Author: thijs Date: 2012-01-01 23:07:58 +0000 (Sun, 01 Jan 2012) New Revision: 17975 Modified: data/CVE/list Log: bugs filed; maradns fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-01-01 22:56:54 UTC (rev 17974) +++ data/CVE/list 2012-01-01 23:07:58 UTC (rev 17975) @@ -1,15 +1,15 @@ -CVE-2011-XXXX - - maradns <unfixed> +CVE-2011-XXXX [maradns dos] + - maradns 1.4.09-1 [squeeze] - maradns <no-dsa> (Minor issue) [lenny] - maradns <no-dsa> (Minor issue) NOTE: VU#903934 NOTE: a DoS that requires being able to do recursive queries. Allowing recursive queries to the general public is already a security issue to begin with, so this issue can better be addressed in a point update. CVE-2011-5037 (Google V8 computes hash values for form parameters without restricting ...) - - libv8 <unfixed> + - libv8 <unfixed> (bug #653962) CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...) - - ruby-rack <unfixed> + - ruby-rack <unfixed> (bug #653962) CVE-2011-5035 (Oracle Glassfish 3.1.1 and earlier computes hash values for form ...) - - glassfish <unfixed> + - glassfish <unfixed> (bug #653964) CVE-2011-5034 (Apache Geronimo 2.2.1 and earlier computes hash values for form ...) TODO: check NOTE: It''s not clear if this issue is in Geronimo itself, @@ -27,11 +27,11 @@ CVE-2011-5028 (Directory traversal vulnerability in novelllogmanager/FileDownload in ...) NOT-FOR-US: Novell Sentinel Log Manager CVE-2011-5027 (Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 ...) - - zabbix <unfixed> + - zabbix <unfixed> (bug #652664) CVE-2011-5026 (Cross-site scripting (XSS) vulnerability in Winn GuestBook before ...) NOT-FOR-US: Winn Guestbook CVE-2011-5025 (Multiple cross-site scripting (XSS) vulnerabilities in the wiki ...) - - yaws <unfixed> + - yaws <unfixed> (bug #653966) CVE-2011-5024 (Cross-site scripting (XSS) vulnerability in mmsearch/design in the ...) NOT-FOR-US: ht://Dig integration for Mailman CVE-2011-5023 (Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows ...)