[Secure-testing-commits] r18516 - data/CVE
James Strandboge
jamie-guest at alioth.debian.org
Wed Feb 22 17:40:31 UTC 2012
Author: jamie-guest
Date: 2012-02-22 17:40:30 +0000 (Wed, 22 Feb 2012)
New Revision: 18516
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-02-22 17:18:52 UTC (rev 18515)
+++ data/CVE/list 2012-02-22 17:40:30 UTC (rev 18516)
@@ -1,7 +1,7 @@
CVE-2012-1235 (Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-1234 (SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-1233
RESERVED
CVE-2012-1232
@@ -15,51 +15,51 @@
CVE-2012-1228
RESERVED
CVE-2012-1227 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: pluck
CVE-2012-1226 (Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 ...)
- TODO: check
+ NOT-FOR-US: Dolibarr CMS
CVE-2012-1225 (Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and ...)
- TODO: check
+ NOT-FOR-US: Dolibarr CMS
CVE-2012-1224 (Cross-site scripting (XSS) vulnerability in system/classes/login.php ...)
- TODO: check
+ NOT-FOR-US: ContentLion Alpha
CVE-2012-1223 (RabidHamster R2/Extreme 1.65 and earlier uses a small search space of ...)
- TODO: check
+ NOT-FOR-US: RabidHamster
CVE-2012-1222 (Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and ...)
- TODO: check
+ NOT-FOR-US: RabidHamster
CVE-2012-1221 (Directory traversal vulnerability in the telnet server in RabidHamster ...)
- TODO: check
+ NOT-FOR-US: RabidHamster
CVE-2012-1220 (Cross-site request forgery (CSRF) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: GAzie
CVE-2012-1219 (Multiple cross-site scripting (XSS) vulnerabilities in freelancerKit ...)
- TODO: check
+ NOT-FOR-US: freelancerKit
CVE-2012-1218 (Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow ...)
- TODO: check
+ NOT-FOR-US: freelancerKit
CVE-2012-1217 (Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web ...)
- TODO: check
+ NOT-FOR-US: STHS
CVE-2012-1216 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: PBBoard
CVE-2012-1215 (Cross-site scripting (XSS) vulnerability in the Add friends module in ...)
- TODO: check
+ NOT-FOR-US: Yoono extension
CVE-2012-1214 (Cross-site scripting (XSS) vulnerability in the Add friends module in ...)
- TODO: check
+ NOT-FOR-US: Yoono Desktop Application
CVE-2012-1213 (Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in ...)
- TODO: check
+ NOT-FOR-US: Zimbra Web Client
CVE-2012-1212 (Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName ...)
- TODO: check
+ NOT-FOR-US: Semantic Enterprise Wiki
CVE-2012-1211 (Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in ...)
- TODO: check
+ NOT-FOR-US: Powie pFile
CVE-2012-1210 (SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 ...)
- TODO: check
+ NOT-FOR-US: Powie pFile
CVE-2012-1209 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Fork CMS
CVE-2012-1208 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Fork CMS
CVE-2012-1207 (Directory traversal vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Fork CMS
CVE-2012-1206 (Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote ...)
- TODO: check
+ NOT-FOR-US: Hancom Office
CVE-2012-1205 (PHP remote file inclusion vulnerability in relocate-upload.php in ...)
- TODO: check
+ NOT-FOR-US: Relocate Upload plugin
CVE-2012-1204
RESERVED
CVE-2012-1203
@@ -69,17 +69,17 @@
CVE-2012-1201
RESERVED
CVE-2012-1200 (Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow ...)
- TODO: check
+ NOT-FOR-US: Nova CMS
CVE-2012-1199 (Multiple PHP remote file inclusion vulnerabilities in Basic Analysis ...)
TODO: check
CVE-2012-1198 (base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 ...)
TODO: check
CVE-2012-1197 (Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build ...)
- TODO: check
+ NOT-FOR-US: ACDSee
CVE-2012-1196 (Directory traversal vulnerability in the VulCore web service ...)
- TODO: check
+ NOT-FOR-US: Lenovo ThinkManagement Console
CVE-2012-1195 (Unrestricted file upload vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Lenovo ThinkManagement Console
CVE-2012-1194 (The resolver in the DNS Server service in Microsoft Windows Server ...)
NOTE: DNS protocol flaw
CVE-2012-1193 (The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites ...)
@@ -508,21 +508,21 @@
CVE-2012-1001
RESERVED
CVE-2012-1000 (Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 ...)
- TODO: check
+ NOT-FOR-US: LEPTON
CVE-2012-0999 (SQL injection vulnerability in modules/news/rss.php in LEPTON before ...)
