thr3ads.net - Secure testing commits - [Secure-testing-commits] r16398

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Mar-17 21:15 UTC
[Secure-testing-commits] r16398 - data/CVE

Author: joeyh
Date: 2011-03-17 21:14:54 +0000 (Thu, 17 Mar 2011)
New Revision: 16398

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-03-17 16:19:47 UTC (rev 16397)
+++ data/CVE/list	2011-03-17 21:14:54 UTC (rev 16398)
@@ -1,3 +1,42 @@
+CVE-2011-1432 (The STARTTLS implementation in SCO SCOoffice Server does not
properly ...)
+	TODO: check
+CVE-2011-1431 (The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in
the ...)
+	TODO: check
+CVE-2011-1430 (The STARTTLS implementation in the server in Ipswitch IMail
11.03 and ...)
+	TODO: check
+CVE-2011-1429 (Mutt does not verify that the smtps server hostname matches the
domain ...)
+	TODO: check
+CVE-2011-1428 (Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and
earlier does ...)
+	TODO: check
+CVE-2011-1427 (Multiple cross-site scripting (XSS) vulnerabilities in Kodak
InSite ...)
+	TODO: check
+CVE-2011-1426
+	RESERVED
+CVE-2011-1425
+	RESERVED
+CVE-2011-1424
+	RESERVED
+CVE-2011-1423
+	RESERVED
+CVE-2011-1422
+	RESERVED
+CVE-2011-1421
+	RESERVED
+CVE-2011-1420
+	RESERVED
+CVE-2011-1419 (Apache Tomcat 7.x before 7.0.11, when web.xml has no security
...)
+	TODO: check
+CVE-2011-1418 (The stateless address autoconfiguration (aka SLAAC)
functionality in ...)
+	TODO: check
+CVE-2011-1417 (Unspecified vulnerability in MobileSafari in Apple iOS 4.2.1 on
the ...)
+	TODO: check
+CVE-2011-1416 (The Research In Motion (RIM) BlackBerry Torch 9800 with firmware
...)
+	TODO: check
+CVE-2011-1415
+	REJECTED
+	TODO: check
+CVE-2010-4757 (Cross-site scripting (XSS) vulnerability in submitnews.php in
e107 ...)
+	TODO: check
 CVE-2011-1414
 	RESERVED
 CVE-2011-1413 (Google Chrome before 10.0.648.127 on Linux does not properly
mitigate ...)
@@ -255,8 +294,7 @@
 	RESERVED
 CVE-2011-1291
 	RESERVED
-CVE-2011-1290
-	RESERVED
+CVE-2011-1290 (Integer overflow in WebKit, as used on the Research In Motion
(RIM) ...)
 	{DSA-2192-1}
 	- chromium-browser 10.0.648.133~r77742-1
 	- webkit <unfixed>
@@ -598,8 +636,8 @@
 	RESERVED
 CVE-2011-1154
 	RESERVED
-CVE-2011-1153
-	RESERVED
+CVE-2011-1153 (Multiple format string vulnerabilities in phar_object.c in the
phar ...)
+	TODO: check
 CVE-2011-1152
 	RESERVED
 CVE-2011-1151
@@ -610,12 +648,10 @@
 	RESERVED
 CVE-2011-1148
 	RESERVED
-CVE-2011-1147 [Multiple array overflow and crash vulnerabilities in UDPTL code]
-	RESERVED
+CVE-2011-1147 (Multiple stack-based and heap-based buffer overflows in the (1)
...)
 	- asterisk <undetermined> (bug #614580)
 	TODO: check vuln versions 
-CVE-2011-1146 [libvirt: several API calls do not honour read-only connection]
-	RESERVED
+CVE-2011-1146 (libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly
...)
 	- libvirt 0.8.8-3 (low; bug #617773)
 	[lenny] - libvirt <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=683650
@@ -815,21 +851,19 @@
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 	NOTE: http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904
 	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=330923
-CVE-2011-1094 [KDE SSL name check issue]
-	RESERVED
+CVE-2011-1094 (kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1
does not ...)
 	- kde4libs <unfixed>
 	- kdelibs <undetermined>
 	NOTE: http://seclists.org/oss-sec/2011/q1/434
 	TODO: file a bug in BTS, check severity. check if kdelibs is affected too.
 CVE-2011-1093
 	RESERVED
-CVE-2011-1092 [PHP: shmop_read, missing sanity check]
-	RESERVED
+CVE-2011-1092 (Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows
...)
 	- php5 <unfixed> (unimportant)
 	NOTE: only exploitable by malicious scripts
 	NOTE: http://seclists.org/oss-sec/2011/q1/430
-CVE-2011-1091
-	RESERVED
+CVE-2011-1091 (libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin
2.6.0 ...)
