[Secure-testing-commits] r18497 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2012-02-21 06:55:01 +0000 (Tue, 21 Feb 2012)
New Revision: 18497

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
libxslt bugnum
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-02-20 22:58:03 UTC (rev 18496)
+++ data/CVE/list	2012-02-21 06:55:01 UTC (rev 18497)
@@ -288,11 +288,11 @@
 CVE-2011-5079 (Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 ...)
 	NOT-FOR-US: irfaq extension for TYPO3
 CVE-2010-5085 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Hulihan Amethyst
 CVE-2010-5084 (The cross-site request forgery (CSRF) protection mechanism in e107 ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2010-5083 (SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 ...)
-	TODO: check
+	NOT-FOR-US: PHP-Nuke
 CVE-2012-1063 (Multiple SQL injection vulnerabilities in ManageEngine Applications ...)
 	NOT-FOR-US: ManageEngine Applications Manager
 CVE-2012-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
@@ -5975,7 +5975,7 @@
 	- chromium-browser 17.0.963.56~r121963-1
 	- webkit <undetermined>
 CVE-2011-3970 (libxslt, as used in Google Chrome before 17.0.963.46, allows remote ...)
-	- libxslt <unfixed> (low; bug filed)
+	- libxslt <unfixed> (low; bug #660650)
 	[squeeze] - libxslt <no-dsa> (Minor issue)
 CVE-2011-3969 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 ...)
 	- chromium-browser 17.0.963.56~r121963-1
@@ -7424,19 +7424,19 @@
 CVE-2011-3464
 	RESERVED
 CVE-2011-3463 (WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2011-3462 (Time Machine in Apple Mac OS X before 10.7.3 does not verify the ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2011-3461
 	RESERVED
 CVE-2011-3460 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows ...)
-	TODO: check
+	NOT-FOR-US: QuickTime
 CVE-2011-3459 (Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows ...)
-	TODO: check
+	NOT-FOR-US: QuickTime
 CVE-2011-3458 (QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to ...)
-	TODO: check
+	NOT-FOR-US: QuickTime
 CVE-2011-3457 (The OpenGL implementation in Apple Mac OS X before 10.7.3 does not ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2011-3456
 	RESERVED
 CVE-2011-3455
@@ -7444,25 +7444,25 @@
 CVE-2011-3454
 	RESERVED
 CVE-2011-3453 (Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2011-3452 (Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2011-3451
 	RESERVED
 CVE-2011-3450 (CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2011-3449 (Use-after-free vulnerability in CoreText in Apple Mac OS X before ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2011-3448 (Heap-based buffer overflow in CoreMedia in Apple Mac OS X before ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2011-3447 (CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2011-3446 (Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2011-3445
 	RESERVED
 CVE-2011-3444 (Address Book in Apple Mac OS X before 10.7.3 automatically switches to ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2011-3443
 	RESERVED
 CVE-2011-3442 (The kernel in Apple iOS before 5.0.1 does not ensure the validity of ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2012-02-20 22:58:03 UTC (rev 18496)
+++ data/spu-candidates.txt	2012-02-21 06:55:01 UTC (rev 18497)
@@ -138,6 +138,7 @@
 --
 
 libxslt (CVE-2011-3970)
+#660650
 http://git.gnome.org/browse/libxslt/commit/?id=fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b
 
 --