Secure testing commits - Mar 2011 - r16359 - data/CVE

Author: joeyh
Date: 2011-03-10 21:15:02 +0000 (Thu, 10 Mar 2011)
New Revision: 16359

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-03-10 19:22:09 UTC (rev 16358)
+++ data/CVE/list	2011-03-10 21:15:02 UTC (rev 16359)
@@ -1,3 +1,45 @@
+CVE-2011-1343 (SQL injection vulnerability in the Web GUI in IBM Tivoli ...)
+	TODO: check
+CVE-2011-1342
+	RESERVED
+CVE-2011-1341
+	RESERVED
+CVE-2011-1340
+	RESERVED
+CVE-2011-1339
+	RESERVED
+CVE-2011-1338
+	RESERVED
+CVE-2011-1337
+	RESERVED
+CVE-2011-1336
+	RESERVED
+CVE-2011-1335
+	RESERVED
+CVE-2011-1334
+	RESERVED
+CVE-2011-1333
+	RESERVED
+CVE-2011-1332
+	RESERVED
+CVE-2011-1331
+	RESERVED
+CVE-2011-1330
+	RESERVED
+CVE-2011-1329
+	RESERVED
+CVE-2011-1328
+	RESERVED
+CVE-2011-1327
+	RESERVED
+CVE-2011-1326
+	RESERVED
+CVE-2011-1325
+	RESERVED
+CVE-2011-1324
+	RESERVED
+CVE-2011-1323
+	RESERVED
 CVE-2011-XXXX [libvirt: several API calls do not honour read-only connection]
 	TODO: check
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=683650
@@ -2,3 +44,3 @@
 CVE-2011-XXXX [buffer overflow in unixODBC''s SQLDriverConnect()]
- 	- unixodbc <unfixed> (low; bug #617655)
+	- unixodbc <unfixed> (low; bug #617655)
 	[lenny] - unixodbc <no-dsa> (Minor issue)
@@ -258,6 +300,7 @@
 	NOTE: http://trac.webkit.org/changeset/79810
 CVE-2011-1203
 	RESERVED
+	{DSA-2189-1}
 	- chromium-browser 10.0.648.127~r76697-1
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/79476
@@ -292,6 +335,7 @@
 	- ffmpeg <undetermined>
 CVE-2011-1197
 	RESERVED
+	{DSA-2189-1}
 	- chromium-browser 10.0.648.127~r76697-1
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/79734
@@ -328,16 +372,19 @@
 	NOTE: http://trac.webkit.org/changeset/76652
 CVE-2011-1190
 	RESERVED
+	{DSA-2189-1}
 	- chromium-browser 10.0.648.127~r76697-1
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/77563
 CVE-2011-1189
 	RESERVED
+	{DSA-2189-1}
 	- chromium-browser 10.0.648.127~r76697-1
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/79689
 CVE-2011-1188
 	RESERVED
+	{DSA-2189-1}
 	- chromium-browser 10.0.648.127~r76697-1
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/77142
@@ -485,11 +532,13 @@
 	[squeeze] - chromium-browser <not-affected>
 	- webkit <not-affected> (chromium specific)
 CVE-2011-1122 (The WebGL implementation in Google Chrome before 9.0.597.107
allows ...)
+	{DSA-2189-1}
 	- chromium-browser 9.0.597.107~r75357-1
 	- webkit <undetermined>
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=53782
 	TODO: ^ this bug is embargoed, please note the commit #
 CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows
remote ...)
+	{DSA-2189-1}
 	- chromium-browser 9.0.597.107~r75357-1
 	- webkit <unfixed>
 	NOTE: needs port (s/logicalBottom/bottom)
@@ -522,15 +571,18 @@
 	- webkit <unfixed>
 	NOTE: http://trac.webkit.org/changeset/77548
 CVE-2011-1115 (Google Chrome before 9.0.597.107 does not properly render
tables, ...)
+	{DSA-2189-1}
 	- chromium-browser 9.0.597.107~r75357-1
 	- webkit <unfixed>
 	NOTE: http://trac.webkit.org/changeset/76915
 CVE-2011-1114 (Google Chrome before 9.0.597.107 does not properly handle
tables, ...)
+	{DSA-2189-1}
 	- chromium-browser 9.0.597.107~r75357-1
 	- webkit <not-affected> (vulnerable code introduced after 1.2, and the
fix restores this code to its 1.2 state)
 	TODO: check webkit 1.3 once it enters unstable
 	NOTE: http://trac.webkit.org/changeset/77141
 CVE-2011-1113 (Google Chrome before 9.0.597.107 on 64-bit Linux platforms does
not ...)
