[Secure-testing-commits] r20071 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Aug 31 21:14:17 UTC 2012
Author: joeyh
Date: 2012-08-31 21:14:17 +0000 (Fri, 31 Aug 2012)
New Revision: 20071
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-08-31 16:40:34 UTC (rev 20070)
+++ data/CVE/list 2012-08-31 21:14:17 UTC (rev 20071)
@@ -1,4 +1,133 @@
+CVE-2012-4736 (The Device Encryption Client component in Sophos SafeGuard Enterprise ...)
+ TODO: check
+CVE-2012-4735
+ RESERVED
+CVE-2012-4734
+ RESERVED
+CVE-2012-4733
+ RESERVED
+CVE-2012-4732
+ RESERVED
+CVE-2012-4731
+ RESERVED
+CVE-2012-4730
+ RESERVED
+CVE-2012-4729
+ RESERVED
+CVE-2012-4728
+ RESERVED
+CVE-2012-4727
+ RESERVED
+CVE-2012-4726
+ RESERVED
+CVE-2012-4725
+ RESERVED
+CVE-2012-4724
+ RESERVED
+CVE-2012-4723
+ RESERVED
+CVE-2012-4722
+ RESERVED
+CVE-2012-4721
+ RESERVED
+CVE-2012-4720
+ RESERVED
+CVE-2012-4719
+ RESERVED
+CVE-2012-4718
+ RESERVED
+CVE-2012-4717
+ RESERVED
+CVE-2012-4716
+ RESERVED
+CVE-2012-4715
+ RESERVED
+CVE-2012-4714
+ RESERVED
+CVE-2012-4713
+ RESERVED
+CVE-2012-4712
+ RESERVED
+CVE-2012-4711
+ RESERVED
+CVE-2012-4710
+ RESERVED
+CVE-2012-4709
+ RESERVED
+CVE-2012-4708
+ RESERVED
+CVE-2012-4707
+ RESERVED
+CVE-2012-4706
+ RESERVED
+CVE-2012-4705
+ RESERVED
+CVE-2012-4704
+ RESERVED
+CVE-2012-4703
+ RESERVED
+CVE-2012-4702
+ RESERVED
+CVE-2012-4701
+ RESERVED
+CVE-2012-4700
+ RESERVED
+CVE-2012-4699
+ RESERVED
+CVE-2012-4698
+ RESERVED
+CVE-2012-4697
+ RESERVED
+CVE-2012-4696
+ RESERVED
+CVE-2012-4695
+ RESERVED
+CVE-2012-4694
+ RESERVED
+CVE-2012-4693
+ RESERVED
+CVE-2012-4692
+ RESERVED
+CVE-2012-4691
+ RESERVED
+CVE-2012-4690
+ RESERVED
+CVE-2012-4689
+ RESERVED
+CVE-2012-4688
+ RESERVED
+CVE-2012-4687
+ RESERVED
+CVE-2012-4686 (SQL injection vulnerability in announcement.php in vBulletin 4.1.10 ...)
+ TODO: check
+CVE-2012-4685 (Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP ...)
+ TODO: check
+CVE-2012-4684
+ RESERVED
+CVE-2012-4683
+ RESERVED
+CVE-2012-4682
+ RESERVED
+CVE-2011-5136 (showImg.php in EPractize Labs Subscription Manager, possibly 1.0, ...)
+ TODO: check
+CVE-2011-5135 (Multiple SQL injection vulnerabilities in the save_connection function ...)
+ TODO: check
+CVE-2011-5134 (Unrestricted file upload vulnerability in ...)
+ TODO: check
+CVE-2011-5133 (Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and ...)
+ TODO: check
+CVE-2011-5132 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows ...)
+ TODO: check
+CVE-2011-5131 (Cross-site request forgery (CSRF) vulnerability in global.php in MyBB ...)
+ TODO: check
+CVE-2011-5130 (dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when ...)
+ TODO: check
+CVE-2011-5129 (Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote ...)
+ TODO: check
+CVE-2011-5128 (Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize ...)
