[Secure-testing-commits] r17975 - data/CVE
Thijs Kinkhorst
thijs at alioth.debian.org
Sun Jan 1 23:07:58 UTC 2012
Author: thijs
Date: 2012-01-01 23:07:58 +0000 (Sun, 01 Jan 2012)
New Revision: 17975
Modified:
data/CVE/list
Log:
bugs filed; maradns fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-01-01 22:56:54 UTC (rev 17974)
+++ data/CVE/list 2012-01-01 23:07:58 UTC (rev 17975)
@@ -1,15 +1,15 @@
-CVE-2011-XXXX
- - maradns <unfixed>
+CVE-2011-XXXX [maradns dos]
+ - maradns 1.4.09-1
[squeeze] - maradns <no-dsa> (Minor issue)
[lenny] - maradns <no-dsa> (Minor issue)
NOTE: VU#903934
NOTE: a DoS that requires being able to do recursive queries. Allowing recursive queries to the general public is already a security issue to begin with, so this issue can better be addressed in a point update.
CVE-2011-5037 (Google V8 computes hash values for form parameters without restricting ...)
- - libv8 <unfixed>
+ - libv8 <unfixed> (bug #653962)
CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...)
- - ruby-rack <unfixed>
+ - ruby-rack <unfixed> (bug #653962)
CVE-2011-5035 (Oracle Glassfish 3.1.1 and earlier computes hash values for form ...)
- - glassfish <unfixed>
+ - glassfish <unfixed> (bug #653964)
CVE-2011-5034 (Apache Geronimo 2.2.1 and earlier computes hash values for form ...)
TODO: check
NOTE: It's not clear if this issue is in Geronimo itself,
@@ -27,11 +27,11 @@
CVE-2011-5028 (Directory traversal vulnerability in novelllogmanager/FileDownload in ...)
NOT-FOR-US: Novell Sentinel Log Manager
CVE-2011-5027 (Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 ...)
- - zabbix <unfixed>
+ - zabbix <unfixed> (bug #652664)
CVE-2011-5026 (Cross-site scripting (XSS) vulnerability in Winn GuestBook before ...)
NOT-FOR-US: Winn Guestbook
CVE-2011-5025 (Multiple cross-site scripting (XSS) vulnerabilities in the wiki ...)
- - yaws <unfixed>
+ - yaws <unfixed> (bug #653966)
CVE-2011-5024 (Cross-site scripting (XSS) vulnerability in mmsearch/design in the ...)
NOT-FOR-US: ht://Dig integration for Mailman
CVE-2011-5023 (Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows ...)
More information about the Secure-testing-commits
mailing list