[Secure-testing-commits] r18515 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Feb 22 17:18:53 UTC 2012 

Author: jmm
Date: 2012-02-22 17:18:52 +0000 (Wed, 22 Feb 2012)
New Revision: 18515

Modified:
   data/CVE/list
Log:
tremulous no-dsa -> contrib
qemu-kvm -> not backportable
DNS protocol flaws


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-02-22 10:34:58 UTC (rev 18514)
+++ data/CVE/list	2012-02-22 17:18:52 UTC (rev 18515)
@@ -81,13 +81,13 @@
 CVE-2012-1195 (Unrestricted file upload vulnerability in ...)
 	TODO: check
 CVE-2012-1194 (The resolver in the DNS Server service in Microsoft Windows Server ...)
-	TODO: check
+	NOTE: DNS protocol flaw
 CVE-2012-1193 (The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites ...)
-	TODO: check
+	NOTE: DNS protocol flaw
 CVE-2012-1192 (The resolver in Unbound before 1.4.11 overwrites cached server names ...)
-	TODO: check
+	NOTE: DNS protocol flaw
 CVE-2012-1191 (The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites ...)
-	TODO: check
+	NOTE: DNS protocol flaw
 CVE-2011-5081 (Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC ...)
 	TODO: check
 CVE-2012-0869 [F*X XSS issues via various HTTP parameters in fup]
@@ -7869,6 +7869,7 @@
 CVE-2011-3346
 	RESERVED
 	- qemu-kvm 0.15.1+dfsg-1 (bug #646118)
+	[squeeze] - qemu-kvm <no-dsa> (SCSI support in 0.12 generally broken, no complete fix other than updating to 0.15)
 CVE-2011-3345 (ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ...)
 	- ofa-kernel <itp> (bug #541849)
 CVE-2011-3344
@@ -87706,6 +87707,7 @@
 	NOT-FOR-US: PHP Pro Publish
 CVE-2006-2875 (Stack-based buffer overflow in the CL_ParseDownload function of Quake ...)
 	- tremulous <unfixed> (bug #660830)
+	[squeeze] - tremulous <no-dsa> (Contrib not supported)
 	- ioquake3 1.36+svn1788j-1
 CVE-2006-2874 (Unspecified vulnerability in OSADS Alliance Database before 1.4 has ...)
 	NOT-FOR-US: OSADS
@@ -89225,6 +89227,7 @@
 	- awstats 6.5-2 (bug #365909; bug #365910; medium)
 CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) ...)
 	- tremulous <unfixed> (bug #660827)
+	[squeeze] - tremulous <no-dsa> (Contrib not supported)
 	- ioquake3 1.36+svn1788j-1
 CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is ...)
 	NOT-FOR-US: Simple Poll

More information about the Secure-testing-commits mailing list