Author: jmm
Date: 2011-10-29 13:30:31 +0000 (Sat, 29 Oct 2011)
New Revision: 17525
Modified:
data/CVE/list
Log:
- new flood of moodle issues
- new unimportant ocsinventory issue
- new tor issues
- revised kfreebsd fix
- nss CVEfied
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-10-29 13:20:04 UTC (rev 17524)
+++ data/CVE/list 2011-10-29 13:30:31 UTC (rev 17525)
@@ -1,3 +1,51 @@
+CVE-2011-XXXX [MSA-11-0018]
+ - moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0019]
+ - moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0020]
+ - moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0021]
+ - moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0022]
+ - moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0023]
+ - moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0024]
+ - moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0025]
+ - moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0026]
+ - moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0027]
+ - moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0028]
+ - moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0029]
+ - moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0030]
+ - moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0031]
+ - moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0032]
+ - moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0033]
+ - moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0034]
+ - moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0035]
+ - moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0036]
+ - moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0037]
+ - moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0038]
+ - moodle 1.9.9.dfsg2-4
+CVE-2011-XXXX [MSA-11-0039]
+ - moodle <not-affected> (Only affects 2.x)
+CVE-2011-XXXX [MSA-11-0040]
+ - moodle <unfixed>
+CVE-2011-XXXX [MSA-11-0041]
+ - moodle <not-affected> (Only affects 2.x)
CVE-2011-4208
RESERVED
CVE-2011-4207
@@ -121,14 +169,6 @@
RESERVED
CVE-2011-4152
RESERVED
-CVE-2011-XXXX [nss: Did honour /pkcs11.txt and /secmod.db files by
initializatio]
- - nss <unfixed> (low)
- [lenny] - nss <no-dsa> (Minor issue)
- [squeeze] - nss <no-dsa> (Minor issue)
- - chromium-browser <unfixed> (low)
- [lenny] - chromium-browser <no-dsa> (attacker needs to get malicious
file into cwd first)
- [squeeze] - chromium-browser <no-dsa> (attacker needs to get malicious
file into cwd first)
- NOTE: http://seclists.org/fulldisclosure/2011/Oct/734
CVE-2011-4151 (The krb5_db2_lockout_audit function in the Key Distribution
Center ...)
- krb5 <unfixed> (low; bug #646367)
[lenny] - krb5 <not-affected> (introduced in 1.8)
@@ -340,7 +380,7 @@
{DSA-2325-1}
- kfreebsd-10 10.0~svn226224-1
- kfreebsd-9 9.0~svn225873-1
- - kfreebsd-8 8.2-9 (bug #645377)
+ - kfreebsd-8 8.2-11 (bug #645377)
- kfreebsd-7 <removed>
CVE-2011-4061 (Multiple untrusted search path vulnerabilities in (1) db2rspgn
and (2) ...)
NOT-FOR-US: DB2
@@ -634,7 +674,8 @@
CVE-2010-4870 (SQL injection vulnerability in index.php in BloofoxCMS 0.3.5
allows ...)
TODO: check
CVE-2011-4024 (Cross-site scripting (XSS) vulnerability in ocsinventory in OCS
...)
- TODO: check
+ - ocsinventory-server 2.0.2-1 (unimportant)
+ NOTE: Authentication is needed, only supported in trusted environments, see
debtags
CVE-2011-4023
RESERVED
CVE-2011-4022
@@ -1494,7 +1535,14 @@
CVE-2011-3641
RESERVED
CVE-2011-3640 (** DISPUTED ** Untrusted search path vulnerability in Mozilla
Network ...)
- TODO: check
+ - nss <unfixed> (low)
+ [lenny] - nss <no-dsa> (Minor issue)
+ [squeeze] - nss <no-dsa> (Minor issue)
+ TODO: File bug for NSS
+ - chromium-browser <unfixed> (low)
+ [lenny] - chromium-browser <no-dsa> (attacker needs to get malicious
file into cwd first)
+ [squeeze] - chromium-browser <no-dsa> (attacker needs to get malicious
file into cwd first)
+ NOTE: http://seclists.org/fulldisclosure/2011/Oct/734
CVE-2011-3639
RESERVED
CVE-2011-3638
@@ -3544,6 +3592,7 @@
CVE-2011-2908
RESERVED
CVE-2011-2907 (Terascale Open-Source Resource and Queue Manager (aka TORQUE
Resource ...)
+ TODO: Check status for stable
- torque 2.4.15+dfsg-1
CVE-2011-2906
RESERVED
@@ -4013,9 +4062,11 @@
CVE-2011-2769
RESERVED
{DSA-2331-1}
+ - tor 0.2.2.34-1
CVE-2011-2768
RESERVED
{DSA-2331-1}
+ - tor 0.2.2.34-1
CVE-2011-2767
RESERVED
CVE-2011-2766 (The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as
used by ...)