Author: geissert
Date: 2011-01-13 04:43:46 +0000 (Thu, 13 Jan 2011)
New Revision: 15838
Modified:
data/CVE/list
data/DSA/list
Log:
new sssd issues, kvm/qemu, eclipse, libuser
dpkg got another id
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-01-12 22:17:10 UTC (rev 15837)
+++ data/CVE/list 2011-01-13 04:43:46 UTC (rev 15838)
@@ -41,7 +41,8 @@
CVE-2011-0403 (Untrusted search path vulnerability in ImgBurn.exe in [VENDOR]
ImgBurn ...)
NOT-FOR-US: ImgBurn
CVE-2011-0402 (dpkg-source in dpkg before 1.14.31 and 1.15.x allows
user-assisted ...)
- TODO: check
+ {DSA-2142-1}
+ - dpkg 1.15.8.8
CVE-2011-0401 (Piwik before 1.1 does not properly limit the number of files
stored ...)
- piwik <itp> (bug #506933)
CVE-2011-0400 (Cookie.php in Piwik before 1.1 does not set the secure flag for
the ...)
@@ -413,8 +414,9 @@
RESERVED
- linux-2.6 2.6.32-30
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
-CVE-2010-4647
+CVE-2010-4647 [eclipse: Help Content web application vulnerable to XSS]
RESERVED
+ - eclipse <unfixed>
CVE-2010-4646
RESERVED
CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before
1.6.15 ...)
@@ -1133,7 +1135,7 @@
CVE-2009-5032 (The encrypted e-mail feature in IBM Lotus Notes Traveler before
...)
NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-XXXX [TYPO3-SA-2010-022]
- - typo3-src 4.3.9+dfsg1-1
+ - typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2011-0045
RESERVED
CVE-2011-0044
@@ -1333,8 +1335,11 @@
RESERVED
CVE-2011-0012
RESERVED
-CVE-2011-0011
+CVE-2011-0011 [qemu-kvm: Setting VNC password to empty string silently disables
all authentication]
RESERVED
+ - qemu <unfixed>
+ - kvm <removed>
+ TODO: check
CVE-2011-0010
RESERVED
- sudo 1.7.4p4-6 (bug #609641)
@@ -1359,8 +1364,10 @@
{DTSA-207-1}
- mediawiki <unfixed>
[lenny] - mediawiki <no-dsa> (Fixed in next point update)
-CVE-2011-0002
+CVE-2011-0002 [libuser creates LDAP users with a default password]
RESERVED
+ - libuser <unfixed>
+ TODO: check
CVE-2011-0001
RESERVED
CVE-2010-4499 (Session fixation vulnerability in Collaborative Information
Manager ...)
@@ -1767,8 +1774,10 @@
[lenny] - linux-2.6 <not-affected> (Driver introduced in 2.6.32)
CVE-2010-4342 (The aun_incoming function in net/econet/af_econet.c in the Linux
...)
- linux-2.6 2.6.32-30
-CVE-2010-4341
+CVE-2010-4341 [DoS in sssd PAM responder can prevent logins]
RESERVED
+ - sssd <unfixed>
+ TODO: check
CVE-2010-4333 (Pointter PHP Micro-Blogging Social Network 1.8 allows remote
attackers ...)
NOT-FOR-US: Pointter PHP Micro-Blogging Social Network
CVE-2010-4332 (Pointter PHP Content Management System 1.0 allows remote
attackers to ...)
@@ -14695,7 +14704,8 @@
- eglibc 2.10.2-4 (medium; bug #560333)
- glibc <removed> (medium)
CVE-2010-0014 (System Security Services Daemon (SSSD) before 1.0.1, when the
krb5 ...)
- NOT-FOR-US: sssd
+ - sssd <unfixed>
+ TODO: check
CVE-2010-0013 (Directory traversal vulnerability in slp.c in the MSN protocol
plugin ...)
- pidgin 2.6.5-1 (medium; bug #563206)
[lenny] - pidgin <not-affected> (vulnerable code not present)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2011-01-12 22:17:10 UTC (rev 15837)
+++ data/DSA/list 2011-01-13 04:43:46 UTC (rev 15838)
@@ -2,7 +2,7 @@
{CVE-2010-3847 CVE-2010-3856}
[lenny] - glibc 2.7-18lenny7
[06 Jan 2011] DSA-2142-1 dpkg - directory traversal
- {CVE-2010-1679}
+ {CVE-2010-1679 CVE-2011-0402}
[lenny] - dpkg 1.14.31
[06 Jan 2011] DSA-2141-3 apache2 - protocol design flaw
{CVE-2009-3555}