thr3ads.net - Secure testing commits - [Secure-testing-commits] r16119

If this information is useful, please help other people find it:
Share via:
Raphael Geissert
2011-Feb-13 00:54 UTC
[Secure-testing-commits] r16119 - data/CVE

Author: geissert
Date: 2011-02-13 00:54:32 +0000 (Sun, 13 Feb 2011)
New Revision: 16119

Modified:
   data/CVE/list
Log:
new issues: tsclient (2), wireshark (1)
NFUs: adobe and ibm stuff, zikula


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-02-13 00:04:22 UTC (rev 16118)
+++ data/CVE/list	2011-02-13 00:54:32 UTC (rev 16119)
@@ -132,33 +132,33 @@
 CVE-2011-0925
 	RESERVED
 CVE-2011-0924 (The client in HP Data Protector does not verify the contents of
files ...)
-	TODO: check
+	NOT-FOR-US: HP Data Protector
 CVE-2011-0923 (The client in HP Data Protector does not properly validate
EXEC_CMD ...)
-	TODO: check
+	NOT-FOR-US: HP Data Protector
 CVE-2011-0922 (The client in HP Data Protector allows remote attackers to
execute ...)
-	TODO: check
+	NOT-FOR-US: HP Data Protector
 CVE-2011-0921 (crs.exe in the Cell Manager Service in the client in HP Data
Protector ...)
-	TODO: check
+	NOT-FOR-US: HP Data Protector
 CVE-2011-0920 (The Remote Console in IBM Lotus Domino, when a certain
unsupported ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Domino
 CVE-2011-0919 (Multiple stack-based buffer overflows in the (1) POP3 and (2)
IMAP ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Domino
 CVE-2011-0918 (Stack-based buffer overflow in the NRouter (aka Router) service
in IBM ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Domino
 CVE-2011-0917 (Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote
...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Domino
 CVE-2011-0916 (Stack-based buffer overflow in the SMTP service in IBM Lotus
Domino ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Domino
 CVE-2011-0915 (Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino
before ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Domino
 CVE-2011-0914 (Integer signedness error in ndiiop.exe in the DIIOP
implementation in ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Domino
 CVE-2011-0913 (Stack-based buffer overflow in ndiiop.exe in the DIIOP
implementation ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Domino
 CVE-2011-0912 (IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1
FP5 ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Notes
 CVE-2011-0911 (Cross-site scripting (XSS) vulnerability in the Users module in
Zikula ...)
-	TODO: check
+	NOT-FOR-US: zikula
 CVE-2011-0910 (The cookie implementation in Vanilla Forums before 2.0.17.6
makes it ...)
 	TODO: check
 CVE-2011-0909 (Cross-site scripting (XSS) vulnerability in Vanilla Forums
before ...)
@@ -178,8 +178,10 @@
 CVE-2011-0902 (Multiple untrusted search path vulnerabilities in the Java
Service in ...)
 	TODO: check
 CVE-2011-0901 (Multiple stack-based buffer overflows in the tsc_launch_remote
...)
+	- tsclient <unfixed>
 	TODO: check
 CVE-2011-0900 (Stack-based buffer overflow in the tsc_launch_remote function
...)
+	- tsclient <unfixed>
 	TODO: check
 CVE-2011-0899 (The AES encryption module 7.x-1.4 for Drupal leaves certain
debugging ...)
 	TODO: check
@@ -430,9 +432,9 @@
 CVE-2011-0776 (The sandbox implementation in Google Chrome before 9.0.597.84 on
Mac ...)
 	TODO: check
 CVE-2010-4729 (Zikula before 1.2.3 does not use the authid protection mechanism
for ...)
-	TODO: check
+	NOT-FOR-US: zikula
 CVE-2010-4728 (Zikula before 1.3.1 uses the rand and srand PHP functions for
random ...)
-	TODO: check
+	NOT-FOR-US: zikula
 CVE-2011-XXXX [evince segfault]
 	- evince <unfixed> (bug #612668)
 	TODO: check
@@ -906,57 +908,57 @@
 CVE-2011-0607 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-0606 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0605 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0604 (Cross-site scripting (XSS) vulnerability in Adobe Reader and
Acrobat ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0603 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0602 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0601
 	RESERVED
 CVE-2011-0600 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0599 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0598 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0597
 	RESERVED
 CVE-2011-0596 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0595 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0594 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0593 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0592 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0591 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0590 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0589 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0588 (Untrusted search path vulnerability in Adobe Reader and Acrobat
10.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0587 (Cross-site scripting (XSS) vulnerability in Adobe Reader and
Acrobat ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0586 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0585 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x
before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0584 (Session fixation vulnerability in Adobe ColdFusion 8.0 through
9.0.1 ...)
-	TODO: check
+	NOT-FOR-US: Adobe ColdFusion
 CVE-2011-0583 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0
...)
-	TODO: check
+	NOT-FOR-US: Adobe ColdFusion
 CVE-2011-0582 (Unspecified vulnerability in the administrator console in Adobe
...)
 	TODO: check
 CVE-2011-0581 (Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0
...)
-	TODO: check
+	NOT-FOR-US: Adobe ColdFusion
 CVE-2011-0580 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	TODO: check
 CVE-2011-0579
@@ -978,23 +980,23 @@
 CVE-2011-0571 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-0570 (Untrusted search path vulnerability in Adobe Reader and Acrobat
10.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0569 (The Font Xtra.x32 module in Adobe Shockwave Player before
11.5.9.620 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2011-0568 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x
before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0567 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0566 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0565 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x
before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0564 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0563 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0562 (Untrusted search path vulnerability in Adobe Reader and Acrobat
10.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2011-0561 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-0560 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
@@ -1004,11 +1006,11 @@
 CVE-2011-0558 (Integer overflow in Adobe Flash Player before 10.2.152.26 allows
...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-0557 (Integer overflow in Adobe Shockwave Player before 11.5.9.620
allows ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2011-0556 (The Font Xtra.x32 module in Adobe Shockwave Player before
11.5.9.620 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2011-0555 (Adobe Shockwave Player before 11.5.9.620 allows attackers to
execute ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2011-0554
 	RESERVED
 CVE-2011-0553
@@ -1044,6 +1046,7 @@
 	[squeeze] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
 	[lenny] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
 CVE-2011-0538 (Wireshark 1.5.0, 1.4.3, and earlier frees an uninitialized
pointer ...)
+	- wireshark <unfixed>
 	TODO: check
 CVE-2011-0537 (Multiple directory traversal vulnerabilities in (1) ...)
 	- mediawiki <unfixed> (bug #611787)
@@ -1052,7 +1055,7 @@
 	- eglibc <unfixed> (bug #600667)
 	- glibc <removed>
 CVE-2011-0535 (Cross-site request forgery (CSRF) vulnerability in the Users
module in ...)
-	TODO: check
+	NOT-FOR-US: zikula
 CVE-2011-0534 (Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does
not ...)
 	- tomcat5.5 <not-affected> (Vulnerable code not present)
 	- tomcat6 6.0.28-10
Secure testing commits - Feb 2011 - r16119 - data/CVE

[Secure-testing-commits] r16119 - data/CVE
