thr3ads.net - Secure testing commits - [Secure-testing-commits] r17140

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Aug-30 21:14 UTC
[Secure-testing-commits] r17140 - data/CVE

Author: joeyh
Date: 2011-08-30 21:14:26 +0000 (Tue, 30 Aug 2011)
New Revision: 17140

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-08-30 09:14:19 UTC (rev 17139)
+++ data/CVE/list	2011-08-30 21:14:26 UTC (rev 17140)
@@ -1,3 +1,143 @@
+CVE-2011-3339
+	RESERVED
+CVE-2011-3338
+	RESERVED
+CVE-2011-3337
+	RESERVED
+CVE-2011-3336
+	RESERVED
+CVE-2011-3335
+	RESERVED
+CVE-2011-3334
+	RESERVED
+CVE-2011-3333
+	RESERVED
+CVE-2011-3332
+	RESERVED
+CVE-2011-3331
+	RESERVED
+CVE-2011-3330
+	RESERVED
+CVE-2011-3329
+	RESERVED
+CVE-2011-3328
+	RESERVED
+CVE-2011-3327
+	RESERVED
+CVE-2011-3326
+	RESERVED
+CVE-2011-3325
+	RESERVED
+CVE-2011-3324
+	RESERVED
+CVE-2011-3323
+	RESERVED
+CVE-2011-3322
+	RESERVED
+CVE-2011-3321
+	RESERVED
+CVE-2011-3320
+	RESERVED
+CVE-2011-3319
+	RESERVED
+CVE-2011-3318
+	RESERVED
+CVE-2011-3317
+	RESERVED
+CVE-2011-3316
+	RESERVED
+CVE-2011-3315
+	RESERVED
+CVE-2011-3314
+	RESERVED
+CVE-2011-3313
+	RESERVED
+CVE-2011-3312
+	RESERVED
+CVE-2011-3311
+	RESERVED
+CVE-2011-3310
+	RESERVED
+CVE-2011-3309
+	RESERVED
+CVE-2011-3308
+	RESERVED
+CVE-2011-3307
+	RESERVED
+CVE-2011-3306
+	RESERVED
+CVE-2011-3305
+	RESERVED
+CVE-2011-3304
+	RESERVED
+CVE-2011-3303
+	RESERVED
+CVE-2011-3302
+	RESERVED
+CVE-2011-3301
+	RESERVED
+CVE-2011-3300
+	RESERVED
+CVE-2011-3299
+	RESERVED
+CVE-2011-3298
+	RESERVED
+CVE-2011-3297
+	RESERVED
+CVE-2011-3296
+	RESERVED
+CVE-2011-3295
+	RESERVED
+CVE-2011-3294
+	RESERVED
+CVE-2011-3293
+	RESERVED
+CVE-2011-3292
+	RESERVED
+CVE-2011-3291
+	RESERVED
+CVE-2011-3290
+	RESERVED
+CVE-2011-3289
+	RESERVED
+CVE-2011-3288
+	RESERVED
+CVE-2011-3287
+	RESERVED
+CVE-2011-3286
+	RESERVED
+CVE-2011-3285
+	RESERVED
+CVE-2011-3284
+	RESERVED
+CVE-2011-3283
+	RESERVED
+CVE-2011-3282
+	RESERVED
+CVE-2011-3281
+	RESERVED
+CVE-2011-3280
+	RESERVED
+CVE-2011-3279
+	RESERVED
+CVE-2011-3278
+	RESERVED
+CVE-2011-3277
+	RESERVED
+CVE-2011-3276
+	RESERVED
+CVE-2011-3275
+	RESERVED
+CVE-2011-3274
+	RESERVED
+CVE-2011-3273
+	RESERVED
+CVE-2011-3272
+	RESERVED
+CVE-2011-3271
+	RESERVED
+CVE-2011-3270
+	RESERVED
 CVE-2011-3269
 	RESERVED
 CVE-2011-3268 (Buffer overflow in the crypt function in PHP before 5.3.7 allows
...)
@@ -171,8 +311,7 @@
 	RESERVED
 CVE-2011-3193
 	RESERVED
-CVE-2011-3192 [byterange filter memory exhaustion DoS]
-	RESERVED
+CVE-2011-3192 (The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x
through ...)
