thr3ads.net - Secure testing commits - [Secure-testing-commits] r19191

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-May-09 21:14 UTC
[Secure-testing-commits] r19191 - data/CVE

Author: joeyh
Date: 2012-05-09 21:14:33 +0000 (Wed, 09 May 2012)
New Revision: 19191

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-05-09 20:50:56 UTC (rev 19190)
+++ data/CVE/list	2012-05-09 21:14:33 UTC (rev 19191)
@@ -314,45 +314,45 @@
 	RESERVED
 CVE-2010-5096 [MyBB multiple SQL injection vulnerabilities]
 	RESERVED
-    NOT-FOR-US: MyBB
-    NOTE: http://osvdb.org/show/osvdb/70013
-    NOTE: http://yehg.net/lab/pr0js/advisories/%5Bmybb1.6%5D_sql_injection
+	NOT-FOR-US: MyBB
+	NOTE: http://osvdb.org/show/osvdb/70013
+	NOTE: http://yehg.net/lab/pr0js/advisories/%5Bmybb1.6%5D_sql_injection
 CVE-2010-5095 [SilverStripe escaping exploit]
 	RESERVED
-    - silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	- silverstripe <itp> (bug #528461)
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5094 [SilverStripe unauthenticated remote removal of index.php under
certain conditions]
 	RESERVED
-    - silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	- silverstripe <itp> (bug #528461)
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5093 [SilverStripe privilege escalation exploit]
 	RESERVED
-    - silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	- silverstripe <itp> (bug #528461)
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5092 [SilverStripe fixed password encryption when saving members
through the "Add Member" dialog in the "Security" admin. The
saving process was disregarding password encyrption and saving them as
plaintext]
 	RESERVED
-    - silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	- silverstripe <itp> (bug #528461)
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5091 [SilverStripe fixed a security issue where logged-in CMS authors
were allowed to rename files with harmful extensions]
 	RESERVED
-    - silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	- silverstripe <itp> (bug #528461)
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5090 [SilverStripe fixed a security issue where users with access to
admin/security (but limited privileges) can take over a known administrator
account by changing its password]
 	RESERVED
-    - silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	- silverstripe <itp> (bug #528461)
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5089 [SilverStripe information disclosure]
 	RESERVED
-    - silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	- silverstripe <itp> (bug #528461)
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5088 [SilverStripe CSRF]
 	RESERVED
-    - silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	- silverstripe <itp> (bug #528461)
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5087 [SilverStripe CSRF protection bypassed when handling form action
requests through controller]
 	RESERVED
-    - silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	- silverstripe <itp> (bug #528461)
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source
1.8.x ...)
 	- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
 	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
@@ -496,16 +496,16 @@
 	RESERVED
 CVE-2012-2332 [SQL injection in serendipity before 1.7.1]
 	RESERVED
-    - serendipity <unfixed> (bug #671937; medium)
-    NOTE: http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt
-    NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
-    NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276
+	- serendipity <unfixed> (bug #671937; medium)
+	NOTE: http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt
+	NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
+	NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276
 CVE-2012-2331 [XSS in serendipity before 1.7.1]
 	RESERVED
-    - serendipity <unfixed> (bug #671937; medium)
-    NOTE: http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt
-    NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
-    NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276
+	- serendipity <unfixed> (bug #671937; medium)
+	NOTE: http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt
+	NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
+	NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276
 CVE-2012-2330 [node.js <0.6.17/0.7.8 HTTP server information disclosure]
 	RESERVED
 	- nodejs 0.6.17~dfsg1-1
@@ -563,6 +563,7 @@
 	- jbossas4 <not-affected> (Only affects JBoss 7)
 CVE-2012-2311 [PHP-CGI query string parameter vulnerability]
 	RESERVED
+	{DSA-2465-1}
 	- php5 5.4.3-1 (bug #671880)
 	NOTE: This CVE ID is for the initial incomplete fix for CVE-2012-1823
 	NOTE: http://www.kb.cert.org/vuls/id/520827
@@ -1275,28 +1276,28 @@
 	RESERVED
 CVE-2012-2034
 	RESERVED
-CVE-2012-2033
-	RESERVED
-CVE-2012-2032
-	RESERVED
-CVE-2012-2031
-	RESERVED
-CVE-2012-2030
-	RESERVED
-CVE-2012-2029
-	RESERVED
-CVE-2012-2028
-	RESERVED
-CVE-2012-2027
-	RESERVED
-CVE-2012-2026
-	RESERVED
-CVE-2012-2025
-	RESERVED
-CVE-2012-2024
-	RESERVED
-CVE-2012-2023
-	RESERVED
+CVE-2012-2033 (Adobe Shockwave Player before 11.6.5.635 allows attackers to
execute ...)
