[Secure-testing-commits] r19322 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri May 25 21:14:33 UTC 2012
Author: joeyh
Date: 2012-05-25 21:14:32 +0000 (Fri, 25 May 2012)
New Revision: 19322
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-05-25 09:14:42 UTC (rev 19321)
+++ data/CVE/list 2012-05-25 21:14:32 UTC (rev 19322)
@@ -1,3 +1,7 @@
+CVE-2012-2934
+ RESERVED
+CVE-2012-2933
+ RESERVED
CVE-2012-2932
RESERVED
CVE-2012-2931
@@ -2208,8 +2212,8 @@
RESERVED
CVE-2012-2043
RESERVED
-CVE-2012-2042
- RESERVED
+CVE-2012-2042 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...)
+ TODO: check
CVE-2012-2041
RESERVED
CVE-2012-2040
@@ -10034,12 +10038,10 @@
CVE-2011-4082
RESERVED
- phpldapadmin 0.9.8-1
-CVE-2011-4081 [CRYPTO_GHASH issue]
- RESERVED
+CVE-2011-4081 (crypto/ghash-generic.c in the Linux kernel before 3.1 allows local ...)
- linux-2.6 3.0.0-6
[squeeze] - linux-2.6 <not-affected> (CRYPTO_GHASH Introduced in 2.6.32)
-CVE-2011-4080
- RESERVED
+CVE-2011-4080 (The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux ...)
- linux-2.6 2.6.39-1
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd)
[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd)
@@ -12338,8 +12340,7 @@
TODO: File bugs
CVE-2011-3364 (Incomplete blacklist vulnerability in the svEscape function in ...)
- network-manager-applet <not-affected> (ifcfg-rh plugin not built/included in Debian)
-CVE-2011-3363
- RESERVED
+CVE-2011-3363 (The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel ...)
- linux-2.6 2.6.39-1
[squeeze] - linux-2.6 2.6.32-34
[lenny] - linux-2.6 <not-affected> (vulnerability introduced in commit 1bfe73c2)
@@ -12358,8 +12359,7 @@
{DSA-2324-1}
- wireshark 1.6.2-1 (low)
NOTE: http://www.wireshark.org/security/wnpa-sec-2011-15.html
-CVE-2011-3359
- RESERVED
+CVE-2011-3359 (The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux ...)
- linux-2.6 2.6.39-1
[squeeze] - linux-2.6 2.6.32-34
[lenny] - linux-2.6 <not-affected> (b43 allocate recieve buffer is 2404 bytes, which is already larger than the upstream fix of increasing it to 2382 bytes)
@@ -12377,8 +12377,7 @@
CVE-2011-3355
RESERVED
- evolution-data-server3 3.2.1-1 (bug #641052)
-CVE-2011-3353
- RESERVED
+CVE-2011-3353 (Buffer overflow in the fuse_notify_inval_entry function in ...)
{DSA-2389-1}
- linux-2.6 3.1.0~rc4-1~experimental.1 (low)
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in commit 3b463ae0)
@@ -12808,8 +12807,7 @@
CVE-2011-3192 (The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through ...)
{DSA-2298-1}
- apache2 2.2.19-2
-CVE-2011-3191
- RESERVED
+CVE-2011-3191 (Integer signedness error in the CIFSFindNext function in ...)
{DSA-2310-1 DSA-2303-1}
- linux-2.6 3.0.0-5
CVE-2011-3190 (Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 ...)
@@ -12821,8 +12819,7 @@
- php5 5.3.8-1
[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
[lenny] - php5 <not-affected> (Introduced in 5.3.7)
-CVE-2011-3188
- RESERVED
+CVE-2011-3188 (The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before ...)
{DSA-2310-1 DSA-2303-1}
- linux-2.6 3.0.0-2
CVE-2011-3187 (The to_s method in ...)
@@ -13062,32 +13059,32 @@
RESERVED
CVE-2011-3116
RESERVED
-CVE-2011-3115
- RESERVED
-CVE-2011-3114
- RESERVED
-CVE-2011-3113
- RESERVED
-CVE-2011-3112
- RESERVED
-CVE-2011-3111
- RESERVED
-CVE-2011-3110
- RESERVED
-CVE-2011-3109
- RESERVED
-CVE-2011-3108
- RESERVED
-CVE-2011-3107
- RESERVED
-CVE-2011-3106
- RESERVED
-CVE-2011-3105
- RESERVED
-CVE-2011-3104
- RESERVED
-CVE-2011-3103
- RESERVED
+CVE-2011-3115 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...)
+ TODO: check
+CVE-2011-3114 (Multiple buffer overflows in the PDF functionality in Google Chrome ...)
