thr3ads.net - Secure testing commits - [Secure-testing-commits] r16968

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Jul-22 21:14 UTC
[Secure-testing-commits] r16968 - data/CVE

Author: joeyh
Date: 2011-07-22 21:14:51 +0000 (Fri, 22 Jul 2011)
New Revision: 16968

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-07-22 18:33:23 UTC (rev 16967)
+++ data/CVE/list	2011-07-22 21:14:51 UTC (rev 16968)
@@ -1,3 +1,7 @@
+CVE-2011-2883 (The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix
Access ...)
+	TODO: check
+CVE-2011-2882 (Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX
control ...)
+	TODO: check
 CVE-2011-2881
 	RESERVED
 CVE-2011-2880
@@ -401,8 +405,7 @@
 	- drupal6 <not-affected>
 CVE-2011-2686
 	RESERVED
-CVE-2011-2685 [libreoffice lotus word pro filter, wrong object id cast ]
-	RESERVED
+CVE-2011-2685 (Stack-based buffer overflow in the Lotus Word Pro import filter
in ...)
 	{DSA-2275-1}
 	- libreoffice 1:3.3.3-1
 	- openoffice.org 1:3.3.0-1
@@ -813,8 +816,8 @@
 	- linux-2.6 2.6.39-1 (low)
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2011-2520
-	RESERVED
+CVE-2011-2520 (fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the
...)
+	TODO: check
 CVE-2011-2519
 	RESERVED
 CVE-2011-2518
@@ -2710,9 +2713,9 @@
 	[squeeze] - chromium-browser <not-affected>
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/84085
-CVE-2011-1797
-	RESERVED
+CVE-2011-1797 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
 	{DSA-2245-1}
+	TODO: check
 CVE-2011-1796
 	RESERVED
 	- chromium-browser 11.0.696.65~r84435-1
@@ -2809,8 +2812,7 @@
 	- linux-2.6 <unfixed> (low)
 CVE-2011-1775 (The CSecurityTLS::processMsg function in
common/rfb/CSecurityTLS.cxx ...)
 	NOT-FOR-US: TigerVNC
-CVE-2011-1774
-	RESERVED
+CVE-2011-1774 (WebKit in Apple Safari before 5.0.6 has improper libxslt
security ...)
 	- xmlsec1 1.2.14-1.1
 	NOTE: very likely a duplicate of cve-2011-1425
 	NOTE: http://www.openwall.com/lists/oss-security/2011/05/09/4
@@ -3673,8 +3675,8 @@
 	NOTE: ini setting needs to be modified.
 CVE-2011-1463
 	RESERVED
-CVE-2011-1462
-	RESERVED
+CVE-2011-1462 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
 CVE-2011-1461
 	RESERVED
 CVE-2011-1460
@@ -3683,8 +3685,8 @@
 	RESERVED
 CVE-2011-1458
 	RESERVED
-CVE-2011-1457
-	RESERVED
+CVE-2011-1457 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
 CVE-2011-1456 (Google Chrome before 11.0.696.57 does not properly handle PDF
forms, ...)
 	- chromium-browser <not-affected> (chrome pdf plugin)
 CVE-2011-1455 (Google Chrome before 11.0.696.57 does not properly handle PDF
...)
@@ -3694,8 +3696,8 @@
 	[squeeze] - chromium-browser <not-affected>
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/84015
-CVE-2011-1453
-	RESERVED
+CVE-2011-1453 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
 CVE-2011-1452 (Google Chrome before 11.0.696.57 allows user-assisted remote
attackers ...)
 	- chromium-browser 11.0.696.65~r84435-1
 	[squeeze] - chromium-browser <not-affected>
@@ -4158,7 +4160,7 @@
 	[squeeze] - chromium-browser <not-affected>
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/80520
-CVE-2011-1295 (Google Chrome before 10.0.648.204 does not properly handle node
...)
+CVE-2011-1295 (WebKit, as used in Google Chrome before 10.0.648.204 and Apple
Safari ...)
 	- chromium-browser 10.0.648.204~r79063-1
 	[squeeze] - chromium-browser <no-dsa> (hard merge)
 	- webkit <undetermined>
@@ -4191,8 +4193,8 @@
 	NOTE: http://trac.webkit.org/changeset/80787
 CVE-2011-1289
 	RESERVED
-CVE-2011-1288
-	RESERVED
+CVE-2011-1288 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
 CVE-2011-1287
 	RESERVED
 CVE-2011-1286 (Google V8, as used in Google Chrome before 10.0.648.127, allows
remote ...)
@@ -7412,12 +7414,12 @@
 	RESERVED
 CVE-2011-0256
 	RESERVED
-CVE-2011-0255
-	RESERVED
-CVE-2011-0254
-	RESERVED
-CVE-2011-0253
-	RESERVED
+CVE-2011-0255 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
+CVE-2011-0254 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
+CVE-2011-0253 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
 CVE-2011-0252
 	RESERVED
 CVE-2011-0251
@@ -7434,32 +7436,32 @@
 	RESERVED
 CVE-2011-0245
 	RESERVED
-CVE-2011-0244