+	{DSA-2189-1}
 	- chromium-browser 9.0.597.107~r75357-1
 	- webkit <not-affected> (chromium specific)
 CVE-2011-1112 (Google Chrome before 9.0.597.107 does not properly perform SVG
...)
@@ -550,10 +602,12 @@
 	TODO: check webkit 1.3 once it gets uploaded to unstable
 	NOTE: http://trac.webkit.org/changeset/76828
 CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes
in ...)
+	{DSA-2189-1}
 	- chromium-browser 9.0.597.107~r75357-1
 	- webkit <unfixed>
 	NOTE: http://trac.webkit.org/changeset/76728
 CVE-2011-1108 (Google Chrome before 9.0.597.107 does not properly implement
...)
+	{DSA-2189-1}
 	- chromium-browser 9.0.597.107~r75357-1
 	- webkit <not-affected> (Chromium specific)
 CVE-2011-1107 (Unspecified vulnerability in Google Chrome before 9.0.597.107
allows ...)
@@ -602,8 +656,8 @@
 	- lilo <unfixed> (low; bug #615103)
 	[squeeze] - lilo <not-affected> (Introduced in 23.1)
 	[lenny] - lilo <not-affected> (Introduced in 23.1)
-CVE-2011-1099
-	RESERVED
+CVE-2011-1099 (Multiple directory traversal vulnerabilities in FocalMedia.Net
Quick ...)
+	TODO: check
 CVE-2011-1098
 	RESERVED
 CVE-2011-1097
@@ -1440,7 +1494,7 @@
 	- chromium-browser 9.0.597.84~r72991-1
 	- webkit <not-affected> (chromium specific)
 CVE-2011-0778 (Google Chrome before 9.0.597.84 does not properly restrict drag
and ...)
-	{DSA-2166-1}
+	{DSA-2188-1 DSA-2166-1}
 	- chromium-browser 9.0.597.84~r72991-1
 	- webkit 1.2.7-1 
 	NOTE: http://trac.webkit.org/changeset/71925
@@ -1981,13 +2035,13 @@
 	RESERVED
 CVE-2011-0600 (The U3D component in Adobe Reader and Acrobat 10.x before
10.0.1, 9.x ...)
 	NOT-FOR-US: Adobe Reader
-CVE-2011-0599 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+CVE-2011-0599 (The Bitmap parsing component in rt3d.dll in Adobe Reader and
Acrobat ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2011-0598 (Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x
before ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2011-0597
 	RESERVED
-CVE-2011-0596 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+CVE-2011-0596 (The Bitmap parsing component in 2d.dll in Adobe Reader and
Acrobat ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2011-0595 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
 	NOT-FOR-US: Adobe Reader
@@ -2045,7 +2099,7 @@
 	NOT-FOR-US: Adobe Shockwave Player
 CVE-2011-0568 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x
before ...)
 	NOT-FOR-US: Adobe Reader
-CVE-2011-0567 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+CVE-2011-0567 (AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x
...)
 	NOT-FOR-US: Adobe Reader
 CVE-2011-0566 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
 	NOT-FOR-US: Adobe Reader
@@ -2272,6 +2326,7 @@
 	TODO: recheck when > 1.3 gets uploaded
 	NOTE: http://trac.webkit.org/changeset/74787
 CVE-2011-0482 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do ...)
+	{DSA-2188-1}
 	- chromium-browser 6.0.472.63~r59945-5
 	- webkit 1.2.7-1 
 	NOTE: http://trac.webkit.org/changeset/74779
@@ -2330,8 +2385,8 @@
 	RESERVED
 CVE-2011-0465
 	RESERVED
-CVE-2011-0464
-	RESERVED
+CVE-2011-0464 (Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot
Patch 1 ...)
+	TODO: check
 CVE-2011-0463
 	RESERVED
 CVE-2011-0462
@@ -3621,10 +3676,12 @@
 	- bugzilla <unfixed> (bug #611176)
 	NOTE: http://www.bugzilla.org/security/3.2.9/
 CVE-2010-4578 (Google Chrome before 8.0.552.224 and Chrome OS before
8.0.552.343 do ...)
+	{DSA-2188-1}
 	- chromium-browser 6.0.472.63~r59945-4
 	- webkit 1.2.7-1
 	NOTE: http://trac.webkit.org/changeset/73432
 CVE-2010-4577 (The CSSParser::parseFontFaceSrc function in
WebCore/css/CSSParser.cpp ...)
