[Secure-testing-commits] r18093 - in data: CVE DSA

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Jan 9 07:02:24 UTC 2012 

Author: jmm
Date: 2012-01-09 07:02:23 +0000 (Mon, 09 Jan 2012)
New Revision: 18093

Modified:
   data/CVE/list
   data/DSA/list
Log:
redmine CVEfied
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-09 06:59:18 UTC (rev 18092)
+++ data/CVE/list	2012-01-09 07:02:23 UTC (rev 18093)
@@ -572,10 +572,16 @@
 	RESERVED
 CVE-2011-4929
 	RESERVED
+	- redmine 1.0.5-1 (bug #608397)
+	NOTE: http://www.redmine.org/news/49
 CVE-2011-4928
 	RESERVED
+	- redmine 1.0.5-1 (bug #608397)
+	NOTE: http://www.redmine.org/news/49
 CVE-2011-4927
 	RESERVED
+	- redmine 1.0.5-1 (bug #608397)
+	NOTE: http://www.redmine.org/news/49
 CVE-2011-4926
 	RESERVED
 CVE-2011-4925
@@ -7526,9 +7532,9 @@
 CVE-2011-2743 (Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and ...)
 	NOT-FOR-US: Chyrp
 CVE-2011-2742 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
 CVE-2011-2741 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
 CVE-2011-2740 (EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when ...)
 	NOT-FOR-US: EMC RSA Key Manager
 CVE-2011-2739 (The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x ...)
@@ -8292,11 +8298,11 @@
 	{DSA-2272-1}
 	- bind9 1:9.8.1.dfsg-1 (high)
 CVE-2011-2463 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 ...)
-	TODO: check
+	NOT-FOR-US: Adobe ColdFusion
 CVE-2011-2462 (Unspecified vulnerability in the U3D component in Adobe Reader and ...)
 	NOT-FOR-US: Adobe Acrobat Reader
 CVE-2011-2461 (Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flex
 CVE-2011-2460 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-2459 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...)
@@ -8424,7 +8430,7 @@
 CVE-2011-2398 (Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, ...)
 	NOT-FOR-US: HP-UX
 CVE-2011-2397 (The Agent service in Iron Mountain Connected Backup 8.4 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Iron Mountain Connected Backup 
 CVE-2011-2396
 	RESERVED
 CVE-2011-2394
@@ -9459,9 +9465,9 @@
 CVE-2011-2020 (Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine ...)
 	NOT-FOR-US: TIBCO iProcess Engine
 CVE-2011-2019 (Untrusted search path vulnerability in Microsoft Internet Explorer 9 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-2018 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows XP
 CVE-2011-2017
 	RESERVED
 CVE-2011-2016 (Untrusted search path vulnerability in Windows Mail and Windows ...)
@@ -9477,7 +9483,7 @@
 CVE-2011-2011 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-2010 (The Microsoft Office Input Method Editor (IME) for Simplified Chinese ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2011-2009 (Untrusted search path vulnerability in Windows Media Center in ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-2008 (Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and ...)
@@ -9513,7 +9519,7 @@
 CVE-2011-1993 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1992 (The XSS Filter in Microsoft Internet Explorer 8 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1991 (Multiple untrusted search path vulnerabilities in Microsoft Windows XP ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-1990 (Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; ...)
@@ -9531,7 +9537,7 @@
 CVE-2011-1984 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-1983 (Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2011-1982 (Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize ...)
 	NOT-FOR-US: Microsoft Office
 CVE-2011-1981
@@ -10893,7 +10899,7 @@
 CVE-2011-1514 (The inet service in HP OpenView Storage Data Protector 6.00 through ...)
 	NOT-FOR-US: HP OpenView
 CVE-2011-1513 (Static code injection vulnerability in install_.php in e107 CMS 0.7.24 ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2011-1512 (Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used ...)
 	NOT-FOR-US: Autonomy KeyView
 CVE-2011-1511 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
@@ -10903,7 +10909,7 @@
 CVE-2011-1509 (The encryptPassword function in Login.js in ManageEngine ServiceDesk ...)
 	NOT-FOR-US: ManageEngine ServiceDesk Plus
 CVE-2011-1508 (Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Publisher
 CVE-2011-1507 (Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, ...)
 	{DSA-2225-1}
 	- asterisk 1:1.8.3.3-1
@@ -13617,9 +13623,6 @@
 	- ffmpeg <removed> (low; bug #611495)
 	- ffmpeg-debian <removed>
 	NOTE: this is a crash found by fuzzing and not clearly exploitable (can be combined with other fixes so low urgency)
-CVE-2010-XXXX
-	- redmine 1.0.5-1 (bug #608397)
-	NOTE: http://www.redmine.org/news/49
 CVE-2011-XXXX [shibboleth Single TransientID Mapped to Multiple Principals]
 	NOTE: Not packaged in Debian, separate package Shibboleth IdP
 	NOTE: http://shibboleth.internet2.edu/secadv/secadv_20110113.txt

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2012-01-09 06:59:18 UTC (rev 18092)
+++ data/DSA/list	2012-01-09 07:02:23 UTC (rev 18093)
@@ -450,6 +450,7 @@
 	{CVE-2011-4133 CVE-2011-4278 CVE-2011-4283 CVE-2011-4286 CVE-2011-4288 CVE-2011-4290}
 	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze1
 [15 Jun 2011] DSA-2261-1 redmine - several
+	{CVE-2011-4927 CVE-2011-4928 CVE-2011-4929}
 	[squeeze] - redmine 1.0.1-2
 [14 Jun 2011] DSA-2260-1 rails - several
 	{CVE-2009-3086 CVE-2009-4214}

More information about the Secure-testing-commits mailing list