[Secure-testing-commits] r18176 - data/CVE

Sun Jan 15 21:14:17 UTC 2012

Author: joeyh
Date: 2012-01-15 21:14:17 +0000 (Sun, 15 Jan 2012)
New Revision: 18176

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-01-15 21:10:42 UTC (rev 18175)
+++ data/CVE/list	2012-01-15 21:14:17 UTC (rev 18176)
@@ -1240,6 +1240,7 @@
 CVE-2011-4920 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, ...)
 	NOT-FOR-US: e107
 CVE-2011-4919 [mpack info disclosure]
+	RESERVED
 	- mpack <unfixed> (low)
 	NOTE: http://openwall.com/lists/oss-security/2011/12/31/1
 CVE-2011-4918
@@ -1256,6 +1257,7 @@
 	NOTE: Minor info leak, unlikely to be fixed upstream
 CVE-2011-4914
 	RESERVED
+	{DSA-2389-1}
 	- linux-2.6 2.6.38-4
 CVE-2011-4913
 	RESERVED
@@ -2513,6 +2515,7 @@
 	RESERVED
 CVE-2011-4622
 	RESERVED
+	{DSA-2389-1}
 	- linux-2.6 <unfixed>
 CVE-2011-4621
 	RESERVED
@@ -2520,6 +2523,7 @@
 CVE-2011-4620 (Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB ...)
 	- plib <unfixed> (bug #654785)
 CVE-2011-4619 (The Server Gated Cryptography (SGC) implementation in OpenSSL before ...)
+	{DSA-2390-1}
 	- openssl 1.0.0f-1 
 CVE-2011-4618
 	RESERVED
@@ -2554,6 +2558,7 @@
 	[squeeze] - icecast2 <no-dsa> (Minor issue)
 CVE-2011-4611
 	RESERVED
+	{DSA-2389-1}
 	- linux-2.6 3.0.0-1
 CVE-2011-4610
 	RESERVED
@@ -2661,6 +2666,7 @@
 	- openssl 1.0.0f-1 (unimportant)
 	NOTE: RFC 3779 support has not been enabled at compile time.
 CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before ...)
+	{DSA-2390-1}
 	- openssl 1.0.0f-1 
 CVE-2011-4575
 	RESERVED
@@ -3229,6 +3235,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=703238
 CVE-2011-4354 [OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys]
 	RESERVED
+	{DSA-2390-1}
 	- openssl 0.9.8o-4squeeze3 (bug #650621)
 	[lenny] - openssl <no-dsa> (Minor issue)
 CVE-2011-4353 [VP5/VP6 DoS]
@@ -3974,6 +3981,7 @@
 	[lenny] - gnutls26 <no-dsa> (Minor issue)
 CVE-2011-4127
 	RESERVED
+	{DSA-2389-1}
 	- libguestfs 1:1.14.8-1
 	- linux-2.6 <unfixed>
 CVE-2011-4126
@@ -4018,10 +4026,13 @@
 	[squeeze] - qemu <not-affected> (Vulnerable CCID code not present)
 CVE-2011-4110
 	RESERVED
+	{DSA-2389-1}
 	- linux-2.6 3.1.4-1
 CVE-2011-4109 (Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when ...)
+	{DSA-2390-1}
 	- openssl 1.0.0c-1
 CVE-2011-4108 (The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f ...)
+	{DSA-2390-1}
 	- openssl 1.0.0f-1 (low; bug #645805)
 	NOTE: http://rt.openssl.org/Ticket/Display.html?id=2625&user=guest&pass=guest
 CVE-2011-4107 (The simplexml_load_string function in the XML import plug-in ...)
@@ -4135,6 +4146,7 @@
 	NOTE: This is arguably a PHP issue, but will probably not be fixed upstream.
 CVE-2011-4077
 	RESERVED
+	{DSA-2389-1}
 	- linux-2.6 3.0.0-6
 CVE-2011-4076
 	RESERVED
@@ -6374,6 +6386,7 @@
