Secure testing commits - Sep 2011 - r17192 - data/CVE

Author: joeyh
Date: 2011-09-08 21:14:18 +0000 (Thu, 08 Sep 2011)
New Revision: 17192

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-09-08 16:21:47 UTC (rev 17191)
+++ data/CVE/list	2011-09-08 21:14:18 UTC (rev 17192)
@@ -1,3 +1,7 @@
+CVE-2011-3390 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2010-4833 (Untrusted search path vulnerability in ...)
+	TODO: check
 CVE-2011-XXXX [mantis multiple issues]
 	- mantis 1.2.7-1 (medium; bug #640297)
 	TODO: split into individual CVE ids after assignment
@@ -8,10 +12,10 @@
 	[lenny] - masqmail <no-dsa> (no security issue by itself)
 	[squeeze] - masqmail <no-dsa> (no security issue by itself)
 	NOTE: CVE id requested
-CVE-2011-3389
-	RESERVED
-CVE-2011-3388
-	RESERVED
+CVE-2011-3389 (Unspecified vulnerability in Opera before 11.51 has unknown
attack ...)
+	TODO: check
+CVE-2011-3388 (Opera before 11.51 allows remote attackers to cause an insecure
site ...)
+	TODO: check
 CVE-2011-3387 (The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote
...)
 	TODO: check
 CVE-2011-3386 (Unspecified vulnerability in Medtronic Paradigm wireless insulin
pump ...)
@@ -116,8 +120,8 @@
 	RESERVED
 CVE-2010-4832
 	RESERVED
-CVE-2010-4831
-	RESERVED
+CVE-2010-4831 (Untrusted search path vulnerability in
gdk/win32/gdkinput-win32.c in ...)
+	TODO: check
 CVE-2009-5086 (Cross-site scripting (XSS) vulnerability in Appliance
Configuration ...)
 	TODO: check
 CVE-2011-XXXX [vsftpd namespace DoS]
@@ -410,13 +414,11 @@
 	RESERVED
 CVE-2011-3206
 	RESERVED
-CVE-2011-3205 [squid3: Buffer overflow in Gopher reply parser]
-	RESERVED
+CVE-2011-3205 (Buffer overflow in the gopherToHTML function in gopher.cc in the
...)
 	- squid3 3.1.15-1 (low; bug #639755)
 	- squid <not-affected> (Only a buffer overflow in Squid 3, see
https://bugzilla.redhat.com/show_bug.cgi?id=734583#c4)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
-CVE-2011-3204 [hammerhead: insecure temporary file use]
-	RESERVED
+CVE-2011-3204 (hammerhead.cc in Hammerhead 2.1.4 allows local users to write to
...)
 	- hammerhead <unfixed> (bug #639890)
 	[lenny] - hammerhead <no-dsa> (Minor issue)
 	[squeeze] - hammerhead <no-dsa> (Minor issue)
@@ -429,8 +431,8 @@
 	NOT-FOR-US: Jcow
 CVE-2011-3201
 	RESERVED
-CVE-2011-3200
-	RESERVED
+CVE-2011-3200 (Stack-based buffer overflow in the parseLegacySyslogMsg function
in ...)
+	TODO: check
 CVE-2011-3199
 	RESERVED
 	- dtc 0.34.1-1 (bug #637584)
@@ -455,6 +457,7 @@
 	- apache2 2.2.19-2
 CVE-2011-3191
 	RESERVED
+	{DSA-2303-1}
 	- linux-2.6 <unfixed>
 CVE-2011-3190 (Certain AJP protocol connector implementations in Apache Tomcat
7.0.0 ...)
 	TODO: check
@@ -464,6 +467,7 @@
 	[lenny] - php5 <not-affected> (Introduced in 5.3.7)
 CVE-2011-3188
 	RESERVED
+	{DSA-2303-1}
 CVE-2011-3187 (The to_s method in ...)
 	TODO: check
 CVE-2011-3186 (CRLF injection vulnerability in ...)
@@ -1133,6 +1137,7 @@
 CVE-2011-2929 (The template selection functionality in ...)
 	TODO: check
 CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux
...)
