Secure testing commits - Feb 2011 - r16155 - data/CVE

Author: joeyh
Date: 2011-02-15 21:17:02 +0000 (Tue, 15 Feb 2011)
New Revision: 16155

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-02-15 20:16:09 UTC (rev 16154)
+++ data/CVE/list	2011-02-15 21:17:02 UTC (rev 16155)
@@ -1,3 +1,105 @@
+CVE-2011-1033 (Stack-based buffer overflow in oninit in IBM Informix Dynamic
Server ...)
+	TODO: check
+CVE-2011-1032 (IBM Lotus Connections 3.0, when IBM WebSphere Application Server
...)
+	TODO: check
+CVE-2011-1031 (The feh_unique_filename function in utils.c in feh 1.11.2 and
earlier ...)
+	TODO: check
+CVE-2011-1030 (Cross-site scripting (XSS) vulnerability in the Wikis component
in IBM ...)
+	TODO: check
+CVE-2011-1029 (Cross-site scripting (XSS) vulnerability in IBM Rational Team
Concert ...)
+	TODO: check
+CVE-2011-1028
+	RESERVED
+CVE-2011-1027
+	RESERVED
+CVE-2011-1026
+	RESERVED
+CVE-2011-1025
+	RESERVED
+CVE-2011-1024
+	RESERVED
+CVE-2011-1023
+	RESERVED
+CVE-2011-1022
+	RESERVED
+CVE-2011-1021
+	RESERVED
+CVE-2011-1020
+	RESERVED
+CVE-2011-1019
+	RESERVED
+CVE-2011-1018
+	RESERVED
+CVE-2011-1017
+	RESERVED
+CVE-2011-1016
+	RESERVED
+CVE-2011-1015
+	RESERVED
+CVE-2011-1014
+	RESERVED
+CVE-2011-1013
+	RESERVED
+CVE-2011-1012
+	RESERVED
+CVE-2011-1011
+	RESERVED
+CVE-2011-1010
+	RESERVED
+CVE-2011-1009
+	RESERVED
+CVE-2011-1008
+	RESERVED
+CVE-2011-1007
+	RESERVED
+CVE-2011-1006
+	RESERVED
+CVE-2011-1005
+	RESERVED
+CVE-2011-1004
+	RESERVED
+CVE-2011-1003
+	RESERVED
+CVE-2011-1002
+	RESERVED
+CVE-2011-1001
+	RESERVED
+CVE-2011-1000
+	RESERVED
+CVE-2011-0999
+	RESERVED
+CVE-2011-0998
+	RESERVED
+CVE-2011-0997
+	RESERVED
+CVE-2011-0996
+	RESERVED
+CVE-2011-0995
+	RESERVED
+CVE-2011-0994
+	RESERVED
+CVE-2011-0993
+	RESERVED
+CVE-2011-0992
+	RESERVED
+CVE-2011-0991
+	RESERVED
+CVE-2011-0990
+	RESERVED
+CVE-2011-0989
+	RESERVED
+CVE-2011-0988
+	RESERVED
+CVE-2010-4733 (WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP
Gateway ...)
+	TODO: check
+CVE-2010-4732 (cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect
EC150, ...)
+	TODO: check
+CVE-2010-4731 (Absolute path traversal vulnerability in cgi-bin/read.cgi in
WebSCADA ...)
+	TODO: check
+CVE-2010-4730 (Directory traversal vulnerability in cgi-bin/read.cgi in
WebSCADA ...)
+	TODO: check
+CVE-2008-7274 (IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS
Login ...)
+	TODO: check
 CVE-2011-XXXX [unspecified XSS vulnerability]
 	- mailman <unfixed>
 	NOTE: present in 2.1.14 and earlier
@@ -31,9 +133,9 @@
 	NOTE: http://www.smarty.net/forums/viewtopic.php?t=18815
 	NOTE: http://code.google.com/p/smarty-php/source/detail?r=3989
 	TODO: check
-CVE-2011-0987 [phpmyadmin sql inj PMASA-2011-2]
+CVE-2011-0987 (The PMA_Bookmark_get function in libraries/bookmark.lib.php in
...)
 	- phpmyadmin 4:3.3.9.2-1
-CVE-2011-0986 [phpmyadmin path disclosure PMASA-2011-1]
+CVE-2011-0986 (phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1,
does not ...)
