Author: jmm Date: 2011-04-08 14:04:10 +0000 (Fri, 08 Apr 2011) New Revision: 16496 Modified: data/CVE/list Log: harmless ldd issue, already fixed in Squeeze new t1lib issues, possibly needs a ticket, but didn''t check further NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-04-08 10:52:27 UTC (rev 16495) +++ data/CVE/list 2011-04-08 14:04:10 UTC (rev 16496) @@ -210,11 +210,11 @@ CVE-2010-4778 (Multiple cross-site scripting (XSS) vulnerabilities in ...) TODO: check CVE-2011-1554 (Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before ...) - TODO: check + - t1lib <unfixed> CVE-2011-1553 (Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in ...) - TODO: check + - t1lib <unfixed> CVE-2011-1552 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other ...) - TODO: check + - t1lib <unfixed> CVE-2011-1551 (SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ ...) - logrotate <unfixed> CVE-2011-1550 (The default configuration of logrotate on SUSE openSUSE Factory uses ...) @@ -224,7 +224,9 @@ CVE-2011-1548 (The default configuration of logrotate on Debian GNU/Linux uses root ...) - logrotate <unfixed> CVE-2009-5064 (** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and ...) - TODO: check + - eglibc 2.10.1-7 + - glibc <removed> (unimportant) + NOTE: Obscure attack CVE-2011-1547 RESERVED CVE-2011-1546 (Multiple SQL injection vulnerabilities in Andy''s PHP Knowledgebase ...) @@ -339,13 +341,13 @@ CVE-2010-4773 (Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D ...) NOT-FOR-US: Hitachi EUR Form, uCosminexus EUR Form Service CVE-2010-4772 (Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS ...) - TODO: check + NOT-FOR-US: S-CMS CVE-2010-4771 (SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows ...) - TODO: check + NOT-FOR-US: S-CMS CVE-2010-4770 (SQL injection vulnerability in index.php in CommodityRentals DVD ...) NOT-FOR-US: CommodityRentals DVD Rentals Script CVE-2010-4769 (Directory traversal vulnerability in the Jimtawl (com_jimtawl) ...) - TODO: check + NOT-FOR-US: Jimtawl CVE-2011-1506 (The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and ...) NOT-FOR-US: Kerio CVE-2011-1505 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 ...)