[Secure-testing-commits] r18567 - data/CVE

Helmut Grohne helmut-guest at alioth.debian.org
Thu Mar 1 20:58:50 UTC 2012 

Author: helmut-guest
Date: 2012-03-01 20:58:50 +0000 (Thu, 01 Mar 2012)
New Revision: 18567

Modified:
   data/CVE/list
Log:
CVE/list update (undetermined, NFUs, changed NFU)

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-02-29 22:10:10 UTC (rev 18566)
+++ data/CVE/list	2012-03-01 20:58:50 UTC (rev 18567)
@@ -2422,9 +2422,9 @@
 CVE-2012-0365 (Directory traversal vulnerability in the Local TFTP file-upload ...)
 	TODO: check
 CVE-2012-0364 (Cisco SRP 520 series devices with firmware before 1.1.26 and SRP ...)
-	TODO: check
+	NOT-FOR-US: Cisco SRP devices
 CVE-2012-0363 (The web interface on Cisco SRP 520 series devices with firmware before ...)
-	TODO: check
+	NOT-FOR-US: Cisco SRP devices
 CVE-2012-0362
 	RESERVED
 CVE-2012-0361
@@ -2470,7 +2470,7 @@
 CVE-2012-0341
 	RESERVED
 CVE-2012-0340 (Cross-site scripting (XSS) vulnerability in the management interface ...)
-	NOT-FOR-US: Advantech Studio
+	NOT-FOR-US: Cisco IronPort Encryption Appliance
 CVE-2012-0339
 	RESERVED
 CVE-2012-0338
@@ -5235,7 +5235,9 @@
 	[lenny] - nginx <no-dsa> (Minor issue)
 	NOTE: http://trac.nginx.org/nginx/changeset/4268/nginx
 CVE-2011-4314 (message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used ...)
-	TODO: check
+	- openid4java <undetermined>
+	- jbossas4 <undetermined>
+	NOTE: jbossas4 may contain an embedded copy as it does not depend on openid4java
 CVE-2011-4313 (query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, ...)
 	{DSA-2347-1}
 	- bind9 1:9.8.1.dfsg.P1-1 (high; bug #649099)
@@ -7677,7 +7679,7 @@
 CVE-2011-3565 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows ...)
 	NOT-FOR-US: Oracle Communications Unified
 CVE-2011-3564 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 ...)
-	TODO: check
+	- glassfish <undetermined>
 CVE-2011-3563 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	{DSA-2420-1}
 	- openjdk-6 6b24-1.11.1-1
@@ -9158,7 +9160,8 @@
 	{DSA-2410-1}
 	- libpng 1.2.46-5 (high; bug #660026)
 CVE-2011-3025 (Google Chrome before 17.0.963.56 does not properly parse H.264 data, ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-3024 (Google Chrome before 17.0.963.56 allows remote attackers to cause a ...)
 	- chromium-browser 17.0.963.56~r121963-1
 	- webkit <undetermined>
@@ -11090,7 +11093,11 @@
 CVE-2011-2394
 	RESERVED
 CVE-2011-2393 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
-	TODO: check
+	- kfreebsd-7 <undetermined>
+	- kfreebsd-8 <undetermined>
+	- kfreebsd-9 <undetermined>
+	- kfreebsd-10 <undetermined>
+	NOTE: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt
 CVE-2011-2392
 	RESERVED
 CVE-2011-2391
@@ -13379,7 +13386,7 @@
 	{DSA-2226-1}
 	- libmodplug 1:0.8.8.2-1 (low; bug #622091)
 CVE-2011-1573 (net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when ...)
-	TODO: check
+	- linux-2.6 <undetermined>
 CVE-2011-1572 (Directory traversal vulnerability in the Admin Defined Commands (ADC) ...)
 	{DSA-2215-1}
 	- gitolite 1.5.7-2
@@ -18288,7 +18295,7 @@
 CVE-2010-4564
 	RESERVED
 CVE-2010-4563 (The Linux kernel, when using IPv6, allows remote attackers to ...)
-	TODO: check
+	- linux-2.6 <undetermined>
 CVE-2010-4562 (Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-4561

More information about the Secure-testing-commits mailing list