thr3ads.net - Secure testing commits - [Secure-testing-commits] r16222

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Feb-21 21:14 UTC
[Secure-testing-commits] r16222 - data/CVE

Author: joeyh
Date: 2011-02-21 21:14:43 +0000 (Mon, 21 Feb 2011)
New Revision: 16222

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-02-21 19:47:14 UTC (rev 16221)
+++ data/CVE/list	2011-02-21 21:14:43 UTC (rev 16222)
@@ -1,3 +1,31 @@
+CVE-2011-1044 (The ib_uverbs_poll_cq function in
drivers/infiniband/core/uverbs_cmd.c ...)
+	TODO: check
+CVE-2011-1043
+	RESERVED
+CVE-2011-1042 (Use-after-free vulnerability in flimflamd in flimflam in Google
Chrome ...)
+	TODO: check
+CVE-2011-1041
+	RESERVED
+CVE-2011-1040
+	RESERVED
+CVE-2011-1039
+	RESERVED
+CVE-2011-1038
+	RESERVED
+CVE-2011-1037
+	RESERVED
+CVE-2011-1036
+	RESERVED
+CVE-2011-1035 (The password reset in PivotX before 2.2.4 allows remote
attackers to ...)
+	TODO: check
+CVE-2010-4744 (Multiple unspecified vulnerabilities in abcm2ps before 5.9.13
have ...)
+	TODO: check
+CVE-2010-4743 (Heap-based buffer overflow in the getarena function in abc2ps.c
in ...)
+	TODO: check
+CVE-2010-4742 (Stack-based buffer overflow in a certain ActiveX control in ...)
+	TODO: check
+CVE-2010-4741 (Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM
Tool ...)
+	TODO: check
 CVE-2011-1034 (Cross-site scripting (XSS) vulnerability in the UI in IBM
Rational ...)
 	NOT-FOR-US: IBM Rational Build Forge
 CVE-2010-4740 (Stack-based buffer overflow in WTclient.dll in SCADA Engine
BACnet OPC ...)
@@ -85,8 +113,7 @@
 	- avahi <unfixed>
 CVE-2011-1001
 	RESERVED
-CVE-2011-1000 [telepathy-gabble audio/video call intercepting]
-	RESERVED
+CVE-2011-1000 (jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10
before ...)
 	{DSA-2169-1}
 	- telepathy-gabble 0.9.15-2
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=34048
@@ -654,7 +681,7 @@
 	[lenny] - aptitude <no-dsa> (Minor issue)
 CVE-2011-0775 (pivotx/modules/module_image.php in PivotX 2.2.2 allows remote
...)
 	NOT-FOR-US: PivotX
-CVE-2011-0774 (PivotX 2.2.2 allows remote attackers to obtain sensitive
information ...)
+CVE-2011-0774 (PivotX before 2.2.2 allows remote attackers to obtain sensitive
...)
 	NOT-FOR-US: PivotX
 CVE-2011-0773 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: PivotX
@@ -792,8 +819,7 @@
 	RESERVED
 CVE-2011-0725
 	RESERVED
-CVE-2011-0724
-	RESERVED
+CVE-2011-0724 (The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not
...)
 	- italc <not-affected> (Only Edubuntu Live DVD affected)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/italc/+bug/714864
 	NOTE:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001245.html
@@ -801,8 +827,7 @@
 	RESERVED
 CVE-2011-0722
 	RESERVED
-CVE-2011-0721 [chfn/chsh newline injection]
-	RESERVED
+CVE-2011-0721 (Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh
in ...)
 	{DSA-2164-1}
 	- shadow 1:4.1.4.2+svn3283-3
 	[lenny] - shadow <not-affected> (Vulnerable code not present)
@@ -834,17 +859,14 @@
 	RESERVED
 	- wireshark <unfixed>
 	NOTE: http://anonsvn.wireshark.org/viewvc?view=rev&revision=35953
-CVE-2011-0712 [ALSA: caiaq - Fix possible string-buffer overflow]
-	RESERVED
+CVE-2011-0712 (Multiple buffer overflows in the caiaq Native Instruments USB
audio ...)
