Secure testing commits - Sep 2011 - r17178 - data/CVE

Author: joeyh
Date: 2011-09-06 21:14:16 +0000 (Tue, 06 Sep 2011)
New Revision: 17178

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-09-06 15:10:52 UTC (rev 17177)
+++ data/CVE/list	2011-09-06 21:14:16 UTC (rev 17178)
@@ -1,3 +1,109 @@
+CVE-2011-3389
+	RESERVED
+CVE-2011-3388
+	RESERVED
+CVE-2011-3387 (The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote
...)
+	TODO: check
+CVE-2011-3386 (Unspecified vulnerability in Medtronic Paradigm wireless insulin
pump ...)
+	TODO: check
+CVE-2011-3385 (Cross-site scripting (XSS) vulnerability in WebsiteBaker before
2.8, ...)
+	TODO: check
+CVE-2011-3384
+	RESERVED
+CVE-2011-3383
+	RESERVED
+CVE-2011-3382
+	RESERVED
+CVE-2011-3381
+	RESERVED
+CVE-2011-3380
+	RESERVED
+CVE-2011-3379
+	RESERVED
+CVE-2011-3378
+	RESERVED
+CVE-2011-3377
+	RESERVED
+CVE-2011-3376
+	RESERVED
+CVE-2011-3375
+	RESERVED
+CVE-2011-3374
+	RESERVED
+CVE-2011-3373
+	RESERVED
+CVE-2011-3372
+	RESERVED
+CVE-2011-3371
+	RESERVED
+CVE-2011-3370
+	RESERVED
+CVE-2011-3369
+	RESERVED
+CVE-2011-3368
+	RESERVED
+CVE-2011-3367
+	RESERVED
+CVE-2011-3366
+	RESERVED
+CVE-2011-3365
+	RESERVED
+CVE-2011-3364
+	RESERVED
+CVE-2011-3363
+	RESERVED
+CVE-2011-3362
+	RESERVED
+CVE-2011-3361
+	RESERVED
+CVE-2011-3360
+	RESERVED
+CVE-2011-3359
+	RESERVED
+CVE-2011-3358
+	RESERVED
+CVE-2011-3357
+	RESERVED
+CVE-2011-3356
+	RESERVED
+CVE-2011-3355
+	RESERVED
+CVE-2011-3354
+	RESERVED
+CVE-2011-3353
+	RESERVED
+CVE-2011-3352
+	RESERVED
+CVE-2011-3351
+	RESERVED
+CVE-2011-3350
+	RESERVED
+CVE-2011-3349
+	RESERVED
+CVE-2011-3348
+	RESERVED
+CVE-2011-3347
+	RESERVED
+CVE-2011-3346
+	RESERVED
+CVE-2011-3345
+	RESERVED
+CVE-2011-3344
+	RESERVED
+CVE-2011-3343
+	RESERVED
+CVE-2011-3342
+	RESERVED
+CVE-2011-3341
+	RESERVED
+CVE-2011-3340
+	RESERVED
+CVE-2010-4832
+	RESERVED
+CVE-2010-4831
+	RESERVED
+CVE-2009-5086 (Cross-site scripting (XSS) vulnerability in Appliance
Configuration ...)
+	TODO: check
 CVE-2011-XXXX [vsftpd namespace DoS]
 	- vsftpd 2.3.4-1 (bug #6293731)
 CVE-2011-XXXX [multiple mantis issues]
@@ -341,8 +447,8 @@
 CVE-2011-3191
 	RESERVED
 	- linux-2.6 <unfixed>
-CVE-2011-3190
-	RESERVED
+CVE-2011-3190 (Certain AJP protocol connector implementations in Apache Tomcat
7.0.0 ...)
+	TODO: check
 CVE-2011-3189 (The crypt function in PHP 5.3.7, when the MD5 hash type is used,
...)
 	- php5 5.3.8-1
 	[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
@@ -489,12 +595,12 @@
 	NOT-FOR-US: Tivoli
 CVE-2011-XXXX [Fix decode_xs n-byte heap-overflow security bug in Unicode.xs]
 	- perl 5.12.4-4
-CVE-2011-3134
-	RESERVED
-CVE-2011-3133
-	RESERVED
-CVE-2011-3132
-	RESERVED
+CVE-2011-3134 (Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before
3.0.2, ...)
+	TODO: check
+CVE-2011-3133 (Session fixation vulnerability in TIBCO Spotfire Server 3.0.x
before ...)