+	TODO: check
+CVE-2012-2032 (Adobe Shockwave Player before 11.6.5.635 allows attackers to
execute ...)
+	TODO: check
+CVE-2012-2031 (Adobe Shockwave Player before 11.6.5.635 allows attackers to
execute ...)
+	TODO: check
+CVE-2012-2030 (Adobe Shockwave Player before 11.6.5.635 allows attackers to
execute ...)
+	TODO: check
+CVE-2012-2029 (Adobe Shockwave Player before 11.6.5.635 allows attackers to
execute ...)
+	TODO: check
+CVE-2012-2028 (Buffer overflow in Adobe Photoshop before CS6 allows remote
attackers ...)
+	TODO: check
+CVE-2012-2027 (Use-after-free vulnerability in Adobe Photoshop before CS6
allows ...)
+	TODO: check
+CVE-2012-2026 (Adobe Illustrator before CS6 allows attackers to execute
arbitrary ...)
+	TODO: check
+CVE-2012-2025 (Adobe Illustrator before CS6 allows attackers to execute
arbitrary ...)
+	TODO: check
+CVE-2012-2024 (Adobe Illustrator before CS6 allows attackers to execute
arbitrary ...)
+	TODO: check
+CVE-2012-2023 (Adobe Illustrator before CS6 allows attackers to execute
arbitrary ...)
+	TODO: check
 CVE-2012-2022
 	RESERVED
 CVE-2012-2021
@@ -1323,12 +1324,12 @@
 	RESERVED
 CVE-2012-2010
 	RESERVED
-CVE-2012-2009
-	RESERVED
-CVE-2012-2008
-	RESERVED
-CVE-2012-2007
-	RESERVED
+CVE-2012-2009 (Unspecified vulnerability in HP Performance Insight for Networks
...)
+	TODO: check
+CVE-2012-2008 (Cross-site scripting (XSS) vulnerability in HP Performance
Insight for ...)
+	TODO: check
+CVE-2012-2007 (SQL injection vulnerability in HP Performance Insight for
Networks ...)
+	TODO: check
 CVE-2012-2006 (Unspecified vulnerability in HP Insight Management Agents before
...)
 	NOT-FOR-US: Proprietary HP monitoring tools
 CVE-2012-2005 (Cross-site scripting (XSS) vulnerability in HP Insight
Management ...)
@@ -1401,8 +1402,8 @@
 	NOT-FOR-US: SyndeoCMS
 CVE-2012-1978
 	RESERVED
-CVE-2012-1977
-	RESERVED
+CVE-2012-1977 (WellinTech KingSCADA 3.0 uses a cleartext base64 format for
storage of ...)
+	TODO: check
 CVE-2012-1976
 	RESERVED
 CVE-2012-1975
@@ -1673,10 +1674,10 @@
 	RESERVED
 CVE-2012-1849
 	RESERVED
-CVE-2012-1848
-	RESERVED
-CVE-2012-1847
-	RESERVED
+CVE-2012-1848 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2012-1847 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and
SP1; ...)
+	TODO: check
 CVE-2012-1846 (Google Chrome 17.0.963.66 and earlier allows remote attackers to
...)