 	- linux-2.6 <unfixed>
 CVE-2011-0711
 	RESERVED
 	- linux-2.6 <unfixed> (low)
-CVE-2011-0710
-	RESERVED
+CVE-2011-0710 (The task_show_regs function in arch/s390/kernel/traps.c in the
Linux ...)
 	- linux-2.6 <unfixed> (low)
-CVE-2011-0709
-	RESERVED
+CVE-2011-0709 (The br_mdb_ip_get function in net/bridge/br_multicast.c in the
Linux ...)
 	- linux-2.6 <not-affected> (Introduced in 2.6.35-rc1 and fixed in
2.6.35-rc5)
 CVE-2011-0708 [exif data processing DoS (limited abitrary memory access)]
 	RESERVED
@@ -856,8 +878,8 @@
 	NOTE: patch
http://mail.python.org/pipermail/mailman-developers/attachments/20110218/15500b22/attachment.txt
 	NOTE: present in 2.1.14 and earlier
 	NOTE:
http://mail.python.org/pipermail/mailman-developers/2011-February/021317.html
-CVE-2011-0706
-	RESERVED
+CVE-2011-0706 (The &quot;JNLPClassLoader&quot; class in IcedTea-Web
before 1.0.1, as used in ...)
+	TODO: check
 CVE-2011-0705 [path traversal in SimpleHTTPServer]
 	RESERVED
 	- python3.2 <unfixed>
@@ -996,7 +1018,7 @@
 	RESERVED
 CVE-2011-0655
 	RESERVED
-CVE-2011-0654 (Heap-based buffer overflow in Mrxsmb.sys in Microsoft Windows
Server ...)
+CVE-2011-0654 (Integer underflow in the BowserWriteErrorLogEntry function in
the ...)
 	TODO: check
 CVE-2011-0653
 	RESERVED
@@ -1371,6 +1393,7 @@
 CVE-2010-4701 (Heap-based buffer overflow in the CDrawPoly::Serialize function
in ...)
 	NOT-FOR-US: Microsoft Windows Fax Services Cover Page Editor
 CVE-2011-0495 (Stack-based buffer overflow in the ast_uri_encode function in
...)
+	{DSA-2171-1}
 	- asterisk <unfixed> (bug #610487)
 CVE-2011-0494 (Directory traversal vulnerability in WebSEAL in IBM Tivoli
Access ...)
 	NOT-FOR-US: IBM Tivoli Access Manager
@@ -1503,8 +1526,8 @@
 	RESERVED
 CVE-2011-0454
 	RESERVED
-CVE-2011-0453
-	RESERVED
+CVE-2011-0453 (F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not
...)
+	TODO: check
 CVE-2011-0452
 	RESERVED
 CVE-2011-0451 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
@@ -1564,12 +1587,10 @@
 	TODO: check vftool (also against the older parseafm issue in evince)
 CVE-2011-0432
 	RESERVED
-CVE-2011-0431
-	RESERVED
+CVE-2011-0431 (The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the
kernel ...)
 	{DSA-2168-1}
 	- openafs 1.4.14+dfsg-1
-CVE-2011-0430
-	RESERVED
+CVE-2011-0430 (Double free vulnerability in the Rx server process in OpenAFS
1.4.14, ...)
 	{DSA-2168-1}
 	- openafs 1.4.14+dfsg-1
 CVE-2011-0429
@@ -1596,8 +1617,7 @@
 	RESERVED
 	- php5 <unfixed>
 	NOTE: http://svn.php.net/viewvc?view=revision&revision=307867
-CVE-2011-0420 [grapheme_extract null pointer deref]
-	RESERVED
+CVE-2011-0420 (The grapheme_extract function in the Internationalization
extension ...)
 	- php5 <unfixed> (low)
 	[lenny] - php5 <not-affected> (intl extension added in 5.3)
 	[squeeze] - php5 <no-dsa> (Minor issue)
@@ -1719,8 +1739,7 @@
 	RESERVED
 CVE-2011-0365
 	RESERVED
-CVE-2011-0364
-	RESERVED
+CVE-2011-0364 (The Management Console (webagent.exe) in Cisco Security Agent
5.1, ...)
