[Secure-testing-commits] r18410 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Feb 9 20:05:33 UTC 2012


Author: jmm
Date: 2012-02-09 20:05:33 +0000 (Thu, 09 Feb 2012)
New Revision: 18410

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
new issues in struts and acidbase (impact needs to be checked for both)
new issue in libcap2 (no-dsa, fixed in sid)
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-02-09 15:46:10 UTC (rev 18409)
+++ data/CVE/list	2012-02-09 20:05:33 UTC (rev 18410)
@@ -1,39 +1,39 @@
 CVE-2012-1034 (Multiple cross-site scripting (XSS) vulnerabilities in the admin ...)
-	TODO: check
+	NOT-FOR-US: EPiServer CMS
 CVE-2012-1033
 	RESERVED
 CVE-2012-1032
 	RESERVED
 CVE-2012-1031 (Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in ...)
-	TODO: check
+	NOT-FOR-US: EPiServer CMS
 CVE-2012-1030
 	RESERVED
 CVE-2012-1029 (SQL injection vulnerability in mobile/search/index.php in Tube Ace ...)
-	TODO: check
+	NOT-FOR-US: Tube Ace
 CVE-2012-1028 (Cross-site scripting (XSS) vulnerability in bin/index.php in ...)
-	TODO: check
+	NOT-FOR-US: SimpleGroupWare
 CVE-2012-1027 (Cross-site scripting (XSS) vulnerability in account-closed.tcl in ...)
-	TODO: check
+	NOT-FOR-US: project-open
 CVE-2012-1026 (Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 ...)
-	TODO: check
+	NOT-FOR-US: XRay CMS
 CVE-2012-1025 (Absolute path traversal vulnerability in file in Enigma2 Webinterface ...)
-	TODO: check
+	NOT-FOR-US: Enigma2
 CVE-2012-1024 (Directory traversal vulnerability in file in Enigma2 Webinterface ...)
-	TODO: check
+	NOT-FOR-US: Enigma2
 CVE-2012-1023 (Open redirect vulnerability in admin/index.php in 4images 1.7.10 ...)
-	TODO: check
+	NOT-FOR-US: 4images
 CVE-2012-1022 (SQL injection vulnerability in admin/categories.php in 4images 1.7.10 ...)
-	TODO: check
+	NOT-FOR-US: 4images
 CVE-2012-1021 (Cross-site scripting (XSS) vulnerability in admin/categories.php in ...)
-	TODO: check
+	NOT-FOR-US: 4images
 CVE-2012-1020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
-	TODO: check
+	NOT-FOR-US: NexorONE Online Banking
 CVE-2012-1019 (Multiple cross-site scripting (XSS) vulnerabilities in XWiki ...)
-	TODO: check
+	NOT-FOR-US: Xwiki Enterprise
 CVE-2012-1018 (Cross-site scripting (XSS) vulnerability in includes/convert.php in ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2012-1017 (Multiple SQL injection vulnerabilities in base_qry_main.php in Basic ...)
-	TODO: check
+	- acidbase <unfixed>
 CVE-2012-1016
 	RESERVED
 CVE-2012-1015
@@ -45,29 +45,29 @@
 CVE-2012-1012
 	RESERVED
 CVE-2012-1011 (actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2012-1010 (Unrestricted file upload vulnerability in actions.php in the ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2011-5077 (Unrestricted file upload vulnerability in attachement.php in HDWiki ...)
-	TODO: check
+	NOT-FOR-US: HDWiki
 CVE-2011-5076 (SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, ...)
-	TODO: check
+	NOT-FOR-US: HDWiki
 CVE-2012-1009
 	RESERVED
 CVE-2012-1008 (OfficeSIP Server 3.1 allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: OfficeSIP Server
 CVE-2012-1007 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
-	TODO: check
+	- libstruts1.2-java <unfixed>
 CVE-2012-1006 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
-	TODO: check
+	- libstruts1.2-java <not-affected> (Only affects Struts 2)
 CVE-2012-1005 (Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software ...)
-	TODO: check
+	NOT-FOR-US: Sphinx Software Mobile Web Server
 CVE-2012-1004 (Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm ...)
-	TODO: check
+	NOT-FOR-US: Foswiki
 CVE-2010-XXXX [pam_shield default configuration does not take any action]
 	- pam-shield <unfixed> (medium; bug #658830)
 CVE-2012-1003 (Multiple integer overflows in Opera 11.60 and earlier allow remote ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2002-2483
 	- linux-2.6 2.4.20
 CVE-2012-1002 (Unspecified vulnerability in OpenConf 4.x before 4.12 has unknown ...)
@@ -4989,6 +4989,8 @@
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-17.html
 CVE-2011-4099
 	RESERVED
+	- libcap2 1:2.22-1 (low)
+	[squeeze] - libcap2 <no-dsa> (Minor issue)
 CVE-2011-4098
 	RESERVED
 CVE-2011-4097

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2012-02-09 15:46:10 UTC (rev 18409)
+++ data/spu-candidates.txt	2012-02-09 20:05:33 UTC (rev 18410)
@@ -118,6 +118,11 @@
 
 --
 
+libcap2 (CVE-2011-4099)
+maintainer notified
+
+--
+
 loggerhead (CVE-2011-0728)
 
 --




More information about the Secure-testing-commits mailing list