[Secure-testing-commits] r19155 - data/CVE
Helmut Grohne
helmut-guest at alioth.debian.org
Sun May 6 12:16:10 UTC 2012
Author: helmut-guest
Date: 2012-05-06 12:16:10 +0000 (Sun, 06 May 2012)
New Revision: 19155
Modified:
data/CVE/list
Log:
NFUs, <itp>s, gallery2 <undetermined>, vlc filed
Note that owncloud and hadoop do have ITPs. They are no longer NFUs.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-05-05 19:27:15 UTC (rev 19154)
+++ data/CVE/list 2012-05-06 12:16:10 UTC (rev 19155)
@@ -90,7 +90,7 @@
CVE-2012-2406
RESERVED
CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement ...)
- TODO: check
+ - gallery2 <undetermined>
CVE-2012-2404 (wp-comments-post.php in WordPress before 3.3.2 supports offsite ...)
- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2403 (wp-includes/formatting.php in WordPress before 3.3.2 attempts to ...)
@@ -213,11 +213,11 @@
{DSA-2460-1}
- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
CVE-2012-2398 (Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ...)
- NOT-FOR-US: ownCloud
+ - owncloud <itp> (bug #648674)
CVE-2012-2397 (Cross-site request forgery (CSRF) vulnerability in ownCloud 3.0.2 ...)
- NOT-FOR-US: ownCloud
+ - owncloud <itp> (bug #648674)
CVE-2012-2396 (VideoLAN VLC media player 2.0.1 allows remote attackers to cause a ...)
- TODO: check
+ - vlc <unfixed> (bug #671727)
CVE-2012-2395
RESERVED
CVE-2012-2394
@@ -491,9 +491,9 @@
CVE-2012-2271
RESERVED
CVE-2012-2270 (Open redirect vulnerability in index.php (aka the Login Page) in ...)
- NOT-FOR-US: ownCloud
+ - owncloud <itp> (bug #648674)
CVE-2012-2269 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 3.0.0 ...)
- NOT-FOR-US: ownCloud
+ - owncloud <itp> (bug #648674)
CVE-2011-5089 (Buffer overflow in the Security Login ActiveX controls in ICONICS ...)
NOT-FOR-US: ICONICS, BizViz
CVE-2011-5088 (The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 ...)
@@ -571,7 +571,7 @@
CVE-2012-2235
RESERVED
CVE-2012-2234 (Cross-site scripting (XSS) vulnerability in sources/users.queries.php ...)
- TODO: check
+ NOT-FOR-US: TeamPass.net
CVE-2012-2233
RESERVED
CVE-2012-2232
@@ -2148,7 +2148,7 @@
CVE-2012-1575 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before ...)
NOT-FOR-US: cumin
CVE-2012-1574 (The Kerberos/MapReduce security functionality in Apache Hadoop ...)
- NOT-FOR-US: Apache Hadoop
+ - hadoop <itp> (bug #535861)
CVE-2012-1573 (gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before ...)
{DSA-2441-1}
- gnutls26 2.12.18-1 (high)
@@ -4194,13 +4194,13 @@
CVE-2012-0744
RESERVED
CVE-2012-0743 (IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Directory Server
CVE-2012-0742 (IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and ...)
NOT-FOR-US: IBM Tivoli Event Pump
CVE-2012-0741
RESERVED
CVE-2012-0740 (Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Directory Server
CVE-2012-0739
RESERVED
CVE-2012-0738
@@ -4228,11 +4228,11 @@
CVE-2012-0727
RESERVED
CVE-2012-0726 (The default configuration of TLS in IBM Tivoli Directory Server (TDS) ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Directory Server
CVE-2012-0725 (Adobe Flash Player before 11.2.202.229 in Google Chrome before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2012-0724 (Adobe Flash Player before 11.2.202.229 in Google Chrome before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2012-0723
RESERVED
CVE-2012-0722
@@ -4264,7 +4264,7 @@
CVE-2012-0709 (IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not ...)
NOT-FOR-US: IBM DB2
CVE-2012-0708 (Heap-based buffer overflow in the Ole API in the CQOle ActiveX control ...)
- TODO: check
+ NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-0707 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi ...)
NOT-FOR-US: IBM WebSphere
CVE-2012-0706
@@ -5106,9 +5106,9 @@
CVE-2012-0408
RESERVED
CVE-2012-0407 (Integer overflow in the DPA_Utilities library in EMC Data Protection ...)
- TODO: check
+ NOT-FOR-US: emc.com Data Protection Advisor
CVE-2012-0406 (The DPA_Utilities.cProcessAuthenticationData function in EMC Data ...)
- TODO: check
+ NOT-FOR-US: emc.com Data Protection Advisor
CVE-2012-0405
RESERVED
CVE-2012-0404 (Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom ...)
@@ -6028,13 +6028,13 @@
CVE-2011-4884
RESERVED
CVE-2011-4883 (The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 ...)
- TODO: check
+ NOT-FOR-US: atvise.com webMI
CVE-2011-4882 (The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 ...)
- TODO: check
+ NOT-FOR-US: atvise.com webMI
CVE-2011-4881 (The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 ...)
- TODO: check
+ NOT-FOR-US: atvise.com webMI
CVE-2011-4880 (Directory traversal vulnerability in the web server in Certec atvise ...)
- TODO: check
+ NOT-FOR-US: atvise.com webMI
CVE-2011-4879 (miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, ...)
NOT-FOR-US: Siemens WinCC
CVE-2011-4878 (Directory traversal vulnerability in miniweb.exe in the HMI web server ...)
@@ -6052,7 +6052,7 @@
CVE-2011-4872 (Multiple HTC Android devices including Desire HD FRG83D and GRI40, ...)
NOT-FOR-US: Android devices
CVE-2011-4871 (Open Automation Software OPC Systems.NET before 5.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: opcsystems.com
CVE-2011-4870 (Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and ...)
NOT-FOR-US: Invensys Wonderware
CVE-2011-4869 (validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly ...)
@@ -6450,7 +6450,7 @@
CVE-2012-0135 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
NOT-FOR-US: HP System Management Homepage
CVE-2012-0134 (Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, ...)
- TODO: check
+ NOT-FOR-US: HP OpenVMS
CVE-2012-0133 (HP ProCurve 5400 zl switches with certain serial numbers include a ...)
NOT-FOR-US: HP ProCurve
CVE-2012-0132 (Cross-site scripting (XSS) vulnerability in HP Business Availability ...)
@@ -13926,7 +13926,7 @@
[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.38)
[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.38)
CVE-2011-2478 (Google SketchUp before 8 does not properly handle edge geometry in ...)
- TODO: check
+ NOT-FOR-US: Google SketchUp
CVE-2011-2470 (Cross-site scripting (XSS) vulnerability in chat/base/admin/login.php ...)
NOT-FOR-US: A Really Simple Chat
CVE-2011-2469
More information about the Secure-testing-commits
mailing list