thr3ads.net - Secure testing commits - [Secure-testing-commits] r18948

If this information is useful, please help other people find it:
Share via:
Raphael Geissert
2012-Apr-15 17:15 UTC
[Secure-testing-commits] r18948 - data/CVE

Author: geissert
Date: 2012-04-15 17:15:48 +0000 (Sun, 15 Apr 2012)
New Revision: 18948

Modified:
   data/CVE/list
Log:
linux, libarchive, perl, libvirt, dirmngr, openssl, vino, spring, etc


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-04-15 06:59:24 UTC (rev 18947)
+++ data/CVE/list	2012-04-15 17:15:48 UTC (rev 18948)
@@ -6514,8 +6514,13 @@
 	- linux-2.6 3.0.0-1
 CVE-2011-4610
 	RESERVED
+	- jbossas4 <undetermined>
+	TODO: check
 CVE-2011-4609
 	RESERVED
+	- eglibc <unfixed>
+	- glibc <unfixed>
+	TODO: check
 CVE-2011-4608 (mod_cluster in JBoss Enterprise Application Platform 5.1.2 for
Red Hat ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server)
 CVE-2011-4607 [http://seclists.org/oss-sec/2011/q4/500]
@@ -6546,6 +6551,8 @@
 	[squeeze] - pidgin 2.7.3-1+squeeze2
 CVE-2011-4600
 	RESERVED
+	- libvirt <unfixed>
+	TODO: check
 CVE-2011-4599
 	RESERVED
 	{DSA-2397-1}
@@ -6613,6 +6620,7 @@
 	- moodle <not-affected> (Only affects 2.x)
 CVE-2011-4580
 	RESERVED
+	NOT-FOR-US: JBoss Enterprise Portal Platform
 CVE-2011-4579 [SVQ1 issue]
 	RESERVED
 	{DSA-2378-1}
@@ -6636,6 +6644,7 @@
 	RESERVED
 CVE-2011-4573
 	RESERVED
+	NOT-FOR-US: JBoss Operations Network
 CVE-2011-4572 (Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php
in CF ...)
 	NOT-FOR-US: CF Image Hosting Script
 CVE-2011-4571 (SQL injection vulnerability in the Estate Agent
(com_estateagent) ...)
@@ -7987,8 +7996,12 @@
 	NOT-FOR-US: perl Batch::BatchRun CPAN module
 CVE-2011-4116
 	RESERVED
+	- perl <unfixed>
+	TODO: check
 CVE-2011-4115
 	RESERVED
+	- libparallel-forkmanager-perl <unfixed>
+	TODO: check
 CVE-2011-4114 (The par_mktmpdir function in the PAR::Packer module before 1.012
for ...)
 	- libpar-packer-perl 1.012-1 (bug #650706)
 	[squeeze] - libpar-packer-perl 1.006-1+squeeze1
@@ -7996,6 +8009,8 @@
 	- drupal6-mod-views 2.14-1
 CVE-2011-4112
 	RESERVED
+	- linux-2.6 <unfixed>
+	TODO: check
 CVE-2011-4111
 	RESERVED
 	- qemu 0.15.1+dfsg-2
@@ -8090,6 +8105,7 @@
 	[lenny] - bzip2 <no-dsa> (Minor issue)
 CVE-2011-4088
 	RESERVED
+	NOT-FOR-US: abrt/libreport
 CVE-2011-4087
 	RESERVED
 	- linux-2.6 3.0.0-1
@@ -8097,8 +8113,11 @@
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.37)
 CVE-2011-4086
 	RESERVED
+	- linux-2.6 <unfixed>
+	TODO: check
 CVE-2011-4085
 	RESERVED
+	NOT-FOR-US: JBoss Enterprise SOA Platform
 CVE-2011-4084
 	REJECTED
 	NOTE: Will be rejected to avoid confusion
@@ -8107,6 +8126,8 @@
 	NOT-FOR-US: RedHat sos
 CVE-2011-4082
 	RESERVED
+	- phpldapadmin <unfixed>
+	TODO: check
 CVE-2011-4081 [CRYPTO_GHASH issue]
 	RESERVED
 	- linux-2.6 3.0.0-6
@@ -11653,6 +11674,7 @@
 	- linux-2.6 <not-affected> (RHEL-specific backport issue)
 CVE-2011-2941
 	RESERVED
+	NOT-FOR-US: JBoss Enterprise Portal Platform
 CVE-2011-2940 (stunnel 4.40 and 4.41 might allow remote attackers to execute
...)
 	- stunnel4 3:4.42-1 (bug #638758)
 	[squeeze] - stunnel4 <not-affected> (Only 4.4x affected)
@@ -11708,6 +11730,8 @@
 	NOTE: http://bugs.linux-foundation.org/show_bug.cgi?id=936
 CVE-2011-2923
 	RESERVED
+	- foomatic-filters <unfixed> (unimportant)