+ TODO: check
CVE-2012-4737
+ RESERVED
- asterisk <unfixed> (bug #680470)
CVE-2012-XXXX [mediawiki stored XSS]
- mediawiki <unfixed> (bug #686330)
@@ -21,7 +150,7 @@
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823
CVE-2012-XXXX
- juju 0.5.1-2 (bug #685728)
-CVE-2012-4681 (Oracle Java 7 Update 6, and possibly other versions, allows remote ...)
+CVE-2012-4681 (Multiple vulnerabilities in the Java Runtime Environment (JRE) ...)
- openjdk-7 <unfixed>
- openjdk-6 <not-affected>
CVE-2012-4680 (Directory traversal vulnerability in the XML Server in IOServer before ...)
@@ -1611,8 +1740,8 @@
RESERVED
CVE-2012-4011
RESERVED
-CVE-2012-4010
- RESERVED
+CVE-2012-4010 (Opera before 11.60 allows remote attackers to spoof the address bar ...)
+ TODO: check
CVE-2012-4009
RESERVED
CVE-2012-4008
@@ -1681,116 +1810,92 @@
RESERVED
CVE-2012-3981
RESERVED
-CVE-2012-3980
- RESERVED
+CVE-2012-3980 (The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
-CVE-2012-3979
- RESERVED
+CVE-2012-3979 (Mozilla Firefox before 15.0 on Android does not properly implement ...)
- iceweasel <not-affected> (Only affects Firefox for Android)
-CVE-2012-3978
- RESERVED
+CVE-2012-3978 (The nsLocation::CheckURL function in Mozilla Firefox before 15.0, ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
CVE-2012-3977
RESERVED
-CVE-2012-3976
- RESERVED
+CVE-2012-3976 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and ...)
- iceweasel 10.0.7esr-1
- iceape 2.7.7-1
-CVE-2012-3975
- RESERVED
+CVE-2012-3975 (The DOMParser component in Mozilla Firefox before 15.0, Thunderbird ...)
- iceweasel <not-affected> (Only affects Firefox >= 10)
- icedove <not-affected> (Only affects Firefox >= 10)
- iceape <not-affected> (Only affects Firefox >= 10)
-CVE-2012-3974
- RESERVED
+CVE-2012-3974 (Untrusted search path vulnerability in the installer in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox for Windows)
-CVE-2012-3973
- RESERVED
+CVE-2012-3973 (The debugger in the developer-tools subsystem in Mozilla Firefox ...)
- iceweasel <not-affected> (Only affects Firefox >= 10)
-CVE-2012-3972
- RESERVED
+CVE-2012-3972 (The format-number functionality in the XSLT implementation in Mozilla ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
-CVE-2012-3971
- RESERVED
+CVE-2012-3971 (Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox >= 10)
- icedove <not-affected> (Only affects Firefox >= 10)
- iceape <not-affected> (Only affects Firefox >= 10)
-CVE-2012-3970
- RESERVED
+CVE-2012-3970 (Use-after-free vulnerability in the nsTArray_base::Length function in ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-3969
- RESERVED
+CVE-2012-3969 (Integer overflow in the nsSVGFEMorphologyElement::Filter function in ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
-CVE-2012-3968
- RESERVED
+CVE-2012-3968 (Use-after-free vulnerability in the WebGL implementation in Mozilla ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-3967
- RESERVED
+CVE-2012-3967 (The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
-CVE-2012-3966
- RESERVED
+CVE-2012-3966 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
-CVE-2012-3965
- RESERVED
+CVE-2012-3965 (Mozilla Firefox before 15.0 does not properly restrict navigation to ...)