 	{DSA-2298-1}
 	- apache2 2.2.19-2
 CVE-2011-3191
@@ -186,23 +325,20 @@
 	[lenny] - php5 <not-affected> (Introduced in 5.3.7)
 CVE-2011-3188
 	RESERVED
-CVE-2011-3187
-	RESERVED
-CVE-2011-3186
-	RESERVED
-CVE-2011-3185
-	RESERVED
+CVE-2011-3187 (The to_s method in ...)
+	TODO: check
+CVE-2011-3186 (CRLF injection vulnerability in ...)
+	TODO: check
+CVE-2011-3185 (gtkutils.c in Pidgin before 2.10.0 on Windows allows
user-assisted ...)
 	- pidgin <not-affected> (Windows-specific)
-CVE-2011-3184 [pidgin MSN DoS]
-	RESERVED
+CVE-2011-3184 (The msn_httpconn_parse_data function in httpconn.c in the MSN
protocol ...)
 	- pidgin 2.10.0-1 (low)
 	[squeeze] - pidgin <no-dsa> (Minor issue)
 CVE-2011-3183
 	RESERVED
 CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of
the ...)
 	- php5 <undetermined>
-CVE-2011-3181 [PMASA-2011-13  Multiple XSS in the Tracking feature.]
-	RESERVED
+CVE-2011-3181 (Multiple cross-site scripting (XSS) vulnerabilities in the
Tracking ...)
 	- phpmyadmin 4:3.4.4-1
 	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2011-3180
@@ -636,14 +772,14 @@
 	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	- iceape <not-affected> (Only affects Firefox >= 4)
-CVE-2011-2992 (The Ogg reader in the browser engine in Mozilla Firefox 4.x
through 5 ...)
+CVE-2011-2992 (The Ogg reader in the browser engine in Mozilla Firefox 4.x
through 5, ...)
 	- xulrunner <not-affected> (Only affects Firefox >= 4)
 	- iceweasel 6.0-1
 	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	- iceape <not-affected> (Only affects Firefox >= 4)
 	- icedove <not-affected> (Only affects Thunderbird 5)
-CVE-2011-2991 (The browser engine in Mozilla Firefox 4.x through 5 does not
properly ...)
+CVE-2011-2991 (The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey
2.x ...)
 	- xulrunner <not-affected> (Only affects Firefox >= 4)
 	- iceweasel 6.0-1
 	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
@@ -656,7 +792,7 @@
 	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	- iceape <not-affected> (Only affects Firefox >= 4)
-CVE-2011-2989 (The browser engine in Mozilla Firefox 4.x through 5 does not
properly ...)
+CVE-2011-2989 (The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey
2.x ...)
 	- xulrunner <not-affected> (Only affects Firefox >= 4)
 	- iceweasel 6.0-1
 	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
@@ -677,7 +813,7 @@
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	- iceape <not-affected> (Only affects Firefox >= 4)
 	- icedove <not-affected> (Only affects Thunderbird 5)
-CVE-2011-2986 (Mozilla Firefox 4.x through 5, when the Direct2D (aka D2D) API
is used ...)
+CVE-2011-2986 (Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey
2.x ...)
 	- xulrunner <not-affected> (Only affects Windows)
 	- iceweasel <not-affected> (Only affects Windows)
 	- icedove <not-affected> (Only affects Thunderbird 5)
@@ -812,8 +948,7 @@
 	NOT-FOR-US: RealNetworks RealPlayer
 CVE-2011-2944
 	RESERVED
-CVE-2011-2943 [pidgin IRC DoS]
-	RESERVED
+CVE-2011-2943 (The irc_msg_who function in msgs.c in the IRC protocol plugin in
...)
 	- pidgin 2.10.0-1 (bug #638709)
 	[squeeze] - pidgin <not-affected> (Only affects 2.8 to 2.10)
 	[lenny] - pidgin <not-affected> (Only affects 2.8 to 2.10)
@@ -842,16 +977,15 @@
 	RESERVED
 CVE-2011-2933
 	RESERVED
-CVE-2011-2932
-	RESERVED
-CVE-2011-2931
-	RESERVED
-CVE-2011-2930
-	RESERVED
-CVE-2011-2929
-	RESERVED
-CVE-2011-2928
-	RESERVED
+CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags
helper in ...)
+	TODO: check
+CVE-2011-2930 (Multiple SQL injection vulnerabilities in the quote_table_name
method ...)
+	TODO: check
+CVE-2011-2929 (The template selection functionality in ...)