-	RESERVED
+CVE-2011-0244 (WebKit in Apple Safari before 5.0.6 allows user-assisted remote
...)
+	TODO: check
 CVE-2011-0243
 	RESERVED
-CVE-2011-0242
-	RESERVED
-CVE-2011-0241
-	RESERVED
-CVE-2011-0240
-	RESERVED
+CVE-2011-0242 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
+	TODO: check
+CVE-2011-0241 (Heap-based buffer overflow in ImageIO in Apple Safari before
5.0.6 ...)
+	TODO: check
+CVE-2011-0240 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
 CVE-2011-0239
 	RESERVED
-CVE-2011-0238
-	RESERVED
-CVE-2011-0237
-	RESERVED
+CVE-2011-0238 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
+CVE-2011-0237 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
 CVE-2011-0236
 	RESERVED
-CVE-2011-0235
-	RESERVED
-CVE-2011-0234
-	RESERVED
-CVE-2011-0233
-	RESERVED
-CVE-2011-0232
-	RESERVED
+CVE-2011-0235 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
+CVE-2011-0234 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
+CVE-2011-0233 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
+CVE-2011-0232 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
 CVE-2011-0231
 	RESERVED
 CVE-2011-0230
@@ -7472,30 +7474,30 @@
 	TODO: check
 CVE-2011-0226 (Integer signedness error in psaux/t1decode.c in FreeType before
2.4.6, ...)
 	TODO: check
-CVE-2011-0225
-	RESERVED
+CVE-2011-0225 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
 CVE-2011-0224
 	RESERVED
-CVE-2011-0223
-	RESERVED
-CVE-2011-0222
-	RESERVED
-CVE-2011-0221
-	RESERVED
+CVE-2011-0223 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
+CVE-2011-0222 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
+CVE-2011-0221 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
 CVE-2011-0220
 	RESERVED
-CVE-2011-0219
-	RESERVED
-CVE-2011-0218
-	RESERVED
-CVE-2011-0217
-	RESERVED
-CVE-2011-0216
-	RESERVED
-CVE-2011-0215
-	RESERVED
-CVE-2011-0214
-	RESERVED
+CVE-2011-0219 (Apple Safari before 5.0.6 allows remote attackers to bypass the
Same ...)
+	TODO: check
+CVE-2011-0218 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+	TODO: check
+CVE-2011-0217 (Apple Safari before 5.0.6 provides AutoFill information to
scripts ...)
+	TODO: check
+CVE-2011-0216 (Off-by-one error in libxml in Apple Safari before 5.0.6 allows
remote ...)
+	TODO: check
+CVE-2011-0215 (ImageIO in Apple Safari before 5.0.6 on Windows does not
properly ...)
+	TODO: check
+CVE-2011-0214 (CFNetwork in Apple Safari before 5.0.6 on Windows does not
properly ...)
+	TODO: check
 CVE-2011-0213 (Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8
allows ...)
 	NOT-FOR-US: QuickTime in Apple Mac OS
 CVE-2011-0212 (servermgrd in Apple Mac OS X before 10.6.8 allows remote
attackers to ...)
@@ -15440,7 +15442,6 @@
 	NOTE: poc seems to cause a dos in both chromium and webkit; not sure if code
execution is possible
 	NOTE: This is Safari only
 CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in
libopie ...)
-	{DSA-2281-1}
 	- opie 2.32.dfsg.1-0.2 (low; bug #584932)
 	[lenny] - opie 2.32-10.2+lenny2
 CVE-2010-1937 (Heap-based buffer overflow in httpAdapter.c in httpAdapter in
SBLIM ...)
@@ -17066,8 +17067,8 @@
 	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=27751
 	NOTE: http://trac.webkit.org/changeset/58703
-CVE-2010-1420
-	RESERVED
+CVE-2010-1420 (Cross-site scripting (XSS) vulnerability in CFNetwork in Apple
Safari ...)
+	TODO: check
 CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.1-2
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
@@ -17293,8 +17294,8 @@
 	- chromium-browser <unfixed> (unimportant)
 	NOTE: This is based on various misconceptions surrounding "phishing"
The only supported browser security model
 	NOTE: surrounding URLs is the accurate post-link-click indication of the final
target URL in the URL bar.
-CVE-2010-1383
-	RESERVED
+CVE-2010-1383 (CFNetwork in Apple Safari before 5.0.6 on Windows allows remote
web ...)
+	TODO: check
 CVE-2010-1382 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple
Mac ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2010-1381 (The default configuration of SMB File Server in Apple Mac OS X
10.5.8, ...)
Secure testing commits - Jul 2011 - r16968 - data/CVE

[Secure-testing-commits] r16968 - data/CVE