 	- phpmyadmin 4:3.3.9.2-1 (unimportant)
 	NOTE: Path disclosure; paths in Debian are public info already
 CVE-2011-0985 (Google Chrome before 9.0.597.94 does not properly perform
process ...)
@@ -565,7 +667,7 @@
 	- smarty3 <unfixed>
 	- smarty <unfixed>
 	TODO: check
-CVE-2011-0758 (The CA ETrust Secure Content Manager Common Services Transport
...)
+CVE-2011-0758 (The eCS component (ECSQdmn.exe) in CA ETrust Secure Content
Manager ...)
 	NOT-FOR-US: CA ETrust
 CVE-2011-0757 (IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on
Linux, ...)
 	NOT-FOR-US: IBM DB2
@@ -696,8 +798,7 @@
 	RESERVED
 CVE-2011-0703
 	RESERVED
-CVE-2011-0702 [feh tempfile]
-	RESERVED
+CVE-2011-0702 (The feh_unique_filename function in utils.c in feh before 1.11.2
might ...)
 	- feh <unfixed> (low; bug #612035)
 	[squeeze] - feh <no-dsa> (Minor issue)
 	[lenny] - feh <no-dsa> (Minor issue)
@@ -707,19 +808,16 @@
 	RESERVED
 CVE-2011-0699
 	RESERVED
-CVE-2011-0698 [Directory-traversal vulnerability on Windows]
-	RESERVED
+CVE-2011-0698 (Directory traversal vulnerability in Django 1.1.x before 1.1.4
and ...)
 	- python-django <not-affected> (Windows-specific)
 	NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
-CVE-2011-0697 [Potential XSS in file field rendering]
-	RESERVED
+CVE-2011-0697 (Cross-site scripting (XSS) vulnerability in Django 1.1.x before
1.1.4 ...)
 	{DSA-2163-1}
 	- python-django <unfixed>
 	[lenny] - python-django <not-affected> (Vulnerable code not present)
 	NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
 	[squeeze] - python-django 1.2.3-3+squeeze1
-CVE-2011-0696 [Flaw in CSRF handling]
-	RESERVED
+CVE-2011-0696 (Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not
properly ...)
 	{DSA-2163-1}
 	- python-django <unfixed>
 	[lenny] - python-django <not-affected> (Vulnerable code not present)
@@ -751,7 +849,7 @@
 	NOT-FOR-US: Opera
 CVE-2011-0683 (Opera before 11.01 does not properly restrict the use of opera:
URLs, ...)
 	NOT-FOR-US: Opera
-CVE-2011-0682 (Opera before 11.01 does not properly handle large form inputs,
which ...)
+CVE-2011-0682 (Integer truncation error in opera.dll in Opera before 11.01
allows ...)
 	NOT-FOR-US: Opera
 CVE-2011-0681 (The Cascading Style Sheets (CSS) Extensions for XML
implementation in ...)
 	NOT-FOR-US: Opera
@@ -950,7 +1048,7 @@
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-0607 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2011-0606 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+CVE-2011-0606 (Stack-based buffer overflow in rt3d.dll in Adobe Reader and
Acrobat ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2011-0605 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
 	NOT-FOR-US: Adobe Reader
@@ -962,11 +1060,11 @@
 	NOT-FOR-US: Adobe Reader
 CVE-2011-0601
 	RESERVED
-CVE-2011-0600 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+CVE-2011-0600 (The U3D component in Adobe Reader and Acrobat 10.x before
10.0.1, 9.x ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2011-0599 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
 	NOT-FOR-US: Adobe Reader
-CVE-2011-0598 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+CVE-2011-0598 (Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x
before ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2011-0597
 	RESERVED
@@ -1052,7 +1150,7 @@
 	NOT-FOR-US: Adobe Shockwave Player
 CVE-2011-0556 (The Font Xtra.x32 module in Adobe Shockwave Player before
11.5.9.620 ...)
 	NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-0555 (Adobe Shockwave Player before 11.5.9.620 allows attackers to
execute ...)
+CVE-2011-0555 (The TextXtra.x32 module in Adobe Shockwave Player before
11.5.9.620 ...)
 	NOT-FOR-US: Adobe Shockwave Player
 CVE-2011-0554
 	RESERVED
@@ -1339,10 +1437,10 @@
 	RESERVED
 CVE-2011-0448
 	RESERVED
-CVE-2011-0447
-	RESERVED
-CVE-2011-0446
-	RESERVED
+CVE-2011-0447 (Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x
before ...)
