Author: jmm
Date: 2011-10-04 13:07:58 +0000 (Tue, 04 Oct 2011)
New Revision: 17364
Modified:
data/CVE/list
Log:
- two additional CVE-IDs were split off from libav
- new bugzilla issues (rather harmless)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-10-03 22:46:13 UTC (rev 17363)
+++ data/CVE/list 2011-10-04 13:07:58 UTC (rev 17364)
@@ -1,7 +1,11 @@
CVE-2011-3974 (Integer signedness error in the decode_residual_inter function
in ...)
- TODO: check
+ - libav 4:0.7.1-7 (bug #641478)
+ - ffmpeg <removed>
+ - ffmpeg-debian <end-of-life>
CVE-2011-3973 (cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before
0.8.3 ...)
- TODO: check
+ - libav 4:0.7.1-7 (bug #641478)
+ - ffmpeg <removed>
+ - ffmpeg-debian <end-of-life>
CVE-2011-3972
RESERVED
CVE-2011-3971
@@ -363,8 +367,8 @@
TODO: check
CVE-2011-3815 (WeBid 1.0.0 allows remote attackers to obtain sensitive
information ...)
TODO: check
-CVE-2011-3814 (WebCalendar 1.2.3 allows remote attackers to obtain sensitive
...)
- TODO: check
+CVE-2011-3814 (WebCaLendar 1.2.3 allows remote attackers to obtain sensitive
...)
+ - webcalendar <removed> (unimportant)
CVE-2011-3813 (Virtual War (aka VWar) 1.5.0r15 allows remote attackers to
obtain ...)
TODO: check
CVE-2011-3812 (Vanilla 2.0.16 allows remote attackers to obtain sensitive
information ...)
@@ -2238,7 +2242,7 @@
CVE-2008-7293 (Mozilla Firefox before 4 cannot properly restrict modifications
to ...)
TODO: check
CVE-2008-7292 (Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x
before ...)
- TODO: check
+ - bugzilla 3.0.4-1
CVE-2011-XXXX [libencode-perl unspecified issue]
- libencode-perl 2.44-1
CVE-2011-3007 (The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS
Endpoint ...)
@@ -2420,13 +2424,14 @@
- xulrunner <not-affected> (Only affects Windows)
- iceweasel <not-affected> (Only affects Windows)
CVE-2011-2979 (Bugzilla 4.1.x before 4.1.3 generates different responses for
certain ...)
- TODO: check
+ - bugzilla <not-affected> (Only affects Bugzilla 4.1, never uploaded to
the archive)
CVE-2011-2978 (Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x
before ...)
- TODO: check
+ - bugzilla <removed> (low)
CVE-2011-2977 (Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and
4.1.x ...)
- TODO: check
+ - bugzilla <not-affected> (Only affects Bugzilla on Windows)
CVE-2011-2976 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1
through ...)
- TODO: check
+ - bugzilla 3.6.1.0-0.1 (low)
+ NOTE: Fixed in 3.5.1, but 3.6.1 was first fixed upload to archive
CVE-2011-2975 (Double free vulnerability in the msAddImageSymbol function in
...)
- mapserver <unfixed>
CVE-2011-2974
@@ -4003,11 +4008,11 @@
CVE-2011-2384
RESERVED
CVE-2011-2381 (CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7,
3.0.x ...)
- TODO: check
+ - bugzilla <removed> (low)
CVE-2011-2380 (Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x
before ...)
- TODO: check
+ - bugzilla <removed> (low)
CVE-2011-2379 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through
...)
- TODO: check
+ - bugzilla <removed> (low)
CVE-2011-2378 (The appendChild function in Mozilla Firefox before 3.6.20,
Thunderbird ...)
{DSA-2297-1 DSA-2296-1 DSA-2295-1}
- icedove 3.1.12-1
@@ -22497,7 +22502,7 @@
- squid3 3.1.0.17-1 (bug #572554)
[lenny] - squid3 <no-dsa> (Minor issue, only affects non-default setup)
CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar
1.2.0 ...)
- - webcalendar <undetermined> (bug #572557)
+ - webcalendar <removed> (bug #572557)
CVE-2009-4643 (Stack-based buffer overflow in dsInstallerService.dll in the
Juniper ...)
NOT-FOR-US: Juniper Installer Service
CVE-2009-XXXX [ffmpeg potentially remaining vulnerabilities after DSA 2000]
@@ -22522,9 +22527,9 @@
- couchdb 0.11.0-2.1 (bug #570013)
[lenny] - couchdb <no-dsa> (does not support authentication at all)
CVE-2010-0637 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- - webcalendar <undetermined> (bug #572557)
+ - webcalendar <removed> (bug #572557)
CVE-2010-0636 (Multiple cross-site scripting (XSS) vulnerabilities in
WebCalendar ...)
- - webcalendar <undetermined> (bug #572557)
+ - webcalendar <removed> (bug #572557)
CVE-2010-0635 (SQL injection vulnerability in the
plgSearchEventsearch::onSearch ...)
NOT-FOR-US: JEvents Search plugin for Joomla!
CVE-2010-0633 (Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and
...)