- iceweasel <not-affected> (Only affects Firefox >= 10)
-CVE-2012-3964
- RESERVED
+CVE-2012-3964 (Use-after-free vulnerability in the gfxTextRun::GetUserData function ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-3963
- RESERVED
+CVE-2012-3963 (Use-after-free vulnerability in the js::gc::MapAllocToTraceKind ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-3962
- RESERVED
+CVE-2012-3962 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
-CVE-2012-3961
- RESERVED
+CVE-2012-3961 (Use-after-free vulnerability in the RangeData implementation in ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-3960
- RESERVED
+CVE-2012-3960 (Use-after-free vulnerability in the ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
-CVE-2012-3959
- RESERVED
+CVE-2012-3959 (Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
-CVE-2012-3958
- RESERVED
+CVE-2012-3958 (Use-after-free vulnerability in the ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-3957
- RESERVED
+CVE-2012-3957 (Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
-CVE-2012-3956
- RESERVED
+CVE-2012-3956 (Use-after-free vulnerability in the ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape <unfixed>
@@ -2571,12 +2676,12 @@
RESERVED
CVE-2012-3582
RESERVED
-CVE-2012-3581
- RESERVED
-CVE-2012-3580
- RESERVED
-CVE-2012-3579
- RESERVED
+CVE-2012-3581 (Symantec Messaging Gateway before 10.0 allows remote attackers to ...)
+ TODO: check
+CVE-2012-3580 (Symantec Messaging Gateway before 10.0 allows remote authenticated ...)
+ TODO: check
+CVE-2012-3579 (Symantec Messaging Gateway before 10.0 has a default password for an ...)
+ TODO: check
CVE-2012-3578 (Unrestricted file upload vulnerability in html/Upload.php in the ...)
NOT-FOR-US: Wordpress plugin
CVE-2012-3577 (Unrestricted file upload vulnerability in doupload.php in the Nmedia ...)
@@ -2644,8 +2749,7 @@
- kfreebsd-10 <unfixed>
TODO: report
NOTE: http://www.exploit-db.com/exploits/20226/
-CVE-2012-3548 [wireshark DoS via DRDA dissector]
- RESERVED
+CVE-2012-3548 (The dissect_drda function in epan/dissectors/packet-drda.c in ...)
- wireshark <unfixed> (unimportant; bug #686225)
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: Doesn't allow code injection
@@ -2668,7 +2772,7 @@
RESERVED
- horizon 2012.1.1-5 (bug #686050)
CVE-2012-3539
- RESERVED
+ REJECTED
NOTE: to be rejected
CVE-2012-3538
RESERVED
@@ -3343,8 +3447,8 @@
RESERVED
CVE-2012-3326
RESERVED
-CVE-2012-3325
- RESERVED
+CVE-2012-3325 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x ...)
+ TODO: check
CVE-2012-3324
RESERVED
CVE-2012-3323
@@ -3369,14 +3473,14 @@
RESERVED
CVE-2012-3313
RESERVED
-CVE-2012-3312
- RESERVED
+CVE-2012-3312 (The datasource definition editor in IBM InfoSphere Guardium 8.2 and ...)
+ TODO: check
CVE-2012-3311
RESERVED
CVE-2012-3310
RESERVED
-CVE-2012-3309
- RESERVED
+CVE-2012-3309 (Cross-site request forgery (CSRF) vulnerability in the ...)
+ TODO: check
CVE-2012-3308 (Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through ...)
NOT-FOR-US: IBM Sametime
CVE-2012-3307
@@ -3403,8 +3507,8 @@
RESERVED
CVE-2012-3296 (Cross-site scripting (XSS) vulnerability in the Help link in the login ...)
NOT-FOR-US: IBM Power Hardware Management Console
-CVE-2012-3295
- RESERVED
+CVE-2012-3295 (IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote ...)
+ TODO: check
CVE-2012-3294 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Web ...)
NOT-FOR-US: IBM WebSphere
CVE-2012-3293 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
@@ -3487,10 +3591,10 @@
RESERVED
CVE-2012-3255
RESERVED
-CVE-2012-3254
- RESERVED
-CVE-2012-3253
- RESERVED
+CVE-2012-3254 (Multiple unspecified vulnerabilities in HP iNode Management Center ...)
+ TODO: check
+CVE-2012-3253 (Multiple unspecified vulnerabilities in HP Intelligent Management ...)
+ TODO: check
CVE-2012-3252 (Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 ...)
