Author: jmm Date: 2011-06-03 07:59:50 +0000 (Fri, 03 Jun 2011) New Revision: 16758 Modified: data/CVE/list Log: new libvirt issue (FD, please file a bug) NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-06-03 06:02:21 UTC (rev 16757) +++ data/CVE/list 2011-06-03 07:59:50 UTC (rev 16758) @@ -1,3 +1,9 @@ +CVE-2011-2178 [libvirt regression] + - libvirt <unfixed> + [squeeze] - libvirt <not-affected> (Introduced in 0.8.8) + [lenny] - libvirt <not-affected> (Introduced in 0.8.8) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=709769 + NOTE: https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html CVE-2011-2216 [AST 2011-007] - asterisk <unfixed> [lenny] - asterisk <not-affected> (Only affects 1.8) @@ -707,7 +713,6 @@ - fglrx-driver <unfixed> (low; bug #625868) [squeeze] - fglrx-driver <no-dsa> (Non-free not supported) [lenny] - fglrx-driver <no-dsa> (Non-free not supported) - TODO: check lenny/squeeze CVE-2011-XXXX - openssh <not-affected> (Only affects platforms w/o /dev/random) NOTE: http://www.openssh.com/txt/portable-keysign-rand-helper.adv @@ -769,11 +774,11 @@ CVE-2011-1846 (IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows ...) NOT-FOR-US: IBM DB2 9.5 CVE-2011-1845 (Multiple memory leaks in the DataGrid control implementation in ...) - TODO: check + NOT-FOR-US: Silverlight CVE-2011-1844 (Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows ...) - TODO: check + NOT-FOR-US: Silverlight CVE-2011-1843 (Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow ...) - TODO: check + - tinyproxy <unfixed> (bug #627503) CVE-2011-1842 (dbus_backend/lsd.py in the D-Bus backend in language-selector before ...) NOT-FOR-US: Ubuntu-specific language-selector package CVE-2011-1841 (Cross-site scripting (XSS) vulnerability in the link_to helper in ...) @@ -783,7 +788,7 @@ CVE-2011-1839 (IBM Rational Build Forge 7.1.0 uses the HTTP GET method during ...) NOT-FOR-US: IBM Rational Build Forge 7.1.0 CVE-2011-1838 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: TWiki CVE-2011-1837 RESERVED CVE-2011-1836 @@ -1113,7 +1118,7 @@ CVE-2011-1740 RESERVED CVE-2011-1739 (The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 ...) - TODO: check + NOT-FOR-US: FreeBSD mountd CVE-2011-1738 (HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in ...) NOT-FOR-US: HP Palm webOS CVE-2011-1737 (Multiple cross-site scripting (XSS) vulnerabilities in the Email ...)