- TODO: check
+ NOT-FOR-US: LEPTON
CVE-2012-0998 (Directory traversal vulnerability in account/preferences.php in LEPTON ...)
- TODO: check
+ NOT-FOR-US: LEPTON
CVE-2012-0997 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in ...)
- TODO: check
+ NOT-FOR-US: 11in1
CVE-2012-0996 (Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable ...)
- TODO: check
+ NOT-FOR-US: 11in1
CVE-2012-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 ...)
- TODO: check
+ NOT-FOR-US: ZENphoto
CVE-2012-0994 (SQL injection vulnerability in the Manage Albums feature in ...)
- TODO: check
+ NOT-FOR-US: ZENphoto
CVE-2012-0993 (Eval injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ZENphoto
CVE-2012-0992 (interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote ...)
NOT-FOR-US: OpenEMR
CVE-2012-0991 (Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow ...)
@@ -800,7 +800,7 @@
CVE-2012-0866
RESERVED
CVE-2012-0865 (Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2012-0864 [FORTIFY_SOURCE format string protection bypass]
RESERVED
- eglibc <unfixed> (low; bug #660611)
@@ -911,13 +911,13 @@
[squeeze] - libvpx <not-affected> (Introduced in 0.9.7)
NOTE: http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html
CVE-2012-0822
- RESERVED
+ NOT-FOR-US: Joomla!
CVE-2012-0821
- RESERVED
+ NOT-FOR-US: Joomla!
CVE-2012-0820
- RESERVED
+ NOT-FOR-US: Joomla!
CVE-2012-0819
- RESERVED
+ NOT-FOR-US: Joomla!
CVE-2012-0818
RESERVED
CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote ...)
@@ -2534,7 +2534,7 @@
- redmine 1.0.5-1 (bug #608397)
NOTE: http://www.redmine.org/news/49
CVE-2011-4926
- RESERVED
+ NOT-FOR-US: WordPress plugin Adminimize
CVE-2011-4925 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource ...)
- torque <not-affected> (The version in Debian doesn't yet have MUNGE support)
CVE-2011-4924
@@ -2585,19 +2585,19 @@
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4
CVE-2011-4912
- RESERVED
+ NOT-FOR-US: Joomla
CVE-2011-4911
- RESERVED
+ NOT-FOR-US: Joomla
CVE-2011-4910
- RESERVED
+ NOT-FOR-US: Joomla
CVE-2011-4909
- RESERVED
+ NOT-FOR-US: Joomla
CVE-2011-4908
- RESERVED
+ NOT-FOR-US: Joomla
CVE-2011-4907
- RESERVED
+ NOT-FOR-US: Joomla
CVE-2011-4906
- RESERVED
+ NOT-FOR-US: Joomla
CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial ...)
- activemq 5.5.0+dfsg-5 (bug #655495)
CVE-2011-4899 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...)
@@ -2683,29 +2683,29 @@
CVE-2012-0245
RESERVED
CVE-2012-0244 (Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0243 (Buffer overflow in an ActiveX control in bwocxrun.ocx in ...)
- TODO: check
+ NOT-FOR-US: ActiveX
CVE-2012-0242 (Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0241 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0240 (GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0239 (uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0238 (Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0237 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0236 (Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0235 (Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0234 (SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0233 (Cross-site scripting (XSS) vulnerability in Advantech/BroadWin ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0232
RESERVED
CVE-2012-0231
@@ -2723,7 +2723,7 @@
CVE-2012-0225
RESERVED
CVE-2012-0224 (Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 ...)
- TODO: check
+ NOT-FOR-US: 7-Technologies (7T) AQUIS
CVE-2012-0223
RESERVED
CVE-2012-0222
@@ -2745,7 +2745,7 @@
CVE-2011-4891
RESERVED
CVE-2011-4890 (The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows ...)
- TODO: check
+ NOT-FOR-US: IBM solidDB
CVE-2011-4889
RESERVED
CVE-2011-4888
@@ -2975,7 +2975,7 @@
CVE-2012-0201
RESERVED
CVE-2012-0200 (The server in IBM solidDB 6.5 before Interim Fix 6 does not properly ...)
- TODO: check
+ NOT-FOR-US: IBM solidDB
CVE-2012-0199
RESERVED
CVE-2012-0198
@@ -3711,7 +3711,7 @@
CVE-2012-0026
REJECTED
CVE-2012-0025
- RESERVED
+ NOT-FOR-US: libfpx
CVE-2012-0024 (MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values ...)