NOT-FOR-US: HP Serviceguard
CVE-2012-3251 (Cross-site scripting (XSS) vulnerability in HP Service Manager Web ...)
@@ -3724,8 +3828,7 @@
RESERVED
CVE-2012-3137
RESERVED
-CVE-2012-3136
- RESERVED
+CVE-2012-3136 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- openjdk-7 <unfixed>
- openjdk-6 <not-affected>
CVE-2012-3135 (Unspecified vulnerability in the Oracle JRockit component in Oracle ...)
@@ -5815,8 +5918,8 @@
RESERVED
CVE-2012-2286
RESERVED
-CVE-2012-2285
- RESERVED
+CVE-2012-2285 (EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, ...)
+ TODO: check
CVE-2012-2284
RESERVED
CVE-2012-2283 (The Iomega Home Media Network Hard Drive with EMC Lifeline firmware ...)
@@ -6318,8 +6421,7 @@
RESERVED
{DSA-2453-2 DSA-2453-1}
- gajim 0.15-1 (low; bug #668038)
-CVE-2012-2085 [gajim code execution]
- RESERVED
+CVE-2012-2085 (The exec_command function in common/helpers.py in Gajim before 0.15 ...)
{DSA-2453-2 DSA-2453-1}
- gajim 0.15-1 (medium; bug #668038)
CVE-2012-2084
@@ -6572,36 +6674,29 @@
RESERVED
CVE-2012-1977 (WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of ...)
NOT-FOR-US: WellinTech KingSCADA
-CVE-2012-1976
- RESERVED
+CVE-2012-1976 (Use-after-free vulnerability in the ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
-CVE-2012-1975
- RESERVED
+CVE-2012-1975 (Use-after-free vulnerability in the PresShell::CompleteMove function ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
-CVE-2012-1974
- RESERVED
+CVE-2012-1974 (Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
-CVE-2012-1973
- RESERVED
+CVE-2012-1973 (Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
-CVE-2012-1972
- RESERVED
+CVE-2012-1972 (Use-after-free vulnerability in the ...)
- iceweasel 10.0.7esr-1
- icedove <unfixed>
- iceape 2.7.7-1
-CVE-2012-1971
- RESERVED
+CVE-2012-1971 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox >= 10)
-CVE-2012-1970
- RESERVED
+CVE-2012-1970 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel 10.0.7esr-1
- iceape 2.7.7-1
CVE-2012-1969 (The get_attachment_link function in Template.pm in Bugzilla 2.x and ...)
@@ -6652,8 +6747,7 @@
- iceweasel 10.0.6esr-1
- icedove 10.0.6-1
- iceape 2.7.6-1
-CVE-2012-1956
- RESERVED
+CVE-2012-1956 (Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey ...)
- iceweasel <not-affected> (Only affects Firefox >= 10)
- icedove <not-affected> (Only affects Firefox >= 10)
- iceape <not-affected> (Only affects Firefox >= 10)
@@ -7294,8 +7388,7 @@
NOT-FOR-US: Solaris
CVE-2012-1683 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...)
NOT-FOR-US: Solaris
-CVE-2012-1682
- RESERVED
+CVE-2012-1682 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- openjdk-7 <unfixed>
- openjdk-6 <not-affected>
CVE-2012-1681 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...)
@@ -7372,8 +7465,7 @@
CVE-2012-1651
RESERVED
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1650
- RESERVED
+CVE-2012-1650 (The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1649
RESERVED
@@ -7381,26 +7473,20 @@
CVE-2012-1648
RESERVED
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1647
- RESERVED
+CVE-2012-1647 (Multiple cross-site scripting (XSS) vulnerabilities in the "stand ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1646
RESERVED
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1645
- RESERVED
+CVE-2012-1645 (The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1644
- RESERVED
+CVE-2012-1644 (The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1643
- RESERVED
+CVE-2012-1643 (The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1642
- RESERVED
+CVE-2012-1642 (includes/linkchecker.pages.inc in the Link checker module 6.x-2.x ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1641
- RESERVED
+CVE-2012-1641 (The finder_import function in the Finder module 6.x-1.x before ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1640
RESERVED
@@ -7417,8 +7503,7 @@
CVE-2012-1636
RESERVED
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1635
- RESERVED
+CVE-2012-1635 (The hook_node_access function in the revisioning module 7.x-1.x before ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1634
RESERVED
@@ -10046,8 +10131,7 @@
NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-0548 (Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers ...)