+	{DSA-2188-1}
 	- chromium-browser 6.0.472.63~r59945-4
 	- webkit 1.2.7-1 
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=49883
@@ -3762,8 +3819,8 @@
 	RESERVED
 CVE-2011-0043 (Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2
...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2011-0042
-	RESERVED
+CVE-2011-0042 (SBE.dll in the Stream Buffer Engine in Windows Media Player and
...)
+	TODO: check
 CVE-2011-0041
 	RESERVED
 CVE-2011-0040 (The server in Microsoft Active Directory on Windows Server 2003
SP2 ...)
@@ -3782,14 +3839,14 @@
 	RESERVED
 CVE-2011-0033 (The OpenType Compact Font Format (CFF) driver in Microsoft
Windows XP ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2011-0032
-	RESERVED
+CVE-2011-0032 (Untrusted search path vulnerability in DirectShow in Microsoft
Windows ...)
+	TODO: check
 CVE-2011-0031 (The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in
...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-0030 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft
Windows XP ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2011-0029
-	RESERVED
+CVE-2011-0029 (Untrusted search path vulnerability in the client in Microsoft
Remote ...)
+	TODO: check
 CVE-2011-0028
 	RESERVED
 CVE-2011-0027 (Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and
Windows ...)
@@ -4026,10 +4083,12 @@
 	- chromium-browser 5.0.375.29~r46008-1 
 	- webkit <not-affected> (never embedded libxml2''s xpath.c)
 CVE-2010-4493 (Use-after-free vulnerability in Google Chrome before 8.0.552.215
...)
+	{DSA-2188-1}
 	- chromium-browser 6.0.472.63~r59945-3
 	- webkit 1.2.7-1
 	NOTE: http://trac.webkit.org/changeset/72013
 CVE-2010-4492 (Use-after-free vulnerability in Google Chrome before 8.0.552.215
...)
+	{DSA-2188-1}
 	- chromium-browser 6.0.472.63~r59945-3
 	- webkit 1.2.7-1 
 	NOTE: http://trac.webkit.org/changeset/71686
@@ -4853,6 +4912,7 @@
 CVE-2010-4200
 	REJECTED
 CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast
of an ...)
+	{DSA-2188-1}
 	- webkit 1.2.7-1 
 	- chromium-browser 6.0.472.63~r59945-2
 	NOTE: http://trac.webkit.org/changeset/69936
@@ -5248,6 +5308,7 @@
 	- webkit <not-affected> (issue with chromium sandbox)
 	- chromium-browser 6.0.472.63~r59945-1
 CVE-2010-4040 (Google Chrome before 7.0.517.41 does not properly handle
animated GIF ...)
+	{DSA-2188-1}
 	- webkit 1.2.6-1
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 6.0.472.63~r59945-1
@@ -7736,7 +7797,7 @@
 	NOT-FOR-US: Microsoft Visio
 CVE-2010-3147 (Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in
...)
 	NOT-FOR-US: Microsoft Address Book
-CVE-2010-3146 (Untrusted search path vulnerability in Microsoft Office Groove
2007 ...)
+CVE-2010-3146 (Multiple untrusted search path vulnerabilities in Microsoft
Groove ...)
 	NOT-FOR-US: Microsoft Office Groove
 CVE-2010-3145 (Untrusted search path vulnerability in the BitLocker Drive
Encryption ...)
 	NOT-FOR-US: Microsoft Vista BitLocker
@@ -8377,6 +8438,7 @@
 	NOTE: http://trac.webkit.org/changeset/62662
 	NOTE: duplicate of cve-2010-1793
 CVE-2010-2901 (The rendering implementation in Google Chrome before 5.0.375.125
...)
+	{DSA-2188-1}
 	- webkit 1.2.5-1
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.125~r53311-1
@@ -11404,6 +11466,7 @@
 	- chromium-browser 5.0.375.125~r53311-1
 	NOTE: http://trac.webkit.org/changeset/62271
 CVE-2010-1783 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through
10.6 and ...)
+	{DSA-2188-1}
 	- webkit 1.2.7-1
 	- chromium-browser 5.0.375.127~r55887-1
 	NOTE: (Chromium Sec) This seems a duplicate of CVE-2010-2899
@@ -15472,6 +15535,7 @@
 	NOT-FOR-US: Palo Alto Networks Firewall
 CVE-2010-0474
 	RESERVED
+	{DSA-2188-1}
 CVE-2010-0473
 	RESERVED
 CVE-2010-0472 (kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2
9.7 FP1 ...)