Secure testing commits - Feb 2011 - r16263 - data/CVE

Author: jmm
Date: 2011-02-28 16:35:54 +0000 (Mon, 28 Feb 2011)
New Revision: 16263

Modified:
   data/CVE/list
Log:
- pinged maintainer for lilo status
- NFUs
- new potential webkit/chromium issue


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-02-27 22:49:29 UTC (rev 16262)
+++ data/CVE/list	2011-02-28 16:35:54 UTC (rev 16263)
@@ -9,7 +9,7 @@
 	TODO: are other python versions affected?
 CVE-2011-XXXX [lilo: lilo.conf world-readable]
 	- lilo <unfixed> (low; bug #615103)
-	TODO: bug report says older version unaffected, check that
+	NOTE: pinged maintainer about oldstable/stable status
 CVE-2011-1099
 	RESERVED
 CVE-2011-1098
@@ -73,27 +73,28 @@
 CVE-2011-1069
 	RESERVED
 CVE-2011-1068 (Microsoft Windows Azure Software Development Kit (SDK) 1.3.x
before ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Azure SDK
 CVE-2011-1067 (slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2
does not ...)
-	TODO: check
+	NOT-FOR-US: s389 LDAP server
 CVE-2011-1066 (Cross-site scripting (XSS) vulnerability in the Messaging module
...)
-	TODO: check
+	NOT-FOR-US: Messaging module for Drupal
 CVE-2011-1065 (Multiple stack-based buffer overflows in the PIPIWebPlayer
ActiveX ...)
-	TODO: check
+	NOT-FOR-US: PIPI Player
 CVE-2011-1064 (SQL injection vulnerability in member/list.php in qibosoft Qi Bo
CMS 7 ...)
-	TODO: check
+	NOT-FOR-US: Qi Bo CMS
 CVE-2011-1063 (Multiple cross-site scripting (XSS) vulnerabilities in
Cherry-Design ...)
-	TODO: check
+	NOT-FOR-US: Cherry-Design Photopad 
 CVE-2011-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: TaskFreak!
 CVE-2011-1061 (SQL injection vulnerability in memberlist.php in WSN Guest 1.24
allows ...)
-	TODO: check
+	NOT-FOR-US: WSN Guest
 CVE-2011-1060 (SQL injection vulnerability in the member function in ...)
-	TODO: check
+	NOT-FOR-US: WSN Guest
 CVE-2011-1059 (Use-after-free vulnerability in WebCore in WebKit before r77705,
as ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389
...)
-	TODO: check
+	NOT-FOR-US: s389 LDAP server
 CVE-2011-XXXX [ADC path traversal]
 	- gitolite <unfixed>
 	NOTE:
https://github.com/sitaramc/gitolite/commit/a33f0f85047834212ff4baf5b479c6cf3d2a6075
@@ -102,23 +103,23 @@
 	- moin <unfixed>
 	TODO: check
 CVE-2011-1057 (The installer for Metasploit Framework 3.5.1, when running on
Windows, ...)
-	TODO: check
+	NOT-FOR-US: Metasploit Framework
 CVE-2011-1056 (The installer for Metasploit Framework 3.5.1, when running on
Windows, ...)
-	TODO: check
+	NOT-FOR-US: Metasploit Framework
 CVE-2011-1055 (SQL injection vulnerability in api/ice_media.cfc in Lingxia
I.C.E CMS ...)
-	TODO: check
+	NOT-FOR-US: Lingxia I.C.E CMS
 CVE-2011-1054 (Unspecified vulnerability in the PEF input file loader in
Hex-Rays IDA ...)
-	TODO: check
+	NOT-FOR-US: IDA Pro
 CVE-2011-1053 (Unspecified vulnerability in the Mach-O input file loader in
Hex-Rays ...)
-	TODO: check
+	NOT-FOR-US: IDA Pro
 CVE-2011-1052 (Integer overflow in the PSX/GEOS input file loaders in Hex-Rays
IDA ...)
-	TODO: check
+	NOT-FOR-US: IDA Pro
 CVE-2011-1051 (Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in
...)
-	TODO: check
+	NOT-FOR-US: IDA Pro
 CVE-2011-1050 (Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has
unknown ...)
-	TODO: check
+	NOT-FOR-US: IDA Pro
 CVE-2011-1049 (Buffer overflow in the Mach-O input file loader in Hex-Rays IDA
Pro ...)
-	TODO: check
+	NOT-FOR-US: IDA Pro
 CVE-2011-1048 (SQL injection vulnerability in product.php in MihanTools 1.33
allows ...)
 	TODO: check
 CVE-2011-1047 (Multiple SQL injection vulnerabilities in VastHTML Forum Server
(aka ...)