[Secure-testing-commits] r25677 - data/CVE

Joey Hess joeyh at moszumanska.debian.org
Tue Feb 11 09:15:02 UTC 2014


Author: joeyh
Date: 2014-02-11 09:15:02 +0000 (Tue, 11 Feb 2014)
New Revision: 25677

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-02-11 07:43:06 UTC (rev 25676)
+++ data/CVE/list	2014-02-11 09:15:02 UTC (rev 25677)
@@ -1,4 +1,87 @@
+CVE-2014-1929
+	RESERVED
+CVE-2014-1926
+	RESERVED
+CVE-2014-1920
+	RESERVED
+CVE-2014-1919
+	RESERVED
+CVE-2014-1918
+	RESERVED
+CVE-2014-1917
+	RESERVED
+CVE-2014-1916 (The (1) opus_packet_get_nb_frames and (2) ...)
+	TODO: check
+CVE-2014-1915 (Multiple cross-site request forgery (CSRF) vulnerabilities in Command ...)
+	TODO: check
+CVE-2014-1914 (Multiple cross-site scripting (XSS) vulnerabilities in Command School ...)
+	TODO: check
+CVE-2014-1913
+	RESERVED
+CVE-2014-1912
+	RESERVED
+CVE-2014-1911
+	RESERVED
+CVE-2014-1910
+	RESERVED
+CVE-2014-1908
+	RESERVED
+CVE-2014-1907
+	RESERVED
+CVE-2014-1906
+	RESERVED
+CVE-2014-1905
+	RESERVED
+CVE-2014-1904
+	RESERVED
+CVE-2014-1903
+	RESERVED
+CVE-2014-1902
+	RESERVED
+CVE-2014-1901
+	RESERVED
+CVE-2014-1900
+	RESERVED
+CVE-2014-1899
+	RESERVED
+CVE-2014-1898
+	RESERVED
+CVE-2014-1897
+	RESERVED
+CVE-2014-1890
+	RESERVED
+CVE-2014-1889
+	RESERVED
+CVE-2014-1888
+	RESERVED
+CVE-2014-1880
+	RESERVED
+CVE-2014-1879
+	RESERVED
+CVE-2014-1878
+	RESERVED
+CVE-2014-1873
+	RESERVED
+CVE-2014-1872
+	RESERVED
+CVE-2014-1871
+	RESERVED
+CVE-2014-1870 (Opera before 19 on Mac OS X allows user-assisted remote attackers to ...)
+	TODO: check
+CVE-2014-1869 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2013-7321 (Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access ...)
+	TODO: check
+CVE-2013-7320 (Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 ...)
+	TODO: check
+CVE-2013-7319 (Cross-site scripting (XSS) vulnerability in the Download Manager ...)
+	TODO: check
+CVE-2012-6637
+	RESERVED
+CVE-2012-6636
+	RESERVED
 CVE-2013-7322 [OTP token invalidation]
+	RESERVED
 	- oath-toolkit <unfixed> (low; bug #738515)
 	[wheezy] - oath-toolkit <no-dsa> (Minor issue)
 	NOTE: http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html
@@ -19,54 +102,75 @@
 CVE-2014-1932 [insecure use of /tmp]
 	- pillow <unfixed> (bug #737059)
 CVE-2014-1928 [Erroneous insertion of a \ character]
+	RESERVED
 	- python-gnupg <unfixed> (bug #738509)
 CVE-2014-1927 [Erroneous assumptions about the usability of " characters]
+	RESERVED
 	- python-gnupg <unfixed> (bug #738509)
 CVE-2014-1925 [SQL injection]
+	RESERVED
 	- koha <itp> (bug #702134)
 CVE-2014-1924 [MARC framework import/export function did not require authentication]
+	RESERVED
 	- koha <itp> (bug #702134)
 CVE-2014-1923 [arbitrary file write trough edithelp.pl]
+	RESERVED
 	- koha <itp> (bug #702134)
 CVE-2014-1922 [path traversal]
+	RESERVED
 	- koha <itp> (bug #702134)
 CVE-2014-1921 [possible correlation between key fetches]
+	RESERVED
 	- parcimonie 0.8.1-1 (bug #738134)
 CVE-2014-1909
+	RESERVED
 	NOT-FOR-US: Android SDK Tools
 CVE-2014-1896 [XSA-86 libvchan failure handling malicious ring indexes]
+	RESERVED
 	- xen <unfixed>
 	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
 	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