+	TODO: check
+CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux
...)
 	- linux-2.6 3.0.0-2
 CVE-2011-2927
 	RESERVED
@@ -1049,8 +1183,8 @@
 	RESERVED
 CVE-2011-2840
 	RESERVED
-CVE-2011-2839
-	RESERVED
+CVE-2011-2839 (The PDF implementation in Google Chrome before 13.0.782.215 on
Linux ...)
+	TODO: check
 CVE-2011-2838
 	RESERVED
 CVE-2011-2837
@@ -1069,38 +1203,30 @@
 	RESERVED
 CVE-2011-2830
 	RESERVED
-CVE-2011-2829
-	RESERVED
+CVE-2011-2829 (Integer overflow in Google Chrome before 13.0.782.215 on 32-bit
...)
 	- chromium-browser 13.0.782.215~r97094-1
 	- webkit <undetermined>
-CVE-2011-2828
-	RESERVED
+CVE-2011-2828 (Google V8, as used in Google Chrome before 13.0.782.215, allows
remote ...)
 	- chromium-browser 13.0.782.215~r97094-1
 	- webkit <undetermined>
-CVE-2011-2827
-	RESERVED
+CVE-2011-2827 (Use-after-free vulnerability in Google Chrome before
13.0.782.215 ...)
 	- chromium-browser 13.0.782.215~r97094-1
 	- webkit <undetermined>
-CVE-2011-2826
-	RESERVED
+CVE-2011-2826 (Google Chrome before 13.0.782.215 allows remote attackers to
bypass ...)
 	- chromium-browser 13.0.782.215~r97094-1
 	- webkit <undetermined>
-CVE-2011-2825
-	RESERVED
+CVE-2011-2825 (Use-after-free vulnerability in Google Chrome before
13.0.782.215 ...)
 	- chromium-browser 13.0.782.215~r97094-1
 	- webkit <undetermined>
-CVE-2011-2824
-	RESERVED
+CVE-2011-2824 (Use-after-free vulnerability in Google Chrome before
13.0.782.215 ...)
 	- chromium-browser 13.0.782.215~r97094-1
 	- webkit <undetermined>
-CVE-2011-2823
-	RESERVED
+CVE-2011-2823 (Use-after-free vulnerability in Google Chrome before
13.0.782.215 ...)
 	- chromium-browser 13.0.782.215~r97094-1
 	- webkit <undetermined>
-CVE-2011-2822
-	RESERVED
-CVE-2011-2821
-	RESERVED
+CVE-2011-2822 (Google Chrome before 13.0.782.215 on Windows does not properly
parse ...)
+	TODO: check
+CVE-2011-2821 (Double free vulnerability in libxml2, as used in Google Chrome
before ...)
 	- chromium-browser 13.0.782.215~r97094-1
 	- webkit <undetermined>
 CVE-2011-2820
@@ -1133,8 +1259,8 @@
 	RESERVED
 CVE-2011-2807
 	RESERVED
-CVE-2011-2806
-	RESERVED
+CVE-2011-2806 (Google Chrome before 13.0.782.215 on Windows does not properly
handle ...)
+	TODO: check
 CVE-2011-2805 (Google Chrome before 13.0.782.107 allows remote attackers to
bypass ...)
 	- chromium-browser 13.0.782.107~r94237-1
 	- webkit <undetermined>
@@ -1292,8 +1418,8 @@
 	- dhcp3 <removed>
 CVE-2011-2747 (Google Picasa before 3.6 Build 105.67 does not properly handle
invalid ...)
 	NOT-FOR-US: Google Picasa
-CVE-2011-2746
-	RESERVED
+CVE-2011-2746 (Unspecified vulnerability in
Kernel/Modules/AdminPackageManager.pm in ...)
+	TODO: check
 CVE-2011-2745 (upload_handler.php in the swfupload extension in Chyrp 2.0 and
earlier ...)
 	NOT-FOR-US: Chyrp
 CVE-2011-2744 (Directory traversal vulnerability in Chyrp 2.1 and earlier
allows ...)
@@ -1373,8 +1499,8 @@
 	NOT-FOR-US: Drupal data module
 CVE-2011-2713
 	RESERVED
-CVE-2011-2712
-	RESERVED
+CVE-2011-2712 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x
before ...)
+	TODO: check
 CVE-2011-2711 (Cross-site scripting (XSS) vulnerability in the print_fileinfo
...)