 	TODO: check
 CVE-2012-1845 (Use-after-free vulnerability in Google Chrome 17.0.963.66 and
earlier ...)
@@ -1726,6 +1727,7 @@
 	RESERVED
 CVE-2012-1823 [PHP-CGI query string parameter vulnerability]
 	RESERVED
+	{DSA-2465-1}
 	- php5 5.4.3-1
 	NOTE: http://ompldr.org/vZGxxaQ https://bugs.php.net/bug.php?id=61910
 	NOTE: 5.4.2-1 ''fixed'' this, but fix is incomplete:
CVE-2012-2311
@@ -2041,8 +2043,8 @@
 	RESERVED
 CVE-2012-1676 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking
...)
 	TODO: check
-CVE-2012-1675
-	RESERVED
+CVE-2012-1675 (The TNS Listener, as used in Oracle Database 11g 11.1.0.7,
11.2.0.2, ...)
+	TODO: check
 CVE-2012-1674 (Unspecified vulnerability in the Siebel Clinical component in
Oracle ...)
 	TODO: check
 CVE-2012-1673 (SQL injection vulnerability in loginscript.php in e-ticketing
allows ...)
@@ -3209,6 +3211,7 @@
 	- tiff 4.0.1-2
 CVE-2012-1172 [PHP 5.3.x Corrupted $_FILES indices lead to security concern]
 	RESERVED
+	{DSA-2465-1}
 	- php5 5.4.0-1 (bug #663760)
 CVE-2012-1171 [safemode bypass after RSHUTDOWN]
 	RESERVED
@@ -3449,6 +3452,7 @@
 	RESERVED
 	NOT-FOR-US: JBoss Operations Network
 CVE-2012-1099 (Cross-site scripting (XSS) vulnerability in ...)
+	{DSA-2466-1}
 	- ruby-actionpack-2.3 2.3.14-3 (bug #668607)
 	- rails 2.3.14
 	[squeeze] - rails <unfixed>
@@ -4038,11 +4042,11 @@
 	- mumble 1.2.3-3 (bug #659039)
 CVE-2012-0862 [xinetd enables unintentional services over tcpmux port]
 	RESERVED
-    - xinetd <unfixed>
-    TODO: check
-    NOTE: Red Hat bug https://bugzilla.redhat.com/show_bug.cgi?id=790940
-    NOTE: Red Hat proposed patch
https://bugzilla.redhat.com/attachment.cgi?id=583311
-    NOTE: http://seclists.org/oss-sec/2012/q2/283
+	- xinetd <unfixed>
+	TODO: check
+	NOTE: Red Hat bug https://bugzilla.redhat.com/show_bug.cgi?id=790940
+	NOTE: Red Hat proposed patch
https://bugzilla.redhat.com/attachment.cgi?id=583311
+	NOTE: http://seclists.org/oss-sec/2012/q2/283
 CVE-2012-0861
 	RESERVED
 CVE-2012-0860
@@ -4297,12 +4301,12 @@
 CVE-2012-0781 (The tidy_diagnose function in PHP 5.3.8 might allow remote
attackers ...)
 	{DSA-2408-1}
 	- php5 5.3.9-1 (low)
-CVE-2012-0780
-	RESERVED
+CVE-2012-0780 (Adobe Illustrator before CS6 allows attackers to execute
arbitrary ...)
+	TODO: check
 CVE-2012-0779 (Adobe Flash Player before 10.3.183.19 and 11.x before
11.2.202.235 on ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2012-0778
-	RESERVED
+CVE-2012-0778 (Buffer overflow in Adobe Flash Professional before CS6 allows
...)
+	TODO: check
 CVE-2012-0777 (The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1
and ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2012-0776 (The installer in Adobe Reader 9.x before 9.5.1 and 10.x before
10.1.3 ...)
