Author: jmm Date: 2011-06-10 08:27:46 +0000 (Fri, 10 Jun 2011) New Revision: 16791 Modified: data/CVE/list Log: updates from Helmut Grohne (thanks), with some additional changes by myself on top of it (front desk: please file bug/create ticket for wireshark and add the gimp issue to the existing ticket) Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-06-09 19:48:28 UTC (rev 16790) +++ data/CVE/list 2011-06-10 08:27:46 UTC (rev 16791) @@ -1,3 +1,11 @@ +CVE-2011-2468 + NOT-FOR-US: AnyMacro Mail System G4X +CVE-2011-2395 + NOT-FOR-US: Cisco +CVE-2011-2383 + NOT-FOR-US: Microsoft +CVE-2011-2382 + NOT-FOR-US: Microsoft CVE-2011-2194 [vlc xspf integer overflow] - vlc <unfixed> [lenny] - vlc <not-affected> (Vulnerable code not present) @@ -33,6 +41,11 @@ NOT-FOR-US: WalRack CVE-2011-2214 NOT-FOR-US: 7T Interactive Graphical SCADA System +CVE-2011-2175 (Integer underflow in the visual_read function in wiretap/visual.c ...) + - wireshark <unfixed> (unimportant) + NOTE: Crashes w/o code injection not treated as security issues, see README.Security +CVE-2011-2174 (Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c ...) + - wireshark <unfixed> CVE-2011-2173 NOT-FOR-US: IBM WebSphere Portal CVE-2011-2172 @@ -232,8 +245,8 @@ RESERVED CVE-2011-2108 RESERVED -CVE-2011-2107 - RESERVED +CVE-2011-2107 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 ...) + NOT-FOR-US: Adobe Flash Player CVE-2011-2106 RESERVED CVE-2011-2105 @@ -529,8 +542,9 @@ RESERVED CVE-2011-1960 RESERVED -CVE-2011-1959 - RESERVED +CVE-2011-1959 (The snoop_read function in wiretap/snoop.c ... does not properly handle certain virtualizable buffers ...) + - wireshark <unfixed> (unimportant) + NOTE: Crashes w/o code injection not treated as security issues, see README.Security CVE-2011-1958 RESERVED CVE-2011-1957 @@ -1243,7 +1257,7 @@ CVE-2011-1712 (The txXPathNodeUtils::getXSLTId function in ...) - iceweasel <unfixed> (unimportant) CVE-2011-1711 - RESERVED + NOT-FOR-US: Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer CVE-2011-1710 RESERVED CVE-2011-1709 @@ -2741,8 +2755,9 @@ - linux-2.6 2.6.38-4 CVE-2011-1179 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly ...) NOT-FOR-US: SPICE Firefox plug-in -CVE-2011-1178 - RESERVED +CVE-2011-1178 (Multiple integer overflows in the load_image function in file-pcx.c ...) + - gimp 2.6.10-1 + NOTE: Likely fixed earlier, but only the squeeze version was checked CVE-2011-1177 RESERVED CVE-2011-1176 (The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk ...)