025.168~r134367-1
CVE-2012-1520 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- TODO: check
+ - webkit <undetermined>
CVE-2012-1519
RESERVED
CVE-2012-1518 (VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, ...)
@@ -7710,7 +7710,7 @@
CVE-2012-0912 (SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 ...)
NOT-FOR-US: Stoneware webNetwork
CVE-2012-0911 (TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote ...)
- NOT-FOR-US: Tiki Wiki
+ - tikiwiki <removed>
NOTE: http://seclists.org/bugtraq/2012/Jul/19
CVE-2012-0910
RESERVED
@@ -8329,9 +8329,9 @@
CVE-2012-0684 (Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote ...)
NOT-FOR-US: XnView
CVE-2012-0683 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- TODO: check
+ - webkit <undetermined>
CVE-2012-0682 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- TODO: check
+ - webkit <undetermined>
CVE-2012-0681
RESERVED
CVE-2012-0680 (Apple Safari before 6.0 does not properly handle the autocomplete ...)
@@ -11423,7 +11423,7 @@
NOT-FOR-US: vTiger
CVE-2011-4558
RESERVED
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
NOTE: http://osvdb.org/show/osvdb/78013
NOTE: http://dev.tiki.org/item4059
NOTE: http://info.tiki.org/article185-Tiki-Security-Patches-Available-for-8-3-and-6-6-LTS
@@ -11441,7 +11441,7 @@
NOT-FOR-US: One Click Orgs
CVE-2011-4551
RESERVED
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2011-4550
RESERVED
CVE-2011-4549
@@ -11694,12 +11694,12 @@
REJECTED
CVE-2011-4455
RESERVED
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
NOTE: http://osvdb.org/show/osvdb/77156
NOTE: http://secunia.com/advisories/46740/
CVE-2011-4454
RESERVED
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
NOTE: http://osvdb.org/show/osvdb/77155
NOTE: http://secunia.com/advisories/46740/
CVE-2011-4453 (The PageListSort function in scripts/pagelist.php in PmWiki 2.x before ...)
@@ -26353,13 +26353,13 @@
- linux-2.6 2.6.32-28
CVE-2010-4241
RESERVED
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2010-4240
RESERVED
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2010-4239
RESERVED
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2010-4238 (The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on ...)
- linux-2.6 <not-affected> (RedHat-specific issue, does not affect Xen-upstream/Debian)
CVE-2010-4236 (Untrusted search path vulnerability in estaskwrapper in IBM OmniFind ...)
@@ -35201,13 +35201,13 @@
CVE-2009-4753 (Multiple buffer overflows in the FTP server on the Addonics NAS ...)
NOT-FOR-US: Addonics NAS Adapter NASU2FW41
CVE-2010-1136 (The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2010-1135 (The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2010-1134 (SQL injection vulnerability in the _find function in searchlib.php in ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2010-1133 (Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2010-1131 (JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, ...)
- webkit <undetermined> (unimportant)
NOTE: browser crashes are not considered security-relevant
@@ -43778,7 +43778,7 @@
CVE-2008-7016 (tnftpd before 20080929 splits large command strings into multiple ...)
NOT-FOR-US: tnftpd
CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication by ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2009-3026 (protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly ...)
- pidgin 2.6.1-1 (low; bug #542891)
[lenny] - pidgin 2.4.3-4lenny4
@@ -49430,7 +49430,7 @@
CVE-2009-1205
REJECTED
CVE-2009-1204 (Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2009-1203 (WebVPN on the Cisco Adaptive Security Appliances (ASA) device with ...)
NOT-FOR-US: Cisco
CVE-2009-1202 (WebVPN on the Cisco Adaptive Security Appliances (ASA) device with ...)
More information about the Secure-testing-commits
mailing list