Secure testing commits - Mar 2011 - r16410 - data/CVE

Author: joeyh
Date: 2011-03-21 21:14:34 +0000 (Mon, 21 Mar 2011)
New Revision: 16410

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-03-21 15:52:09 UTC (rev 16409)
+++ data/CVE/list	2011-03-21 21:14:34 UTC (rev 16410)
@@ -1,3 +1,127 @@
+CVE-2011-1471 (Integer signedness error in zip_stream.c in the Zip extension in
PHP ...)
+	TODO: check
+CVE-2011-1470 (The Zip extension in PHP before 5.3.6 allows context-dependent
...)
+	TODO: check
+CVE-2011-1469 (Unspecified vulnerability in the Streams component in PHP before
5.3.6 ...)
+	TODO: check
+CVE-2011-1468 (Multiple memory leaks in the OpenSSL extension in PHP before
5.3.6 ...)
+	TODO: check
+CVE-2011-1467 (Unspecified vulnerability in the NumberFormatter::setSymbol (aka
...)
+	TODO: check
+CVE-2011-1466 (Integer overflow in the SdnToJulian function in the Calendar
extension ...)
+	TODO: check
+CVE-2011-1465 (The SPDY implementation in net/http/http_network_transaction.cc
in ...)
+	TODO: check
+CVE-2011-1464 (Buffer overflow in the strval function in PHP before 5.3.6, when
the ...)
+	TODO: check
+CVE-2011-1463
+	RESERVED
+CVE-2011-1462
+	RESERVED
+CVE-2011-1461
+	RESERVED
+CVE-2011-1460
+	RESERVED
+CVE-2011-1459
+	RESERVED
+CVE-2011-1458
+	RESERVED
+CVE-2011-1457
+	RESERVED
+CVE-2011-1456
+	RESERVED
+CVE-2011-1455
+	RESERVED
+CVE-2011-1454
+	RESERVED
+CVE-2011-1453
+	RESERVED
+CVE-2011-1452
+	RESERVED
+CVE-2011-1451
+	RESERVED
+CVE-2011-1450
+	RESERVED
+CVE-2011-1449
+	RESERVED
+CVE-2011-1448
+	RESERVED
+CVE-2011-1447
+	RESERVED
+CVE-2011-1446
+	RESERVED
+CVE-2011-1445
+	RESERVED
+CVE-2011-1444
+	RESERVED
+CVE-2011-1443
+	RESERVED
+CVE-2011-1442
+	RESERVED
+CVE-2011-1441
+	RESERVED
+CVE-2011-1440
+	RESERVED
+CVE-2011-1439
+	RESERVED
+CVE-2011-1438
+	RESERVED
+CVE-2011-1437
+	RESERVED
+CVE-2011-1436
+	RESERVED
+CVE-2011-1435
+	RESERVED
+CVE-2011-1434
+	RESERVED
+CVE-2011-1433 (The (1) AgentInterface and (2) CustomerInterface components in
Open ...)
+	TODO: check
+CVE-2010-4768 (Open Ticket Request System (OTRS) before 2.3.5 does not properly
...)
+	TODO: check
+CVE-2010-4767 (Open Ticket Request System (OTRS) before 2.3.6 does not properly
...)
+	TODO: check
+CVE-2010-4766 (The AgentTicketForward feature in Open Ticket Request System
(OTRS) ...)
+	TODO: check
+CVE-2010-4765 (Race condition in the Kernel::System::Main::FileWrite method in
Open ...)
+	TODO: check
+CVE-2010-4764 (Open Ticket Request System (OTRS) before 2.4.10, and 3.x before
3.0.3, ...)
+	TODO: check
+CVE-2010-4763 (The ACL-customer-status Ticket Type setting in Open Ticket
Request ...)
+	TODO: check
+CVE-2010-4762 (Cross-site scripting (XSS) vulnerability in the rich-text-editor
...)