 CVE-2014-1895 [XSA-85 Off-by-one error in FLASK_AVC_CACHESTAT hypercall]
+	RESERVED
 	- xen <unfixed>
 	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
 	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
 CVE-2014-1894 [XSA-84]
+	RESERVED
 	- xen <not-affected> (XSM not enabled in build)
 	NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
 CVE-2014-1893 [XSA-84]
+	RESERVED
 	- xen <not-affected> (XSM not enabled in build)
 	NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
 CVE-2014-1892 [XSA-84]
+	RESERVED
 	- xen <not-affected> (XSM not enabled in build)
 	NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
 CVE-2014-1891 [XSA-84]
+	RESERVED
 	- xen <not-affected> (XSM not enabled in build)
 	NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
 CVE-2014-1887
+	RESERVED
 	NOT-FOR-US: Apache Cordova
 CVE-2014-1886
+	RESERVED
 	NOT-FOR-US: Apache Cordova
 CVE-2014-1885
+	RESERVED
 	NOT-FOR-US: Apache Cordova
 CVE-2014-1884
+	RESERVED
 	NOT-FOR-US: Apache Cordova
 CVE-2014-1883
+	RESERVED
 	NOT-FOR-US: Apache Cordova
 CVE-2014-1882
+	RESERVED
 	NOT-FOR-US: Apache Cordova
 CVE-2014-1881
+	RESERVED
 	NOT-FOR-US: Apache Cordova
 CVE-2014-1868
 	RESERVED
@@ -142,15 +246,19 @@
 	NOTE: http://bugs.python.org/issue20246
 	TODO: check
 CVE-2014-1877 [Multiple Stored XSS]
+	RESERVED
 	NOT-FOR-US: Dokeos
 CVE-2014-1876 [insecure temp file handling]
+	RESERVED
 	- openjdk-7 <unfixed> (bug #737562)
 	- openjdk-6 <unfixed>
 CVE-2014-1875 [insecure use of /tmp]
+	RESERVED
 	- libcapture-tiny-perl 0.24-1 (bug #737835)
 	[wheezy] - libcapture-tiny-perl <no-dsa> (Minor issue)
 	[squeeze] - libcapture-tiny-perl <no-dsa> (Minor issue)
 CVE-2014-1874 [SELinux local DoS]
+	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	TODO: check
@@ -505,18 +613,18 @@
 	RESERVED
 CVE-2014-1700
 	RESERVED
-CVE-2014-1699
-	RESERVED
+CVE-2014-1699 (Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote ...)
 	NOT-FOR-US: Siemens SIMATIC
-CVE-2014-1698
-	RESERVED
-CVE-2014-1697
-	RESERVED
-CVE-2014-1696
-	RESERVED
+CVE-2014-1698 (Directory traversal vulnerability in Siemens SIMATIC WinCC OA before ...)
+	TODO: check
+CVE-2014-1697 (The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 ...)
+	TODO: check
+CVE-2014-1696 (Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash ...)
+	TODO: check
 CVE-2014-1695
 	RESERVED
 CVE-2013-7323 [Unrestricted use of unquoted strings in a shell]
+	RESERVED
 	- python-gnupg <unfixed> (bug #738509)
 CVE-2013-7318 (Cross-site scripting (XSS) vulnerability in BusinessFlow/login in ...)
 	NOT-FOR-US: AlgoSec Firewall Analyzer
@@ -600,8 +708,8 @@
 	RESERVED
 CVE-2014-1665
 	RESERVED
-CVE-2014-1663
-	RESERVED
+CVE-2014-1663 (Unspecified vulnerability in Citrix XenMobile Device Manager server ...)
+	TODO: check
 CVE-2014-1662
 	RESERVED
 CVE-2014-1661
@@ -640,8 +748,8 @@
 	RESERVED
 CVE-2014-1644
 	RESERVED
-CVE-2014-1643
-	RESERVED
+CVE-2014-1643 (The Web Email Protection component in Symantec Encryption Management ...)
+	TODO: check
 CVE-2013-7317 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before ...)
 	NOT-FOR-US: CS-Cart
 CVE-2013-7316 (Cross-site scripting (XSS) vulnerability in GitLab 6.0 allows remote ...)
