Secure testing commits - Mar 2011 - r16452 - data/CVE

Author: joeyh
Date: 2011-03-29 21:15:26 +0000 (Tue, 29 Mar 2011)
New Revision: 16452

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-03-28 23:30:33 UTC (rev 16451)
+++ data/CVE/list	2011-03-29 21:15:26 UTC (rev 16452)
@@ -1,3 +1,15 @@
+CVE-2011-1524 (Cross-site scripting (XSS) vulnerability in the management login
GUI ...)
+	TODO: check
+CVE-2011-1523
+	RESERVED
+CVE-2011-1522
+	RESERVED
+CVE-2010-4777
+	RESERVED
+CVE-2009-5063
+	RESERVED
+CVE-2006-7244
+	RESERVED
 CVE-2011-1520 (The default configuration of the server console in IBM Lotus
Domino ...)
 	TODO: check
 CVE-2011-1519 (The remote console in the Server Controller in IBM Lotus Domino
7.x ...)
@@ -5,6 +17,7 @@
 CVE-2011-1518
 	RESERVED
 CVE-2011-1521 [python urllib]
+	RESERVED
 	- python2.7 <unfixed>
 	- python2.6 <unfixed>
 	- python2.5 <unfixed>
@@ -305,8 +318,8 @@
 	RESERVED
 CVE-2011-1421
 	RESERVED
-CVE-2011-1420
-	RESERVED
+CVE-2011-1420 (EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris
SPARC ...)
+	TODO: check
 CVE-2011-1419 (Apache Tomcat 7.x before 7.0.11, when web.xml has no security
...)
 	- tomcat6 <not-affected> (Only affects Tomcat 7)
 CVE-2011-1418 (The stateless address autoconfiguration (aka SLAAC)
functionality in ...)
@@ -930,8 +943,7 @@
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35)
 CVE-2011-1168
 	RESERVED
-CVE-2011-1167
-	RESERVED
+CVE-2011-1167 (Heap-based buffer overflow in the thunder (aka ThunderScan)
decoder in ...)
 	- tiff <unfixed> (bug filed)
 CVE-2011-1166
 	RESERVED
@@ -2141,8 +2153,8 @@
 	TODO: check
 CVE-2011-0761
 	RESERVED
-CVE-2011-0760
-	RESERVED
+CVE-2011-0760 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+	TODO: check
 CVE-2011-0759 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
 	TODO: check
 CVE-2010-4727 (Smarty before 3.0.0 beta 7 does not properly handle the
&lt;?php and ?&gt; ...)
@@ -2725,8 +2737,8 @@
 	RESERVED
 CVE-2011-0546
 	RESERVED
-CVE-2011-0545
-	RESERVED
+CVE-2011-0545 (Cross-site request forgery (CSRF) vulnerability in adduser.do in
...)
+	TODO: check
 CVE-2011-0544
 	RESERVED
 CVE-2011-0543
@@ -2987,8 +2999,8 @@
 	RESERVED
 CVE-2011-0459
 	RESERVED
-CVE-2011-0458
-	RESERVED
+CVE-2011-0458 (Untrusted search path vulnerability in the Locate on Disk
feature in ...)
+	TODO: check
 CVE-2011-0457 (Cross-site scripting (XSS) vulnerability in e107 0.7.22 and
earlier ...)
 	TODO: check
 CVE-2011-0456 (Open Ticket Request System (OTRS) 2.3.4 and earlier allows
remote ...)
@@ -3039,11 +3051,9 @@
 	{DSA-2195-1}
 	- php5 5.3.6-1 (bug #618489)
 	NOTE: Debian-specific
-CVE-2011-0440
-	RESERVED
+CVE-2011-0440 (Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x
before ...)
 	- mahara 1.2.7-1
-CVE-2011-0439
-	RESERVED
+CVE-2011-0439 (Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before
1.2.7 ...)
 	- mahara 1.2.7-1
 CVE-2011-0438 (nslcd/pam.c in nss-pam-ldapd 0.8.0 PAM module returns a success
code ...)
 	- nss-pam-ldapd <not-affected> (Only affects 0.8.0, which was only
uploaded to experimental)
@@ -4592,8 +4602,8 @@
 	- openjdk-6 6b18-1.8.5-1
 	[squeeze] - openjdk-6 <no-dsa> (bug #614151)
 	[lenny] - openjdk-6 <no-dsa> (bug #614151)
-CVE-2011-0024
-	RESERVED
+CVE-2011-0024 (Heap-based buffer overflow in wiretap/pcapng.c in Wireshark
before 1.2 ...)
+	TODO: check
 CVE-2011-0023
 	RESERVED
 CVE-2011-0022 (The setup scripts in 389 Directory Server 1.2.x (aka Red Hat
Directory ...)
@@ -8024,11 +8034,9 @@
 	REJECTED
 CVE-2010-3277 (The installer in VMware Workstation 7.x before 7.1.2 build
301548 and ...)
 	NOT-FOR-US: VMware Workstation
-CVE-2010-3276
-	RESERVED
+CVE-2010-3276 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8
allows ...)
 	- vlc <unfixed>
-CVE-2010-3275
-	RESERVED
+CVE-2010-3275 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8
allows ...)
 	- vlc <unfixed>
 CVE-2010-3274 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: ZOHO ManageEngine