 	NOT-FOR-US: cgit
 CVE-2011-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
@@ -1747,16 +1873,16 @@
 	RESERVED
 CVE-2011-2565
 	RESERVED
-CVE-2011-2564
-	RESERVED
-CVE-2011-2563
-	RESERVED
-CVE-2011-2562
-	RESERVED
-CVE-2011-2561
-	RESERVED
-CVE-2011-2560
-	RESERVED
+CVE-2011-2564 (Unspecified vulnerability in the Service Advertisement Framework
(SAF) ...)
+	TODO: check
+CVE-2011-2563 (Unspecified vulnerability in the Service Advertisement Framework
(SAF) ...)
+	TODO: check
+CVE-2011-2562 (Unspecified vulnerability in Cisco Unified Communications
Manager (aka ...)
+	TODO: check
+CVE-2011-2561 (The SIP process in Cisco Unified Communications Manager (aka
CUCM, ...)
+	TODO: check
+CVE-2011-2560 (The Packet Capture Service in Cisco Unified Communications
Manager ...)
+	TODO: check
 CVE-2011-2559
 	RESERVED
 CVE-2011-2558
@@ -1765,8 +1891,8 @@
 	RESERVED
 CVE-2011-2556
 	RESERVED
-CVE-2011-2555
-	RESERVED
+CVE-2011-2555 (Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a
...)
+	TODO: check
 CVE-2011-2554
 	RESERVED
 CVE-2011-2553
@@ -1939,8 +2065,7 @@
 CVE-2011-2498
 	RESERVED
 	- linux-2.6 2.6.39-1 (low)
-CVE-2011-2497
-	RESERVED
+CVE-2011-2497 (Integer underflow in the l2cap_config_req function in ...)
 	- linux-2.6 2.6.39-3
 CVE-2011-2496
 	RESERVED
@@ -2586,8 +2711,7 @@
 	RESERVED
 CVE-2011-2217 (Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) ...)
 	NOT-FOR-US: VMware
-CVE-2011-2213 [kernel: inet_diag: fix inet_diag_bc_audit]
-	RESERVED
+CVE-2011-2213 (The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the
Linux ...)
 	- linux-2.6 2.6.39-3
 CVE-2011-2212
 	RESERVED
@@ -3850,8 +3974,7 @@
 	- subversion 1.6.17dfsg-1
 CVE-2011-1782 (Heap-based buffer overflow in the read_channel_data function in
...)
 	- gimp 2.6.11-3 (bug #629830)
-CVE-2011-1781
-	RESERVED
+CVE-2011-1781 (SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled,
allows ...)
 	- systemtap 1.6-1 (bug #628819)
 	[squeeze] - systemtap <not-affected> (Only affects version 1.4.x)
 	[lenny] - systemtap <not-affected> (Only affects version 1.4.x)
@@ -3886,8 +4009,7 @@
 	- linux-2.6 2.6.39-1
 	[squeeze] - linux-2.6 2.6.32-34squeeze1
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.29 with commit
e77b8363b2ea7c0d89919547c1a8b0562f298b57)
-CVE-2011-1769
-	RESERVED
+CVE-2011-1769 (SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode
is ...)
 	- systemtap 1.6-1 (bug #628819)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29
 	NOTE:
http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9
@@ -4208,8 +4330,8 @@
 	NOT-FOR-US: Cisco
 CVE-2011-1644
 	RESERVED
-CVE-2011-1643
-	RESERVED
+CVE-2011-1643 (Cisco Unified Communications Manager (aka CUCM, formerly
CallManager) ...)
+	TODO: check
 CVE-2011-1642
 	RESERVED
 CVE-2011-1641
@@ -8552,8 +8674,8 @@
 	RESERVED
 CVE-2011-0229
 	RESERVED
-CVE-2011-0228
-	RESERVED
+CVE-2011-0228 (The Data Security component in Apple iOS before 4.2.10 and 4.3.x
...)
+	TODO: check
 CVE-2011-0227 (The queueing primitives in IOMobileFrameBuffer in Apple iOS
before ...)
 	NOT-FOR-US: Apple iOS
 CVE-2011-0226 (Integer signedness error in psaux/t1decode.c in FreeType before
2.4.6, ...)
Secure testing commits - Aug 2011 - r17140 - data/CVE

[Secure-testing-commits] r17140 - data/CVE
