Secure testing commits - Aug 2011 - r17111 - data/CVE

Author: joeyh
Date: 2011-08-22 21:14:19 +0000 (Mon, 22 Aug 2011)
New Revision: 17111

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-08-22 16:42:51 UTC (rev 17110)
+++ data/CVE/list	2011-08-22 21:14:19 UTC (rev 17111)
@@ -1,3 +1,215 @@
+CVE-2011-3265 (popup.php in Zabbix before 1.8.7 allows remote attackers to read
the ...)
+	TODO: check
+CVE-2011-3264 (Zabbix before 1.8.6 allows remote attackers to obtain sensitive
...)
+	TODO: check
+CVE-2011-3263 (zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4
allows ...)
+	TODO: check
+CVE-2011-3262 (tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1
...)
+	TODO: check
+CVE-2011-3261
+	RESERVED
+CVE-2011-3260
+	RESERVED
+CVE-2011-3259
+	RESERVED
+CVE-2011-3258
+	RESERVED
+CVE-2011-3257
+	RESERVED
+CVE-2011-3256
+	RESERVED
+CVE-2011-3255
+	RESERVED
+CVE-2011-3254
+	RESERVED
+CVE-2011-3253
+	RESERVED
+CVE-2011-3252
+	RESERVED
+CVE-2011-3251
+	RESERVED
+CVE-2011-3250
+	RESERVED
+CVE-2011-3249
+	RESERVED
+CVE-2011-3248
+	RESERVED
+CVE-2011-3247
+	RESERVED
+CVE-2011-3246
+	RESERVED
+CVE-2011-3245
+	RESERVED
+CVE-2011-3244
+	RESERVED
+CVE-2011-3243
+	RESERVED
+CVE-2011-3242
+	RESERVED
+CVE-2011-3241
+	RESERVED
+CVE-2011-3240
+	RESERVED
+CVE-2011-3239
+	RESERVED
+CVE-2011-3238
+	RESERVED
+CVE-2011-3237
+	RESERVED
+CVE-2011-3236
+	RESERVED
+CVE-2011-3235
+	RESERVED
+CVE-2011-3234
+	RESERVED
+CVE-2011-3233
+	RESERVED
+CVE-2011-3232
+	RESERVED
+CVE-2011-3231
+	RESERVED
+CVE-2011-3230
+	RESERVED
+CVE-2011-3229
+	RESERVED
+CVE-2011-3228
+	RESERVED
+CVE-2011-3227
+	RESERVED
+CVE-2011-3226
+	RESERVED
+CVE-2011-3225
+	RESERVED
+CVE-2011-3224
+	RESERVED
+CVE-2011-3223
+	RESERVED
+CVE-2011-3222
+	RESERVED
+CVE-2011-3221
+	RESERVED
+CVE-2011-3220
+	RESERVED
+CVE-2011-3219
+	RESERVED
+CVE-2011-3218
+	RESERVED
+CVE-2011-3217
+	RESERVED
+CVE-2011-3216
+	RESERVED
+CVE-2011-3215
+	RESERVED
+CVE-2011-3214
+	RESERVED
+CVE-2011-3213
+	RESERVED
+CVE-2011-3212
+	RESERVED
+CVE-2011-3211
+	RESERVED
+CVE-2011-3210
+	RESERVED
+CVE-2011-3209
+	RESERVED
+CVE-2011-3208
+	RESERVED
+CVE-2011-3207
+	RESERVED
+CVE-2011-3206
+	RESERVED
+CVE-2011-3205
+	RESERVED
+CVE-2011-3204
+	RESERVED
+CVE-2011-3203
+	RESERVED
+CVE-2011-3202
+	RESERVED
+CVE-2011-3201
+	RESERVED
+CVE-2011-3200
+	RESERVED
+CVE-2011-3199
+	RESERVED
+CVE-2011-3198
+	RESERVED
+CVE-2011-3197
+	RESERVED
+CVE-2011-3196
+	RESERVED
+CVE-2011-3195
+	RESERVED
+CVE-2011-3194
+	RESERVED
+CVE-2011-3193
+	RESERVED
+CVE-2011-3192
+	RESERVED
+CVE-2011-3191
+	RESERVED
+CVE-2011-3190
+	RESERVED
+CVE-2011-3189
+	RESERVED
+CVE-2011-3188
+	RESERVED
+CVE-2011-3187
+	RESERVED
+CVE-2011-3186
+	RESERVED
+CVE-2011-3185
+	RESERVED
+CVE-2011-3184
+	RESERVED
+CVE-2011-3183
+	RESERVED
+CVE-2011-3182
+	RESERVED
+CVE-2011-3181
+	RESERVED
+CVE-2011-3180
+	RESERVED
+CVE-2011-3179
+	RESERVED
+CVE-2011-3178
+	RESERVED
+CVE-2011-3177
+	RESERVED
+CVE-2011-3176
+	RESERVED
+CVE-2011-3175
+	RESERVED
+CVE-2011-3174
+	RESERVED
+CVE-2011-3173
+	RESERVED
+CVE-2011-3172
+	RESERVED
+CVE-2011-3171
+	RESERVED
+CVE-2011-3170 (The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8
and ...)
+	TODO: check
+CVE-2010-4824
+	RESERVED
+CVE-2010-4823
+	RESERVED
+CVE-2010-4822
+	RESERVED
+CVE-2010-4821
+	RESERVED
+CVE-2010-4820
+	RESERVED
+CVE-2010-4819
+	RESERVED
+CVE-2010-4818
+	RESERVED
+CVE-2010-4817
+	RESERVED
+CVE-2010-4816
+	RESERVED
+CVE-2010-4815
+	RESERVED
 CVE-2011-XXXX [pidgin MSN DoS]
 	- pidgin 2.10.0-1
 CVE-2011-XXXX [mantis XSS]
@@ -442,7 +654,7 @@
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	- iceape <not-affected> (Only affects Firefox >= 4)
 	- icedove <not-affected> (Only affects Thunderbird 5)
-CVE-2011-2984 (Mozilla Firefox before 3.6.20 does not properly handle the
dropping of ...)
