thr3ads.net - Secure testing commits - [Secure-testing-commits] r17950

If this information is useful, please help other people find it:
Share via:
Florian Weimer
2011-Dec-31 17:12 UTC
[Secure-testing-commits] r17950 - data/CVE

Author: fw
Date: 2011-12-31 17:12:55 +0000 (Sat, 31 Dec 2011)
New Revision: 17950

Modified:
   data/CVE/list
Log:
CVE-2011-5025: yaws
CVE-2011-5021: php-ids <itp>
CVE-2009-5110: dhttpd
CVE-2007-6750: apache2


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-12-31 16:59:28 UTC (rev 17949)
+++ data/CVE/list	2011-12-31 17:12:55 UTC (rev 17950)
@@ -31,15 +31,15 @@
 CVE-2011-5026 (Cross-site scripting (XSS) vulnerability in Winn GuestBook
before ...)
 	NOT-FOR-US: Winn Guestbook
 CVE-2011-5025 (Multiple cross-site scripting (XSS) vulnerabilities in the wiki
...)
-	TODO: check
+	- yaws <unfixed>
 CVE-2011-5024 (Cross-site scripting (XSS) vulnerability in mmsearch/design in
the ...)
-	TODO: check
+	NOT-FOR-US: ht://Dig integration for Mailman
 CVE-2011-5023 (Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4
allows ...)
-	TODO: check
+	NOT-FOR-US: Pligg CMS
 CVE-2011-5022 (SQL injection vulnerability in search.php in Pligg CMS 1.1.2
allows ...)
-	TODO: check
+	NOT-FOR-US: Pligg CMS
 CVE-2011-5021 (PHPIDS before 0.7 does not properly implement Regular Expression
...)
-	TODO: check
+	- php-ids <itp> (bug #488848)
 CVE-2011-5020
 	RESERVED
 CVE-2011-5019
@@ -57,29 +57,29 @@
 CVE-2011-5013
 	RESERVED
 CVE-2011-5012 (Heap-based buffer overflow in the Reflection FTP Client
(rftpcom.dll ...)
-	TODO: check
+	NOT-FOR-US: Attachmate Reflection
 CVE-2011-5011 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
-	TODO: check
+	NOT-FOR-US: xt:Commerce
 CVE-2011-5010 (apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300
allows ...)
-	TODO: check
+	NOT-FOR-US: Ctek SkyRouter
 CVE-2011-5009 (The CmpWebServer.dll module in the Control service in 3S CoDeSys
3.4 ...)
-	TODO: check
+	NOT-FOR-US: 3S CoDeSys
 CVE-2011-5008 (Integer overflow in the GatewayService component in 3S CoDeSys
3.4 SP4 ...)
-	TODO: check
+	NOT-FOR-US: 3S CoDeSys
 CVE-2011-5007 (Stack-based buffer overflow in the CmpWebServer component in 3S
...)
-	TODO: check
+	NOT-FOR-US: 3S CoDeSys
 CVE-2011-5006 (Stack-based buffer overflow in QQPlayer 3.2.845 allows remote
...)
-	TODO: check
+	NOT-FOR-US: QQPlayer
 CVE-2011-5005 (Unrestricted file upload vulnerability in QuiXplorer 2.3 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: QuiXplorer
 CVE-2011-5004 (Unrestricted file upload vulnerability in models/importcsv.php
in the ...)
-	TODO: check
+	NOT-FOR-US: Joomla extension
 CVE-2011-5003 (Stack-based buffer overflow in the Phonetic Indexer ...)
-	TODO: check
+	NOT-FOR-US: Avid Media Composer
 CVE-2011-5002 (Multiple stack-based buffer overflows in Final Draft 8 before
8.02 ...)
-	TODO: check
+	NOT-FOR-US: Final Draft
 CVE-2011-5001 (Stack-based buffer overflow in the CGenericScheduler::AddTask
function ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro Control Manager
 CVE-2011-5000
 	RESERVED
 CVE-2011-4999
@@ -277,15 +277,19 @@
 CVE-2011-4898
 	RESERVED
 CVE-2010-5081 (Stack-based buffer overflow in Mini-Stream RM-MP3 Converter
3.1.2.1 ...)
-	TODO: check
+	NOT-FOR-US: Mini-Stream RM-MP3 Converter
 CVE-2009-5111 (GoAhead WebServer allows remote attackers to cause a denial of
service ...)
-	TODO: check
+	NOT-FOR-US: GoAhead WebServer
 CVE-2009-5110 (dhttpd allows remote attackers to cause a denial of service
(daemon ...)
-	TODO: check
+	- dhttpd <unfixed> (low; bug #533665)
+	[etch] - dhttpd <no-dsa> (Minor issue)
+	[lenny] - dhttpd <no-dsa> (Minor issue)
 CVE-2009-5109 (Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows
...)
-	TODO: check
+	NOT-FOR-US: Mini-Stream Ripper
 CVE-2007-6750 (The Apache HTTP Server 1.x and 2.x allows remote attackers to
cause a ...)
-	TODO: check
+	- apache2 2.2.15-3 (medium; bug #533661)
+	- apache <removed> (medium; bug #533662)
+	[lenny] - apache2 <no-dsa> (Minor issue)
 CVE-2011-XXXX [php5 session id is world-readable]
 	- php5 <unfixed> (low; bug #653169)
 CVE-2011-4904
@@ -36267,15 +36271,9 @@
 	[etch] - pcsc-lite <not-affected> (directory introduced in 1.5.0)
 	[lenny] - pcsc-lite <not-affected> (directory introduced in 1.5.0)
 CVE-2009-XXXX ["slowloris" denial-of-service vulnerabilty in
webservers]
-	- apache2 2.2.15-3 (medium; bug #533661)
-	- apache <removed> (medium; bug #533662)
-	[lenny] - apache2 <no-dsa> (Minor issue)
 	- squid <not-affected>
 	- squid3 <not-affected>
 	NOTE: http://www.squid-cache.org/bugs/show_bug.cgi?id=2694
-	- dhttpd <unfixed> (unimportant; bug #533665)
-	[etch] - dhttpd <no-dsa> (Minor issue)
-	[lenny] - dhttpd <no-dsa> (Minor issue)
 	- lighttpd <not-affected>
 CVE-2009-2107 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
 	NOT-FOR-US: Webmedia Explorer
Secure testing commits - Dec 2011 - r17950 - data/CVE

[Secure-testing-commits] r17950 - data/CVE
