Author: jmm
Date: 2011-06-29 20:14:13 +0000 (Wed, 29 Jun 2011)
New Revision: 16864
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-06-29 20:01:48 UTC (rev 16863)
+++ data/CVE/list 2011-06-29 20:14:13 UTC (rev 16864)
@@ -812,6 +812,7 @@
RESERVED
- linux-2.6 <unfixed>
CVE-2011-2202 (The rfc1867_post_handler function in main/rfc1867.c in PHP
before ...)
+ {DSA-2266-1}
- php5 5.3.6-12
CVE-2011-2199 [tftp-hpa buffer overflow]
RESERVED
@@ -1494,7 +1495,7 @@
CVE-2011-1932 [directory traversal when receiving world data through a
multiplayer game]
RESERVED
- widelands 1:15-3 (low; bug #617960)
- [squeeze] - widelands 1:15-3squeeze1
+ [squeeze] - widelands 1:15-3squeeze1
[lenny] - widelands <no-dsa> (Minor issue)
CVE-2011-1931 [ffmpeg AMV out of array write]
RESERVED
@@ -2456,7 +2457,7 @@
- mediawiki <not-affected> (Incomplete fix never used in Debian)
CVE-2011-1586 (Directory traversal vulnerability in the ...)
- kdenetwork <unfixed>
- [squeeze] - kdenetwork 4:4.4.5-2+squeeze1
+ [squeeze] - kdenetwork 4:4.4.5-2+squeeze1
[lenny] - kdenetwork <not-affected> (Metalink plugin not yet present)
CVE-2011-1585
RESERVED
@@ -2826,6 +2827,7 @@
CVE-2008-7284 (IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino
allows ...)
NOT-FOR-US: IBM Lotus Quickr
CVE-2011-1471 (Integer signedness error in zip_stream.c in the Zip extension in
PHP ...)
+ {DSA-2266-1}
- php5 5.3.6-1
CVE-2011-1470 (The Zip extension in PHP before 5.3.6 allows context-dependent
...)
- php5 5.3.6-1 (unimportant)
@@ -2840,6 +2842,7 @@
- php5 5.3.6-1
[lenny] - php5 <not-affected> (intl extension included since 5.3)
CVE-2011-1466 (Integer overflow in the SdnToJulian function in the Calendar
extension ...)
+ {DSA-2266-1}
- php5 5.3.6-1
NOTE: null pointer deref because of int overflow. Fix has a bug
CVE-2011-1465 (The SPDY implementation in net/http/http_network_transaction.cc
in ...)
@@ -3713,7 +3716,7 @@
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35)
CVE-2011-1168 (Cross-site scripting (XSS) vulnerability in the
KHTMLPart::htmlError ...)
- kde4libs 4:4.4.5-4 (low)
- [squeeze] - kde4libs 4:4.4.5-2+squeeze2
+ [squeeze] - kde4libs 4:4.4.5-2+squeeze2
[lenny] - kde4libs <no-dsa> (Minor issue)
CVE-2011-1167 (Heap-based buffer overflow in the thunder (aka ThunderScan)
decoder in ...)
{DSA-2210-1}
@@ -3761,6 +3764,7 @@
CVE-2011-1154 (The shred_file function in logrotate.c in logrotate 3.7.9 and
earlier ...)
- logrotate <unfixed>
CVE-2011-1153 (Multiple format string vulnerabilities in phar_object.c in the
phar ...)
+ {DSA-2266-1}
- php5 5.3.6-1 (unimportant)
NOTE: only exploitable by malicious scripts
CVE-2011-1152
@@ -3992,7 +3996,7 @@
NOTE: http://bugs.gentoo.org/show_bug.cgi?id=330923
CVE-2011-1094 (kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1
does not ...)
- kde4libs 4:4.4.5-4 (low)
- [squeeze] - kde4libs 4:4.4.5-2+squeeze2
+ [squeeze] - kde4libs 4:4.4.5-2+squeeze2
[lenny] - kde4libs <no-dsa> (Minor issue)
- kdelibs <undetermined>
NOTE: http://seclists.org/oss-sec/2011/q1/434
@@ -4039,7 +4043,7 @@
CVE-2011-1081 (modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote
...)
- openldap 2.4.25-1 (low; bug #617606)
[lenny] - openldap <no-dsa> (Minor issue)
- [squeeze] - openldap 2.4.23-7.1
+ [squeeze] - openldap 2.4.23-7.1
CVE-2011-1080
RESERVED
{DSA-2264-1 DSA-2240-1}
@@ -4207,12 +4211,12 @@
NOT-FOR-US: Apache Archiva
CVE-2011-1025 (bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not
require ...)