 	- evolution-data-server3 3.2.1-1 (bug #641052)
 CVE-2011-3353
 	RESERVED
+	{DSA-2389-1}
 	- linux-2.6 3.1.0~rc4-1~experimental.1 (low)
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in commit 3b463ae0)
 	[squeeze] - linux-2.6 2.6.32-36
@@ -7675,6 +7688,7 @@
 	[lenny] - system-config-printer <no-dsa> (Minor issue)
 CVE-2011-2898
 	RESERVED
+	{DSA-2389-1}
 	- linux-2.6 3.0.0-1
 	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.27)
 CVE-2011-2897
@@ -9576,7 +9590,7 @@
 CVE-2011-2217 (Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) ...)
 	NOT-FOR-US: VMware
 CVE-2011-2213 (The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux ...)
-	{DSA-2310-1}
+	{DSA-2389-1 DSA-2310-1}
 	- linux-2.6 2.6.39-3
 	[squeeze] - linux-2.6 2.6.32-36
 CVE-2011-2212
@@ -9751,6 +9765,7 @@
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
 CVE-2011-2183 [race condition in KSM]
 	RESERVED
+	{DSA-2389-1}
 	- linux-2.6 2.6.39-3 (low)
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
 	[squeeze] - linux-2.6 2.6.32-36
@@ -11444,6 +11459,7 @@
 CVE-2010-4778 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	TODO: check
 CVE-2011-1554 (Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before ...)
+	{DSA-2388-2 DSA-2388-1}
 	- t1lib 5.1.2-3.3
 	[lenny] - t1lib 5.1.2-3+lenny1
 	[squeeze] - t1lib 5.1.2-3+squeeze1
@@ -11451,6 +11467,7 @@
 	- xpdf 3.02-9
 	- poppler <not-affected> (never used t1lib)
 CVE-2011-1553 (Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in ...)
+	{DSA-2388-2 DSA-2388-1}
 	- t1lib 5.1.2-3.3
 	[lenny] - t1lib 5.1.2-3+lenny1
 	[squeeze] - t1lib 5.1.2-3+squeeze1
@@ -11458,6 +11475,7 @@
 	- xpdf 3.02-9
 	- poppler <not-affected> (never used t1lib)
 CVE-2011-1552 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other ...)
+	{DSA-2388-2 DSA-2388-1}
 	- t1lib 5.1.2-3.3
 	[lenny] - t1lib 5.1.2-3+lenny1
 	[squeeze] - t1lib 5.1.2-3+squeeze1
@@ -13888,6 +13906,7 @@
 CVE-2011-0765 (Unspecified vulnerability in lft in pWhois Layer Four Traceroute (LFT) ...)
 	NOT-FOR-US: pWhois Layer Four Traceroute
 CVE-2011-0764 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other ...)
+	{DSA-2388-2 DSA-2388-1}
 	- xpdf 3.02-9
 	- poppler <not-affected> (never used t1lib)
 	- t1lib 5.1.2-3.3
@@ -14832,6 +14851,7 @@
 	- dtc 0.32.10-1
 CVE-2011-0433 [linetoken() buffer overflow]
 	RESERVED
+	{DSA-2388-2 DSA-2388-1}
 	- evince 2.32.0-1 (bug #614668)
 	- vftool 2.0alpha-4.1 (low; bug #614669)
 	[squeeze] - vftool 2.0alpha-4+squeeze1
@@ -21857,7 +21877,7 @@
 	{DSA-2357-1}
 	- evince 2.30.3-2 (bug #609534)
 CVE-2010-2642 (Heap-based buffer overflow in the AFM font parser in the dvi-backend ...)
-	{DSA-2357-1}
+	{DSA-2388-2 DSA-2388-1 DSA-2357-1}
 	- evince 3.0.2-1 (bug #609534)
 	[squeeze] - evince 2.30.3-2+squeeze1
 	- t1lib 5.1.2-3.4