@@ -4517,10 +4521,10 @@
 	NOT-FOR-US: TIBCO ActiveMatrix
 CVE-2012-0686
 	RESERVED
-CVE-2012-0685
-	RESERVED
-CVE-2012-0684
-	RESERVED
+CVE-2012-0685 (Integer overflow in XnViewer (aka XnView) before 1.98.5 allows
remote ...)
+	TODO: check
+CVE-2012-0684 (Integer overflow in XnViewer (aka XnView) before 1.98.5 allows
remote ...)
+	TODO: check
 CVE-2012-0683
 	RESERVED
 CVE-2012-0682
@@ -5850,23 +5854,23 @@
 CVE-2011-4962 [silverstripe: Potential remote code execution]
 	RESERVED
 	- silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4961 [silverstripe: Privilege escalation]
 	RESERVED
 	- silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4960 [silverstripe: SQL injection]
 	RESERVED
 	- silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4959 [silverstripe: SQL injection]
 	RESERVED
 	- silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4958 [silverstripe:XSS]
 	RESERVED
 	- silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4957
 	RESERVED
 	- wordpress 3.2.1+dfsg-1
@@ -6276,16 +6280,16 @@
 	NOT-FOR-US: Winamp
 CVE-2010-5080 [SilverStripe HTTP referer leakage on Security/changepassword]
 	RESERVED
-    - silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	- silverstripe <itp> (bug #528461)
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5079 [SilverStripe weak entropy in tokens for CSRF protection,
autologin, "forgot password" emails and password salts]
 	RESERVED
-    - silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	- silverstripe <itp> (bug #528461)
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5078 [SilverStripe version number information disclosure]
 	RESERVED
-    - silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	- silverstripe <itp> (bug #528461)
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5077 [quake3 reflective UDP denial of service]
 	RESERVED
 	{DSA-2442-1}
@@ -6412,6 +6416,7 @@
 	[lenny] - apt <not-affected> (Vulnerable code not present)
 CVE-2012-0213
 	RESERVED
+	{DSA-2468-1}
 CVE-2012-0212
 	RESERVED
 	{DSA-2409-1}
@@ -6530,30 +6535,30 @@
 	- ruby1.8 1.8.7.358-1
 	- ruby1.9 <not-affected> (Includes randomisation of the hash function)
 	- ruby1.9.1 <not-affected> (Includes randomisation of the hash function)
-CVE-2012-0185
-	RESERVED
-CVE-2012-0184
-	RESERVED
-CVE-2012-0183
-	RESERVED
+CVE-2012-0185 (Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3
and ...)
+	TODO: check
+CVE-2012-0184 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and
SP1; ...)
+	TODO: check
+CVE-2012-0183 (Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and
2011 for ...)
+	TODO: check
 CVE-2012-0182
 	RESERVED
-CVE-2012-0181
-	RESERVED
-CVE-2012-0180
-	RESERVED
-CVE-2012-0179
-	RESERVED
-CVE-2012-0178
-	RESERVED
+CVE-2012-0181 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2012-0180 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2012-0179 (Double free vulnerability in tcpip.sys in Microsoft Windows
Server ...)
+	TODO: check
+CVE-2012-0178 (Race condition in partmgr.sys in Windows Partition Manager in
...)
+	TODO: check
 CVE-2012-0177 (Heap-based buffer overflow in the Office Works File Converter in
...)
 	NOT-FOR-US: Microsoft
-CVE-2012-0176
-	RESERVED
+CVE-2012-0176 (Double free vulnerability in Microsoft Silverlight 4 before
4.1.10329 ...)
+	TODO: check
 CVE-2012-0175
 	RESERVED
-CVE-2012-0174
-	RESERVED
+CVE-2012-0174 (Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2,
Windows ...)
+	TODO: check
 CVE-2012-0173
 	RESERVED
 CVE-2012-0172 (Microsoft Internet Explorer 6 through 8 does not properly handle
...)