+CVE-2011-2984 (Mozilla Firefox before 3.6.20, SeaMonkey 2.x, and possibly other
...)
 	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
 	- icedove 3.1.12-1
 	- xulrunner <removed>
@@ -451,7 +663,7 @@
 	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.14-5
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-2983 (Mozilla Firefox before 3.6.20 does not properly handle the ...)
+CVE-2011-2983 (Mozilla Firefox before 3.6.20, Thunderbird 2.x, SeaMonkey 1.x
and 2.x, ...)
 	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
 	- icedove 3.1.12-1
 	- xulrunner <removed>
@@ -469,7 +681,7 @@
 	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.14-5
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-2981 (The event-management implementation in Mozilla Firefox before
3.6.20 ...)
+CVE-2011-2981 (The event-management implementation in Mozilla Firefox before
3.6.20, ...)
 	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
 	- icedove 3.1.12-1
 	- xulrunner <removed>
@@ -656,8 +868,8 @@
 	RESERVED
 	- linux-2.6 3.0.0-2
 	[lenny] - linux-2.6 <not-affected> (perf not yet present)
-CVE-2011-2904
-	RESERVED
+CVE-2011-2904 (Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix
...)
+	TODO: check
 CVE-2011-2903
 	RESERVED
 	- tcptrack <unfixed> (unimportant; bug #551092)
@@ -678,10 +890,9 @@
 	- linux-2.6 3.0.0-1
 CVE-2011-2897
 	RESERVED
-CVE-2011-2896
-	RESERVED
-CVE-2011-2895 [libxfont buffer overflow]
-	RESERVED
+CVE-2011-2896 (The LZW decompressor in the LWZReadByte function in giftoppm.c
in the ...)
+	TODO: check
+CVE-2011-2895 (The LZW decompressor in (1) the BufCompressedFill function in
...)
 	{DSA-2293-1}
 	- libxfont 1:1.4.4-1
 CVE-2011-2894
@@ -857,7 +1068,7 @@
 CVE-2011-2811
 	RESERVED
 CVE-2011-2810
-	RESERVED
+	REJECTED
 CVE-2011-2809
 	RESERVED
 CVE-2011-2808
@@ -1850,8 +2061,8 @@
 	RESERVED
 CVE-2011-2411
 	RESERVED
-CVE-2011-2410
-	RESERVED
+CVE-2011-2410 (Cross-site scripting (XSS) vulnerability in HP OpenView
Performance ...)
+	TODO: check
 CVE-2011-2409 (Cross-site scripting (XSS) vulnerability in the Calendar
application ...)
 	NOT-FOR-US: HP Palm webOS 3.x
 CVE-2011-2408 (Cross-site scripting (XSS) vulnerability in the Contacts
application ...)
@@ -1908,7 +2119,7 @@
 	TODO: check
 CVE-2011-2379 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through
...)
 	TODO: check
-CVE-2011-2378 (The appendChild function in Mozilla Firefox before 3.6.20 does
not ...)
+CVE-2011-2378 (The appendChild function in Mozilla Firefox before 3.6.20,
Thunderbird ...)
 	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
 	- icedove 3.1.12-1
 	- xulrunner <removed>
@@ -4849,10 +5060,10 @@
 	- webkit <undetermined>
 CVE-2011-1343 (SQL injection vulnerability in the Web GUI in IBM Tivoli ...)
 	NOT-FOR-US: Tivoli
-CVE-2011-1342
-	RESERVED
-CVE-2011-1341
-	RESERVED
+CVE-2011-1342 (SQL injection vulnerability in Aimluck Aipo before 5.1.1, and
Aipo for ...)
+	TODO: check
+CVE-2011-1341 (Cross-site request forgery (CSRF) vulnerability in Aimluck Aipo
before ...)
+	TODO: check
 CVE-2011-1340 (Cross-site scripting (XSS) vulnerability in ...)
 	TODO: check
 CVE-2011-1339 (Cross-site scripting (XSS) vulnerability in Google Search
Appliance ...)
@@ -7202,8 +7413,8 @@
 	NOT-FOR-US: Symantec Web Gateway
 CVE-2011-0548 (Buffer overflow in the Lotus Freelance Graphics PRZ file viewer
in ...)
 	NOT-FOR-US: Lotus Freelance Graphics
-CVE-2011-0547
-	RESERVED
+CVE-2011-0547 (Multiple integer overflows in vxsvc.exe in the Veritas
Enterprise ...)
+	TODO: check
 CVE-2011-0546 (Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does
not ...)
 	NOT-FOR-US: Symantec Backup Exec
 CVE-2011-0545 (Cross-site request forgery (CSRF) vulnerability in adduser.do in
...)
@@ -29151,7 +29362,7 @@
 	NOT-FOR-US: Online Guestbook Pro
 CVE-2009-2447 (Multiple cross-site scripting (XSS) vulnerabilities in
ogp_show.php in ...)
 	NOT-FOR-US: Online Guestbook Pro
-CVE-2009-2445 (Sun Java System Web Server (aka Sun ONE Web Server) 6.1 before
SP12, ...)
+CVE-2009-2445 (Oracle iPlanet Web Server (formerly Sun Java System Web Server
or Sun ...)
 	NOT-FOR-US: Sun ONE Web Server
 CVE-2009-2444 (Directory traversal vulnerability in
maillinglist/setup/step1.php.inc ...)
 	NOT-FOR-US: ADbNewsSender