Author: jmm Date: 2011-03-11 21:26:10 +0000 (Fri, 11 Mar 2011) New Revision: 16366 Modified: data/CVE/list Log: - NFUs - openldap bug - Debian''s cron not affected Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-03-11 21:15:34 UTC (rev 16365) +++ data/CVE/list 2011-03-11 21:26:10 UTC (rev 16366) @@ -183,39 +183,39 @@ CVE-2011-1323 RESERVED CVE-2011-1322 (The SOAP with Attachments API for Java (SAAJ) implementation in the ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1321 (The AuthCache purge implementation in the Security component in IBM ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1320 (The Security component in IBM WebSphere Application Server (WAS) ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1319 (The Security component in IBM WebSphere Application Server (WAS) ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1318 (Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1317 (Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1316 (The Session Initiation Protocol (SIP) Proxy in the HTTP Transport ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1315 (Memory leak in the messaging engine in IBM WebSphere Application ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1314 (The Service Integration Bus (SIB) messaging engine in IBM WebSphere ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1313 (Double free vulnerability in IBM WebSphere Application Server (WAS) ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1312 (The Administrative Console component in IBM WebSphere Application ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1311 (The Security component in IBM WebSphere Application Server (WAS) ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1310 (The Administrative Scripting Tools component in IBM WebSphere ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1309 (The Plug-in component in IBM WebSphere Application Server (WAS) before ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1308 (Cross-site scripting (XSS) vulnerability in the Installation ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1307 (The installer in IBM WebSphere Application Server (WAS) before ...) - TODO: check + NOT-FOR-US: WebSphere CVE-2011-1306 (Unspecified vulnerability in the Scratchpad application in Google ...) - TODO: check + NOT-FOR-US: Google ChromeOS CVE-2011-XXXX [gmime segfault] - gmime2.4 <unfixed> (bug #616366) CVE-2011-1305 @@ -734,19 +734,19 @@ CVE-2011-1106 (Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server ...) NOT-FOR-US: IBM Lotus Sametime CVE-2010-4753 (Cross-site scripting (XSS) vulnerability in LightNEasy.php in ...) - TODO: check + NOT-FOR-US: LightNEasy CVE-2010-4752 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, ...) - TODO: check + NOT-FOR-US: LightNEasy CVE-2010-4751 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, ...) - TODO: check + NOT-FOR-US: LightNEasy CVE-2010-4750 (Cross-site request forgery (CSRF) vulnerability in ...) - TODO: check + NOT-FOR-US: BLOG:CMS CVE-2010-4749 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS ...) - TODO: check + NOT-FOR-US: BLOG:CMS CVE-2010-4748 (Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki ...) - TODO: check + NOT-FOR-US: pmwiki CVE-2010-4747 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2011-XXXX [polarssl d-h man in the middle] - polarssl <unfixed> (bug #616114) NOTE: https://lists.ubuntu.com/archives/ubuntu-motu/2011-February/007026.html @@ -847,9 +847,9 @@ CVE-2011-1075 RESERVED CVE-2011-1074 (crontab.c in crontab in FreeBSD allows local users to determine the ...) - TODO: check + - cron <not-affected> (Debian''s cron not affected) CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users ...) - TODO: check + - cron <not-affected> (Debian''s cron not affected) CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to overwrite ...) TODO: apparenty not in Debian. Raphael, can you confirm? CVE-2011-1071 [eglibc: memory corruption] @@ -995,12 +995,12 @@ RESERVED CVE-2011-1025 [rootpw is not verified with slapd.conf] RESERVED - - openldap <unfixed> (low) + - openldap <unfixed> (low; bug #617606) [squeeze] - openldap <no-dsa> (Minor issue) [lenny] - openldap <not-affected> (Vulnerable code not present, introduced in 2.4.12) CVE-2011-1024 [forwarded bind failure messages cause success] RESERVED - - openldap <unfixed> (low) + - openldap <unfixed> (low; bug #617606) [lenny] - openldap <no-dsa> (Minor issue) [squeeze] - openldap <no-dsa> (Minor issue) CVE-2011-1023