- maradns 1.4.09-1
[squeeze] - maradns <no-dsa> (Minor issue)
@@ -3918,7 +3918,7 @@
{DSA-2330-1}
- simplesamlphp 1.8.1-1
CVE-2011-4624
- RESERVED
+ NOT-FOR-US: WordPress flash-album-gallery
CVE-2011-4623
RESERVED
CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and ...)
@@ -3933,7 +3933,7 @@
{DSA-2390-1}
- openssl 1.0.0f-1
CVE-2011-4618
- RESERVED
+ NOT-FOR-US: WordPress advanced-text-widget
CVE-2011-4617 (virtualenv.py in virtualenv before 1.5 allows local users to overwrite ...)
- python-virtualenv 1.4.9-1 (low; bug #652653)
[lenny] - python-virtualenv <no-dsa> (Minor issue)
@@ -4014,7 +4014,7 @@
CVE-2011-4596 (Multiple directory traversal vulnerabilities in OpenStack Nova before ...)
- nova 2012.1~e1-4
CVE-2011-4595
- RESERVED
+ NOT-FOR-US: WordPress pretty-link plugin
CVE-2011-4594
RESERVED
- linux-2.6 3.1-1
@@ -4193,17 +4193,17 @@
CVE-2011-4527
RESERVED
CVE-2011-4526 (Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4525 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4524 (Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4523 (Cross-site scripting (XSS) vulnerability in bwview.asp in ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4522 (Cross-site scripting (XSS) vulnerability in bwerrdn.asp in ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4521 (SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 ...)
- TODO: check
+ NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4520
RESERVED
CVE-2011-4519
@@ -4700,7 +4700,7 @@
CVE-2011-4344 (Cross-site scripting (XSS) vulnerability in Jenkins Core in CloudBees ...)
- jenkins-winstone 0.9.10-jenkins-29+dfsg-1 (bug #649900)
CVE-2011-4343
- RESERVED
+ NOT-FOR-US: Mojarra/MyFaces
CVE-2011-4342
RESERVED
NOT-FOR-US: Wordpress plugin
@@ -4794,7 +4794,7 @@
CVE-2011-4311 (ResourceSpace before 4.2.2833 does not properly validate access keys, ...)
NOT-FOR-US: ResourceSpace
CVE-2011-4310
- RESERVED
+ NOT-FOR-US: cmsmadesimple
CVE-2011-4309 [MSA-11-0041]
RESERVED
- moodle <not-affected> (Only affects 2.x)
@@ -5232,7 +5232,7 @@
CVE-2011-4196
RESERVED
CVE-2011-4195
- RESERVED
+ NOT-FOR-US: kiwi
CVE-2011-4194 (Buffer overflow in Novell iPrint Server in Novell Open Enterprise ...)
NOT-FOR-US: Novell iPrint
CVE-2011-4193
@@ -5248,11 +5248,11 @@
CVE-2011-4188
RESERVED
CVE-2011-4187 (Buffer overflow in the GetDriverSettings function in nipplib.dll in ...)
- TODO: check
+ NOT-FOR-US: Novell iPrint Client
CVE-2011-4186 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client ...)
- TODO: check
+ NOT-FOR-US: Novell iPrint Client
CVE-2011-4185 (The GetPrinterURLList2 method in the ActiveX control in Novell iPrint ...)
- TODO: check
+ NOT-FOR-US: ActiveX
CVE-2011-4184
RESERVED
CVE-2011-4183
@@ -5450,7 +5450,7 @@
[lenny] - phpmyadmin <not-affected> (Vulerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=751112
CVE-2011-4106
- RESERVED
+ NOT-FOR-US: wordpress plugin timthumb
CVE-2011-4105 (LightDM before 1.0.6 allows local users to change ownership of ...)
- lightdm 1.0.6-2
CVE-2011-4104
@@ -5491,9 +5491,9 @@
- squid3 3.1.16-1
[lenny] - squid3 <not-affected> (no IPv6 support)
CVE-2011-4095
- RESERVED
+ NOT-FOR-US: Jara
CVE-2011-4094
- RESERVED
+ NOT-FOR-US: Jara
CVE-2011-4093
RESERVED
- net6 1:1.3.14-1 (low; bug #647318)
@@ -6997,7 +6997,7 @@
RESERVED
- hardlink <not-affected> (Only the C version, ours are written in Python)
CVE-2011-3629
- RESERVED
+ NOT-FOR-US: Joomla
CVE-2011-3628
RESERVED
- pam <unfixed> (low)
@@ -7026,9 +7026,9 @@
- vlc 1.1.3-1
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=285370
CVE-2011-3622
- RESERVED
+ NOT-FOR-US: phorum
CVE-2011-3621
- RESERVED
+ NOT-FOR-US: fluxbb
CVE-2011-3620
RESERVED
CVE-2011-3619
@@ -7178,7 +7178,7 @@
[squeeze] - typo3-src <not-affected> (Only affects 4.5.x)
[lenny] - typo3-src <not-affected> (Only affects 4.5.x)
CVE-2011-3582
- RESERVED
+ NOT-FOR-US: Advanced Electron Forums
CVE-2011-3581 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal ...)