+	TODO: check
+CVE-2011-3132 (Cross-site scripting (XSS) vulnerability in TIBCO Spotfire
Server ...)
+	TODO: check
 CVE-2011-3131
 	RESERVED
 CVE-2011-3130 (wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2
before ...)
@@ -849,7 +955,7 @@
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	- iceape <not-affected> (Only affects Firefox >= 4)
 	- icedove <not-affected> (Only affects Thunderbird 5)
-CVE-2011-2984 (Mozilla Firefox before 3.6.20, SeaMonkey 2.x, and possibly other
...)
+CVE-2011-2984 (Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x
before ...)
 	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
 	- icedove 3.1.12-1
 	- xulrunner <removed>
@@ -858,7 +964,7 @@
 	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.14-5
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2011-2983 (Mozilla Firefox before 3.6.20, Thunderbird 2.x, SeaMonkey 1.x
and 2.x, ...)
+CVE-2011-2983 (Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before
3.1.12, ...)
 	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
 	- icedove 3.1.12-1
 	- xulrunner <removed>
@@ -1080,8 +1186,7 @@
 	[lenny] - linux-2.6 <not-affected> (perf not yet present)
 CVE-2011-2904 (Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix
...)
 	- zabbix 1:1.8.6-1
-CVE-2011-2903
-	RESERVED
+CVE-2011-2903 (Heap-based buffer overflow in tcptrack before 1.4.2 might allow
...)
 	- tcptrack 1.4.2-1 (unimportant; bug #551092)
 	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=377917
 CVE-2011-2902 [xpdf: insecure tempfile usage]
@@ -1095,8 +1200,7 @@
 	- xen-3 <removed>
 CVE-2011-2900 (Stack-based buffer overflow in the (1) put_dir function in
mongoose.c ...)
 	NOT-FOR-US: Mongoose
-CVE-2011-2899
-	RESERVED
+CVE-2011-2899 (pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in
...)
 	- foomatic-gui 0.7.9.5 (low)
 CVE-2011-2898
 	RESERVED
@@ -1464,10 +1568,10 @@
 	NOTE: Current openarena packages use the share ioquake3 engine
 	[squeeze] - openarena <no-dsa> (Minor issue, will be fixed in point
update)
 	- ioquake3 1.36+svn1946-4
-CVE-2011-2763
-	RESERVED
-CVE-2011-2762
-	RESERVED
+CVE-2011-2763 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3
(11) and ...)
+	TODO: check
+CVE-2011-2762 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3
(11) ...)
+	TODO: check
 CVE-2011-2761 (Google Chrome 14.0.794.0 does not properly handle a reload of a
page ...)
 	- chromium-browser <undetermined>
 	[squeeze] - chromium-browser <not-affected>
@@ -1912,8 +2016,8 @@
 	RESERVED
 CVE-2011-2595
 	RESERVED
-CVE-2011-2594
-	RESERVED
+CVE-2011-2594 (Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly
other ...)
+	TODO: check
 CVE-2011-2593
 	RESERVED
 CVE-2011-2592
@@ -1946,8 +2050,8 @@
 	RESERVED
 CVE-2011-2578
 	RESERVED
-CVE-2011-2577
-	RESERVED
+CVE-2011-2577 (Unspecified vulnerability in Cisco TelePresence C Series
Endpoints, ...)
+	TODO: check
 CVE-2011-2576
 	RESERVED
 CVE-2011-2575
@@ -2073,8 +2177,7 @@
 CVE-2011-2525
 	RESERVED
 	- linux-2.6 2.6.35-1
-CVE-2011-2524
-	RESERVED
+CVE-2011-2524 (Directory traversal vulnerability in soup-uri.c in SoupServer in
...)
 	- libsoup2.4 2.34.3-1 (bug #635837)
 CVE-2011-2523
 	RESERVED
@@ -2875,8 +2978,7 @@
 	NOT-FOR-US: A Really Simple Chat
 CVE-2011-2177
 	RESERVED
-CVE-2011-2176 [NetworkManager: did not honour PolicyKit auth_admin action ...]
-	RESERVED
+CVE-2011-2176 (GNOME NetworkManager before 0.8.6 does not properly enforce the
...)
 	- network-manager 0.9.0-1 (bug #631520)
 	TODO: check serverity
 	TODO: maintainer was consulted about the other affected versions.
@@ -3566,8 +3668,8 @@
 	NOT-FOR-US: libgnomesu
 CVE-2011-1945 (The elliptic curve cryptography (ECC) subsystem in OpenSSL
1.0.0d and ...)