NOT-FOR-US: Oracle SPARC Enterprise M Series Servers XCP 1110
-CVE-2012-0547
- RESERVED
+CVE-2012-0547 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- openjdk-7 <unfixed> (low)
- openjdk-6 <unfixed> (low)
CVE-2012-0546 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
@@ -10755,10 +10839,10 @@
NOT-FOR-US: Cogent DataHub
CVE-2012-0309 (Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and ...)
NOT-FOR-US: Cogent DataHub
-CVE-2012-0308
- RESERVED
-CVE-2012-0307
- RESERVED
+CVE-2012-0308 (Cross-site request forgery (CSRF) vulnerability in Symantec Messaging ...)
+ TODO: check
+CVE-2012-0307 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec ...)
+ TODO: check
CVE-2012-0306
RESERVED
CVE-2012-0305 (Untrusted search path vulnerability in Symantec System Recovery 2011 ...)
@@ -11224,8 +11308,7 @@
{DSA-2261-1}
- redmine 1.0.5-1 (bug #608397)
NOTE: http://www.redmine.org/news/49
-CVE-2011-4926
- RESERVED
+CVE-2011-4926 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin Adminimize
CVE-2011-4925 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource ...)
- torque <not-affected> (The version in Debian doesn't yet have MUNGE support)
@@ -11256,8 +11339,8 @@
- mpack 1.6-4 (low; bug #655971)
[squeeze] - mpack <no-dsa> (Minor issue)
NOTE: http://openwall.com/lists/oss-security/2011/12/31/1
-CVE-2011-4918
- RESERVED
+CVE-2011-4918 (Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS ...)
+ TODO: check
CVE-2011-4917
RESERVED
- linux-2.6 <unfixed> (unimportant)
@@ -12756,7 +12839,7 @@
CVE-2011-4599 (Stack-based buffer overflow in the _canonicalize function in ...)
{DSA-2397-1}
- icu 4.8.1.1-3 (bug #654883)
-CVE-2011-4598 (channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 ...)
+CVE-2011-4598 (The handle_request_info function in channels/chan_sip.c in Asterisk ...)
{DSA-2367-1}
- asterisk 1:1.8.8.0~dfsg-1 (bug #651552)
[lenny] - asterisk <not-affected> (Vulnerable code not present)
@@ -12812,8 +12895,7 @@
- ffmpeg <removed>
- ffmpeg-debian <end-of-life>
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2
-CVE-2011-4578 [acpid insecure umasks for calling external scripts]
- RESERVED
+CVE-2011-4578 (event.c in acpid (aka acpid2) before 2.0.11 does not have an ...)
{DSA-2362-1}
- acpid 1:2.0.11-1
CVE-2011-4577 (OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is ...)
@@ -18422,8 +18504,7 @@
CVE-2011-2778 (Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow ...)
{DSA-2363-1}
- tor 0.2.2.35-1
-CVE-2011-2777
- RESERVED
+CVE-2011-2777 (samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier ...)
- acpid 1:2.0.14-1
[lenny] - acpid <not-affected> (Vulnerable code not present)
[squeeze] - acpid 1:2.0.7-1squeeze3
@@ -22410,8 +22491,8 @@
- tex-common 2.09
CVE-2011-1399
RESERVED
-CVE-2011-1398
- RESERVED
+CVE-2011-1398 (The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 does ...)
+ TODO: check
CVE-2011-1397 (Cross-site request forgery (CSRF) vulnerability in the Labor Reporting ...)
NOT-FOR-US: IBM Tivoli
CVE-2011-1396 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
More information about the Secure-testing-commits
mailing list