Author: jmm Date: 2011-03-09 21:18:17 +0000 (Wed, 09 Mar 2011) New Revision: 16345 Modified: data/CVE/list Log: two openldap no-dsa issues dotlrn/openacs not affected by xinha issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-03-09 21:15:05 UTC (rev 16344) +++ data/CVE/list 2011-03-09 21:18:17 UTC (rev 16345) @@ -583,7 +583,7 @@ CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users ...) TODO: check CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to overwrite ...) - TODO: check + TODO: apparenty not in Debian. Raphael, can you confirm? CVE-2011-1071 [eglibc: memory corruption] RESERVED - glibc <removed> @@ -725,12 +725,14 @@ RESERVED CVE-2011-1025 [rootpw is not verified with slapd.conf] RESERVED - - openldap <unfixed> - TODO: check + - openldap <unfixed> (low) + [squeeze] - openldap <no-dsa> (Minor issue) + [lenny] - openldap <not-affected> (Vulnerable code not present, introduced in 2.4.12) CVE-2011-1024 [forwarded bind failure messages cause success] RESERVED - - openldap <unfixed> - TODO: check + - openldap <unfixed> (low) + [lenny] - openldap <no-dsa> (Minor issue) + [squeeze] - openldap <no-dsa> (Minor issue) CVE-2011-1023 RESERVED CVE-2011-1022 [failure to verify netlink messages] @@ -862,22 +864,22 @@ RESERVED - serendipity <unfixed> (bug #611661) [lenny] - serendipity <not-affected> (Xinha not yet included) - - openacs <unfixed> - - dotlrn <unfixed> + - openacs <not-affected> (PHP bindings not used) + - dotlrn <not-affected> (PHP bindings not used) NOTE: http://secunia.com/advisories/40669/ CVE-2011-1134 [xinha XSS image manager] RESERVED - serendipity <unfixed> (bug #611661) [lenny] - serendipity <not-affected> (Xinha not yet included) - - openacs <unfixed> - - dotlrn <unfixed> + - openacs <not-affected> (PHP bindings not used) + - dotlrn <not-affected> (PHP bindings not used) NOTE: http://secunia.com/advisories/40669/ CVE-2011-1135 [xinha multiple vulns] RESERVED - serendipity <unfixed> (bug #611661) [lenny] - serendipity <not-affected> (Xinha not yet included) - - openacs <unfixed> - - dotlrn <unfixed> + - openacs <not-affected> (PHP bindings not used) + - dotlrn <not-affected> (PHP bindings not used) NOTE: http://secunia.com/advisories/40669/ CVE-2011-1137 [proftpd mod_sftp DoS] RESERVED