Author: jmm
Date: 2011-10-19 11:28:08 +0000 (Wed, 19 Oct 2011)
New Revision: 17453
Modified:
data/CVE/list
Log:
new java issues
CVE-2011-3389 isn''t limited to Opera
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-10-19 08:35:37 UTC (rev 17452)
+++ data/CVE/list 2011-10-19 11:28:08 UTC (rev 17453)
@@ -20,36 +20,28 @@
CVE-2011-4063
RESERVED
CVE-2011-4062 (Buffer overflow in the "linux emulation"
support in FreeBSD 7.3 and ...)
- TODO: check
+ - kfreebsd-10 10.0~svn226224-1
+ - kfreebsd-9 9.0~svn225873-1
+ - kfreebsd-8 8.2-9 (bug #645377)
+ - kfreebsd-7 <removed>
CVE-2011-4061 (Multiple untrusted search path vulnerabilities in (1) db2rspgn
and (2) ...)
- TODO: check
+ NOT-FOR-US: DB2
CVE-2011-4060 (The runtime linker in QNX Neutrino RTOS 6.5.0 does not properly
clear ...)
- TODO: check
+ NOT-FOR-US: QNX
CVE-2011-4059
RESERVED
CVE-2011-4058
RESERVED
CVE-2010-4965 (/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware
1.04 ...)
- TODO: check
+ NOT-FOR-US: D-Link DCS-2121
CVE-2010-4964 (recorder_test.cgi on the D-Link DCS-2121 camera with firmware
1.04 ...)
- TODO: check
+ NOT-FOR-US: D-Link DCS-2121
CVE-2011-4064 [PMASA-2011-16]
RESERVED
- phpmyadmin 4:3.4.6-1 (unimportant)
-CVE-2011-XXXX [mplayer SAMI subtitle parsing buffer overflow]
- TODO: check
- NOTE: http://www.openwall.com/lists/oss-security/2011/10/14/1
CVE-2011-XXXX [hardlink has buffer overflows, is unsafe on changing trees]
- hardlink <not-affected> (Only the C version, ours are written in
Python)
NOTE: http://www.openwall.com/lists/oss-security/2011/10/15/2
-CVE-2011-XXXX [axel: Segmentation fault tcp_connect at tcp.c:70]
- - axel <unfixed> (bug #645234)
- TODO: check
-CVE-2011-XXXX [freebsd buffer overflow]
- - kfreebsd-10 10.0~svn226224-1
- - kfreebsd-9 9.0~svn225873-1
- - kfreebsd-8 8.2-9 (bug #645377)
- - kfreebsd-7 <removed>
CVE-2011-4057
RESERVED
CVE-2011-4056
@@ -214,9 +206,9 @@
CVE-2010-4919 (SQL injection vulnerability in detail.asp in Micronetsoft RV
Dealer ...)
NOT-FOR-US: Micronetsoft
CVE-2010-4918 (PHP remote file inclusion vulnerability in iJoomla Magazine ...)
- TODO: check
+ NOT-FOR-US: Joomla extension
CVE-2010-4917 (SQL injection vulnerability in sources/search.php in A-Blog 2.0
allows ...)
- TODO: check
+ NOT-FOR-US: A-Blog
CVE-2010-4916 (Multiple SQL injection vulnerabilities in index.cfm in ColdGen
...)
NOT-FOR-US: ColdGen ColdUserGroup
CVE-2010-4915 (SQL injection vulnerability in index.cfm in ColdGen
ColdBookmarks 1.22 ...)
@@ -1218,8 +1210,10 @@
RESERVED
CVE-2011-3626
RESERVED
-CVE-2011-3625
+CVE-2011-3625 [mplayer SAMI subtitle parsing buffer overflow]
RESERVED
+ TODO: check
+ NOTE: http://www.openwall.com/lists/oss-security/2011/10/14/1
CVE-2011-3624
RESERVED
CVE-2011-3623
@@ -1424,40 +1418,74 @@
RESERVED
CVE-2011-3561
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3560
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3559
RESERVED
CVE-2011-3558
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3557
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3556
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3555
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3554
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3553
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3552
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3551
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3550
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3549
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3548
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3547
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3546
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3545
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3544
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3543
RESERVED
CVE-2011-3542
@@ -1504,6 +1532,8 @@
RESERVED
CVE-2011-3521
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3520
RESERVED
CVE-2011-3519
@@ -1514,6 +1544,8 @@
RESERVED
CVE-2011-3516
RESERVED
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
CVE-2011-3515
RESERVED
CVE-2011-3514
@@ -1711,11 +1743,11 @@
CVE-2010-4834 (Multiple SQL injection vulnerabilities in index.php in OneOrZero
AIMS ...)
NOT-FOR-US: OneOrZero AIMS
CVE-2009-5101 (Pentaho BI Server 1.7.0.1062 and earlier includes the session ID
...)
- TODO: check
+ NOT-FOR-US: Pentaho BI Server
CVE-2009-5100 (Pentaho BI Server 1.7.0.1062 and earlier does not set the
autocomplete ...)
- TODO: check
+ NOT-FOR-US: Pentaho BI Server
CVE-2009-5099 (Cross-site scripting (XSS) vulnerability in ViewAction in
Pentaho BI ...)
- TODO: check
+ NOT-FOR-US: Pentaho BI Server
CVE-2009-5098 (The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when
not ...)
NOT-FOR-US: Palm WebOS
CVE-2009-5097 (Palm Pre WebOS 1.1 and earlier processes JavaScript in email
messages, ...)
@@ -1841,7 +1873,11 @@
[lenny] - masqmail <no-dsa> (no security issue by itself)
[squeeze] - masqmail <no-dsa> (no security issue by itself)
CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft
...)
- NOT-FOR-US: Opera
+ - sun-java6 <unfixed> (bug #645881)
+ - openjdk-6 <unfixed>
+ - iceweasel <unfixed>
+ - chromium-browser <unfixed>
+ - webkit <unfixed>
CVE-2011-3388 (Opera before 11.51 allows remote attackers to cause an insecure
site ...)
NOT-FOR-US: Opera
CVE-2011-3387 (The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote
...)
@@ -6978,10 +7014,17 @@
RESERVED
CVE-2011-1529
RESERVED
+ - krb5 <unfixed>
+ [lenny] - krb5 <not-affected> (Introduced in 1.8)
CVE-2011-1528
RESERVED
+ - krb5 <unfixed>
+ [lenny] - krb5 <not-affected> (Introduced in 1.8)
CVE-2011-1527
RESERVED
+ - krb5 <unfixed>
+ [squeeze] - krb5 <not-affected> (Introduced in 1.9)
+ [lenny] - krb5 <not-affected> (Introduced in 1.9)
CVE-2011-1526 (ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 ...)
{DSA-2283-1}
- krb5-appl <unfixed>