+	NOTE: debug mode-only
 CVE-2011-2922
 	RESERVED
 	- ktsuss <removed>
@@ -11761,6 +11785,7 @@
 	- linux-2.6 3.0.0-2
 CVE-2011-2908
 	RESERVED
+	NOT-FOR-US: JBoss Enterprise Application Platform
 CVE-2011-2907 (Terascale Open-Source Resource and Queue Manager (aka TORQUE
Resource ...)
 	- torque 2.4.15+dfsg-1
 	[squeeze] - torque <no-dsa> (Not fixable, would need an update to a
release with MUNGE support, clusters typically run in locked down environments)
@@ -11800,6 +11825,9 @@
 	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.27)
 CVE-2011-2897
 	RESERVED
+	- gdk-pixbuf <unfixed>
+	TODO: check
+	TODO: check for other copies of the same codebase
 CVE-2011-2896 (The LZW decompressor in the LWZReadByte function in giftoppm.c
in the ...)
 	{DSA-2426-1 DSA-2354-1}
 	- cups 1.5.0-8
@@ -11809,6 +11837,7 @@
 	{DSA-2293-1}
 	- libxfont 1:1.4.4-1
 CVE-2011-2894 (Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0
through ...)
+	- libspring-2.5-java <unfixed>
 	TODO: check
 CVE-2011-2893 (The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows
...)
 	NOT-FOR-US: IBM Lotus Symphony
@@ -12360,16 +12389,24 @@
 	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
 CVE-2011-2732
 	RESERVED
+	- libspring-2.5-java <unfixed>
+	TODO: check
 CVE-2011-2731
 	RESERVED
+	- libspring-2.5-java <unfixed>
+	TODO: check
 CVE-2011-2730
 	RESERVED
+	- libspring-2.5-java <unfixed>
+	TODO: check
 CVE-2011-2729 (native/unix/native/jsvc-unix.c in jsvc in the Daemon component
1.0.3 ...)
 	- commons-daemon 1.0.7-1
 	[squeeze] - commons-daemon <not-affected> (Support for libcap was only
added in 1.0.6)
 	NOTE: According to http://tomcat.apache.org/security-7.html jsvc needs to be
build againt libcap to be exploitable
 CVE-2011-2728
 	RESERVED
+	- perl <unfixed> (unimportant)
+	NOTE: requires the attacker to manipulate glob flags
 CVE-2011-2727
 	RESERVED
 	NOT-FOR-US: Tribiq CMS
@@ -12437,6 +12474,10 @@
 	- joomla <itp> (bug #571794)
 CVE-2011-2709
 	RESERVED
+	- libgssglue <unfixed>
+	- heimdal <unfixed>
+	- krb5 <unfixed>
+	TODO: check
 CVE-2011-2708
 	REJECTED
 	NOTE: duplicate of CVE-2011-2710, will be rejected
@@ -12926,6 +12967,7 @@
 	- libsoup2.4 2.34.3-1 (bug #635837)
 CVE-2011-2523
 	RESERVED
+	- vsftpd <not-affected> (backdoored version)
 CVE-2011-2522 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
 	{DSA-2290-1}
 	- samba 2:3.5.10~dfsg-1 (low)
@@ -12958,10 +13000,20 @@
 	- xml-security-c 1.6.1-1 (low; bug #632973)
 CVE-2011-2515
 	RESERVED
+	- packagekit <unfixed>
+	TODO: check
 CVE-2011-2514
 	RESERVED
+	- openjdk-6 6b21~pre1-1
+	- icedtea-web <unfixed>
+	NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
+	TODO: check
 CVE-2011-2513
 	RESERVED
+	- openjdk-6 6b21~pre1-1
+	- icedtea-web <unfixed>
+	NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
+	TODO: check
 CVE-2011-2512 [qemu-kvm: OOB memory access caused by negative vq notifies]
 	RESERVED
 	{DSA-2270-1}
@@ -12996,6 +13048,8 @@
 	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2011-2504
 	RESERVED
+	- x11-apps <unfixed> (low)
+	TODO: check
 CVE-2011-2503
 	RESERVED
 	{DSA-2348-1}
@@ -13061,6 +13115,8 @@
 	RESERVED
 CVE-2011-2486
 	RESERVED
+	- nspluginwrapper <unfixed>
+	TODO: check
 CVE-2011-2485 [excessive memory use due improper checking of certain return
values in GIF image loader]
 	RESERVED