@@ -2134,8 +2242,8 @@
 	RESERVED
 CVE-2014-0823
 	RESERVED
-CVE-2014-0822
-	RESERVED
+CVE-2014-0822 (The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x ...)
+	TODO: check
 CVE-2014-0821
 	RESERVED
 CVE-2014-0820
@@ -2148,8 +2256,8 @@
 	RESERVED
 CVE-2014-0816
 	RESERVED
-CVE-2014-0815
-	RESERVED
+CVE-2014-0815 (The intent: URL implementation in Opera before 18 on Android allows ...)
+	TODO: check
 CVE-2014-0814
 	RESERVED
 CVE-2014-0813
@@ -2598,8 +2706,7 @@
 	RESERVED
 CVE-2014-0623
 	RESERVED
-CVE-2014-0622
-	RESERVED
+CVE-2014-0622 (The web service in EMC Documentum Foundation Services (DFS) 6.5 ...)
 	NOT-FOR-US: EMC Documentum Foundation Services
 CVE-2014-0621 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	NOT-FOR-US: Technicolor TC7200 STD6.01.12
@@ -3511,8 +3618,7 @@
 	RESERVED
 CVE-2013-7131
 	RESERVED
-CVE-2013-7130 [Live migration can leak root disk into ephemeral storage]
-	RESERVED
+CVE-2013-7130 (The i_create_images_and_backing (aka create_images_and_backing) method ...)
 	- nova <unfixed> (bug #736465)
 	NOTE: https://bugs.launchpad.net/nova/+bug/1251590
 CVE-2013-7129 (Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme ...)
@@ -3894,8 +4000,8 @@
 	RESERVED
 CVE-2014-0331
 	RESERVED
-CVE-2014-0330
-	RESERVED
+CVE-2014-0330 (Cross-site scripting (XSS) vulnerability in adminui/user_list.php on ...)
+	TODO: check
 CVE-2014-0329 (The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded ...)
 	TODO: check
 CVE-2014-0328
@@ -4772,13 +4878,11 @@
 	RESERVED
 CVE-2014-0046
 	RESERVED
-CVE-2014-0045
-	RESERVED
+CVE-2014-0045 (The needSamples method in AudioOutputSpeech.cpp in the client in ...)
 	{DSA-2854-1}
 	- mumble 1.2.4-0.2 (bug #737739)
 	[squeeze] - mumble <not-affected> (Opus support not present)
-CVE-2014-0044
-	RESERVED
+CVE-2014-0044 (The opus_packet_get_samples_per_frame function in client in Mumble ...)
 	{DSA-2854-1}
 	- mumble 1.2.4-0.2 (bug #737739)
 	[squeeze] - mumble <not-affected> (Opus support not present)
@@ -4793,14 +4897,12 @@
 CVE-2014-0040
 	RESERVED
 	NOT-FOR-US: openstack-heat-templates
-CVE-2014-0039 [configuration file can be loaded from cwd when run as a non-root user]
-	RESERVED
+CVE-2014-0039 (Untrusted search path vulnerability in fwsnort before 1.6.4, when not ...)
 	- fwsnort <unfixed> (low; bug #737495)
 	[wheezy] - fwsnort <no-dsa> (Minor issue)
 	[squeeze] - fwsnort <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348
-CVE-2014-0038 [arbitrary write with CONFIG_X86_X32]
-	RESERVED
+CVE-2014-0038 (The compat_sys_recvmmsg function in net/compat.c in the Linux kernel ...)
 	- linux <unfixed> (unimportant)
 	- linux-2.6 <not-affected> (Introduced in 3.4+)
 	NOTE: introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/compat.c?id=ee4fa23c4bfcc635d077a9633d405610de45bc70
@@ -4849,8 +4951,7 @@
 	- chrony 1.29.1-1 (low; bug #737644)
 	[squeeze] - chrony <no-dsa> (Minor issue)
 	[wheezy] - chrony <no-dsa> (Minor issue)
-CVE-2014-0020
-	RESERVED
+CVE-2014-0020 (The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
 	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
@@ -5927,67 +6028,55 @@
 	NOT-FOR-US: Pirhana
 CVE-2013-6491 (The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo ...)