+	TODO: check
 CVE-2011-1090
 	RESERVED
 	- linux-2.6 2.6.38-1 (low)
@@ -839,8 +873,8 @@
 	- eglibc <unfixed>
 	TODO: This issue will be assigned to glibc, probably. Not confirmed yet.
 	NOTE: http://seclists.org/oss-sec/2011/q1/368
-CVE-2011-1088
-	RESERVED
+CVE-2011-1088 (Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity
...)
+	TODO: check
 CVE-2011-1087
 	RESERVED
 CVE-2011-1086
@@ -1181,8 +1215,7 @@
 	- openacs <not-affected> (PHP bindings not used)
 	- dotlrn <not-affected> (PHP bindings not used)
 	NOTE: http://secunia.com/advisories/40669/
-CVE-2011-1137 [proftpd mod_sftp DoS]
-	RESERVED
+CVE-2011-1137 (Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD
1.3.3d ...)
 	{DSA-2185-1}
 	- proftpd-dfsg 1.3.3d-4
 	[lenny] - proftpd-dfsg <not-affected> (Vulnerable code not present)
@@ -1412,8 +1445,8 @@
 	RESERVED
 CVE-2011-0890
 	RESERVED
-CVE-2011-0889
-	RESERVED
+CVE-2011-0889 (Unspecified vulnerability in HP Client Automation Enterprise
(aka HPCA ...)
+	TODO: check
 CVE-2011-0888
 	RESERVED
 CVE-2011-0887 (The web management portal on the SMC SMCD3G-CCR (aka Comcast
Business ...)
@@ -1773,8 +1806,8 @@
 	- php5 <unfixed> (unimportant)
 CVE-2011-0752 (The extract function in PHP before 5.2.15 does not prevent use
of the ...)
 	- php5 5.3.3-7 (low)
-CVE-2011-0751
-	RESERVED
+CVE-2011-0751 (Directory traversal vulnerability in nhttpd (aka Nostromo
webserver) ...)
+	TODO: check
 CVE-2011-0750
 	RESERVED
 CVE-2011-0749
@@ -1785,8 +1818,8 @@
 	RESERVED
 CVE-2011-0746
 	RESERVED
-CVE-2011-0745
-	RESERVED
+CVE-2011-0745 (SugarCRM before 6.1.3 does not properly handle reloads and
direct ...)
+	TODO: check
 CVE-2011-0744
 	RESERVED
 CVE-2011-0743
@@ -1866,8 +1899,7 @@
 	- linux-2.6 2.6.38-1 (low)
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present,
introduced in 2.6.34)
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present,
introduced in 2.6.34)
-CVE-2011-0715
-	RESERVED
+CVE-2011-0715 (The mod_dav_svn module for the Apache HTTP Server, as
distributed in ...)
 	{DSA-2181-1}
 	- subversion 1.6.16dfsg-1
 CVE-2011-0714
@@ -1915,13 +1947,11 @@
 	- feh <unfixed> (low; bug #612035)
 	[squeeze] - feh <no-dsa> (Minor issue)
 	[lenny] - feh <no-dsa> (Minor issue)
-CVE-2011-0701
-	RESERVED
+CVE-2011-0701 (wp-admin/async-upload.php in the media uploader in WordPress
before ...)
 	{DSA-2190-1}
 	- wordpress 3.0.5+dfsg-1
 	[lenny] - wordpress <not-affected> (2.x version is not affected)
-CVE-2011-0700
-	RESERVED
+CVE-2011-0700 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress
...)
 	{DSA-2190-1}
 	- wordpress 3.0.5+dfsg-1
 	[lenny] - wordpress <not-affected> (2.x version is not affected)
@@ -1945,8 +1975,7 @@
 	[lenny] - python-django <not-affected> (Vulnerable code not present)
 	NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
 	[squeeze] - python-django 1.2.3-3+squeeze1
-CVE-2011-0695 [panic in ib_cm:cm_work_handler]
-	RESERVED
+CVE-2011-0695 (Race condition in the cm_work_handler function in the InfiniBand
...)
 	- linux-2.6 <unfixed>
 CVE-2011-0694 (RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5,
and ...)
 	NOT-FOR-US: RealPlayer
@@ -2059,8 +2088,8 @@
 	NOT-FOR-US: Automated Solutions Modbus/TCP Master
 CVE-2011-0649 (Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1
through ...)
 	NOT-FOR-US: TIBCO Rendezvous
-CVE-2011-0648
-	RESERVED
+CVE-2011-0648 (Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows
remote ...)
+	TODO: check
 CVE-2011-0647 (The irccd.exe service in EMC Replication Manager Client before
5.3 and ...)
