thr3ads.net - Secure testing commits - [Secure-testing-commits] r17083

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2011-Aug-15 06:00 UTC
[Secure-testing-commits] r17083 - data/CVE

Author: jmm
Date: 2011-08-15 06:00:32 +0000 (Mon, 15 Aug 2011)
New Revision: 17083

Modified:
   data/CVE/list
Log:
- new wordpress issues (Guiseppe, can you check?)
- NFUs
- one ioquake issue was split off
- new commons-daemon issue (possibly needs a DSA)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-08-14 21:55:50 UTC (rev 17082)
+++ data/CVE/list	2011-08-15 06:00:32 UTC (rev 17083)
@@ -7,23 +7,23 @@
 CVE-2011-3131
 	RESERVED
 CVE-2011-3130 (wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2
before ...)
-	TODO: check
+	- wordpress <undetermined>
 CVE-2011-3129 (The file upload functionality WordPress 3.1 before 3.1.3 and 3.2
...)
-	TODO: check
+	- wordpress <undetermined>
 CVE-2011-3128 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats
unattached ...)
-	TODO: check
+	- wordpress <undetermined>
 CVE-2011-3127 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not
prevent ...)
-	TODO: check
+	- wordpress <undetermined>
 CVE-2011-3126 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote
...)
-	TODO: check
+	- wordpress <undetermined>
 CVE-2011-3125 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2
before ...)
-	TODO: check
+	- wordpress <undetermined>
 CVE-2011-3124 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and
Linux, ...)
-	TODO: check
+	NOT-FOR-US: InfoSphere
 CVE-2011-3123 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and
Linux, ...)
-	TODO: check
+	NOT-FOR-US: InfoSphere
 CVE-2011-3122 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2
before ...)
-	TODO: check
+	- wordpress <undetermined>
 CVE-2011-3121
 	RESERVED
 CVE-2011-3120
@@ -239,11 +239,14 @@
 CVE-2011-3015
 	RESERVED
 CVE-2011-3014 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x
through ...)
-	TODO: check
+	NOT-FOR-US: Novell Data Synchronizer
 CVE-2011-3013 (WebAdmin in the Mobility Pack before 1.2 in Novell Data
Synchronizer ...)
-	TODO: check
+	NOT-FOR-US: Novell Data Synchronizer
 CVE-2011-3012 (The ioQuake3 engine, as used in World of Padman 1.2 and earlier,
...)
-	TODO: check
+	- openarena 0.8.5-5+exp1
+	NOTE: Current openarena packages use the share ioquake3 engine
+	[squeeze] - openarena <no-dsa> (Minor issue, will be fixed in point
update)
+	- ioquake3 1.36+svn1946-4
 CVE-2011-3011
 	RESERVED
 CVE-2011-3010
@@ -251,17 +254,18 @@
 CVE-2011-3009 (Ruby before 1.8.6-p114 does not reset the random seed upon
forking, ...)
 	TODO: check
 CVE-2011-3008 (The default configuration of Avaya Secure Access Link (SAL)
Gateway ...)
-	TODO: check
+	NOT-FOR-US: Avaya Secure Access Link Gateway
 CVE-2008-7298 (The Android browser in Android cannot properly restrict
modifications ...)
-	TODO: check
+	NOT-FOR-US: Android browser
 CVE-2008-7297 (Opera cannot properly restrict modifications to cookies
established in ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2008-7296 (Apple Safari cannot properly restrict modifications to cookies
...)
-	TODO: check
+	NOT-FOR-US: Safari, see CVE-2008-7294 for potential webkit ramifications
 CVE-2008-7295 (Microsoft Internet Explorer cannot properly restrict
modifications to ...)
-	TODO: check
+	NOT-FOR-US: Internet Explorer
 CVE-2008-7294 (Google Chrome before 4.0.211.0 cannot properly restrict
modifications ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2008-7293 (Mozilla Firefox before 4 cannot properly restrict modifications
to ...)
 	TODO: check
 CVE-2008-7292 (Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x
before ...)
@@ -269,9 +273,9 @@
 CVE-2011-XXXX [libencode-perl unspecified issue]
 	- libencode-perl 2.44-1
 CVE-2011-3007 (The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS
Endpoint ...)
-	TODO: check
+	NOT-FOR-US: McAfee SaaS
 CVE-2011-3006 (The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee
SaaS ...)
-	TODO: check
+	NOT-FOR-US: McAfee SaaS
 CVE-2011-3005
 	RESERVED
 CVE-2011-3004
@@ -881,8 +885,9 @@
 	RESERVED
 CVE-2011-2730
 	RESERVED
-CVE-2011-2729
+CVE-2011-2729 [jsvc does not drop capabilities allowing the application to
access files and directories owned by superuser]
 	RESERVED
+	- commons-daemon 1.0.7-1
 CVE-2011-2728
 	RESERVED
 CVE-2011-2727
@@ -3518,11 +3523,11 @@
 	{DSA-2264-1 DSA-2240-1}
 	- linux-2.6 2.6.38-5
 CVE-2011-1744 (EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the
origin ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2011-1743 (Cross-site scripting (XSS) vulnerability in EMC Captiva eInput
2.1.1 ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2011-1742 (EMC Data Protection Advisor before 5.8.1 places cleartext
account ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2011-1741 (Stack-based buffer overflow in ftserver.exe in the OpenText ...)
 	NOT-FOR-US: OpenText Hummingbird Client Connector
 CVE-2011-1740
Secure testing commits - Aug 2011 - r17083 - data/CVE

[Secure-testing-commits] r17083 - data/CVE
