Author: helmut-guest Date: 2012-04-02 08:46:59 +0000 (Mon, 02 Apr 2012) New Revision: 18803 Modified: data/CVE/list Log: undetermined affects, NFUs, not completely trivial Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-04-02 08:00:16 UTC (rev 18802) +++ data/CVE/list 2012-04-02 08:46:59 UTC (rev 18803) @@ -926,7 +926,7 @@ CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio ...) NOT-FOR-US: Webfolio CMS CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x before ...) - TODO: check + - movabletype-opensource <undetermined> CVE-2012-1496 RESERVED CVE-2012-1495 @@ -1088,7 +1088,9 @@ CVE-2012-1419 (The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat ...) TODO: check CVE-2012-1418 (Multiple unspecified vulnerabilities in Google Chrome before ...) - TODO: check + - chromium-browser <undetermined> + - webkit <undetermined> + NOTE: Might by a NFU as it affects specific devices. CVE-2012-1417 RESERVED CVE-2012-1416 @@ -1104,7 +1106,7 @@ CVE-2012-1411 RESERVED CVE-2012-1410 (Multiple cross-site scripting (XSS) vulnerabilities in the History ...) - TODO: check + - kadu <undetermined> CVE-2012-1409 (Unspecified vulnerability in the Tiny Password ...) NOT-FOR-US: Tiny Password CVE-2012-1408 (Unspecified vulnerability in the App Lock (com.cc.applock) application ...) @@ -1404,7 +1406,7 @@ CVE-2012-1263 RESERVED CVE-2012-1262 (Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi ...) - TODO: check + - movabletype-opensource <undetermined> CVE-2012-1261 RESERVED CVE-2012-1260 @@ -2501,7 +2503,8 @@ CVE-2012-0839 (OCaml 3.12.1 and earlier computes hash values without restricting the ...) - ocaml <unfixed> (low; bug #659149) CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL ...) - TODO: check + - libstruts1.2-java <undetermined> + NOTE: likely unaffected, because of version difference CVE-2012-0837 RESERVED NOT-FOR-US: Joomla! @@ -3788,13 +3791,13 @@ CVE-2012-0321 (Unspecified vulnerability in the device driver in Kingsoft Internet ...) NOT-FOR-US: Kingsoft Internet Security 2011 CVE-2012-0320 (Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 ...) - TODO: check + - movabletype-opensource <undetermined> CVE-2012-0319 (The file-management system in Movable Type before 4.38, 5.0x before ...) - TODO: check + - movabletype-opensource <undetermined> CVE-2012-0318 (Multiple cross-site scripting (XSS) vulnerabilities in Movable Type ...) - TODO: check + - movabletype-opensource <undetermined> CVE-2012-0317 (Multiple cross-site request forgery (CSRF) vulnerabilities in Movable ...) - TODO: check + - movabletype-opensource <undetermined> CVE-2012-0316 (The Cookpad 1.5.16 and earlier and Cookpad Noseru 1.1.1 and earlier ...) NOT-FOR-US: Cookpad CVE-2012-0315 (Untrusted search path vulnerability in ALFTP before 5.31 allows local ...) @@ -4607,7 +4610,7 @@ CVE-2006-7251 RESERVED CVE-2006-7250 (The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t ...) - TODO: check + - openssl <undetermined> CVE-2006-7249 REJECTED CVE-2006-7248 @@ -8241,9 +8244,9 @@ CVE-2011-3846 RESERVED CVE-2011-3845 (Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2011-3844 (Apple Safari 5.0.5 does not properly implement the setInterval ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2011-3843 RESERVED CVE-2011-3842 @@ -9340,7 +9343,8 @@ CVE-2011-3444 (Address Book in Apple Mac OS X before 10.7.3 automatically switches to ...) NOT-FOR-US: Mac OS X CVE-2011-3443 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...) - TODO: check + - chromium-browser <undetermined> + - webkit <undetermined> CVE-2011-3442 (The kernel in Apple iOS before 5.0.1 does not ensure the validity of ...) NOT-FOR-US: Apple iOS CVE-2011-3441 (libinfo in Apple iOS before 5.0.1 does not properly formulate ...) @@ -11074,21 +11078,29 @@ [squeeze] - chromium-browser <not-affected> - webkit <not-affected> (chromium specific) CVE-2011-2873 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) - TODO: check + NOT-FOR-US: Apple WebKit + NOTE: reported by google, likely duplicate CVE-2011-2872 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) - TODO: check + NOT-FOR-US: Apple WebKit + NOTE: reported by google, likely duplicate CVE-2011-2871 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) - TODO: check + NOT-FOR-US: Apple WebKit + NOTE: reported by google, likely duplicate CVE-2011-2870 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) - TODO: check + NOT-FOR-US: Apple WebKit + NOTE: reported by google, likely duplicate CVE-2011-2869 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) - TODO: check + NOT-FOR-US: Apple WebKit + NOTE: reported by google, likely duplicate CVE-2011-2868 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) - TODO: check + NOT-FOR-US: Apple WebKit + NOTE: reported by google, likely duplicate CVE-2011-2867 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) - TODO: check + NOT-FOR-US: Apple WebKit + NOTE: reported by google, likely duplicate CVE-2011-2866 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) - TODO: check + NOT-FOR-US: Apple WebKit + NOTE: reported by google, likely duplicate CVE-2011-2865 RESERVED CVE-2011-2864 (Google Chrome before 14.0.835.163 does not properly handle Tibetan ...) @@ -11213,6 +11225,8 @@ - libxml2 2.7.8.dfsg-5 (low; bug #643648) [squeeze] - libxml2 <no-dsa> (denial-of-service only issue) CVE-2011-2833 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) + - chromium-browser <undetermined> + - webkit <undetermined> TODO: check iOS CVE-2011-2832 RESERVED