{DSA-2353-1}
- ldns 1.6.11-1 (bug #647297)
@@ -7639,7 +7639,7 @@
CVE-2011-3415 (Open redirect vulnerability in the Forms Authentication feature in the ...)
NOT-FOR-US: Microsoft ASP.NET
CVE-2011-3414 (The CaseInsensitiveHashProvider.getHashCode function in the HashTable ...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET Framework
NOTE: Might affect Mono, pinged maintainers
CVE-2011-3413 (Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office ...)
NOT-FOR-US: Microsoft PowerPoint
@@ -7772,7 +7772,7 @@
- apt <unfixed> (unimportant; bug #642480)
NOTE: Not exploitable in Debian, since no keyring URI is defined
CVE-2011-3373
- RESERVED
+ NOT-FOR-US: Views Bulk Operations module for Drupal
CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before ...)
{DSA-2318-1}
- cyrus-imapd-2.2 2.4.11-1 (medium)
@@ -7783,7 +7783,7 @@
CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: PunBB
CVE-2011-3370
- RESERVED
+ NOT-FOR-US: status.net
CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe before ...)
- etherape 0.9.12-1 (low; bug #645324)
[lenny] - etherape <no-dsa> (Minor issue)
@@ -7852,7 +7852,7 @@
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in commit 3b463ae0)
[squeeze] - linux-2.6 2.6.32-36
CVE-2011-3352
- RESERVED
+ NOT-FOR-US: Zikula
CVE-2011-3351
RESERVED
- openvas-scanner <unfixed> (bug #641327; low)
@@ -8301,7 +8301,7 @@
- pidgin 2.10.0-1 (unimportant)
NOTE: Only exploitable by a malicious MSN server to crash the client
CVE-2011-3183
- RESERVED
+ NOT-FOR-US: Concrete CMS
CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of the ...)
- php5 5.3.7-1 (unimportant)
NOTE: exploitable by malicious scripts only
@@ -8310,7 +8310,7 @@
- phpmyadmin 4:3.4.4-1
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-3180
- RESERVED
+ NOT-FOR-US: Suse kiwi
CVE-2011-3179 (The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and ...)
NOT-FOR-US: Novell Messenger
CVE-2011-3178
@@ -9055,13 +9055,13 @@
CVE-2011-2937 (Cross-site scripting (XSS) vulnerability in the UI messages ...)
- roundcube 0.5.4+dfsg-1 (bug #641996)
CVE-2011-2936
- RESERVED
+ NOT-FOR-US: Elgg
CVE-2011-2935
- RESERVED
+ NOT-FOR-US: Elgg
CVE-2011-2934
- RESERVED
+ NOT-FOR-US: WebsiteBaker
CVE-2011-2933
- RESERVED
+ NOT-FOR-US: WebsiteBaker
CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in ...)
- rails 2.3.14
CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags helper in ...)
@@ -9144,7 +9144,7 @@
- torque 2.4.15+dfsg-1
[squeeze] - torque <no-dsa> (Not fixable, would need an update to a release with MUNGE support, clusters typically run in locked down environments)
CVE-2011-2906
- RESERVED
+ NOT-FOR-US: ** REJECT **
CVE-2011-2905
RESERVED
{DSA-2303-1}
@@ -9737,7 +9737,7 @@
CVE-2011-2728
RESERVED
CVE-2011-2727
- RESERVED
+ NOT-FOR-US: Tribiq CMS
CVE-2011-2726 [SA-CORE-2011-003]
RESERVED
- drupal7 7.6-1
@@ -9809,7 +9809,7 @@
RESERVED
- linux-2.6 <not-affected> (xtensa arch not used in Debian)
CVE-2011-2706
- RESERVED
+ NOT-FOR-US: sNews
CVE-2011-2705 (The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby ...)
