[Secure-testing-commits] r17975 - data/CVE

Thijs Kinkhorst thijs at alioth.debian.org
Sun Jan 1 23:07:58 UTC 2012 

Author: thijs
Date: 2012-01-01 23:07:58 +0000 (Sun, 01 Jan 2012)
New Revision: 17975

Modified:
   data/CVE/list
Log:
bugs filed; maradns fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-01 22:56:54 UTC (rev 17974)
+++ data/CVE/list	2012-01-01 23:07:58 UTC (rev 17975)
@@ -1,15 +1,15 @@
-CVE-2011-XXXX
-	- maradns <unfixed>
+CVE-2011-XXXX [maradns dos]
+	- maradns 1.4.09-1
 	[squeeze] - maradns <no-dsa> (Minor issue)
 	[lenny] - maradns <no-dsa> (Minor issue)
 	NOTE: VU#903934
 	NOTE: a DoS that requires being able to do recursive queries. Allowing recursive queries to the general public is already a security issue to begin with, so this issue can better be addressed in a point update.
 CVE-2011-5037 (Google V8 computes hash values for form parameters without restricting ...)
-	- libv8 <unfixed>
+	- libv8 <unfixed> (bug #653962)
 CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...)
-	- ruby-rack <unfixed>
+	- ruby-rack <unfixed> (bug #653962)
 CVE-2011-5035 (Oracle Glassfish 3.1.1 and earlier computes hash values for form ...)
-	- glassfish <unfixed>
+	- glassfish <unfixed> (bug #653964)
 CVE-2011-5034 (Apache Geronimo 2.2.1 and earlier computes hash values for form ...)
 	TODO: check
 	NOTE: It's not clear if this issue is in Geronimo itself,
@@ -27,11 +27,11 @@
 CVE-2011-5028 (Directory traversal vulnerability in novelllogmanager/FileDownload in ...)
 	NOT-FOR-US: Novell Sentinel Log Manager
 CVE-2011-5027 (Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 ...)
-	- zabbix <unfixed>
+	- zabbix <unfixed> (bug #652664)
 CVE-2011-5026 (Cross-site scripting (XSS) vulnerability in Winn GuestBook before ...)
 	NOT-FOR-US: Winn Guestbook
 CVE-2011-5025 (Multiple cross-site scripting (XSS) vulnerabilities in the wiki ...)
-	- yaws <unfixed>
+	- yaws <unfixed> (bug #653966)
 CVE-2011-5024 (Cross-site scripting (XSS) vulnerability in mmsearch/design in the ...)
 	NOT-FOR-US: ht://Dig integration for Mailman
 CVE-2011-5023 (Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows ...)

More information about the Secure-testing-commits mailing list