 	NOT-FOR-US: Cisco Security Agent Management
 CVE-2011-0363
 	RESERVED
@@ -2036,8 +2055,7 @@
 	RESERVED
 	- linux-2.6 2.6.32-30
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.29)
-CVE-2010-4649
-	RESERVED
+CVE-2010-4649 (Integer overflow in the ib_uverbs_poll_cq function in ...)
 	{DSA-2153-1}
 	- linux-2.6 2.6.32-30
 CVE-2010-4648
@@ -2633,8 +2651,7 @@
 	RESERVED
 CVE-2011-0051
 	RESERVED
-CVE-2011-0050
-	RESERVED
+CVE-2011-0050 (Cross-site scripting (XSS) vulnerability in the nonjs interface
...)
 	{DSA-2158-1}
 	- cgiirc <unfixed> (bug #612671)
 CVE-2011-0049 (Directory traversal vulnerability in the _list_file_get function
in ...)
@@ -2991,13 +3008,11 @@
 CVE-2011-0015 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not
...)
 	{DSA-2148-1}
 	- tor 0.2.1.29-1
-CVE-2011-0014 [http://www.openssl.org/news/secadv_20110208.txt]
-	RESERVED
+CVE-2011-0014 (ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through
1.0.0c ...)
 	{DSA-2162-1}
 	- openssl 0.9.8o-5 (low)
 	[lenny] - openssl <not-affected> (Only 0.9.8h through 0.9.8q are
affected)
-CVE-2011-0013 [tomcat HTML manager XSS]
-	RESERVED
+CVE-2011-0013 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML
...)
 	{DSA-2160-1}
 	- tomcat5.5 <removed> (low)
 	[lenny] - tomcat5.5 <no-dsa> (Minor issue)
@@ -3125,7 +3140,7 @@
 	- openssh <not-affected> (J-PAKE not activated, see bug #606922)
 CVE-2010-4477
 	RESERVED
-CVE-2010-4476 (Unspecified vulnerability in the Java Runtime Environment (JRE)
in ...)
+CVE-2010-4476 (The Double.parseDouble method in Java Runtime Environment (JRE)
in ...)
 	{DSA-2161-2 DSA-2161-1}
 	- openjdk-6 <unfixed> (bug #612660)
 	- sun-java6 6.24-1
@@ -3491,8 +3506,7 @@
 CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton
...)
 	{DSA-2139-1}
 	- phpmyadmin 4:3.3.7-2
-CVE-2010-4328
-	RESERVED
+CVE-2010-4328 (Multiple stack-based buffer overflows in
opt/novell/iprint/bin/ipsmd ...)
 	NOT-FOR-US: Novell iPrint LPD
 CVE-2010-4327 (Unspecified vulnerability in the NCP service in Novell
eDirectory ...)
 	NOT-FOR-US: Novell eDirectory
@@ -3502,8 +3516,8 @@
 	NOT-FOR-US: Groupwise
 CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form in
the ...)
 	NOT-FOR-US: Novell Identity Manager
-CVE-2010-4323
-	RESERVED
+CVE-2010-4323 (Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks
...)
+	TODO: check
 CVE-2010-4322 (Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in
Novell ...)
 	NOT-FOR-US: Novell Vibe
 CVE-2010-4321 (Stack-based buffer overflow in an ActiveX control in ienipp.ocx
in ...)
@@ -5866,8 +5880,7 @@
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-25
 	NOTE:
http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=5591bf07225523600450edd9e6ad258bb877b779
-CVE-2010-3441
-	RESERVED
+CVE-2010-3441 (Multiple buffer overflows in abcm2ps before 5.9.12 might allow
remote ...)
 	- abcm2ps 5.9.13-0.1 (low; bug #577014)
 	[lenny] - abcm2ps <no-dsa> (Minor issue)
 CVE-2010-3440 [babiloo insecure downloading and unpacking of dictionary files]
Secure testing commits - Feb 2011 - r16222 - data/CVE

[Secure-testing-commits] r16222 - data/CVE