+	{DSA-2303-1}
 	- linux-2.6 3.0.0-2
 CVE-2011-2927
 	RESERVED
@@ -1156,6 +1161,7 @@
 	RESERVED
 CVE-2011-2918
 	RESERVED
+	{DSA-2303-1}
 	- linux-2.6 3.0.0-2
 	[lenny] - linux-2.6 <not-affected> (perf not yet present)
 CVE-2011-2917
@@ -1185,6 +1191,7 @@
 	[squeeze] - ax25-tools <no-dsa> (Minor issue)
 CVE-2011-2909
 	RESERVED
+	{DSA-2303-1}
 	- linux-2.6 3.0.0-2
 CVE-2011-2908
 	RESERVED
@@ -1194,6 +1201,7 @@
 	RESERVED
 CVE-2011-2905
 	RESERVED
+	{DSA-2303-1}
 	- linux-2.6 3.0.0-2
 	[lenny] - linux-2.6 <not-affected> (perf not yet present)
 CVE-2011-2904 (Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix
...)
@@ -1671,10 +1679,10 @@
 	- drupal7 7.6-1
 CVE-2011-2725
 	RESERVED
-CVE-2011-2724
-	RESERVED
-CVE-2011-2723
-	RESERVED
+CVE-2011-2724 (The check_mtab function in client/mount.cifs.c in mount.cifs in
smbfs ...)
+	TODO: check
+CVE-2011-2723 (The skb_gro_header_slow function in include/linux/netdevice.h in
the ...)
+	{DSA-2303-1}
 	- linux-2.6 3.0.0-2
 CVE-2011-2722
 	RESERVED
@@ -1740,8 +1748,8 @@
 	NOTE: fixed well before 2.13-10, but that is the present testing version that
was available to check
 CVE-2011-2701 (The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11,
when ...)
 	TODO: check
-CVE-2011-2700
-	RESERVED
+CVE-2011-2700 (Multiple buffer overflows in the si4713_write_econtrol_string
function ...)
+	{DSA-2303-1}
 	- linux-2.6 3.0.0-1
 	[lenny] - linux-2.6 <not-affected> (Driver introduced in 2.6.32)
 CVE-2011-2699
@@ -1864,8 +1872,8 @@
 	RESERVED
 CVE-2011-2661
 	RESERVED
-CVE-2011-2660
-	RESERVED
+CVE-2011-2660 (The modify_resolvconf_suse script in the vpnc package before
...)
+	TODO: check
 CVE-2011-2659
 	RESERVED
 CVE-2011-2658
@@ -1876,8 +1884,8 @@
 	RESERVED
 CVE-2011-2655
 	RESERVED
-CVE-2011-2654
-	RESERVED
+CVE-2011-2654 (The RPC implementation in the server in Novell Cloud Manager
1.1.2 ...)
+	TODO: check
 CVE-2011-2653
 	RESERVED
 CVE-2011-2652 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2,
as ...)
@@ -2189,6 +2197,7 @@
 	- tomcat5.5 <removed> (bug #634992)
 CVE-2011-2525
 	RESERVED
+	{DSA-2303-1}
 	- linux-2.6 2.6.35-1
 CVE-2011-2524 (Directory traversal vulnerability in soup-uri.c in SoupServer in
...)
 	- libsoup2.4 2.34.3-1 (bug #635837)
@@ -2217,6 +2226,7 @@
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2011-2517
 	RESERVED
+	{DSA-2303-1}
 	- linux-2.6 2.6.39-3 (unimportant)
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: Requires CAP_NET_ADMIn to exploit
@@ -2285,12 +2295,15 @@
 	[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.36)
 	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.36)
 CVE-2011-2497 (Integer underflow in the l2cap_config_req function in ...)
+	{DSA-2303-1}
 	- linux-2.6 2.6.39-3
 CVE-2011-2496
 	RESERVED
+	{DSA-2303-1}
 	- linux-2.6 2.6.39-1 (low)
 CVE-2011-2495
 	RESERVED
+	{DSA-2303-1}
 	- linux-2.6 3.0.0-1 (low)
 CVE-2011-2494
 	RESERVED
@@ -2301,9 +2314,11 @@
 	[squeeze] - linux-2.6 <not-affected> (sbi->s_err-report
didn''t exist yet)
 	[lenny] - linux-2.6 <not-affected> (sbi->s_err-report didn''t
exist yet)
 CVE-2011-2492 (The bluetooth subsystem in the Linux kernel before 3.0-rc4 does
not ...)