 	- openssl <unfixed> (low)
-CVE-2011-1944
-	RESERVED
+CVE-2011-1944 (Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and
2.7.x ...)
+	TODO: check
 CVE-2011-1943 (The destroy_one_secret function in nm-setting-vpn.c in
libnm-util in ...)
 	- network-manager-openvpn <not-affected> (Affected code was only in
experimental, see bug #628730)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=708876
@@ -4608,8 +4710,8 @@
 	{DSA-2264-1}
 	- linux-2.6 2.6.39-3 (low)
 	[squeeze] - linux-2.6 2.6.32-35
-CVE-2011-1576
-	RESERVED
+CVE-2011-1576 (Red Hat Enterprise Virtualization (RHEV) Hypervisor allows
remote ...)
+	TODO: check
 CVE-2011-1575 (The STARTTLS implementation in ftp_parser.c in Pure-FTPd before
1.0.30 ...)
 	- pure-ftpd 1.0.30-1
 	NOTE: http://www.pureftpd.org/project/pure-ftpd/news
@@ -4766,11 +4868,9 @@
 	RESERVED
 	- perl <unfixed> (unimportant; bug #628836)
 	NOTE: Only affects Perl builds with enabled assertions, i.e. the debugperl
binary from perl-debug
-CVE-2009-5063
-	RESERVED
+CVE-2009-5063 (Memory leak in pngwutil.c in libpng before 1.2.39beta5 allows
...)
 	- libpng 1.2.39-1 (unimportant)
-CVE-2006-7244
-	RESERVED
+CVE-2006-7244 (Memory leak in pngwutil.c in libpng 1.2.13beta1, and other
versions ...)
 	- libpng 1.2.39-1 (unimportant)
 CVE-2011-1520 (The default configuration of the server console in IBM Lotus
Domino ...)
 	NOT-FOR-US: Lotus Domino
@@ -5217,8 +5317,7 @@
 CVE-2011-1412 (sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used
in ...)
 	- openarena <not-affected> (Vulnerable code not present, the version in
sid uses ioquake3)
 	- ioquake3 1.36+svn1946-4
-CVE-2011-1411
-	RESERVED
+CVE-2011-1411 (Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before
2.5.1, ...)
 	{DSA-2284-1}
 	- opensaml2 2.4.3-1
 CVE-2011-1410
@@ -7730,16 +7829,13 @@
 CVE-2011-0544
 	RESERVED
 	- phpbb3 3.0.7-PL1-5 (bug #612477)
-CVE-2011-0543
-	RESERVED
+CVE-2011-0543 (Certain legacy functionality in fusermount in fuse 2.8.5 and
earlier, ...)
 	- fuse 2.8.5-1 (bug #624551)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
-CVE-2011-0542
-	RESERVED
+CVE-2011-0542 (fusermount in fuse 2.8.5 and earlier does not perform a chdir to
/ ...)
 	- fuse 2.8.5-1 (bug #624551)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
-CVE-2011-0541
-	RESERVED
+CVE-2011-0541 (fuse 2.8.5 and earlier does not properly handle when /etc/mtab
cannot ...)
 	- fuse 2.8.5-1 (bug #624551)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
 CVE-2011-0540
@@ -8281,8 +8377,8 @@
 	NOT-FOR-US: Alcatel-Lucent OmniVista
 CVE-2011-0344 (Multiple stack-based buffer overflows in unspecified CGI
programs in ...)
 	NOT-FOR-US: Unified Maintenance Tool
-CVE-2011-0342
-	RESERVED
+CVE-2011-0342 (Multiple buffer overflows in the InduSoft ISSymbol ActiveX
control in ...)
+	TODO: check
 CVE-2011-0341 (Stack-based buffer overflow in the pdfmoz_onmouse function in
...)
 	NOT-FOR-US: MuPDF plug-in for Firefox
 CVE-2011-0340 (Multiple buffer overflows in the ISSymbol ActiveX control in
...)
@@ -8343,8 +8439,8 @@
 	RESERVED
 CVE-2011-0312
 	RESERVED
-CVE-2011-0311
-	RESERVED
+CVE-2011-0311 (The class file parser in IBM Java before 1.4.2 SR13 FP9, as used
in ...)
+	TODO: check
 CVE-2011-0310 (Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows
remote ...)
 	NOT-FOR-US: IBM WebSphere MQ
 CVE-2011-0309