Author: jmm Date: 2011-03-22 08:15:30 +0000 (Tue, 22 Mar 2011) New Revision: 16412 Modified: data/CVE/list Log: - qmail CVEfied - new tomcat issue specific to tomcat7 - kernel updates - libxslt fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-03-21 22:51:50 UTC (rev 16411) +++ data/CVE/list 2011-03-22 08:15:30 UTC (rev 16412) @@ -129,7 +129,9 @@ CVE-2011-1432 (The STARTTLS implementation in SCO SCOoffice Server does not properly ...) TODO: check CVE-2011-1431 (The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the ...) - TODO: check + - qmail <unfixed> + [lenny] - qmail <no-dsa> (non-free doesn''t get security support) + [squeeze] - qmail <no-dsa> (non-free doesn''t get security support) CVE-2011-1430 (The STARTTLS implementation in the server in Ipswitch IMail 11.03 and ...) TODO: check CVE-2011-1429 (Mutt does not verify that the smtps server hostname matches the domain ...) @@ -162,7 +164,6 @@ TODO: check CVE-2011-1415 REJECTED - TODO: check CVE-2010-4757 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 ...) TODO: check CVE-2011-1414 @@ -613,7 +614,7 @@ - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/79476 CVE-2011-1202 (Unspecified vulnerability in the XSLT implementation in Google Chrome ...) - - libxslt <unfixed> (bug #617413) + - libxslt 1.1.26-7 (bug #617413) NOTE: http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html [squeeze] - libxslt <no-dsa> (minor issue) [lenny] - libxslt <no-dsa> (minor issue) @@ -733,6 +734,9 @@ RESERVED CVE-2011-1169 RESERVED + - linux-2.6 <unfixed> + [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.35) + [squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35) CVE-2011-1168 RESERVED CVE-2011-1167 @@ -1023,6 +1027,7 @@ NOTE: http://seclists.org/oss-sec/2011/q1/368 CVE-2011-1088 (Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity ...) TODO: check + - tomcat6 <not-affected> (Only affects Tomcat 7) CVE-2011-1087 RESERVED CVE-2011-1086 @@ -1052,7 +1057,7 @@ RESERVED CVE-2011-1076 RESERVED - - linux-2.6 <unfixed> + - linux-2.6 2.6.38-1 [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36) [squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36) CVE-2011-1075 @@ -2878,9 +2883,6 @@ NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded NOTE: http://www.postfix.org/announcements/postfix-2.7.3.html NOTE: http://www.postfix.org/CVE-2011-0411.html - - qmail <unfixed> - [lenny] - qmail <no-dsa> (non-free doesn''t get security support) - [squeeze] - qmail <no-dsa> (non-free doesn''t get security support) NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q CVE-2011-0410 (CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for ...) NOT-FOR-US: CollabNet ScrumWorks Basic