 	- nova <unfixed>
-CVE-2013-6490
-	RESERVED
+CVE-2013-6490 (The SIMPLE protocol functionality in Pidgin before 2.10.8 allows ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
 	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
-CVE-2013-6489
-	RESERVED
+CVE-2013-6489 (Integer signedness error in the MXit functionality in Pidgin before ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
 	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
 CVE-2013-6488
 	REJECTED
-CVE-2013-6487
-	RESERVED
+CVE-2013-6487 (Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu ...)
 	{DSA-2859-1 DSA-2852-1}
 	- pidgin 2.10.8-1
 	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
 	- libgadu 1:1.11.3-1
-CVE-2013-6486
-	RESERVED
+CVE-2013-6486 (gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted ...)
 	- pidgin <not-affected> (Windows-specific)
-CVE-2013-6485
-	RESERVED
+CVE-2013-6485 (Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
 	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
-CVE-2013-6484
-	RESERVED
+CVE-2013-6484 (The STUN protocol implementation in libpurple in Pidgin before 2.10.8 ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
 	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
-CVE-2013-6483
-	RESERVED
+CVE-2013-6483 (The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
 	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
-CVE-2013-6482
-	RESERVED
+CVE-2013-6482 (Pidgin before 2.10.8 allows remote MSN servers to cause a denial of ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
 	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
-CVE-2013-6481
-	RESERVED
+CVE-2013-6481 (libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
 	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
 CVE-2013-6480 (Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter ...)
 	- python-libcloud <not-affected> (affects 0.12.3 to 0.13.3)
 	NOTE: version prior to 0.12.3 don't include a DigitalOcean driver
-CVE-2013-6479
-	RESERVED
+CVE-2013-6479 (util.c in libpurple in Pidgin before 2.10.8 does not properly allocate ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
 	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
-CVE-2013-6478
-	RESERVED
+CVE-2013-6478 (gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
 	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
-CVE-2013-6477
-	RESERVED
+CVE-2013-6477 (Multiple integer signedness errors in libpurple in Pidgin before ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
 	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
@@ -6291,8 +6380,7 @@
 CVE-2013-6394 (Percona XtraBackup before 2.1.6 uses a constant string for the ...)
 	- percona-xtrabackup <unfixed> (bug #730544)
 	TODO: check if this if fixed with 2.1.6-2; note fw's comment on oss-security
-CVE-2013-6393 [heap-based buffer overflow when parsing YAML tags]
-	RESERVED
+CVE-2013-6393 (The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before ...)
 	{DSA-2850-1}
 	- libyaml 0.1.4-3 (bug #737076)
 	- libyaml-libyaml-perl <unfixed>
@@ -6485,8 +6573,8 @@
 	NOT-FOR-US: IBM
 CVE-2013-6333
 	RESERVED
-CVE-2013-6332
-	RESERVED
+CVE-2013-6332 (Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 ...)
+	TODO: check
 CVE-2013-6331
 	RESERVED
 CVE-2013-6330 (IBM WebSphere Application Server 7.x before 7.0.0.31, when ...)
@@ -7239,8 +7327,7 @@
 CVE-2013-5984
 	RESERVED
 	NOT-FOR-US: Microweber
-CVE-2013-5983
-	RESERVED
+CVE-2013-5983 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY before ...)
 	NOT-FOR-US: GuppY
 CVE-2013-5982
 	RESERVED
@@ -14782,8 +14869,7 @@
 	NOT-FOR-US: IBM Tivoli Storage Manager
 CVE-2013-2963
 	RESERVED
-CVE-2013-2962
-	RESERVED
+CVE-2013-2962 (Buffer overflow in the Launcher in IBM WebSphere Transformation ...)
 	NOT-FOR-US: IBM WebSphere Transformation Extender
 CVE-2013-2961 (The internal web server in the Basic Services component in IBM Tivoli ...)
 	NOT-FOR-US: IBM Tivoli
@@ -16939,8 +17025,7 @@
 CVE-2013-2192 (The RPC protocol implementation in Apache Hadoop 2.x before ...)
 	NOT-FOR-US: Apache Hadoop
 	NOTE: There was the package in unstable, but never in a release, see 630820
-CVE-2013-2191
-	RESERVED
+CVE-2013-2191 (python-bugzilla before 0.9.0 does not validate X.509 certificates, ...)
 	NOT-FOR-US: python-bugzilla
 CVE-2013-2190 (The translate_hierarchy_event function in ...)
