Author: jmm Date: 2011-03-25 15:30:45 +0000 (Fri, 25 Mar 2011) New Revision: 16434 Modified: data/CVE/list Log: - tomcat issue only affects tomcat 7 - two new kernel issues - new issues in loggerhead (fixed), mahara (fixed), tiff (unfixed) and vlc (unfixed) - NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-03-24 22:18:57 UTC (rev 16433) +++ data/CVE/list 2011-03-25 15:30:45 UTC (rev 16434) @@ -96,8 +96,10 @@ RESERVED CVE-2011-1477 RESERVED + - linux-2.6 <unfixed> CVE-2011-1476 RESERVED + - linux-2.6 <unfixed> CVE-2011-1475 RESERVED CVE-2011-1474 @@ -281,7 +283,7 @@ CVE-2011-1420 RESERVED CVE-2011-1419 (Apache Tomcat 7.x before 7.0.11, when web.xml has no security ...) - TODO: check + - tomcat6 <not-affected> (Only affects Tomcat 7) CVE-2011-1418 (The stateless address autoconfiguration (aka SLAAC) functionality in ...) NOT-FOR-US: Apple iOS CVE-2011-1417 (QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in ...) @@ -291,7 +293,7 @@ CVE-2011-1415 REJECTED CVE-2010-4757 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 ...) - TODO: check + NOT-FOR-US: e107 CVE-2011-1414 (Cross-site scripting (XSS) vulnerability in the tibbr web server, as ...) NOT-FOR-US: TIBCO tibbr CVE-2011-1413 (Google Chrome before 10.0.648.127 on Linux does not properly mitigate ...) @@ -881,6 +883,7 @@ RESERVED CVE-2011-1167 RESERVED + - tiff <unfixed> (bug filed) CVE-2011-1166 RESERVED CVE-2011-1165 @@ -1170,7 +1173,6 @@ TODO: This issue will be assigned to glibc, probably. Not confirmed yet. NOTE: http://seclists.org/oss-sec/2011/q1/368 CVE-2011-1088 (Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity ...) - TODO: check - tomcat6 <not-affected> (Only affects Tomcat 7) CVE-2011-1087 RESERVED @@ -2162,6 +2164,7 @@ RESERVED CVE-2011-0728 RESERVED + - loggerhead 1.18.1-1 CVE-2011-0727 RESERVED CVE-2011-0726 @@ -2948,8 +2951,10 @@ NOTE: Debian-specific CVE-2011-0440 RESERVED + - mahara 1.2.7-1 CVE-2011-0439 RESERVED + - mahara 1.2.7-1 CVE-2011-0438 (nslcd/pam.c in nss-pam-ldapd 0.8.0 PAM module returns a success code ...) - nss-pam-ldapd <not-affected> (Only affects 0.8.0, which was only uploaded to experimental) CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management implementation ...) @@ -7923,8 +7928,10 @@ NOT-FOR-US: VMware Workstation CVE-2010-3276 RESERVED + - vlc <unfixed> CVE-2010-3275 RESERVED + - vlc <unfixed> CVE-2010-3274 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: ZOHO ManageEngine CVE-2010-3273 (ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows ...)