+	TODO: check
+CVE-2010-4761 (The customer-interface ticket-print dialog in Open Ticket
Request ...)
+	TODO: check
+CVE-2010-4760 (Open Ticket Request System (OTRS) before 3.0.0-beta6 adds ...)
+	TODO: check
+CVE-2010-4759 (Open Ticket Request System (OTRS) before 3.0.0-beta7 does not
properly ...)
+	TODO: check
+CVE-2010-4758 (installer.pl in Open Ticket Request System (OTRS) before 3.0.3
has an ...)
+	TODO: check
+CVE-2009-5057 (The S/MIME feature in Open Ticket Request System (OTRS) before
2.3.4 ...)
+	TODO: check
+CVE-2009-5056 (Open Ticket Request System (OTRS) before 2.4.0-beta2 does not
properly ...)
+	TODO: check
+CVE-2009-5055 (Open Ticket Request System (OTRS) before 2.4.4 grants ticket
access on ...)
+	TODO: check
+CVE-2008-7283 (Open Ticket Request System (OTRS) before 2.2.6, when customer
group ...)
+	TODO: check
+CVE-2008-7282 (Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in
Open ...)
+	TODO: check
+CVE-2008-7281 (Open Ticket Request System (OTRS) before 2.2.7 sends e-mail
containing ...)
+	TODO: check
+CVE-2008-7280 (Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket
...)
+	TODO: check
+CVE-2008-7279 (The CustomerInterface component in Open Ticket Request System
(OTRS) ...)
+	TODO: check
+CVE-2008-7278 (The S/MIME feature in Open Ticket Request System (OTRS) before
2.2.5, ...)
+	TODO: check
+CVE-2008-7277 (Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for
the rw ...)
+	TODO: check
+CVE-2008-7276 (Kernel/System/Web/Request.pm in Open Ticket Request System
(OTRS) ...)
+	TODO: check
+CVE-2008-7275 (Multiple cross-site scripting (XSS) vulnerabilities in Open
Ticket ...)
+	TODO: check
 CVE-2011-XXXX [apache2-mpm-itk config misparsing]
 	- apache2 <unfixed> (bug #618857; medium)
 	[lenny] - apache2 <not-affected> (different source package in lenny:
apache2-mpm-itk)
@@ -668,8 +792,7 @@
 	RESERVED
 CVE-2011-1149
 	RESERVED
-CVE-2011-1148 [substr_replace use after free]
-	RESERVED
+CVE-2011-1148 (Use-after-free vulnerability in the substr_replace function in
PHP ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: only exploitable by malicious scripts
 CVE-2011-1147 (Multiple stack-based and heap-based buffer overflows in the (1)
...)
@@ -914,8 +1037,8 @@
 CVE-2011-1082
 	RESERVED
 	- linux-2.6 2.6.38-1 (low)
-CVE-2011-1081
-	RESERVED
+CVE-2011-1081 (modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote
...)
+	TODO: check
 CVE-2011-1080
 	RESERVED
 	- linux-2.6 <unfixed> (low)
@@ -1075,17 +1198,15 @@
 	NOT-FOR-US: IBM
 CVE-2011-1028
 	RESERVED
-CVE-2011-1027
-	RESERVED
+CVE-2011-1027 (Off-by-one error in the convert_query_hexchar function in html.c
in ...)
+	TODO: check
 CVE-2011-1026
 	RESERVED
-CVE-2011-1025 [rootpw is not verified with slapd.conf]
-	RESERVED
+CVE-2011-1025 (bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not
require ...)
 	- openldap <unfixed> (low; bug #617606)
 	[squeeze] - openldap <no-dsa> (Minor issue)
 	[lenny] - openldap <not-affected> (Vulnerable code not present,
introduced in 2.4.12)
-CVE-2011-1024 [forwarded bind failure messages cause success]
-	RESERVED
+CVE-2011-1024 (chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a
...)