+	TODO: check
+CVE-2011-0446 (Multiple cross-site scripting (XSS) vulnerabilities in the
mail_to ...)
+	TODO: check
 CVE-2010-4695 (A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2,
as ...)
 	- gif2png 2.5.4-2 (low; bug #610479)
 	[lenny] - gif2png <no-dsa> (Minor issue)
@@ -2359,7 +2457,7 @@
 	RESERVED
 CVE-2011-0093 (ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2
does ...)
 	NOT-FOR-US: Microsoft Visio
-CVE-2011-0092 (ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2
does ...)
+CVE-2011-0092 (The LZW stream decompression functionality in ORMELEMS.DLL in
...)
 	NOT-FOR-US: Microsoft Visio
 CVE-2011-0091 (Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does
not ...)
 	NOT-FOR-US: Microsoft Windows
@@ -2595,7 +2693,7 @@
 CVE-2010-XXXX [TYPO3-SA-2010-022]
 	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
 	NOTE: CVE ID requested
-CVE-2011-0045 (The kernel in Microsoft Windows XP SP3 performs memory
allocation ...)
+CVE-2011-0045 (The Trace Events functionality in the kernel in Microsoft
Windows XP ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-0044
 	RESERVED
@@ -6127,7 +6225,7 @@
 	NOT-FOR-US: RSA Authentication Agent 7.0 for Web
 CVE-2010-3260
 	RESERVED
-CVE-2010-3259 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before
5.0.3 ...)
+CVE-2010-3259 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before
5.0.3, ...)
 	- chromium-browser 6.0.472.53~r57914-1
 	- webkit 1.2.5-1
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
@@ -6146,7 +6244,7 @@
 	- chromium-browser 6.0.472.53~r57914-1
 	- webkit <not-affected>
 	NOTE: chromium specific
-CVE-2010-3255 (Google Chrome before 6.0.472.53 does not properly handle counter
...)
+CVE-2010-3255 (Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do
not ...)
 	- chromium-browser 6.0.472.53~r57914-1
 	- webkit 1.2.5-1 
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
@@ -6574,7 +6672,7 @@
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44096
 	NOTE: http://trac.webkit.org/changeset/65329
 	NOTE: http://trac.webkit.org/changeset/65325
-CVE-2010-3119 (Google Chrome before 5.0.375.127 does not properly support the
Ruby ...)
+CVE-2010-3119 (Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do
not ...)
 	- chromium-browser 5.0.375.127~r55887-1
 	- webkit 1.2.4-1 
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
@@ -6594,20 +6692,20 @@
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43147
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43888
 	NOTE: http://trac.webkit.org/changeset/65280 vulnerable code not present in
1.2 series
-CVE-2010-3115 (Google Chrome before 5.0.375.127 does not properly implement the
...)
+CVE-2010-3115 (Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6,
does not ...)
 	- webkit 1.2.5-1 (bug #599830)
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.127~r55887-1
 	NOTE: http://trac.webkit.org/changeset/63925
 	NOTE: http://trac.webkit.org/changeset/64077
 	NOTE: only partially fixed: only 64077 applied in 1.2.4-1
-CVE-2010-3114 (The text-editing implementation in Google Chrome before
5.0.375.127 ...)
+CVE-2010-3114 (The text-editing implementation in Google Chrome before
5.0.375.127, ...)
 	- webkit 1.2.4-1 
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.127~r55887-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=42655
 	NOTE: http://trac.webkit.org/changeset/63773
-CVE-2010-3113 (Google Chrome before 5.0.375.127 does not properly handle SVG
...)
+CVE-2010-3113 (Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5,
does not ...)
 	- webkit 1.2.5-1 
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.127~r55887-1
@@ -10018,7 +10116,7 @@
 	- webkit 1.2.5-1
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser <undetermined>
-CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch
allows ...)
+CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and
...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
 CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch
allows ...)
@@ -10037,7 +10135,7 @@
 	NOT-FOR-US: Apple iOS
 CVE-2010-1808 (Stack-based buffer overflow in Apple Type Services (ATS) in
Apple Mac ...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2,
and ...)
+CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2;
Android ...)
 	- webkit 1.2.5-1 (bug #599830)
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser <not-affected>