Secure testing commits - May 2011 - r16710 - data/CVE

Author: jmm
Date: 2011-05-25 14:44:55 +0000 (Wed, 25 May 2011)
New Revision: 16710

Modified:
   data/CVE/list
Log:
new ruby issue (FD: please file bug/ticket)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-05-25 14:35:37 UTC (rev 16709)
+++ data/CVE/list	2011-05-25 14:44:55 UTC (rev 16710)
@@ -45,9 +45,9 @@
 CVE-2011-2145
 	RESERVED
 CVE-2009-5075 (Monkey''s Audio before 4.02 allows remote attackers to
cause a denial ...)
-	TODO: check
+	NOT-FOR-US: Monkey''s Audio
 CVE-2006-7245 (Monkey''s Audio before 4.01b2 allows remote attackers to
cause a denial ...)
-	TODO: check
+	NOT-FOR-US: Monkey''s Audio
 CVE-2011-XXXX [MSA-11-0017]
 	- moodle <not-affected> (Only affects 2.x)
 CVE-2011-XXXX [MSA-11-0016]
@@ -81,13 +81,13 @@
 CVE-2011-XXXX [MSA-11-0002]
 	- moodle 1.9.9.dfsg2-3
 CVE-2011-2144 (The eDocument Conversion Actions implementation in IBM Datacap
...)
-	TODO: check
+	NOT-FOR-US: IBM Datacap Taskmaster Capture
 CVE-2011-2143 (IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows
...)
-	TODO: check
+	NOT-FOR-US: IBM Datacap Taskmaster Capture
 CVE-2011-2142 (The Web Client Service in IBM Datacap Taskmaster Capture 8.0.1
before ...)
-	TODO: check
+	NOT-FOR-US: IBM Datacap Taskmaster Capture
 CVE-2011-2141 (SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster
Capture ...)
-	TODO: check
+	NOT-FOR-US: IBM Datacap Taskmaster Capture
 CVE-2011-2140
 	RESERVED
 CVE-2011-2139
@@ -193,9 +193,9 @@
 CVE-2011-2089 (Stack-based buffer overflow in the SetActiveXGUID method in the
...)
 	NOT-FOR-US: ICONICS BizViz, GENESIS32
 CVE-2011-2088 (XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in
...)
-	TODO: check
+	- libstruts1.2-java <undetermined>
 CVE-2011-2087 (Multiple cross-site scripting (XSS) vulnerabilities in component
...)
-	TODO: check
+	- libstruts1.2-java <undetermined>
 CVE-2011-2086
 	RESERVED
 CVE-2011-2085
@@ -328,9 +328,9 @@
 CVE-2011-2022 (The agp_generic_remove_memory function in
drivers/char/agp/generic.c ...)
 	- linux-2.6 2.6.38-5
 CVE-2011-2021 (Session fixation vulnerability in TIBCO iProcess Engine before
11.1.3 ...)
-	TODO: check
+	NOT-FOR-US: TIBCO iProcess Engine
 CVE-2011-2020 (Cross-site scripting (XSS) vulnerability in TIBCO iProcess
Engine ...)
-	TODO: check
+	NOT-FOR-US: TIBCO iProcess Engine
 CVE-2011-2019
 	RESERVED
 CVE-2011-2018
@@ -608,7 +608,7 @@
 CVE-2011-1900 (Directory traversal vulnerability in NTWebServer in InduSoft Web
...)
 	NOT-FOR-US: InduSoft Web Studio
 CVE-2011-1899 (Multiple cross-site scripting (XSS) vulnerabilities in CA
eHealth ...)
-	TODO: check
+	NOT-FOR-US: CA eHealth
 CVE-2011-1898
 	RESERVED
 CVE-2011-1897
@@ -5517,7 +5517,9 @@
 CVE-2011-0189 (The default configuration of Terminal in Apple Mac OS X 10.6
before ...)
 	NOT-FOR-US: Apple Mac OS
 CVE-2011-0188 (The VpMemAlloc function in bigdecimal.c in the BigDecimal class
in ...)
-	TODO: check
+	- ruby1.8 <unfixed>
+	- ruby1.9 <removed>
+	- ruby1.9.1 <unfixed>
 CVE-2011-0187 (The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows
remote ...)
 	NOT-FOR-US: Apple Mac OS
 CVE-2011-0186 (QuickTime in Apple Mac OS X before 10.6.7 allows remote
attackers to ...)