thr3ads.net - Secure testing commits - [Secure-testing-commits] r17014

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Jul-27 21:14 UTC
[Secure-testing-commits] r17014 - data/CVE

Author: joeyh
Date: 2011-07-27 21:14:21 +0000 (Wed, 27 Jul 2011)
New Revision: 17014

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-07-27 18:48:36 UTC (rev 17013)
+++ data/CVE/list	2011-07-27 21:14:21 UTC (rev 17014)
@@ -279,8 +279,8 @@
 	RESERVED
 CVE-2011-2746
 	RESERVED
-CVE-2011-2745
-	RESERVED
+CVE-2011-2745 (upload_handler.php in the swfupload extension in Chyrp 2.0 and
earlier ...)
+	TODO: check
 CVE-2011-2744 (Directory traversal vulnerability in Chyrp 2.1 and earlier
allows ...)
 	NOT-FOR-US: Chyrp
 CVE-2011-2743 (Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1
and ...)
@@ -402,8 +402,8 @@
 CVE-2011-2697
 	RESERVED
 	- hplip <unfixed> (bug #635549; medium)
-CVE-2011-2696
-	RESERVED
+CVE-2011-2696 (Integer overflow in libsndfile before 1.0.25 allows remote
attackers ...)
+	TODO: check
 CVE-2011-2695
 	RESERVED
 CVE-2011-2694 [Samba SWAT XSS]
@@ -424,8 +424,7 @@
 	RESERVED
 	{DSA-2279-1}
 	- libapache2-mod-authnz-external 3.2.4-2.1 (medium; bug #633637)
-CVE-2011-2687
-	RESERVED
+CVE-2011-2687 (Drupal 7.x before 7.3 allows remote attackers to bypass intended
...)
 	- drupal7 7.4-1 (bug #633385)
 	- drupal6 <not-affected>
 CVE-2011-2686
@@ -685,11 +684,9 @@
 	RESERVED
 CVE-2011-2589
 	RESERVED
-CVE-2011-2588 [ http://www.videolan.org/security/sa1106.html ]
-	RESERVED
+CVE-2011-2588 (Heap-based buffer overflow in the AVI_ChunkRead_strf function in
...)
 	- vlc 1.1.11-1 (bug #633675)
-CVE-2011-2587 [ http://www.videolan.org/security/sa1105.html ]
-	RESERVED
+CVE-2011-2587 (Heap-based buffer overflow in the DemuxAudioSipr function in
real.c in ...)
 	- vlc 1.1.11-1 (bug #633674)
 CVE-2011-2586
 	RESERVED
@@ -947,12 +944,10 @@
 CVE-2011-2491
 	RESERVED
 	- linux-2.6 3.0.0-1
-CVE-2011-2490 [opie: missing setuid() retval check in opielogin]
-	RESERVED
+CVE-2011-2490 (opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does
not ...)
 	{DSA-2281-1}
 	- opie <removed> (bug #631345)
-CVE-2011-2489 [opie: off by one in opiesu]
-	RESERVED
+CVE-2011-2489 (Multiple off-by-one errors in opiesu.c in opiesu in OPIE
2.4.1-test1 ...)
 	{DSA-2281-1}
 	- opie <removed> (bug #631344)
 CVE-2011-2488 [Joomla unspecified information disclosure vulnerability]
@@ -995,8 +990,8 @@
 	NOT-FOR-US: A Really Simple Chat
 CVE-2011-2469
 	RESERVED
-CVE-2011-2467
-	RESERVED
+CVE-2011-2467 (SQL injection vulnerability in lsassd in Lsass in the Likewise
...)
+	TODO: check
 CVE-2011-2466
 	RESERVED
 CVE-2011-2465 (Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1,
9.8.0-P2, and ...)
@@ -1597,8 +1592,8 @@
 CVE-2011-2197 (The cross-site scripting (XSS) prevention feature in Ruby on
Rails 2.x ...)
 	- rails <unfixed> (bug #634990)
 	NOTE: likely affected since sid is < 2.3.12
-CVE-2011-2196
-	RESERVED
+CVE-2011-2196 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier,
as ...)
+	TODO: check
 CVE-2011-2195
 	RESERVED
 CVE-2011-2193 (Multiple buffer overflows in Terascale Open-Source Resource and
Queue ...)
@@ -1681,8 +1676,7 @@
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=665061
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=711170
 	NOTE: CVE request and discussion:
http://www.openwall.com/lists/oss-security/2011/06/06/3
-CVE-2011-2185 [fabric insecure temp files]
-	RESERVED
+CVE-2011-2185 (Fabric before 1.1.0 allows local users to overwrite arbitrary
files ...)
 	- fabric <unfixed> (low; bug #629003)
 	[squeeze] - fabric <no-dsa> (Minor issue)
 CVE-2011-2475 (Format string vulnerability in ECTrace.dll in the iMailGateway
service ...)
@@ -2608,8 +2602,7 @@
 	RESERVED
 CVE-2011-1830
 	RESERVED
-CVE-2011-1829
-	RESERVED
+CVE-2011-1829 (APT before 0.8.15.2 does not properly validate inline GPG
signatures, ...)
 	- apt 0.8.15.2
 	[squeeze] - apt <not-affected> (Vulnerable code not present)
 	[lenny] - apt <not-affected> (Vulnerable code not present)
@@ -2830,8 +2823,7 @@
 CVE-2011-1783 (The mod_dav_svn module for the Apache HTTP Server, as
distributed in ...)
 	{DSA-2251-1}
 	- subversion 1.6.17dfsg-1
-CVE-2011-1782
-	RESERVED
+CVE-2011-1782 (Heap-based buffer overflow in the read_channel_data function in
...)
 	- gimp 2.6.11-3 (bug #629830)
 CVE-2011-1781
 	RESERVED
@@ -3640,8 +3632,8 @@
 	- policykit-1 0.101-4
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=692922
 	TODO: check
-CVE-2011-1484
-	RESERVED
+CVE-2011-1484 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier,
as ...)
+	TODO: check
 CVE-2011-1483
 	RESERVED
 CVE-2011-1482 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
@@ -22622,8 +22614,8 @@
 	NOTE:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=53281b6d3
 CVE-2009-4140 (Unrestricted file upload vulnerability in ofc_upload_image.php
in Open ...)
 	- piwik <itp> (bug #506933)
-CVE-2009-4139
-	RESERVED
+CVE-2009-4139 (Cross-site request forgery (CSRF) vulnerability in the Spacewalk
Java ...)
+	TODO: check
 CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9,
when ...)
 	{DSA-2005-1}
 	- linux-2.6 2.6.32-3 (medium)
Secure testing commits - Jul 2011 - r17014 - data/CVE

[Secure-testing-commits] r17014 - data/CVE