@@ -6566,24 +6571,24 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2012-0168 (Microsoft Internet Explorer 6 through 9 allows user-assisted
remote ...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2012-0167
-	RESERVED
+CVE-2012-0167 (Heap-based buffer overflow in the Office GDI+ library in
Microsoft ...)
+	TODO: check
 CVE-2012-0166
 	RESERVED
-CVE-2012-0165
-	RESERVED
-CVE-2012-0164
-	RESERVED
+CVE-2012-0165 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and
Office ...)
+	TODO: check
+CVE-2012-0164 (Microsoft .NET Framework 4 does not properly compare index
values, ...)
+	TODO: check
 CVE-2012-0163 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1,
4, and ...)
 	NOT-FOR-US: Microsoft .NET Framework
-CVE-2012-0162
-	RESERVED
-CVE-2012-0161
-	RESERVED
-CVE-2012-0160
-	RESERVED
-CVE-2012-0159
-	RESERVED
+CVE-2012-0162 (Microsoft .NET Framework 4 does not properly allocate buffers,
which ...)
+	TODO: check
+CVE-2012-0161 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5
SP1, ...)
+	TODO: check
+CVE-2012-0160 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5
SP1, ...)
+	TODO: check
+CVE-2012-0159 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows ...)
+	TODO: check
 CVE-2012-0158 (The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2
...)
 	NOT-FOR-US: Microsoft
 CVE-2012-0157 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
@@ -6615,14 +6620,11 @@
 	NOT-FOR-US: Microsoft
 CVE-2012-0144 (Cross-site scripting (XSS) vulnerability in themeweb.aspx in
Microsoft ...)
 	NOT-FOR-US: Microsoft
-CVE-2012-0143
-	RESERVED
+CVE-2012-0143 (Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly
...)
 	NOT-FOR-US: Microsoft
-CVE-2012-0142
-	RESERVED
+CVE-2012-0142 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and
SP1; ...)
 	NOT-FOR-US: Microsoft
-CVE-2012-0141
-	RESERVED
+CVE-2012-0141 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and
SP1; ...)
 	NOT-FOR-US: Microsoft
 CVE-2012-0140
 	RESERVED
@@ -7935,8 +7937,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2012-0019 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly
handle ...)
 	NOT-FOR-US: Microsoft
-CVE-2012-0018
-	RESERVED
+CVE-2012-0018 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly
validate ...)
+	TODO: check
 CVE-2012-0017 (Cross-site scripting (XSS) vulnerability in inplview.aspx in
Microsoft ...)
 	NOT-FOR-US: Microsoft
 CVE-2012-0016 (Untrusted search path vulnerability in Microsoft Expression
Design; ...)
@@ -9213,8 +9215,8 @@
 	NOT-FOR-US: Steema TeeChart 
 CVE-2011-4032
 	RESERVED
-CVE-2011-4031
-	RESERVED
+CVE-2011-4031 (Integer underflow in the asfrtp_parse_packet function in ...)
+	TODO: check
 CVE-2011-4030 (The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1,
and ...)
 	- plone3 <not-affected> (Only affects Plone 4.x)
 CVE-2011-4029
@@ -11918,16 +11920,16 @@
 	NOTE: This ID is for an incomplete fix for CVE-2011-2896
 CVE-2010-4824 [SilverStripe SQL injection with Translatable extension enabled]
 	RESERVED
-    - silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	- silverstripe <itp> (bug #528461)
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-4823 [SilverStripe XSS in controller handling for missing actions]
 	RESERVED
-    - silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	- silverstripe <itp> (bug #528461)
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-4822 [SilverStripe SQL information disclosure in MySQLDatabase]
 	RESERVED
-    - silverstripe <itp> (bug #528461)
-    NOTE: http://seclists.org/oss-sec/2012/q2/209
+	- silverstripe <itp> (bug #528461)
+	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-4821
 	RESERVED
 	NOT-FOR-US: phpMyFAQ
Secure testing commits - May 2012 - r19191 - data/CVE

[Secure-testing-commits] r19191 - data/CVE
