Author: jmm Date: 2011-05-18 17:41:12 +0000 (Wed, 18 May 2011) New Revision: 16688 Modified: data/CVE/list Log: - two new kernel issues - new tomcat issue doesn''t affect Debian versions - feedparser CVEfied - remove polarssl dupe, already CVEfied - cyrus-imapd fixed, added bugnum - new tor issue (no-dsa) Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-05-17 21:15:40 UTC (rev 16687) +++ data/CVE/list 2011-05-18 17:41:12 UTC (rev 16688) @@ -433,12 +433,15 @@ RESERVED CVE-2011-1928 RESERVED -CVE-2011-1927 +CVE-2011-1927 [kernel remote DoS] RESERVED + - linux-2.6 <unfixed> (high) + [squeeze] - linux-2.6 <not-affected> (Vulnerable code not present) + [lenny] - linux-2.6 <not-affected> (Vulnerable code not present) CVE-2011-1926 [cyrus STARTTLS] RESERVED - - cyrus-imapd-2.2 <unfixed> (bug filed) - - cyrus-imapd-2.4 <unfixed> + - cyrus-imapd-2.2 2.2.13p1-11 (bug #627081) + - cyrus-imapd-2.4 2.4.7-1 CVE-2011-1925 RESERVED - nbd <unfixed> (bug #627042) @@ -447,6 +450,9 @@ [lenny] - nbd <not-affected> CVE-2011-1924 RESERVED + - tor 0.2.1.30-1 + [squeeze] - tor <no-dsa> (Only affects the central Tor directory servers) + [lenny] - tor <no-dsa> (Only affects the central Tor directory servers) CVE-2011-1923 [polarssl MITM] RESERVED - polarssl <unfixed> (bug #616114) @@ -609,7 +615,7 @@ CVE-2011-1857 RESERVED CVE-2011-1856 (Cross-site scripting (XSS) vulnerability in HP Business Availability ...) - TODO: check + NOT-FOR-US: HP Business Availability CVE-2011-1855 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x ...) NOT-FOR-US: HP Network Node Manager CVE-2011-1854 (Use-after-free vulnerability in HP Intelligent Management Center (IMC) ...) @@ -880,6 +886,7 @@ - opcontrol <unfixed> (medium; bug #624212) CVE-2011-1759 RESERVED + - linux-2.6 <unfixed> CVE-2011-1758 [sssd: flaw handled cached passwords] RESERVED - sssd <not-affected> (Only affects version 1.5+) @@ -1292,6 +1299,7 @@ RESERVED CVE-2011-1582 RESERVED + - tomcat6 <not-affected> (Only affects Tomcat 7) CVE-2011-1581 RESERVED - linux-2.6 <unfixed> (low) @@ -1362,7 +1370,9 @@ CVE-2009-5066 RESERVED CVE-2009-5065 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...) - TODO: check + - feedparser <unfixed> (low; bug #617998) + [squeeze] - feedparser <no-dsa> (Minor issue) + [lenny] - feedparser <no-dsa> (Minor issue) CVE-2011-XXXX [drupal6-mod-tagadelic XSS] - drupal6-mod-tagadelic 1.3-1 (low) NOTE: DRUPAL-SA-CONTRIB-2011-013 @@ -2511,12 +2521,6 @@ [squeeze] - feedparser <no-dsa> (Minor issue) [lenny] - feedparser <no-dsa> (Minor issue) NOTE: https://code.google.com/p/feedparser/issues/detail?id=91 -CVE-2011-XXXX [XSS vuln] - - feedparser <unfixed> (low; bug #617998) - [squeeze] - feedparser <no-dsa> (Minor issue) - [lenny] - feedparser <no-dsa> (Minor issue) - NOTE: CVE requested - NOTE: http://code.google.com/p/feedparser/issues/detail?id=195 CVE-2011-1155 (The writeState function in logrotate.c in logrotate 3.7.9 and earlier ...) - logrotate <unfixed> CVE-2011-1154 (The shred_file function in logrotate.c in logrotate 3.7.9 and earlier ...) @@ -2718,10 +2722,6 @@ NOT-FOR-US: pmwiki CVE-2010-4747 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Wordpress plugin -CVE-2011-XXXX [polarssl d-h man in the middle] - - polarssl <unfixed> (bug #616114) - NOTE: https://lists.ubuntu.com/archives/ubuntu-motu/2011-February/007026.html - NOTE: http://polarssl.org/trac/wiki/SecurityAdvisory201101 CVE-2011-1105 (Multiple cross-site scripting (XSS) vulnerabilities in Mutare EVM ...) NOT-FOR-US: Mutare EVM CVE-2011-1104 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare ...)