+	{DSA-2303-1}
 	- linux-2.6 3.0.0-1 (low)
 CVE-2011-2491
 	RESERVED
+	{DSA-2303-1}
 	- linux-2.6 3.0.0-1
 CVE-2011-2490 (opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does
not ...)
 	{DSA-2281-1}
@@ -2321,6 +2336,7 @@
 	RESERVED
 	- gdk-pixbuf 2.23.3-3.1 (bug #631524)
 CVE-2011-2484 (The add_del_listener function in kernel/taskstats.c in the Linux
...)
+	{DSA-2303-1}
 	- linux-2.6 2.6.39-3 (low)
 CVE-2011-2483 (crypt_blowfish before 1.1, as used in PHP before 5.3.7 on
certain ...)
 	- libcrypt-eksblowfish-perl <not-affected> (discovered and corrected in
initial release in 2007)
@@ -3092,8 +3108,7 @@
 	- lua-expat 1.2.0-1 (low; bug #629225)
 	[squeeze] - lua-expat 1.2.0-0squeeze1
 	[lenny] - lua-expat <no-dsa> (Minor issue)
-CVE-2011-2184 [race condition in KSM]
-	RESERVED
+CVE-2011-2184 (The key_replace_session_keyring function in ...)
 	- linux-2.6 2.6.39-2
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
@@ -4217,8 +4232,7 @@
 	RESERVED
 CVE-2011-1777
 	RESERVED
-CVE-2011-1776
-	RESERVED
+CVE-2011-1776 (The is_gpt_valid function in fs/partitions/efi.c in the Linux
kernel ...)
 	{DSA-2264-1 DSA-2240-1}
 	- linux-2.6 2.6.39-1 (low)
 CVE-2011-1775 (The CSecurityTLS::processMsg function in
common/rfb/CSecurityTLS.cxx ...)
@@ -4232,8 +4246,8 @@
 	NOT-FOR-US: virt-v2v
 CVE-2011-1772 (Multiple cross-site scripting (XSS) vulnerabilities in XWork in
Apache ...)
 	NOT-FOR-US: Apache Struts 2.x
-CVE-2011-1771
-	RESERVED
+CVE-2011-1771 (The cifs_close function in fs/cifs/file.c in the Linux kernel
before ...)
+	TODO: check
 CVE-2011-1770 (Integer underflow in the dccp_parse_options function ...)
 	{DSA-2240-1}
 	- linux-2.6 2.6.39-1
@@ -4721,6 +4735,7 @@
 	- linux-2.6 2.6.39-3 (low)
 	[squeeze] - linux-2.6 2.6.32-35
 CVE-2011-1576 (Red Hat Enterprise Virtualization (RHEV) Hypervisor allows
remote ...)
+	{DSA-2303-1}
 	TODO: check
 CVE-2011-1575 (The STARTTLS implementation in ftp_parser.c in Pure-FTPd before
1.0.30 ...)
 	- pure-ftpd 1.0.30-1
@@ -5442,8 +5457,8 @@
 	RESERVED
 CVE-2011-1360
 	RESERVED
-CVE-2011-1359
-	RESERVED
+CVE-2011-1359 (Directory traversal vulnerability in the administration console
in IBM ...)
+	TODO: check
 CVE-2011-1358
 	RESERVED
 CVE-2011-1357 (Cross-site scripting (XSS) vulnerability in agentDetect.jsp in
the web ...)
@@ -6483,6 +6498,7 @@
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.33)
 CVE-2011-1020 (The proc filesystem implementation in the Linux kernel 2.6.37
and ...)
+	{DSA-2303-1}
 	- linux-2.6 <unfixed>
 CVE-2011-1019
 	RESERVED
@@ -8833,8 +8849,8 @@
 	RESERVED
 CVE-2011-0259
 	RESERVED
-CVE-2011-0258
-	RESERVED
+CVE-2011-0258 (Apple QuickTime before 7.7 on Windows allows remote attackers to
...)
+	TODO: check
 CVE-2011-0257 (Integer signedness error in Apple QuickTime before 7.7 allows
remote ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2011-0256 (Integer overflow in Apple QuickTime before 7.7 allows remote
attackers ...)