 	- clutter-1.0 1.14.4-3 (low; bug #714264)
@@ -17474,8 +17559,7 @@
 CVE-2013-2039 [owncloud: oC-SA-2013-020]
 	RESERVED
 	- owncloud 4.0.15debian-1
-CVE-2013-2038 [DoS (packet parser crash) in the AIS driver when processing malformed packet]
-	RESERVED
+CVE-2013-2038 (The NMEA0183 driver in gpsd before 3.9 allows remote attackers to ...)
 	- gpsd 3.6-5 (bug #706665)
 	[wheezy] - gpsd 3.6-4+deb7u1
 	[squeeze] - gpsd <no-dsa> (Minor issue)
@@ -17938,8 +18022,7 @@
 	NOT-FOR-US: Drupal module Rules
 CVE-2013-1905 (Cross-site scripting (XSS) vulnerability in the Zero Point theme ...)
 	NOT-FOR-US: Drupal theme Zero Point
-CVE-2013-1904 [roundcube variable overwrite]
-	RESERVED
+CVE-2013-1904 (Absolute path traversal vulnerability in steps/mail/sendmail.inc in ...)
 	- roundcube 0.7.2-9
 	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
 CVE-2013-1903 (PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x ...)
@@ -23867,8 +23950,7 @@
 	RESERVED
 CVE-2012-6153
 	RESERVED
-CVE-2012-6152
-	RESERVED
+CVE-2012-6152 (The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does ...)
 	- pidgin 2.10.8-1
 	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
 CVE-2012-6151 (Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB ...)
@@ -25901,8 +25983,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=877015
 CVE-2012-5525 (The get_page_from_gfn hypercall function in Xen 4.2 allows local PV ...)
 	- xen <not-affected> (Only affects Xen 4.2 and xen-unstable)
-CVE-2012-5524
-	RESERVED
+CVE-2012-5524 (The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 ...)
 	- gajim 0.15.4-1 (low; bug #693282)
 	[wheezy] - gajim 0.15.1-4.1
 	[squeeze] - gajim <no-dsa> (Minor issue)
@@ -37484,8 +37565,7 @@
 	- network-manager <unfixed> (low; bug #684259)
 	[wheezy] - network-manager <no-dsa> (Minor issue)
 	[squeeze] - network-manager <no-dsa> (Minor issue)
-CVE-2012-1095
-	RESERVED
+CVE-2012-1095 (osc before 0.134 might allow remote OBS repository servers or package ...)
 	- osc <unfixed> (unimportant)
 	NOTE: This is ultimately a bug in the respectice terminal emulations and not a vulnerability in osc
 CVE-2012-1094
@@ -43012,8 +43092,7 @@
 	[squeeze] - wireshark <not-affected> (Affects only 1.6.0-1.6.2)
 	[lenny] - wireshark <not-affected> (Affects only 1.6.0-1.6.2)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-17.html
-CVE-2011-4099
-	RESERVED
+CVE-2011-4099 (The capsh program in libcap before 2.22 does not change the current ...)
 	- libcap2 1:2.22-1 (low)
 	[squeeze] - libcap2 <no-dsa> (Minor issue)
 CVE-2011-4098 (The fallocate implementation in the GFS2 filesystem in the Linux ...)
@@ -50022,8 +50101,7 @@
 CVE-2011-1774 (WebKit in Apple Safari before 5.0.6 has improper libxslt security ...)
 	NOTE: CVE-2011-1774 is about webkit's interface to xmlsec, CVE-2011-1425 is the actual issue
 	NOTE: http://www.openwall.com/lists/oss-security/2011/05/09/4
-CVE-2011-1773
-	RESERVED
+CVE-2011-1773 (virt-v2v before 0.8.4 does not preserve the VNC console password when ...)
 	NOT-FOR-US: virt-v2v
 CVE-2011-1772 (Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache ...)
 	- libstruts1.2-java <not-affected> (xwork introduced in 2.x)
@@ -56481,8 +56559,8 @@
 	NOT-FOR-US: Novell NetWare
 CVE-2010-4227 (The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before ...)
 	NOT-FOR-US: Novell Netware
-CVE-2010-4226
-	RESERVED
+CVE-2010-4226 (cpio, as used in build 2007.05.10, 2010.07.28, and possibly other ...)
+	TODO: check
 CVE-2010-4225 (Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x ...)
 	- mono 2.6.7-5 (bug #608288)
 CVE-2010-4224




More information about the Secure-testing-commits mailing list