Author: jmm Date: 2011-07-13 20:15:46 +0000 (Wed, 13 Jul 2011) New Revision: 16932 Modified: data/CVE/list Log: - new reseed issue (no-dsa) - new kvm issue, fixed in sid along with another issue - new drupal issue not affecting stable/oldstable, fixed in sid - new plone issues (oldstable only and virtually unused, no-dsa or removal seems the best solution) Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-07-13 09:14:18 UTC (rev 16931) +++ data/CVE/list 2011-07-13 20:15:46 UTC (rev 16932) @@ -92,6 +92,8 @@ - libapache2-mod-authnz-external <unfixed> (medium; bug #633637) CVE-2011-2687 RESERVED + - drupal7 7.4-1 (bug #633385) + - drupal6 <not-affected> CVE-2011-2686 RESERVED CVE-2011-2685 [libreoffice lotus word pro filter, wrong object id cast ] @@ -105,6 +107,8 @@ RESERVED CVE-2011-2683 RESERVED + - reseed <removed> + [lenny] - reseed <no-dsa> (Minor issue) CVE-2010-4814 (SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) ...) NOT-FOR-US: Best Soft Inc. CVE-2010-4813 (Cross-site scripting (XSS) vulnerability in the Category Tokens module ...) @@ -441,6 +445,7 @@ RESERVED CVE-2011-2538 RESERVED + - plone3 <removed> CVE-2011-2537 RESERVED CVE-2011-XXXX [unspecified security vulnerabilities from 4.3.7] @@ -475,8 +480,10 @@ - asterisk 1:1.8.4.3-1 (bug #631446) CVE-2011-2528 RESERVED -CVE-2011-2527 +CVE-2011-2527 RESERVED + - qemu-kvm 0.14.1+dfsg-3 (bug #633669) + - kvm <not-affected> (Vulnerable code not present) CVE-2011-2526 RESERVED CVE-2011-2525 @@ -1211,8 +1218,8 @@ - linux-2.6 3.6.39-3 CVE-2011-2212 RESERVED - - qemu-kvm <unfixed> (bug #632987) - - kvm <undetermined> + - qemu-kvm 0.14.1+dfsg-3 (bug #632987) + - kvm <removed> CVE-2011-2207 RESERVED CVE-2011-2206 (XMLParser.pm in DJabberd before 0.85 allows remote authenticated users ...) @@ -1939,11 +1946,11 @@ [lenny] - syslog-ng <not-affected> (Only affects PCRE >= 8.12) NOTE: http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff CVE-2011-1950 (plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users ...) - - plone3 <undetermined> + - plone3 <removed> CVE-2011-1949 (Cross-site scripting (XSS) vulnerability in the safe_html filter in ...) - - plone3 <undetermined> + - plone3 <removed> CVE-2011-1948 (Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier ...) - - plone3 <undetermined> + - plone3 <removed> CVE-2011-1947 (fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time ...) - fetchmail <unfixed> (unimportant) NOTE: http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt