Author: nion
Date: 2011-09-08 21:41:06 +0000 (Thu, 08 Sep 2011)
New Revision: 17193
Modified:
data/CVE/list
data/DSA/list
Log:
claim DSA-2304-1 (vsftpd)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-09-08 21:14:18 UTC (rev 17192)
+++ data/CVE/list 2011-09-08 21:41:06 UTC (rev 17193)
@@ -125,7 +125,13 @@
CVE-2009-5086 (Cross-site scripting (XSS) vulnerability in Appliance
Configuration ...)
TODO: check
CVE-2011-XXXX [vsftpd namespace DoS]
+ {DSA-2304-1}
- vsftpd 2.3.4-1 (bug #629373)
+ [squeeze] - vsftpd 2.3.2-3+squeeze2
+ [lenny] - vsftpd 2.0.7-1+lenny1
+ NOTE: this is technically a kernel bug. however this has been workarounded
specifically
+ NOTE: for vsftpd by adding a kernel check before using this feature, see
DSA-2304-1
+ NOTE: for details
CVE-2011-3339
RESERVED
CVE-2011-3338
@@ -7259,6 +7265,8 @@
RESERVED
CVE-2011-0762 (The vsf_filename_passes_filter function in ls.c in vsftpd before
2.3.3 ...)
- vsftpd 2.3.4-1 (bug #622741)
+ [squeeze] - vsftpd 2.3.2-3+squeeze3
+ [lenny] - vsftpd 2.0.7-1+lenny1
CVE-2011-0761 (Perl 5.10.x allows context-dependent attackers to cause a denial
of ...)
- perl 5.12.0-1 (low; bug #628817)
CVE-2011-0760 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2011-09-08 21:14:18 UTC (rev 17192)
+++ data/DSA/list 2011-09-08 21:41:06 UTC (rev 17193)
@@ -1,3 +1,8 @@
+[08 Sep 2011] DSA-2304-1 vsftpd - denial of service
+ {CVE-2011-0762}
+ [squeeze] - vsftpd 2.3.2-3+squeeze3
+ [lenny] - vsftpd 2.0.7-1+lenny1
+ NOTE: additionally CVE-2011-2189 has been fixed for vsftpd by adding a kernel
check
[08 Sep 2011] DSA-2303-1 linux-2.6 - several issues
{CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491 CVE-2011-2492
CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 CVE-2011-2517 CVE-2011-2525
CVE-2011-2700 CVE-2011-2723 CVE-2011-2905 CVE-2011-2909 CVE-2011-2918
CVE-2011-2928 CVE-2011-3188 CVE-2011-3191}
[squeeze] - linux-2.6 2.6.32-35squeeze1