- openldap 2.4.25-1 (unimportant; bug #617606)
- [squeeze] - openldap 2.4.23-7.1
+ [squeeze] - openldap 2.4.23-7.1
NOTE: NBD backend disabled in Debian builds
CVE-2011-1024 (chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a
...)
- openldap 2.4.25-1 (low; bug #617606)
[lenny] - openldap <no-dsa> (Minor issue)
- [squeeze] - openldap 2.4.23-7.1
+ [squeeze] - openldap 2.4.23-7.1
CVE-2011-1023
RESERVED
- linux-2.6 2.6.38-1
@@ -4657,60 +4661,60 @@
RESERVED
CVE-2011-0873 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0872 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0871 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0870
RESERVED
CVE-2011-0869 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0868 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0867 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0866 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0865 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0864 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0863 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0862 (Multiple unspecified vulnerabilities in the Java Runtime
Environment ...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0861 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS
9.0 ...)
@@ -4803,19 +4807,19 @@
NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0817 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0816
RESERVED
CVE-2011-0815 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0814 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined>
CVE-2011-0813 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11
Express ...)
@@ -4842,7 +4846,7 @@
NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-0802 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0801 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express
allows ...)
@@ -4873,14 +4877,14 @@
NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0788 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0787 (Unspecified vulnerability in the Application Service Level
Management ...)
NOT-FOR-US: Oracle
CVE-2011-0786 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
- [squeeze] - sun-java6 6.26-0squeeze1
+ [squeeze] - sun-java6 6.26-0squeeze1
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0785 (Unspecified vulnerability in the Oracle Help component in Oracle
...)
@@ -5180,6 +5184,7 @@
CVE-2011-0709 (The br_mdb_ip_get function in net/bridge/br_multicast.c in the
Linux ...)
- linux-2.6 <not-affected> (Introduced in 2.6.35-rc1 and fixed in
2.6.35-rc5)
CVE-2011-0708 (exif.c in the Exif extension in PHP before 5.3.6 on 64-bit
platforms ...)
+ {DSA-2266-1}
- php5 5.3.6-1
CVE-2011-0707 (Multiple cross-site scripting (XSS) vulnerabilities in
Cgi/confirm.py ...)
{DSA-2170-1}
@@ -5965,9 +5970,11 @@
CVE-2011-0422
RESERVED
CVE-2011-0421 (The _zip_name_locate function in zip_name_locate.c in the Zip
...)
+ {DSA-2266-1}
- php5 5.3.6-1
NOTE: http://svn.php.net/viewvc?view=revision&revision=307867
CVE-2011-0420 (The grapheme_extract function in the Internationalization
extension ...)
+ {DSA-2266-1}
- php5 <unfixed> (unimportant)
[lenny] - php5 <not-affected> (intl extension added in 5.3)
NOTE: Only triggerable through malicious script
@@ -11329,9 +11336,9 @@
- nss 3.12.8-1
- kde4libs 4:4.4.5-4 (low)
- qt4-x11 4:4.7.2-4 (low)
- [squeeze] - qt4-x11 4:4.6.3-4+squeeze1
+ [squeeze] - qt4-x11 4:4.6.3-4+squeeze1
[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
- [squeeze] - kde4libs 4:4.4.5-2+squeeze2
+ [squeeze] - kde4libs 4:4.4.5-2+squeeze2
[lenny] - kde4libs <no-dsa> (Minor issue)
CVE-2010-3169 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
{DSA-2106-1}
@@ -13103,6 +13110,7 @@
CVE-2010-2532 (** DISPUTED ** ...)
- lxsession 0.4.4-3 (bug #591409)
CVE-2010-2531 (The var_export function in PHP 5.2 before 5.2.14 and 5.3 before
5.3.3 ...)
+ {DSA-2266-1}
- php5 5.3.3-2 (low)
CVE-2010-2530 (Multiple integer signedness errors in smb_subr.c in the netsmb
module ...)
NOT-FOR-US: NetBSD
@@ -13960,7 +13968,7 @@
CVE-2010-2200
RESERVED
- dbus 1.4.12-1 (low; bug #629938)
- [squeeze] - dbus 1.2.24-4+squeeze1
+ [squeeze] - dbus 1.2.24-4+squeeze1
[lenny] - dbus <no-dsa> (Minor issue)
CVE-2010-2199 (lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the
...)
- rpm <unfixed> (bug #584257; unimportant)