Author: joeyh Date: 2011-03-03 21:15:11 +0000 (Thu, 03 Mar 2011) New Revision: 16296 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-03-03 20:48:01 UTC (rev 16295) +++ data/CVE/list 2011-03-03 21:15:11 UTC (rev 16296) @@ -1,3 +1,35 @@ +CVE-2011-1144 (The installer in PEAR 1.9.2 and earlier allows local users to ...) + TODO: check +CVE-2011-1143 (epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark ...) + TODO: check +CVE-2011-1142 (Stack consumption vulnerability in the dissect_ber_choice function in ...) + TODO: check +CVE-2011-1141 (epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through ...) + TODO: check +CVE-2011-1140 (Multiple stack consumption vulnerabilities in the ...) + TODO: check +CVE-2011-1139 (wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through ...) + TODO: check +CVE-2011-1138 (Off-by-one error in the dissect_6lowpan_iphc function in ...) + TODO: check +CVE-2011-1131 + RESERVED +CVE-2011-1130 + RESERVED +CVE-2011-1129 + RESERVED +CVE-2011-1128 + RESERVED +CVE-2011-1127 + RESERVED +CVE-2011-1126 + RESERVED +CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or libc6) ...) + TODO: check +CVE-2010-4755 (The (1) remote_glob function in sftp-glob.c and the (2) process_put ...) + TODO: check +CVE-2010-4754 (The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, ...) + TODO: check CVE-2011-1125 (Google Chrome before 9.0.597.107 does not properly perform layout, ...) TODO: check CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before 9.0.597.107 ...) @@ -136,8 +168,8 @@ RESERVED CVE-2011-1073 RESERVED -CVE-2011-1072 - RESERVED +CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to overwrite ...) + TODO: check CVE-2011-1071 [eglibc: memory corruption] RESERVED - glibc <removed> @@ -339,15 +371,13 @@ - request-tracker3.8 <unfixed> CVE-2011-1006 RESERVED -CVE-2011-1005 [Ruby Exception methods can bypass $SAFE] - RESERVED +CVE-2011-1005 (The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through ...) - ruby1.8 1.8.7.334-1 (bug #615517) [lenny] - ruby1.8 <no-dsa> (Minor issue) [squeeze] - ruby1.8 <no-dsa> (Minor issue) - ruby1.9 <not-affected> - ruby1.9.1 <not-affected> -CVE-2011-1004 [Ruby FileUtils.remove_entry_secure symlink attack] - RESERVED +CVE-2011-1004 (The FileUtils.remove_entry_secure method in Ruby 1.8.6 through ...) - ruby1.8 1.8.7.334-1 (bug #615518) [lenny] - ruby1.8 <no-dsa> (Minor issue) [squeeze] - ruby1.8 <no-dsa> (Minor issue) @@ -405,30 +435,35 @@ CVE-2008-7274 (IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2011-1132 [kfreebsd dos] + RESERVED - kfreebsd-8 <unfixed> (low; bug #613312; bug #611476) [squeeze] - kfreebsd-8 <no-dsa> (Can be fixed through a point update) [lenny] - kfreebsd-8 <no-dsa> (Not-supported in Lenny) - kfreebsd-7 <unfixed> (bug #613312) [lenny] - kfreebsd-7 <no-dsa> (Not supported in Lenny) CVE-2011-1133 [xinha XSS mode param] + RESERVED - serendipity <unfixed> (bug #611661) [lenny] - serendipity <not-affected> (Xinha not yet included) - openacs <unfixed> - dotlrn <unfixed> NOTE: http://secunia.com/advisories/40669/ CVE-2011-1134 [xinha XSS image manager] + RESERVED - serendipity <unfixed> (bug #611661) [lenny] - serendipity <not-affected> (Xinha not yet included) - openacs <unfixed> - dotlrn <unfixed> NOTE: http://secunia.com/advisories/40669/ CVE-2011-1135 [xinha multiple vulns] + RESERVED - serendipity <unfixed> (bug #611661) [lenny] - serendipity <not-affected> (Xinha not yet included) - openacs <unfixed> - dotlrn <unfixed> NOTE: http://secunia.com/advisories/40669/ CVE-2011-1137 [proftpd mod_sftp DoS] + RESERVED - proftpd-dfsg <unfixed> NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3586 NOTE: http://www.exploit-db.com/exploits/16129/ @@ -924,6 +959,7 @@ - wordpress 3.0.5+dfsg-1 NOTE: http://codex.wordpress.org/Version_3.0.5 CVE-2011-1136 [tesseract tempfile] + RESERVED - tesseract 2.04-2.1 (low; bug #612032) [squeeze] - tesseract <no-dsa> (Minor issue) [lenny] - tesseract <no-dsa> (Minor issue) @@ -961,8 +997,8 @@ RESERVED CVE-2011-0763 RESERVED -CVE-2011-0762 - RESERVED +CVE-2011-0762 (The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 ...) + TODO: check CVE-2011-0761 RESERVED CVE-2011-0760 @@ -1116,8 +1152,7 @@ RESERVED CVE-2011-0714 RESERVED -CVE-2011-0713 [dct3trace buffer overflow] - RESERVED +CVE-2011-0713 (Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 ...) - wireshark <unfixed> [lenny] - wireshark <not-affected> (Vulnerable code not present) NOTE: http://anonsvn.wireshark.org/viewvc?view=rev&revision=35953 @@ -1553,7 +1588,7 @@ - openssh 1:5.8p1-2 [squeeze] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7) [lenny] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7) -CVE-2011-0538 (Wireshark 1.5.0, 1.4.3, and earlier frees an uninitialized pointer ...) +CVE-2011-0538 (Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees ...) - wireshark 1.4.3-3 (low; bug #613202) CVE-2011-0537 (Multiple directory traversal vulnerabilities in (1) ...) - mediawiki <not-affected> (Only affected when running on Windows or Novell Netware) @@ -1788,8 +1823,8 @@ RESERVED CVE-2011-0456 RESERVED -CVE-2011-0455 - RESERVED +CVE-2011-0455 (Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 ...) + TODO: check CVE-2011-0454 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...) TODO: check CVE-2011-0453 (F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not ...) @@ -2909,57 +2944,48 @@ - pango1.0 1.28.3-2~sid1 CVE-2011-0063 RESERVED -CVE-2011-0062 - RESERVED +CVE-2011-0062 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - xulrunner <not-affected> (Only affects Firefox 3.6, not yet in unstable) - iceweasel <not-affected> (Only affects Firefox 3.6, not yet in unstable) -CVE-2011-0061 - RESERVED +CVE-2011-0061 (Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird ...) - xulrunner <not-affected> (Only affects Firefox 3.6, not yet in unstable) - iceweasel <not-affected> (Only affects Firefox 3.6, not yet in unstable) CVE-2011-0060 RESERVED -CVE-2011-0059 - RESERVED +CVE-2011-0059 (Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox ...) - xulrunner <removed> - iceweasel 3.5.17-1 [lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2011-0058 - RESERVED +CVE-2011-0058 (Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before ...) - xulrunner <not-affected> (Windows-specific) - iceweasel <not-affected> (Windows-specific) -CVE-2011-0057 - RESERVED +CVE-2011-0057 (Use-after-free vulnerability in the Web Workers implementation in ...) - xulrunner <removed> - iceweasel 3.5.17-1 [lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2011-0056 - RESERVED +CVE-2011-0056 (Buffer overflow in the JavaScript engine in Mozilla Firefox before ...) - xulrunner <removed> - iceweasel 3.5.17-1 [lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2011-0055 - RESERVED +CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in Mozilla ...) - xulrunner <removed> - iceweasel 3.5.17-1 [lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2011-0054 - RESERVED +CVE-2011-0054 (Buffer overflow in the JavaScript engine in Mozilla Firefox before ...) - xulrunner <removed> - iceweasel 3.5.17-1 [lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2011-0053 - RESERVED +CVE-2011-0053 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - xulrunner <removed> - iceweasel 3.5.17-1 [lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses Xulrunner from the xulrunner source pkg) @@ -2967,8 +2993,7 @@ [lenny] - iceape <not-affected> (Only a stub package) CVE-2011-0052 RESERVED -CVE-2011-0051 - RESERVED +CVE-2011-0051 (Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey ...) - xulrunner <removed> - iceweasel 3.5.17-1 [lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses Xulrunner from the xulrunner source pkg) @@ -11369,7 +11394,7 @@ NOT-FOR-US: Apache ActiveMQ CVE-2010-1586 (Open redirect vulnerability in red2301.html in HP System Management ...) NOT-FOR-US: HP System Management Homepage -CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in Mozilla Firefox ...) +CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in the ...) - xulrunner <removed> - iceweasel 3.5.17-1 [lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses Xulrunner from the xulrunner source pkg)