 	- gdk-pixbuf 2.23.3-3.1 (bug #631524)
@@ -13734,6 +13790,8 @@
 	- kvm <removed>
 CVE-2011-2207
 	RESERVED
+	- dirmngr <unfixed>
+	TODO: check
 CVE-2011-2206 (XMLParser.pm in DJabberd before 0.85 allows remote authenticated
users ...)
 	NOT-FOR-US: Djabberd
 CVE-2011-2205 (Prosody before 0.8.1 does not properly detect recursion during
entity ...)
@@ -13783,6 +13841,8 @@
 	NOTE: for details
 CVE-2011-2187
 	RESERVED
+	- xscreensaver <unfixed>
+	TODO: check
 CVE-2011-2186
 	RESERVED
 CVE-2011-2181 (Multiple SQL injection vulnerabilities in A Really Simple Chat
(ARSC) ...)
@@ -13791,6 +13851,9 @@
 	NOT-FOR-US: A Really Simple Chat
 CVE-2011-2177
 	RESERVED
+	- libreoffice <undetermined>
+	- openoffice.org <undetermined>
+	NOTE: no known details
 CVE-2011-2176 (GNOME NetworkManager before 0.8.6 does not properly enforce the
...)
 	- network-manager 0.9.0-1 (low; bug #631520)
 	[squeeze] - network-manager <no-dsa> (Minor issue)
@@ -14471,6 +14534,8 @@
 	[squeeze] - phpmyadmin <no-dsa> (may be bundled with future issues)
 CVE-2011-1939
 	RESERVED
+	- zendframework <unfixed>
+	TODO: check
 CVE-2011-1938 (Stack-based buffer overflow in the socket_connect function in
...)
 	{DSA-2399-1}
 	- php5 5.3.6-13 (low)
@@ -14479,6 +14544,8 @@
 	NOT-FOR-US: Webmin
 CVE-2011-1936
 	RESERVED
+	- linux-2.6 <unfixed>
+	TODO: check
 CVE-2011-1935 [packet truncation in libpcap]
 	RESERVED
 	- libpcap 1.1.1-4 (low; bug #623868)
@@ -15002,8 +15069,12 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29
 CVE-2011-1780
 	RESERVED
+	- linux-2.6 <unfixed>
+	TODO: check
 CVE-2011-1779
 	RESERVED
+	- libarchive <unfixed>
+	TODO: check
 CVE-2011-1778
 	RESERVED
 	{DSA-2413-1}
@@ -15056,6 +15127,8 @@
 	[lenny] - exim4 <not-affected> (vulnerable code not present)
 CVE-2011-1763
 	RESERVED
+	- linux-2.6 <unfixed>
+	TODO: check
 CVE-2011-1762
 	RESERVED
 CVE-2011-1761 [modplug ABC buffer overflow]
@@ -15325,6 +15398,8 @@
 	[lenny] - glibc <no-dsa> (Minor issue)
 	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8126d90480fa
 CVE-2011-1658 (ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier
...)
+	- eglibc <unfixed>
+	- glibc <removed>
 	TODO: check
 CVE-2011-1657 (The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern
functions ...)
 	- php5 <unfixed> (unimportant)
@@ -15857,6 +15932,7 @@
 	NOT-FOR-US: JBoss Seam
 CVE-2011-1483
 	RESERVED
+	NOT-FOR-US: JBoss Enterprise Web Platform
 CVE-2011-1482 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
 	NOT-FOR-US: PHP-Nuke
 CVE-2011-1481 (Multiple cross-site scripting (XSS) vulnerabilities in Francisco
Burzi ...)
@@ -15888,6 +15964,8 @@
 	NOTE: http://seclists.org/oss-sec/2011/q1/579
 CVE-2011-1473
 	RESERVED
+	- openssl <unfixed>
+	TODO: check
 CVE-2011-1472 (The Nokia E75 phone with firmware before 211.12.01 allows
physically ...)
 	NOT-FOR-US: Nokia E75 phone
 CVE-2009-5062 (IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino
on AIX ...)
@@ -16818,8 +16896,12 @@
 	- xen-3 <removed>
 CVE-2011-1165
 	RESERVED
+	- vino <unfixed>
+	TODO: check
 CVE-2011-1164
 	RESERVED
+	- vino <unfixed>
+	TODO: check
 CVE-2011-1163 (The osf_partition function in fs/partitions/osf.c in the Linux
kernel ...)
 	{DSA-2264-1 DSA-2240-1}
 	- linux-2.6 2.6.38-1
Secure testing commits - Apr 2012 - r18948 - data/CVE

[Secure-testing-commits] r18948 - data/CVE