 	NOT-FOR-US: EMC
 CVE-2011-0646 (SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS
allows ...)
@@ -2167,8 +2196,8 @@
 	RESERVED
 CVE-2011-0610
 	RESERVED
-CVE-2011-0609
-	RESERVED
+CVE-2011-0609 (Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and
...)
+	TODO: check
 CVE-2011-0608 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-0607 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
@@ -2553,10 +2582,10 @@
 	RESERVED
 CVE-2011-0458
 	RESERVED
-CVE-2011-0457
-	RESERVED
-CVE-2011-0456
-	RESERVED
+CVE-2011-0457 (Cross-site scripting (XSS) vulnerability in e107 0.7.22 and
earlier ...)
+	TODO: check
+CVE-2011-0456 (Open Ticket Request System (OTRS) 2.3.4 and earlier allows
remote ...)
+	TODO: check
 CVE-2011-0455 (Cross-site scripting (XSS) vulnerability in Things BBS before
2.0.3 ...)
 	NOT-FOR-US: Things BBS
 CVE-2011-0454 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the
SEIL/x86 ...)
@@ -2596,16 +2625,15 @@
 	[lenny] - wireshark <not-affected> (Vulnerable code not present)
 CVE-2011-0443 (SQL injection vulnerability in inc/tinybb-settings.php in tinyBB
1.2, ...)
 	NOT-FOR-US: tinyBB
-CVE-2011-0442
-	RESERVED
+CVE-2011-0442 (The service utility in EMC Avamar 5.x before 5.0.4 uses
cleartext to ...)
+	TODO: check
 CVE-2011-0441
 	RESERVED
 CVE-2011-0440
 	RESERVED
 CVE-2011-0439
 	RESERVED
-CVE-2011-0438
-	RESERVED
+CVE-2011-0438 (nslcd/pam.c in nss-pam-ldapd 0.8.0 PAM module returns a success
code ...)
 	- nss-pam-ldapd <not-affected> (Only affects 0.8.0, which was only
uploaded to experimental)
 CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management
implementation ...)
 	{DSA-2179-1}
@@ -2626,8 +2654,7 @@
 	[squeeze] - vftool <no-dsa> (Minor issue)
 	[lenny] - vftool <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=640923
-CVE-2011-0432
-	RESERVED
+CVE-2011-0432 (Multiple SQL injection vulnerabilities in the get_userinfo
method in ...)
 	{DSA-2177-1}
 	- pywebdav 0.9.4-3
 CVE-2011-0431 (The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the
kernel ...)
@@ -2687,8 +2714,7 @@
 	NOTE: http://www.isc.org/software/dhcp/advisories/cve-2011-0413
 CVE-2011-0412
 	RESERVED
-CVE-2011-0411
-	RESERVED
+CVE-2011-0411 (The STARTTLS implementation in Postfix 2.4.x before 2.4.16,
2.5.x ...)
 	TODO: lots of various other packages potentially affected, need to check them,
see http://www.kb.cert.org/vuls/id/555316
 	- postfix 2.8.0-1
 	NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded
@@ -2875,8 +2901,8 @@
 	NOT-FOR-US: Topaz Systems SigPlus
 CVE-2011-0323 (Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly
other ...)
 	NOT-FOR-US: Topaz Systems SigPlus
-CVE-2011-0322
-	RESERVED
+CVE-2011-0322 (Unspecified vulnerability in EMC RSA Access Manager Server
5.5.x, ...)
+	TODO: check
 CVE-2011-0321 (librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x
before ...)
 	NOT-FOR-US: EMC NetWorker
 CVE-2011-0320
@@ -3106,8 +3132,7 @@
 CVE-2010-4652 (Heap-based buffer overflow in the sql_prepare_where function
...)
 	{DSA-2191-1}
 	- proftpd-dfsg 1.3.3a-6
-CVE-2010-4651 [patch directory traversal]
-	RESERVED
+CVE-2010-4651 (Directory traversal vulnerability in util.c in GNU patch 2.6.1
and ...)
 	- patch <unfixed> (unimportant)
 	NOTE: Applying a patch blindly opens more severe security issues than only
directory traversal...
 	NOTE: openwall ships a fix
@@ -3227,8 +3252,8 @@
 	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2010-4600 (Dojo Toolkit, as used in the Web client in IBM Rational
ClearQuest ...)
 	NOT-FOR-US: IBM Rational ClearQuest
-CVE-2011-0280
-	RESERVED
+CVE-2011-0280 (Multiple cross-site scripting (XSS) vulnerabilities in HP Power
...)
+	TODO: check
 CVE-2011-0279 (HP Multifunction Peripheral (MFP) Digital Sending Software (DSS)
...)
