thr3ads.net - Secure testing commits - [Secure-testing-commits] r17720

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Nov-30 21:14 UTC
[Secure-testing-commits] r17720 - data/CVE

Author: joeyh
Date: 2011-11-30 21:14:24 +0000 (Wed, 30 Nov 2011)
New Revision: 17720

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-11-30 21:13:46 UTC (rev 17719)
+++ data/CVE/list	2011-11-30 21:14:24 UTC (rev 17720)
@@ -1,3 +1,11 @@
+CVE-2011-4641
+	RESERVED
+CVE-2011-4640
+	RESERVED
+CVE-2011-4639
+	RESERVED
+CVE-2011-4638
+	RESERVED
 CVE-2011-4637
 	RESERVED
 CVE-2011-4636
@@ -199,8 +207,8 @@
 	RESERVED
 CVE-2011-4543
 	RESERVED
-CVE-2011-4542
-	RESERVED
+CVE-2011-4542 (Hastymail2 2.1.1 before RC2 allows remote attackers to execute
...)
+	TODO: check
 CVE-2011-4541 (Cross-site scripting (XSS) vulnerability in index.php in
Hastymail2 ...)
 	TODO: check
 CVE-2011-4540
@@ -554,8 +562,8 @@
 	RESERVED
 CVE-2011-4406
 	RESERVED
-CVE-2011-4405
-	RESERVED
+CVE-2011-4405 (The cupshelpers scripts in system-config-printer in Ubuntu 11.04
and ...)
+	TODO: check
 CVE-2011-4404 (The default configuration of the HTTP server in Jetty in vSphere
...)
 	- jetty 6.1.19-1 (low; bug #528389)
 	NOTE: duplicate of CVE-2009-1523
@@ -706,8 +714,7 @@
 	- linux-2.6 <unfixed>
 CVE-2011-4346
 	RESERVED
-CVE-2011-4345
-	RESERVED
+CVE-2011-4345 (Cross-site scripting (XSS) vulnerability in Namazu before
2.0.21, when ...)
 	- namazu2 2.0.21-1 (low)
 	[squeeze] - namazu2 <no-dsa> (Minor issue)
 CVE-2011-4344
@@ -788,8 +795,7 @@
 	RESERVED
 	- dovecot <unfixed> (unimportant; bug #649511)
 	NOTE: Additional hardening
-CVE-2011-4317 [mod_proxy/mod_rewrite insufficient sanitization of invalid URLs]
-	RESERVED
+CVE-2011-4317 (The mod_proxy module in the Apache HTTP Server 1.3.x through
1.3.42, ...)
 	- apache2 <unfixed>
 	NOTE: Related to CVE-2011-3368 and CVE-2011-3639 but a different issue
 CVE-2011-4316
@@ -802,8 +808,7 @@
 	NOTE: http://trac.nginx.org/nginx/changeset/4268/nginx
 CVE-2011-4314
 	RESERVED
-CVE-2011-4313 [BIND INSIST crash in query.c]
-	RESERVED
+CVE-2011-4313 (query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through
9.4-ESV-R5, ...)
 	{DSA-2347-1}
 	- bind9 <unfixed> (high; bug #649099)
 	NOTE: http://www.isc.org/software/bind/advisories/cve-2011-4313
@@ -1262,8 +1267,8 @@
 	RESERVED
 CVE-2011-4192
 	RESERVED
-CVE-2011-4191
-	RESERVED
+CVE-2011-4191 (Stack-based buffer overflow in the xdrDecodeString function in
...)
+	TODO: check
 CVE-2011-4190
 	RESERVED
 CVE-2011-4189
@@ -1941,8 +1946,8 @@
 	NOT-FOR-US: Cisco Webex
 CVE-2011-4003
 	RESERVED
-CVE-2011-4002
-	RESERVED
+CVE-2011-4002 (HP no Mawashimono Nikki 6.6 and earlier allows remote attackers
to ...)
+	TODO: check
 CVE-2011-4001
 	RESERVED
 CVE-2011-4000 (Buffer overflow in ChaSen 2.4.x allows remote attackers to
execute ...)
@@ -2834,8 +2839,7 @@
 	[lenny] - chromium-browser <no-dsa> (attacker needs to get malicious
file into cwd first)
 	[squeeze] - chromium-browser <no-dsa> (attacker needs to get malicious
file into cwd first)
 	NOTE: http://seclists.org/fulldisclosure/2011/Oct/734
-CVE-2011-3639 [mod_proxy/mod_rewrite insufficient URI sanitization with
HTTP/0.9 and pre 2.2.18]
-	RESERVED
+CVE-2011-3639 (The mod_proxy module in the Apache HTTP Server 2.0.x through
2.0.64 ...)
 	- apache2 2.2.18-1
 	NOTE: Related to CVE-2011-3368 and CVE-2011-4317 but a different issue
 CVE-2011-3638
@@ -3590,14 +3594,12 @@
 CVE-2011-3368 (The mod_proxy module in the Apache HTTP Server 1.3.x through
1.3.42, ...)
 	- apache2 2.2.21-2 (medium)
 	NOTE: http://article.gmane.org/gmane.comp.apache.announce/61
-CVE-2011-3367
-	RESERVED
-CVE-2011-3366
-	RESERVED
+CVE-2011-3367 (Arora, possibly 0.11 and other versions, does not use a certain
font ...)
+	TODO: check
+CVE-2011-3366 (Rekonq 0.7.0 and earlier does not use a certain font when
rendering ...)
 	- rekonq <not-affected> (Only affected the 0.8.x devel versions and was
fixed before final 0.8 release, see bug #647298)
 	NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt
-CVE-2011-3365
-	RESERVED
+CVE-2011-3365 (The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1,
and ...)
 	- kde4libs <unfixed>
 	[squeeze] - kde4libs <not-affected> (only 4.6.0 - 4.7.1 are vulnerable)
 	[lenny] - kde4libs <not-affected> (only 4.6.0 - 4.7.1 are vulnerable)
@@ -4114,8 +4116,8 @@
 	RESERVED
 CVE-2011-3174
 	RESERVED
-CVE-2011-3173
-	RESERVED
+CVE-2011-3173 (Stack-based buffer overflow in the GetDriverSettings function in
...)
+	TODO: check
 CVE-2011-3172
 	RESERVED
 CVE-2011-3171 (Directory traversal vulnerability in pure-FTPd 1.0.22 and
possibly ...)
@@ -4196,8 +4198,8 @@
 	- update-manager <unfixed> (bug #650307)
 CVE-2011-3151
 	RESERVED
-CVE-2011-3150
-	RESERVED
+CVE-2011-3150 (Software Center in Ubuntu 11.10, 11.04 10.10 does not properly
...)
+	TODO: check
 CVE-2011-3149
 	RESERVED
 	{DSA-2326-1}
@@ -13726,8 +13728,7 @@
 	RESERVED
 CVE-2009-5029
 	RESERVED
-CVE-2009-5028
-	RESERVED
+CVE-2009-5028 (Stack-based buffer overflow in Namazu before 2.0.20 allows
remote ...)
 	- namazu2 2.0.20-1.0 (low)
 CVE-2009-5027
 	RESERVED
Secure testing commits - Nov 2011 - r17720 - data/CVE

[Secure-testing-commits] r17720 - data/CVE
