Secure testing commits - Feb 2011 - r16259 - data/CVE

Author: geissert
Date: 2011-02-26 21:17:59 +0000 (Sat, 26 Feb 2011)
New Revision: 16259

Modified:
   data/CVE/list
Log:
2 ruby issues, 2 rt, 7 linux, 2 openldap, 1 logwatch, 1 libcgroup
someone from the kernel tracker please update


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-02-26 21:15:33 UTC (rev 16258)
+++ data/CVE/list	2011-02-26 21:17:59 UTC (rev 16259)
@@ -200,26 +200,39 @@
 	RESERVED
 CVE-2011-1026
 	RESERVED
-CVE-2011-1025
+CVE-2011-1025 [rootpw is not verified with slapd.conf]
 	RESERVED
-CVE-2011-1024
+	- openldap <unfixed>
+	TODO: check
+CVE-2011-1024 [forwarded bind failure messages cause success]
 	RESERVED
+	- openldap <unfixed>
+	TODO: check
 CVE-2011-1023
 	RESERVED
-CVE-2011-1022
+CVE-2011-1022 [failure to verify netlink messages]
 	RESERVED
+	- libcgroup <unfixed>
+	TODO: check
 CVE-2011-1021
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2011-1020
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2011-1019
 	RESERVED
-CVE-2011-1018
+	- linux-2.6 <unfixed>
+CVE-2011-1018 [improper sanitization of special characters in log file]
 	RESERVED
+	- logwatch <unfixed>
+	TODO: check
 CVE-2011-1017
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2011-1016
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2011-1015 [path traversal in CGIHTTPServer]
 	RESERVED
 	- python2.6 <unfixed> (low; bug #614860)
@@ -237,22 +250,37 @@
 	RESERVED
 CVE-2011-1012
 	RESERVED
+	[lenny] - linux-2.6 <not-affected>
+	- linux-2.6 <unfixed>
 CVE-2011-1011 (The seunshare_mount function in sandbox/seunshare.c in seunshare
in ...)
 	TODO: check
 CVE-2011-1010
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2011-1009
 	RESERVED
-CVE-2011-1008
+CVE-2011-1008 [Scrip''s TicketObj info leak]
 	RESERVED
-CVE-2011-1007
+	- request-tracker3.6 <removed>
+	- request-tracker3.8 <unfixed>
+CVE-2011-1007 [login page back button attack]
 	RESERVED
+	- request-tracker3.6 <removed>
+	- request-tracker3.8 <unfixed>
 CVE-2011-1006
 	RESERVED
-CVE-2011-1005
+CVE-2011-1005 [Ruby Exception methods can bypass $SAFE]
 	RESERVED
-CVE-2011-1004
+	- ruby1.8 <unfixed>
+	- ruby1.9 <removed>
+	- ruby1.9.1 <unfixed>
+	TODO: check
+CVE-2011-1004 [Ruby FileUtils.remove_entry_secure symlink attack]
 	RESERVED
+	- ruby1.8 <unfixed>
+	- ruby1.9 <removed>
+	- ruby1.9.1 <unfixed>
+	TODO: check
 CVE-2011-1003 (Double free vulnerability in the vba_read_project_strings
function in ...)
 	- clamav 0.97+dfsg-1
 	[lenny] - clamav <end-of-life>