Author: helmut-guest Date: 2012-01-21 08:48:56 +0000 (Sat, 21 Jan 2012) New Revision: 18239 Modified: data/CVE/list Log: libstruts1.2-java, 1 NFU, 2 NOTES Please have a closer look at CVE-2011-5054 and CVE-2011-5053. Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-01-20 21:14:22 UTC (rev 18238) +++ data/CVE/list 2012-01-21 08:48:56 UTC (rev 18239) @@ -1021,23 +1021,25 @@ CVE-2012-0395 RESERVED CVE-2012-0394 (** DISPUTED ** The DebuggingInterceptor component in Apache Struts ...) - TODO: check + - libstruts1.2-java <undetermined> CVE-2012-0393 (The ParameterInterceptor component in Apache Struts before 2.3.1.1 ...) - TODO: check + - libstruts1.2-java <undetermined> CVE-2012-0392 (The CookieInterceptor component in Apache Struts before 2.3.1.1 does ...) - TODO: check + - libstruts1.2-java <undetermined> CVE-2012-0391 (The ExceptionDelegator component in Apache Struts before 2.2.3.1 ...) - TODO: check + - libstruts1.2-java <undetermined> CVE-2011-5057 (Apache Struts 2.3.1.1 and earlier provides interfaces that do not ...) - TODO: check + - libstruts1.2-java <undetermined> CVE-2011-5056 (The authoritative server in MaraDNS through 2.0.04 computes hash ...) - maradns <not-affected> (Only affects 2.x, see #653838) CVE-2011-5055 (MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without ...) - maradns <unfixed> (low) CVE-2011-5054 (kcheckpass passes a user-supplied argument to the pam_start function, ...) - TODO: check + - kdebase-workspace <undetermined> + NOTE: the kcheckpass utility is not present in sid CVE-2011-5053 (The Wi-Fi Protected Setup (WPS) protocol, when the "external ...) TODO: check + NOTE: This vulnerability affects a protocol, not a product. More information can be found at http://www.kb.cert.org/vuls/id/723755. All products listed there are not part of Debian. CVE-2011-XXXX [glib hashtable dos issues: ocert-2011-003] - glib2.0 <unfixed> (low; bug #655044) CVE-2012-0390 (The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain ...) @@ -4653,6 +4655,7 @@ CVE-2011-4064 (Cross-site scripting (XSS) vulnerability in the setup interface in ...) - phpmyadmin 4:3.4.6-1 (unimportant) CVE-2011-4057 (Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other ...) + NOT-FOR-US: Wibu-Systems AG CodeMeter Runtime TODO: check CVE-2011-4056 (An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix ...) NOT-FOR-US: Siemens Tecnomatix