Author: jmm Date: 2011-05-16 16:50:09 +0000 (Mon, 16 May 2011) New Revision: 16669 Modified: data/CVE/list Log: another chrome/webkit issue sync tracker from kernel-sec repo new CVE for incomplete fix for old kde metalink issue historic mojo issue one util-linux issue actually a non-issue NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-05-16 08:45:02 UTC (rev 16668) +++ data/CVE/list 2011-05-16 16:50:09 UTC (rev 16669) @@ -1,19 +1,20 @@ CVE-2011-2081 (MediaCAST 8 and earlier does not properly handle requests for ...) - TODO: check + NOT-FOR-US: MediaCAST CVE-2011-2080 (Multiple SQL injection vulnerabilities in MediaCAST 8 and earlier ...) - TODO: check + NOT-FOR-US: MediaCAST CVE-2011-2079 (MediaCAST 8 and earlier allows remote attackers to have an unspecified ...) - TODO: check + NOT-FOR-US: MediaCAST CVE-2011-2078 (Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta ...) - TODO: check + NOT-FOR-US: New Atlanta BlueDragon CVE-2011-2077 (The default configuration of the New Atlanta BlueDragon administrative ...) - TODO: check + NOT-FOR-US: New Atlanta BlueDragon CVE-2011-2076 (MediaCAST 8 and earlier stores passwords in cleartext, which makes it ...) - TODO: check + NOT-FOR-US: MediaCAST CVE-2011-2075 (Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 ...) - TODO: check + - chromium-browser <undetermined> + - webkit <undetermined> CVE-2011-2074 (Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 ...) - TODO: check + NOT-FOR-US: Skype CVE-2011-2073 RESERVED CVE-2011-2072 @@ -117,7 +118,7 @@ CVE-2011-2023 RESERVED CVE-2011-2022 (The agp_generic_remove_memory function in drivers/char/agp/generic.c ...) - TODO: check + - linux-2.6 2.6.38-5 CVE-2011-2021 RESERVED CVE-2011-2020 @@ -347,19 +348,19 @@ CVE-2011-1908 RESERVED CVE-2011-1906 (Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific ...) - TODO: check + NOT-FOR-US: Trustwave WebDefend Enterprise CVE-2011-1905 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - TODO: check + NOT-FOR-US: Proofpoint Messaging Security Gateway CVE-2011-1904 (An unspecified function in the web interface in Proofpoint Messaging ...) - TODO: check + NOT-FOR-US: Proofpoint Messaging Security Gateway CVE-2011-1903 (SQL injection vulnerability in an unspecified function in Proofpoint ...) - TODO: check + NOT-FOR-US: Proofpoint Messaging Security Gateway CVE-2011-1902 (Directory traversal vulnerability in the web interface in Proofpoint ...) - TODO: check + NOT-FOR-US: Proofpoint Messaging Security Gateway CVE-2011-1901 (The mail-filter web interface in Proofpoint Messaging Security Gateway ...) - TODO: check + NOT-FOR-US: Proofpoint Messaging Security Gateway CVE-2011-1900 (Directory traversal vulnerability in NTWebServer in InduSoft Web ...) - TODO: check + NOT-FOR-US: InduSoft Web Studio CVE-2011-1899 RESERVED CVE-2011-1898 @@ -500,7 +501,7 @@ CVE-2011-1843 (Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow ...) TODO: check CVE-2011-1842 (dbus_backend/lsd.py in the D-Bus backend in language-selector before ...) - TODO: check + NOT-FOR-US: Ubuntu-specific language-selector package CVE-2011-1841 (Cross-site scripting (XSS) vulnerability in the link_to helper in ...) - libmojolicious-perl 1.12-1 CVE-2011-1840 @@ -534,7 +535,7 @@ CVE-2010-4802 (Commands.pm in Mojolicious before 0.999928 does not properly perform ...) - libmojolicious-perl 0.999929-1 CVE-2009-5074 (Unspecified vulnerability in the MojoX::Dispatcher::Static ...) - TODO: check + - libmojolicious-perl <not-affected> (Fixed before initial upload) CVE-2011-XXXX [spip DoS] - spip <unfixed> [squeeze] - spip 2.1.1-3squeeze1 @@ -575,11 +576,11 @@ CVE-2010-4790 (Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and ...) NOT-FOR-US: FilterFTP CVE-2011-1826 (Open redirect vulnerability in the Administrative Console in CA Arcot ...) - TODO: check + NOT-FOR-US: CA Arcot WebFort Versatile Authentication Server CVE-2011-1825 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - TODO: check + NOT-FOR-US: CA Arcot WebFort Versatile Authentication Server CVE-2011-1824 (The VEGAOpBitmap::AddLine function in Opera before 10.61 does not ...) - TODO: check + NOT-FOR-US: Opera CVE-2011-1823 RESERVED CVE-2011-1822 (The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 ...) @@ -675,9 +676,9 @@ CVE-2007-6742 (The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 ...) NOT-FOR-US: Tivoli CVE-2011-1789 (The self-extracting installer in the vSphere Client Installer package ...) - TODO: check + NOT-FOR-US: vSphere CVE-2011-1788 (vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before ...) - TODO: check + NOT-FOR-US: vCenter CVE-2011-1787 RESERVED CVE-2011-1786 (lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 ...) @@ -771,9 +772,9 @@ TODO: check NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=697975 CVE-2011-1748 (The raw_release function in net/can/raw.c in the Linux kernel before ...) - TODO: check + - linux-2.6 <unfixed> CVE-2011-1747 (The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not ...) - TODO: check + - linux-2.6 <unfixed> (low) CVE-2011-1746 (Multiple integer overflows in the (1) agp_allocate_memory and (2) ...) - linux-2.6 2.6.38-5 CVE-2011-1745 (Integer overflow in the agp_generic_insert_memory function in ...) @@ -940,7 +941,7 @@ CVE-2011-1677 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ ...) TODO: check CVE-2011-1676 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp ...) - TODO: check + NOTE: This was found to be a non-issue, see http://thread.gmane.org/gmane.comp.security.oss.general/4374/focus=4983 CVE-2011-1675 (mount in util-linux 2.19 and earlier attempts to append to the ...) TODO: check CVE-2011-1674 (The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote ...) @@ -1124,7 +1125,7 @@ CVE-2011-1594 RESERVED CVE-2011-1593 (Multiple integer overflows in the next_pidmap function in kernel/pid.c ...) - TODO: check + - linux-2.6 2.6.38-4 CVE-2011-1592 (The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x ...) - wireshark <not-affected> (Windows-specific) CVE-2011-1591 (Stack-based buffer overflow in the DECT dissector in ...) @@ -1143,7 +1144,8 @@ CVE-2011-1587 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, ...) - mediawiki <not-affected> (Incomplete fix never used in Debian) CVE-2011-1586 (Directory traversal vulnerability in the ...) - TODO: check + - kdenetwork <unfixed> + [lenny] - kdenetwork <not-affected> (Metalink plugin not yet present) CVE-2011-1585 RESERVED - linux-2.6 <unfixed>