 	NOT-FOR-US: HP Multifunction Peripheral
 CVE-2011-0278 (Unspecified vulnerability in HP Web Jetadmin 10.2 Service
Release 3 ...)
@@ -3450,35 +3475,35 @@
 	RESERVED
 CVE-2011-0170 (Heap-based buffer overflow in ImageIO in CoreGraphics in Apple
iTunes ...)
 	NOT-FOR-US: Apple iTunes
-CVE-2011-0169
-	RESERVED
+CVE-2011-0169 (WebKit in Apple Safari before 5.0.4, when the Web Inspector is
used, ...)
+	TODO: check
 CVE-2011-0168 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows
...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-CVE-2011-0167
-	RESERVED
-CVE-2011-0166
-	RESERVED
+CVE-2011-0167 (The windows functionality in WebKit in Apple Safari before 5.0.4
...)
+	TODO: check
+CVE-2011-0166 (The HTML5 drag and drop functionality in WebKit in Apple Safari
before ...)
+	TODO: check
 CVE-2011-0165 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows
...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
 CVE-2011-0164 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows
...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-CVE-2011-0163
-	RESERVED
-CVE-2011-0162
-	RESERVED
-CVE-2011-0161
-	RESERVED
-CVE-2011-0160
-	RESERVED
-CVE-2011-0159
-	RESERVED
-CVE-2011-0158
-	RESERVED
-CVE-2011-0157
-	RESERVED
+CVE-2011-0163 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3,
does ...)
+	TODO: check
+CVE-2011-0162 (Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not
...)
+	TODO: check
+CVE-2011-0161 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3,
does ...)
+	TODO: check
+CVE-2011-0160 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3,
does ...)
+	TODO: check
+CVE-2011-0159 (The Safari Settings feature in Safari in Apple iOS 4.x before
4.3 does ...)
+	TODO: check
+CVE-2011-0158 (MobileSafari in Apple iOS before 4.3 does not properly implement
...)
+	TODO: check
+CVE-2011-0157 (WebKit, as used in Apple iOS before 4.3, allows remote attackers
to ...)
+	TODO: check
 CVE-2011-0156 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows
...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
@@ -3736,8 +3761,8 @@
 	{DSA-2178-1}
 	- pango1.0 1.28.3-2~sid1
 	[lenny] - pango1.0 <not-affected> (introduced in code cleanup)
-CVE-2011-0063
-	RESERVED
+CVE-2011-0063 (The _list_file_get function in lib/Majordomo.pm in Majordomo 2
...)
+	TODO: check
 CVE-2011-0062 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
 	- xulrunner <not-affected> (Only affects Firefox 3.6, not yet in
unstable)
 	- iceweasel <not-affected> (Only affects Firefox 3.6, not yet in
unstable)
@@ -4224,8 +4249,8 @@
 	[lenny] - mediawiki 1:1.12.0-2lenny7
 CVE-2011-0002 (libuser before 0.57 uses a cleartext password value of (1) !! or
(2) x ...)
 	- libuser 1:0.56.9.dfsg.1-1.1 (bug #610034)
-CVE-2011-0001
-	RESERVED
+CVE-2011-0001 (Double free vulnerability in the iscsi_rx_handler function ...)
+	TODO: check
 CVE-2010-4499 (Session fixation vulnerability in Collaborative Information
Manager ...)
 	NOT-FOR-US: TIBCO Collaborative Information Manager
 CVE-2010-4498 (Unspecified vulnerability in Collaborative Information Manager
server, ...)
@@ -6633,8 +6658,8 @@
 	- dhcp <not-affected> (Only affects DHCP 4.x)
 CVE-2010-3610
 	RESERVED
-CVE-2010-3609
-	RESERVED
+CVE-2010-3609 (Unspecified vulnerability in the Service Location Protocol
daemon ...)
+	TODO: check
 CVE-2010-3659 [Multiple security issues]
 	RESERVED
 	{DSA-2098-1}
@@ -40083,7 +40108,7 @@
 	- pidgin 2.4.3-1 (low; bug #488632)
 	- gaim <removed>
 	[lenny] - gaim <not-affected> (gaim is now a transitional package
depending on pidgin with its own source package)
-CVE-2008-2956 (Memory leak in Pidgin 2.0.0, and possibly other versions, allows
...)
+CVE-2008-2956 (** DISPUTED ** ...)
 	- pidgin <unfixed> (unimportant; bug #488632)
 	NOTE: Non-issue per analysis of Pidgin upstream developers, should be rejected
 CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other
versions, ...)
Secure testing commits - Mar 2011 - r16398 - data/CVE

[Secure-testing-commits] r16398 - data/CVE
