thr3ads.net - Secure testing commits - [Secure-testing-commits] r18100

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-Jan-09 21:14 UTC
[Secure-testing-commits] r18100 - data/CVE

Author: joeyh
Date: 2012-01-09 21:14:18 +0000 (Mon, 09 Jan 2012)
New Revision: 18100

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-01-09 19:15:08 UTC (rev 18099)
+++ data/CVE/list	2012-01-09 21:14:18 UTC (rev 18100)
@@ -1,3 +1,21 @@
+CVE-2012-0394 (** DISPUTED ** The DebuggingInterceptor component in Apache
Struts ...)
+	TODO: check
+CVE-2012-0393 (The ParameterInterceptor component in Apache Struts before
2.3.1.1 ...)
+	TODO: check
+CVE-2012-0392 (The CookieInterceptor component in Apache Struts before 2.3.1.1
does ...)
+	TODO: check
+CVE-2012-0391 (The ExceptionDelegator component in Apache Struts before 2.2.3.1
...)
+	TODO: check
+CVE-2011-5057 (Apache Struts 2.3.1.1 and earlier provides interfaces that do
not ...)
+	TODO: check
+CVE-2011-5056 (The authoritative server in MaraDNS through 2.0.04 computes hash
...)
+	TODO: check
+CVE-2011-5055 (MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data
without ...)
+	TODO: check
+CVE-2011-5054 (kcheckpass passes a user-supplied argument to the pam_start
function, ...)
+	TODO: check
+CVE-2011-5053 (The Wi-Fi Protected Setup (WPS) protocol, when the
&quot;external ...)
+	TODO: check
 CVE-2011-XXXX [glib hashtable dos issues: ocert-2011-003]
 	- glib2.0 <unfixed> (low; bug #655044)
 CVE-2012-XXXX [znc bouncedcc DoS]
@@ -828,8 +846,8 @@
 	RESERVED
 CVE-2011-4871
 	RESERVED
-CVE-2011-4870
-	RESERVED
+CVE-2011-4870 (Multiple buffer overflows in the (1) GUIControls, (2)
BatchObjSrv, and ...)
+	TODO: check
 CVE-2011-4869 (validator/val_nsec3.c in Unbound before 1.4.13p2 does not
properly ...)
 	{DSA-2370-1}
 	- unbound 1.4.14-1 (medium)
@@ -1648,8 +1666,7 @@
 	REJECTED
 CVE-2012-0025
 	RESERVED
-CVE-2012-0024 [maradns dos]
-	RESERVED
+CVE-2012-0024 (MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash
values ...)
 	- maradns 1.4.09-1
 	[squeeze] - maradns <no-dsa> (Minor issue)
 	[lenny] - maradns <no-dsa> (Minor issue)
@@ -2103,14 +2120,14 @@
 	RESERVED
 CVE-2011-4533
 	RESERVED
-CVE-2011-4532
-	RESERVED
-CVE-2011-4531
-	RESERVED
-CVE-2011-4530
-	RESERVED
-CVE-2011-4529
-	RESERVED
+CVE-2011-4532 (Absolute path traversal vulnerability in the
ALMListView.ALMListCtrl ...)
+	TODO: check
+CVE-2011-4531 (Siemens Automation License Manager (ALM) 4.0 through
5.1+SP1+Upd1 ...)
+	TODO: check
+CVE-2011-4530 (Siemens Automation License Manager (ALM) 4.0 through
5.1+SP1+Upd1 does ...)
+	TODO: check
+CVE-2011-4529 (Multiple buffer overflows in Siemens Automation License Manager
(ALM) ...)
+	TODO: check
 CVE-2011-4528 (Unbound before 1.4.13p2 attempts to free unallocated memory
during ...)
 	{DSA-2370-1}
 	- unbound 1.4.14-1 (medium)
@@ -2544,13 +2561,11 @@
 	NOTE: http://openwall.com/lists/oss-security/2011/11/29/8
 	NOTE: http://redmine.lighttpd.net/issues/2370
 	NOTE: the announcement says that the debian package is not affected, but there
are no additional patches that would cause different behavior (i.e. the
base64_reverse_table is the same in debian and upstream), so if upstream is
affected, so too is the debian package
-CVE-2011-4361 [lack of read permission checks]
-	RESERVED
+CVE-2011-4361 (MediaWiki before 1.17.1 does not check for read permission
before ...)
 	{DSA-2366-1}
 	- mediawiki 1:1.15.5-4 (bug #650434)
 	NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html
-CVE-2011-4360 [page titles on private wikis]
-	RESERVED
+CVE-2011-4360 (MediaWiki before 1.17.1 allows remote attackers to obtain the
page ...)
 	{DSA-2366-1}
 	- mediawiki 1:1.15.5-4 (bug #650434)
 	NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html
@@ -3537,10 +3552,10 @@
 	- phpmyadmin 4:3.4.6-1 (unimportant)
 CVE-2011-4057
 	RESERVED
-CVE-2011-4056
-	RESERVED
-CVE-2011-4055
-	RESERVED
+CVE-2011-4056 (An unspecified ActiveX control in ActBar.ocx in Siemens
Tecnomatix ...)
+	TODO: check
+CVE-2011-4055 (Buffer overflow in the WebClient ActiveX control in Siemens
Tecnomatix ...)
+	TODO: check
 CVE-2011-4054 (Cross-site scripting (XSS) vulnerability in login.fcc in CA
SiteMinder ...)
 	NOT-FOR-US: CA SiteMinder
 CVE-2011-4053
@@ -4065,14 +4080,14 @@
 	RESERVED
 CVE-2011-3923
 	RESERVED
-CVE-2011-3922
-	RESERVED
-CVE-2011-3921
-	RESERVED
+CVE-2011-3922 (Stack-based buffer overflow in Google Chrome before 16.0.912.75
allows ...)
+	TODO: check
+CVE-2011-3921 (Use-after-free vulnerability in Google Chrome before 16.0.912.75
...)
+	TODO: check
 CVE-2011-3920
 	RESERVED
-CVE-2011-3919
-	RESERVED
+CVE-2011-3919 (Heap-based buffer overflow in libxml2, as used in Google Chrome
before ...)
+	TODO: check
 CVE-2011-3918
 	RESERVED
 CVE-2011-3917 (Stack-based buffer overflow in FileWatcher in Google Chrome
before ...)
@@ -6077,8 +6092,8 @@
 	- openssl 1.0.0e-1
 	[squeeze] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d)
 	[lenny] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d)
-CVE-2011-3206
-	RESERVED
+CVE-2011-3206 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
 CVE-2011-3205 (Buffer overflow in the gopherToHTML function in gopher.cc in the
...)
 	{DSA-2304-1}
 	- squid3 3.1.15-1 (low; bug #639755)
Secure testing commits - Jan 2012 - r18100 - data/CVE

[Secure-testing-commits] r18100 - data/CVE
