Author: jmm
Date: 2011-10-11 18:30:00 +0000 (Tue, 11 Oct 2011)
New Revision: 17410
Modified:
data/CVE/list
Log:
- new unimportant crypt:DSA perl issue
- new gtk issue win-specific
- new kernel issue (already resolved)
- new torque issue
- NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-10-11 18:15:44 UTC (rev 17409)
+++ data/CVE/list 2011-10-11 18:30:00 UTC (rev 17410)
@@ -581,7 +581,7 @@
{DSA-2314-1}
- puppet 2.7.3-3
CVE-2011-3868 (Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware
Player ...)
- TODO: check
+ NOT-FOR-US: Vmware
CVE-2011-3867
REJECTED
CVE-2011-3866 (Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not
properly ...)
@@ -591,37 +591,37 @@
[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3865 (Cross-site scripting (XSS) vulnerability in the Black-LetterHead
theme ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3864 (Cross-site scripting (XSS) vulnerability in the The Erudite
theme ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3863 (Cross-site scripting (XSS) vulnerability in the RedLine theme
before ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3862 (Cross-site scripting (XSS) vulnerability in the Morning Coffee
theme ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3861 (Cross-site scripting (XSS) vulnerability in the Web Minimalist
200901 ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3860 (Cross-site scripting (XSS) vulnerability in the Cover WP theme
before ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3859 (Cross-site scripting (XSS) vulnerability in the Trending theme
before ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3858 (Cross-site scripting (XSS) vulnerability in the Pixiv Custom
theme ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3857 (Cross-site scripting (XSS) vulnerability in the Antisnews theme
before ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3856 (Cross-site scripting (XSS) vulnerability in the Elegant Grunge
theme ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3855 (Cross-site scripting (XSS) vulnerability in the F8 Lite theme
before ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3854 (Cross-site scripting (XSS) vulnerability in the ZenLite theme
before ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3853 (Cross-site scripting (XSS) vulnerability in the Hybrid theme
before ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3852 (Cross-site scripting (XSS) vulnerability in the EvoLve theme
before ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3851 (Cross-site scripting (XSS) vulnerability in the News theme
before 0.2 ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3850 (Cross-site scripting (XSS) vulnerability in the Atahualpa theme
before ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2011-3849
RESERVED
CVE-2011-3848
@@ -1185,7 +1185,8 @@
CVE-2011-3600
RESERVED
CVE-2011-3599 (The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl,
when ...)
- TODO: check
+ - libcrypt-dsa-perl 1.17-3 (unimportant; bug #644189)
+ NOTE: All supported Debian kernels have /dev/random, so severity unimportant
CVE-2011-3598 (Multiple cross-site scripting (XSS) vulnerabilities in
phpPgAdmin ...)
- phppgadmin 5.0.3-1 (bug #644290)
NOTE: https://secunia.com/advisories/46248/
@@ -1723,13 +1724,13 @@
CVE-2011-3385 (Cross-site scripting (XSS) vulnerability in WebsiteBaker before
2.8, ...)
NOT-FOR-US: WebsiteBaker
CVE-2011-3384 (Cross-site scripting (XSS) vulnerability in the Sage add-on
1.3.10 and ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2011-3383
RESERVED
CVE-2011-3382 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16
...)
- TODO: check
+ NOT-FOR-US: Phorum
CVE-2011-3381 (Cross-site request forgery (CSRF) vulnerability in Phorum before
...)
- TODO: check
+ NOT-FOR-US: Phorum
CVE-2011-3380
RESERVED
CVE-2011-3379
@@ -1763,7 +1764,7 @@
TODO: file bug for kolab-cyrus-imapd
NOTE: medium because it allows to exploit CVE-2011-3208 unauthenticated
CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOTE: PunBB
CVE-2011-3370
RESERVED
CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe
before ...)
@@ -1862,7 +1863,7 @@
CVE-2010-4832
RESERVED
CVE-2010-4831 (Untrusted search path vulnerability in
gdk/win32/gdkinput-win32.c in ...)
- TODO: check
+ - gtk+2.0 <not-affected> (Win32-specific)
CVE-2009-5086 (Cross-site scripting (XSS) vulnerability in Appliance
Configuration ...)
NOT-FOR-US: Juniper IDP
CVE-2011-XXXX [vsftpd namespace DoS]
@@ -3029,7 +3030,7 @@
CVE-2011-2908
RESERVED
CVE-2011-2907 (Terascale Open-Source Resource and Queue Manager (aka TORQUE
Resource ...)
- TODO: check
+ - torque <unfixed>
CVE-2011-2906
RESERVED
CVE-2011-2905
@@ -6184,7 +6185,9 @@
CVE-2011-1772 (Multiple cross-site scripting (XSS) vulnerabilities in XWork in
Apache ...)
NOT-FOR-US: Apache Struts 2.x
CVE-2011-1771 (The cifs_close function in fs/cifs/file.c in the Linux kernel
before ...)
- TODO: check
+ - linux-2.6 2.6.38-4
+ [squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.37)
+ [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.37)
CVE-2011-1770 (Integer underflow in the dccp_parse_options function ...)
{DSA-2240-1}
- linux-2.6 2.6.39-1