 	- openldap <unfixed> (low; bug #617606)
 	[lenny] - openldap <no-dsa> (Minor issue)
 	[squeeze] - openldap <no-dsa> (Minor issue)
@@ -1952,8 +2073,7 @@
 	[squeeze] - linux-2.6 2.6.32-31
 CVE-2011-0709 (The br_mdb_ip_get function in net/bridge/br_multicast.c in the
Linux ...)
 	- linux-2.6 <not-affected> (Introduced in 2.6.35-rc1 and fixed in
2.6.35-rc5)
-CVE-2011-0708 [exif data processing DoS (limited abitrary memory access)]
-	RESERVED
+CVE-2011-0708 (exif.c in the Exif extension in PHP before 5.3.6 on 64-bit
platforms ...)
 	- php5 <unfixed>
 CVE-2011-0707 (Multiple cross-site scripting (XSS) vulnerabilities in
Cgi/confirm.py ...)
 	{DSA-2170-1}
@@ -2722,8 +2842,7 @@
 	NOT-FOR-US: PolyVision RoomWizard
 CVE-2011-0422
 	RESERVED
-CVE-2011-0421 [ZipArchive segfault with FL_UNCHANGED on empty archive]
-	RESERVED
+CVE-2011-0421 (The _zip_name_locate function in zip_name_locate.c in the Zip
...)
 	- php5 <unfixed>
 	NOTE: http://svn.php.net/viewvc?view=revision&revision=307867
 CVE-2011-0420 (The grapheme_extract function in the Internationalization
extension ...)
@@ -3097,8 +3216,7 @@
 	NOTE: CVE ID requested
 CVE-2011-0285
 	RESERVED
-CVE-2011-0284 [krb5 kdc double-free]
-	RESERVED
+CVE-2011-0284 (Double free vulnerability in the prepare_error_as function in
...)
 	- krb5 1.8.3+dfsg-6 (low; bug #618517)
 	[squeeze] - krb5 <no-dsa> (Will be fixed through a point update)
 	[lenny] - krb5 <no-dsa> (Will be fixed through a point update)
@@ -3470,7 +3588,7 @@
 	RESERVED
 CVE-2011-0193
 	RESERVED
-CVE-2011-0192 (Buffer overflow in LibTIFF in ImageIO in Apple iTunes before
10.2 on ...)
+CVE-2011-0192 (Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly
other ...)
 	- tiff 3.9.4-7
 CVE-2011-0191 (Buffer overflow in LibTIFF in ImageIO in Apple iTunes before
10.2 on ...)
 	- tiff 3.9.4-1
@@ -3846,7 +3964,7 @@
 	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.12-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in
Mozilla ...)
+CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in
...)
 	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
 	- icedove 3.0.11-2
 	[lenny] - icedove <end-of-life>
@@ -3942,7 +4060,7 @@
 CVE-2010-4567 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4,
and ...)
 	- bugzilla <unfixed> (high; bug #611176)
 	NOTE: http://www.bugzilla.org/security/3.2.9/
-CVE-2010-4566 (Unspecified vulnerability in the NT4 authentication component in
...)
+CVE-2010-4566 (The web authentication form in the NT4 authentication component
in ...)
 	NOT-FOR-US: Citrix Acces Gateway
 CVE-2010-4565 (The bcm_connect function in net/can/bcm.c (aka the Broadcast
Manager) ...)
 	{DSA-2153-1}
@@ -4329,7 +4447,7 @@
 CVE-2010-4490 (Google Chrome before 8.0.552.215 allows remote attackers to
cause a ...)
 	- chromium-browser 6.0.472.63~r59945-3
 	- webkit <not-affected> (chromium specific issue)
-CVE-2010-4489 (Google Chrome before 8.0.552.215 does not properly handle WebM
video, ...)
+CVE-2010-4489 (libvpx, as used in Google Chrome before 8.0.552.215 and possibly
other ...)
 	- chromium-browser <not-affected>
 	- webkit <not-affected>
 	- libvpx 0.9.5-1 (bug #610510)