+ TODO: check
+CVE-2011-3113 (The PDF functionality in Google Chrome before 19.0.1084.52 does not ...)
+ TODO: check
+CVE-2011-3112 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...)
+ TODO: check
+CVE-2011-3111 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...)
+ TODO: check
+CVE-2011-3110 (The PDF functionality in Google Chrome before 19.0.1084.52 allows ...)
+ TODO: check
+CVE-2011-3109 (Google Chrome before 19.0.1084.52 on Linux does not properly perform a ...)
+ TODO: check
+CVE-2011-3108 (Use-after-free vulnerability in Google Chrome before 19.0.1084.52 ...)
+ TODO: check
+CVE-2011-3107 (Google Chrome before 19.0.1084.52 does not properly implement ...)
+ TODO: check
+CVE-2011-3106 (The WebSockets implementation in Google Chrome before 19.0.1084.52 ...)
+ TODO: check
+CVE-2011-3105 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...)
+ TODO: check
+CVE-2011-3104 (Skia, as used in Google Chrome before 19.0.1084.52, allows remote ...)
+ TODO: check
+CVE-2011-3103 (Google V8, as used in Google Chrome before 19.0.1084.52, does not ...)
+ TODO: check
CVE-2011-3102 (Off-by-one error in libxml2, as used in Google Chrome before ...)
{DSA-2479-1}
- libxml2 <unfixed>
@@ -13678,8 +13675,7 @@
CVE-2011-2919
RESERVED
NOT-FOR-US: Red Hat Network Satellite server
-CVE-2011-2918
- RESERVED
+CVE-2011-2918 (The Performance Events subsystem in the Linux kernel before 3.1 does ...)
{DSA-2303-1}
- linux-2.6 3.0.0-2
[lenny] - linux-2.6 <not-affected> (perf not yet present)
@@ -13723,8 +13719,7 @@
CVE-2011-2907 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource ...)
- torque 2.4.15+dfsg-1
[squeeze] - torque <no-dsa> (Not fixable, would need an update to a release with MUNGE support, clusters typically run in locked down environments)
-CVE-2011-2906
- RESERVED
+CVE-2011-2906 (Integer signedness error in the pmcraid_ioctl_passthrough function in ...)
NOT-FOR-US: ** REJECT **
CVE-2011-2905
RESERVED
@@ -13752,8 +13747,7 @@
- system-config-printer <unfixed> (low; bug #639243)
[squeeze] - system-config-printer <no-dsa> (Minor issue)
[lenny] - system-config-printer <no-dsa> (Minor issue)
-CVE-2011-2898
- RESERVED
+CVE-2011-2898 (net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not ...)
{DSA-2389-1}
- linux-2.6 3.0.0-1
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.27)
@@ -14414,8 +14408,7 @@
CVE-2011-2708
REJECTED
NOTE: duplicate of CVE-2011-2710, will be rejected
-CVE-2011-2707
- RESERVED
+CVE-2011-2707 (The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the ...)
- linux-2.6 <not-affected> (xtensa arch not used in Debian)
CVE-2011-2706
RESERVED
@@ -14443,8 +14436,7 @@
{DSA-2303-1}
- linux-2.6 3.0.0-1
[lenny] - linux-2.6 <not-affected> (Driver introduced in 2.6.32)
-CVE-2011-2699
- RESERVED
+CVE-2011-2699 (The IPv6 implementation in the Linux kernel before 3.1 does not ...)
- linux-2.6 3.0.0-2
[squeeze] - linux-2.6 2.6.32-40
CVE-2011-2698 (Off-by-one error in the elem_cell_id_aux function in ...)
@@ -14907,8 +14899,7 @@
CVE-2011-2522 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
{DSA-2290-1}
- samba 2:3.5.10~dfsg-1 (low)
-CVE-2011-2521
- RESERVED
+CVE-2011-2521 (The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c ...)
- linux-2.6 2.6.39-1 (low)
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -14920,13 +14911,11 @@
NOTE: Possibly fixed earlier than 3.2.1-2, but that's the version in oldstable, which
NOTE: was checked to contain http://xenbits.xen.org/hg/xen-3.1-testing.hg/rev/15644
- xen <not-affected> (Only affects older Xen 3 releases)
-CVE-2011-2518
- RESERVED
+CVE-2011-2518 (The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux ...)
- linux-2.6 2.6.39-3 (low)
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2011-2517
- RESERVED
+CVE-2011-2517 (Multiple buffer overflows in net/wireless/nl80211.c in the Linux ...)
{DSA-2303-1}
- linux-2.6 2.6.39-3 (unimportant)
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list