[Secure-testing-commits] r18239 - data/CVE

Helmut Grohne helmut-guest at alioth.debian.org
Sat Jan 21 08:48:56 UTC 2012


Author: helmut-guest
Date: 2012-01-21 08:48:56 +0000 (Sat, 21 Jan 2012)
New Revision: 18239

Modified:
   data/CVE/list
Log:
libstruts1.2-java, 1 NFU, 2 NOTES

Please have a closer look at CVE-2011-5054 and CVE-2011-5053.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-20 21:14:22 UTC (rev 18238)
+++ data/CVE/list	2012-01-21 08:48:56 UTC (rev 18239)
@@ -1021,23 +1021,25 @@
 CVE-2012-0395
 	RESERVED
 CVE-2012-0394 (** DISPUTED ** The DebuggingInterceptor component in Apache Struts ...)
-	TODO: check
+	- libstruts1.2-java <undetermined>
 CVE-2012-0393 (The ParameterInterceptor component in Apache Struts before 2.3.1.1 ...)
-	TODO: check
+	- libstruts1.2-java <undetermined>
 CVE-2012-0392 (The CookieInterceptor component in Apache Struts before 2.3.1.1 does ...)
-	TODO: check
+	- libstruts1.2-java <undetermined>
 CVE-2012-0391 (The ExceptionDelegator component in Apache Struts before 2.2.3.1 ...)
-	TODO: check
+	- libstruts1.2-java <undetermined>
 CVE-2011-5057 (Apache Struts 2.3.1.1 and earlier provides interfaces that do not ...)
-	TODO: check
+	- libstruts1.2-java <undetermined>
 CVE-2011-5056 (The authoritative server in MaraDNS through 2.0.04 computes hash ...)
 	- maradns <not-affected> (Only affects 2.x, see #653838)
 CVE-2011-5055 (MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without ...)
 	- maradns <unfixed> (low)
 CVE-2011-5054 (kcheckpass passes a user-supplied argument to the pam_start function, ...)
-	TODO: check
+	- kdebase-workspace <undetermined>
+	NOTE: the kcheckpass utility is not present in sid
 CVE-2011-5053 (The Wi-Fi Protected Setup (WPS) protocol, when the "external ...)
 	TODO: check
+	NOTE: This vulnerability affects a protocol, not a product. More information can be found at http://www.kb.cert.org/vuls/id/723755. All products listed there are not part of Debian.
 CVE-2011-XXXX [glib hashtable dos issues: ocert-2011-003]
 	- glib2.0 <unfixed> (low; bug #655044)
 CVE-2012-0390 (The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain ...)
@@ -4653,6 +4655,7 @@
 CVE-2011-4064 (Cross-site scripting (XSS) vulnerability in the setup interface in ...)
 	- phpmyadmin 4:3.4.6-1 (unimportant)
 CVE-2011-4057 (Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other ...)
+	NOT-FOR-US: Wibu-Systems AG CodeMeter Runtime
 	TODO: check
 CVE-2011-4056 (An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix ...)
 	NOT-FOR-US: Siemens Tecnomatix




More information about the Secure-testing-commits mailing list