Author: jmm Date: 2011-02-23 21:41:51 +0000 (Wed, 23 Feb 2011) New Revision: 16243 Modified: data/CVE/list Log: NFUs two new rails issues (Thijs, can you add this to the existing ticket?) Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-02-23 21:26:32 UTC (rev 16242) +++ data/CVE/list 2011-02-23 21:41:51 UTC (rev 16243) @@ -32,11 +32,10 @@ - pam-pgsql 0.7.1-5 (bug #603436) CVE-2011-1044 (The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c ...) - linux-2.6 <unfixed> - TODO: check CVE-2011-1043 RESERVED CVE-2011-1042 (Use-after-free vulnerability in flimflamd in flimflam in Google Chrome ...) - TODO: check + NOT-FOR-US: flimflam in Google Chrome OS CVE-2011-1041 RESERVED CVE-2011-1040 @@ -50,7 +49,7 @@ CVE-2011-1036 RESERVED CVE-2011-1035 (The password reset in PivotX before 2.2.4 allows remote attackers to ...) - TODO: check + NOT-FOR-US: PivotX CVE-2010-4744 (Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have ...) - abcm2ps 5.9.22-1 (low) [squeeze] - abcm2ps <no-dsa> (Minor issue) @@ -60,23 +59,23 @@ [squeeze] - abcm2ps <no-dsa> (Minor issue) [lenny] - abcm2ps <no-dsa> (Minor issue) CVE-2010-4742 (Stack-based buffer overflow in a certain ActiveX control in ...) - TODO: check + NOT-FOR-US: MediaDBPlayback.DLL CVE-2010-4741 (Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool ...) - TODO: check + NOT-FOR-US: Moxa Device Manager CVE-2011-1034 (Cross-site scripting (XSS) vulnerability in the UI in IBM Rational ...) NOT-FOR-US: IBM Rational Build Forge CVE-2010-4740 (Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC ...) NOT-FOR-US: SCADA Engine BACnet CVE-2010-4739 (SQL injection vulnerability in the Maian Media Silver (com_maianmedia) ...) - TODO: check + NOT-FOR-US: Maian Media Silver CVE-2010-4738 (Multiple SQL injection vulnerabilities in Rae Media INC Real Estate ...) - TODO: check + NOT-FOR-US: Rae Media INC Real Estate Single and Multi Agent System CVE-2010-4737 (SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb ...) - TODO: check + NOT-FOR-US: HotWebScripts HotWeb Rentals CVE-2010-4736 (SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and ...) NOT-FOR-US: GateSoft DocuSafe CVE-2010-4735 (SQL injection vulnerability in shoppingcart.asp in Ecommercemax ...) - TODO: check + NOT-FOR-US: Ecommercemax Solutions Digital-goods seller CVE-2010-4734 (Multiple cross-site scripting (XSS) vulnerabilities in the comment ...) NOT-FOR-US: Skeletonz CMS CVE-2011-1033 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server ...) @@ -404,11 +403,11 @@ CVE-2011-0911 (Cross-site scripting (XSS) vulnerability in the Users module in Zikula ...) NOT-FOR-US: zikula CVE-2011-0910 (The cookie implementation in Vanilla Forums before 2.0.17.6 makes it ...) - TODO: check + NOT-FOR-US: Vanilla Forums CVE-2011-0909 (Cross-site scripting (XSS) vulnerability in Vanilla Forums before ...) - TODO: check + NOT-FOR-US: Vanilla Forums CVE-2011-0908 (Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows ...) - TODO: check + NOT-FOR-US: Vanilla Forums CVE-2011-0907 RESERVED CVE-2011-0906 @@ -430,7 +429,7 @@ [lenny] - tsclient <no-dsa> (Minor issue) [squeeze] - tsclient <no-dsa> (Minor issue) CVE-2011-0899 (The AES encryption module 7.x-1.4 for Drupal leaves certain debugging ...) - TODO: check + NOT-FOR-US: AES module for Drupal CVE-2011-0898 RESERVED CVE-2011-0897 @@ -974,7 +973,7 @@ RESERVED - linux-2.6 <unfixed> CVE-2011-0694 (RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and ...) - TODO: check + NOT-FOR-US: RealPlayer CVE-2011-0693 RESERVED CVE-2011-0692 @@ -1068,7 +1067,7 @@ CVE-2011-0655 RESERVED CVE-2011-0654 (Integer underflow in the BowserWriteErrorLogEntry function in the ...) - TODO: check + NOT-FOR-US: Windows 2003 CVE-2011-0653 RESERVED CVE-2011-0652 (lnsfw1.sys 6.0.2900.5512 in Look ''n'' Stop Firewall 2.06p4 and 2.07 ...) @@ -1372,7 +1371,7 @@ CVE-2011-0527 RESERVED CVE-2011-0526 (Cross-site scripting (XSS) vulnerability in index.php in Vanilla ...) - TODO: check + NOT-FOR-US: Vanilla Forums CVE-2011-0525 RESERVED CVE-2011-0524 @@ -1578,7 +1577,7 @@ CVE-2011-0454 RESERVED CVE-2011-0453 (F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not ...) - TODO: check + NOT-FOR-US: F-Secure Internet Gatekeeper CVE-2011-0452 RESERVED CVE-2011-0451 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) @@ -1586,13 +1585,13 @@ CVE-2011-0450 (The downloads manager in Opera before 11.01 on Windows does not ...) NOT-FOR-US: Opera CVE-2011-0449 (actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x ...) - TODO: check + - rails <not-affected> (Only affects 3.x) CVE-2011-0448 (Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the ...) - TODO: check + - rails <not-affected> (Only affects 3.x) CVE-2011-0447 (Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before ...) - TODO: check + - rails <unfixed> CVE-2011-0446 (Multiple cross-site scripting (XSS) vulnerabilities in the mail_to ...) - TODO: check + - rails <unfixed> CVE-2010-4695 (A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as ...) - gif2png 2.5.4-2 (low; bug #610479) [lenny] - gif2png <no-dsa> (Minor issue)