- ruby1.8 1.8.7.352-1 (low; bug #635878)
- ruby1.9 <unfixed> (low)
@@ -10379,7 +10379,7 @@
[lenny] - nfs-utils <not-affected> (Introduced in 1.2.3)
[squeeze] - nfs-utils <not-affected> (Introduced in 1.2.3)
CVE-2011-2499
- RESERVED
+ NOT-FOR-US: Mambo CMS
CVE-2011-2498
RESERVED
- linux-2.6 2.6.39-1 (low)
@@ -11573,7 +11573,7 @@
CVE-2011-2055
RESERVED
CVE-2011-2054
- RESERVED
+ NOT-FOR-US: ** REJECT ** CVE-2011-2054 misused as CVE-2011-2524
CVE-2011-2053
RESERVED
CVE-2011-2052
@@ -11916,7 +11916,7 @@
CVE-2011-1915 (SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution ...)
NOT-FOR-US: Enspire Distribution Management Solution
CVE-2011-1914 (Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) ...)
- TODO: check
+ NOT-FOR-US: ActiveX
CVE-2011-1913 (SQL injection vulnerability in the login form in the web interface in ...)
NOT-FOR-US: Mercator SENTINEL
CVE-2011-1912
@@ -12823,7 +12823,7 @@
RESERVED
NOT-FOR-US: OpenVAS Manager
CVE-2011-1596
- RESERVED
+ NOT-FOR-US: ** REJECT ** (regular bug in gnome-screensaver-dialog)
CVE-2011-1595 (Directory traversal vulnerability in the disk_create function in ...)
- rdesktop 1.7.0-1 (low; bug #623552)
[squeeze] - rdesktop <no-dsa> (Minor issue)
@@ -13236,7 +13236,7 @@
CVE-2011-1475 (The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not ...)
- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1474
- RESERVED
+ NOT-FOR-US: PaX patched kernels
CVE-2011-1473
RESERVED
CVE-2011-1472 (The Nokia E75 phone with firmware before 211.12.01 allows physically ...)
@@ -13626,7 +13626,7 @@
CVE-2011-1363
RESERVED
CVE-2011-1362 (Cross-site scripting (XSS) vulnerability in the Installation ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1361
RESERVED
CVE-2011-1360 (Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server ...)
@@ -14215,9 +14215,9 @@
CVE-2011-1152
REJECTED
CVE-2011-1151
- RESERVED
+ NOT-FOR-US: Joomla!
CVE-2011-1150
- RESERVED
+ NOT-FOR-US: bbPress
CVE-2011-1149 (Android before 2.3 does not properly restrict access to the system ...)
NOT-FOR-US: Android
CVE-2011-1148 (Use-after-free vulnerability in the substr_replace function in PHP ...)
@@ -14433,7 +14433,7 @@
CVE-2011-1097 (rsync 3.x before 3.0.8, when certain recursion, deletion, and ...)
- rsync 3.0.8 (low; bug #621866)
CVE-2011-1096
- RESERVED
+ NOT-FOR-US: alleged flaw in W3C XML Encryption standard. Nothing specific to fix
CVE-2011-1095 (locale/programs/locale.c in locale in the GNU C Library (aka glibc or ...)
- glibc <removed>
[lenny] - glibc <no-dsa> (Minor issue)
@@ -14476,11 +14476,11 @@
NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php
NOTE: obscure exploit scenario
CVE-2011-1086
- RESERVED
+ NOT-FOR-US: openfiler
CVE-2011-1085
- RESERVED
+ NOT-FOR-US: smoothwall
CVE-2011-1084
- RESERVED
+ NOT-FOR-US: smoothwall
CVE-2011-1083 (The epoll implementation in the Linux kernel 2.6.37.2 and earlier does ...)
- linux-2.6 <unfixed> (low)
CVE-2011-1082 (fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file ...)
@@ -14525,7 +14525,7 @@
[squeeze] - v86d 0.1.9-1+squeeze1
[lenny] - v86d 0.1.5.2-1+lenny1
CVE-2011-1069
- RESERVED
+ NOT-FOR-US: PHPShop
CVE-2011-1068 (Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before ...)
NOT-FOR-US: Microsoft Windows Azure SDK
CVE-2011-1067 (slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not ...)
@@ -17066,7 +17066,7 @@
- chromium-browser <undetermined>
- webkit <undetermined>
CVE-2011-0241 (Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2011-0240 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- webkit <undetermined>
@@ -17802,7 +17802,7 @@
CVE-2010-4563 (The Linux kernel, when using IPv6, allows remote attackers to ...)
TODO: check
CVE-2010-4562 (Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-4561
RESERVED
CVE-2010-4560
@@ -26789,7 +26789,7 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=27751
NOTE: http://trac.webkit.org/changeset/58703
CVE-2010-1420 (Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
More information about the Secure-testing-commits
mailing list