[Secure-testing-commits] r18239 - data/CVE
Helmut Grohne
helmut-guest at alioth.debian.org
Sat Jan 21 08:48:56 UTC 2012
Author: helmut-guest
Date: 2012-01-21 08:48:56 +0000 (Sat, 21 Jan 2012)
New Revision: 18239
Modified:
data/CVE/list
Log:
libstruts1.2-java, 1 NFU, 2 NOTES
Please have a closer look at CVE-2011-5054 and CVE-2011-5053.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-01-20 21:14:22 UTC (rev 18238)
+++ data/CVE/list 2012-01-21 08:48:56 UTC (rev 18239)
@@ -1021,23 +1021,25 @@
CVE-2012-0395
RESERVED
CVE-2012-0394 (** DISPUTED ** The DebuggingInterceptor component in Apache Struts ...)
- TODO: check
+ - libstruts1.2-java <undetermined>
CVE-2012-0393 (The ParameterInterceptor component in Apache Struts before 2.3.1.1 ...)
- TODO: check
+ - libstruts1.2-java <undetermined>
CVE-2012-0392 (The CookieInterceptor component in Apache Struts before 2.3.1.1 does ...)
- TODO: check
+ - libstruts1.2-java <undetermined>
CVE-2012-0391 (The ExceptionDelegator component in Apache Struts before 2.2.3.1 ...)
- TODO: check
+ - libstruts1.2-java <undetermined>
CVE-2011-5057 (Apache Struts 2.3.1.1 and earlier provides interfaces that do not ...)
- TODO: check
+ - libstruts1.2-java <undetermined>
CVE-2011-5056 (The authoritative server in MaraDNS through 2.0.04 computes hash ...)
- maradns <not-affected> (Only affects 2.x, see #653838)
CVE-2011-5055 (MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without ...)
- maradns <unfixed> (low)
CVE-2011-5054 (kcheckpass passes a user-supplied argument to the pam_start function, ...)
- TODO: check
+ - kdebase-workspace <undetermined>
+ NOTE: the kcheckpass utility is not present in sid
CVE-2011-5053 (The Wi-Fi Protected Setup (WPS) protocol, when the "external ...)
TODO: check
+ NOTE: This vulnerability affects a protocol, not a product. More information can be found at http://www.kb.cert.org/vuls/id/723755. All products listed there are not part of Debian.
CVE-2011-XXXX [glib hashtable dos issues: ocert-2011-003]
- glib2.0 <unfixed> (low; bug #655044)
CVE-2012-0390 (The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain ...)
@@ -4653,6 +4655,7 @@
CVE-2011-4064 (Cross-site scripting (XSS) vulnerability in the setup interface in ...)
- phpmyadmin 4:3.4.6-1 (unimportant)
CVE-2011-4057 (Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other ...)
+ NOT-FOR-US: Wibu-Systems AG CodeMeter Runtime
TODO: check
CVE-2011-4056 (An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix ...)
NOT-FOR-US: Siemens Tecnomatix
More information about the Secure-testing-commits
mailing list