Secure testing commits - Oct 2011 - r17535 - data/CVE

Author: jmm
Date: 2011-10-31 19:33:36 +0000 (Mon, 31 Oct 2011)
New Revision: 17535

Modified:
   data/CVE/list
Log:
- new chrome issues
- new openldap issue
- NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-10-31 07:36:35 UTC (rev 17534)
+++ data/CVE/list	2011-10-31 19:33:36 UTC (rev 17535)
@@ -334,7 +334,8 @@
 	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.37 with
eaf06b241b091357e72b76863ba16e89610d31bd)
 	[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.37 with
eaf06b241b091357e72b76863ba16e89610d31bd)
 CVE-2011-4079 (Off-by-one error in the UTF8StringNormalize function in OpenLDAP
...)
-	TODO: check
+	- openldap <unfixed>
+	NOTE: Might not be exploitable, see Red Hat bz
 CVE-2011-4078
 	RESERVED
 CVE-2011-4077
@@ -471,7 +472,7 @@
 CVE-2011-4027
 	RESERVED
 CVE-2011-4026 (SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows
...)
-	TODO: check
+	NOT-FOR-US: NexusPHP
 CVE-2010-4963 (SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8
allows ...)
 	NOT-FOR-US: Hulihan BXR
 CVE-2010-4962 (Unspecified vulnerability in the Webkit PDFs (webkitpdf)
extension ...)
@@ -716,7 +717,7 @@
 CVE-2011-4005
 	RESERVED
 CVE-2011-4004 (Buffer overflow in the ATAS32 processing functionality in the
Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco Webex
 CVE-2011-4003
 	RESERVED
 CVE-2011-4002
@@ -756,9 +757,9 @@
 CVE-2011-3985
 	RESERVED
 CVE-2011-3984 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM
5.1 and ...)
-	TODO: check
+	NOT-FOR-US: KENT-WEB WEB FORUM
 CVE-2011-3983 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM
5.1 and ...)
-	TODO: check
+	NOT-FOR-US: KENT-WEB WEB FORUM
 CVE-2011-3982 (The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and
7.1 ...)
 	NOT-FOR-US: IBM AIX driver
 CVE-2010-4869 (SQL injection vulnerability in index.php in DBHcms 1.1.4 allows
remote ...)
@@ -988,39 +989,56 @@
 CVE-2011-3892
 	RESERVED
 CVE-2011-3891 (Google Chrome before 15.0.874.102 does not properly restrict
access to ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3890 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3889 (Heap-based buffer overflow in the Web Audio implementation in
Google ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3888 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3887 (Google Chrome before 15.0.874.102 does not properly handle
javascript: ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3886 (Google V8, as used in Google Chrome before 15.0.874.102, allows
remote ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3885 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3884 (Google Chrome before 15.0.874.102 does not properly address
timing ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3883 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3882 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3881 (Google Chrome before 15.0.874.102 allows remote attackers to
bypass ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3880 (Google Chrome before 15.0.874.102 does not prevent use of an
...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3879 (Google Chrome before 15.0.874.102 does not prevent redirects to
...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3878 (Race condition in Google Chrome before 15.0.874.102 allows
remote ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3877 (Cross-site scripting (XSS) vulnerability in the appcache
internals ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3876 (Google Chrome before 15.0.874.102 does not properly handle
downloading ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3875 (Google Chrome before 15.0.874.102 does not properly handle drag
and ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3874
 	RESERVED
 CVE-2011-3873 (Google Chrome before 14.0.835.202 does not properly implement
shader ...)
@@ -2252,7 +2270,7 @@
 CVE-2011-3384 (Cross-site scripting (XSS) vulnerability in the Sage add-on
1.3.10 and ...)
 	NOT-FOR-US: Sage
 CVE-2011-3383 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM
5.1 and ...)
-	TODO: check
+	NOT-FOR-US: KENT-WEB WEB FORUM
 CVE-2011-3382 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16
...)
 	NOT-FOR-US: Phorum
 CVE-2011-3381 (Cross-site request forgery (CSRF) vulnerability in Phorum before
...)