Author: jmm
Date: 2011-11-04 16:40:50 +0000 (Fri, 04 Nov 2011)
New Revision: 17549
Modified:
data/CVE/list
Log:
- new mahara issues
- bind finally fixed after 8 months
- revised backuppc fix
- new apache issue
- new lightdm issue
- new apt issue (needs ticket)
- filed bugs for openldap and nss
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-11-03 21:38:37 UTC (rev 17548)
+++ data/CVE/list 2011-11-04 16:40:50 UTC (rev 17549)
@@ -569,6 +569,7 @@
RESERVED
CVE-2011-4105
RESERVED
+ - lightdm <unfixed>
CVE-2011-4104
RESERVED
- django-tastypie 0.9.10-1 (bug #647314)
@@ -654,8 +655,7 @@
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.37 with
eaf06b241b091357e72b76863ba16e89610d31bd)
[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.37 with
eaf06b241b091357e72b76863ba16e89610d31bd)
CVE-2011-4079 (Off-by-one error in the UTF8StringNormalize function in OpenLDAP
...)
- - openldap <unfixed>
- NOTE: Might not be exploitable, see Red Hat bz
+ - openldap <unfixed> (low; bug #647610)
CVE-2011-4078
RESERVED
CVE-2011-4077
@@ -1871,10 +1871,9 @@
CVE-2011-3641
RESERVED
CVE-2011-3640 (** DISPUTED ** Untrusted search path vulnerability in Mozilla
Network ...)
- - nss <unfixed> (low)
+ - nss <unfixed> (low; bug #647614)
[lenny] - nss <no-dsa> (Minor issue)
[squeeze] - nss <no-dsa> (Minor issue)
- TODO: File bug for NSS
- chromium-browser <unfixed> (low)
[lenny] - chromium-browser <no-dsa> (attacker needs to get malicious
file into cwd first)
[squeeze] - chromium-browser <no-dsa> (attacker needs to get malicious
file into cwd first)
@@ -1893,6 +1892,9 @@
[lenny] - empathy <not-affected> (only affects webkit theming, not
present in Lenny)
CVE-2011-3634
RESERVED
+ - apt <unfixed>
+ NOTE: http://bazaar.launchpad.net/~donkult/apt/sid/revision/2053.1.28
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353
CVE-2011-3633
RESERVED
CVE-2011-3632 [hardlink has buffer overflows, is unsafe on changing trees]
@@ -1980,6 +1982,7 @@
RESERVED
CVE-2011-3607
RESERVED
+ - apache2 <unfixed>
CVE-2011-3606
RESERVED
CVE-2011-3605
@@ -2661,7 +2664,7 @@
NOTE: http://www.ocert.org/advisories/ocert-2011-002.html
CVE-2011-3361 [BackupPC XSS in Browse.pm]
RESERVED
- - backuppc 3.2.1-1 (bug #641450)
+ - backuppc 3.2.1-2 (bug #641450)
NOTE:
http://sourceforge.net/mailarchive/forum.php?thread_name=f1f1ef74-716d-4af8-b1bf-c1ba6d9a98a1%40SC1EXHC-02.global.atheros.com&forum_name=backuppc-devel
NOTE:
http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24
CVE-2011-3360 (Untrusted search path vulnerability in Wireshark 1.4.x before
1.4.9 ...)
@@ -4389,12 +4392,19 @@
RESERVED
CVE-2011-2774
RESERVED
+ - mahara 1.4.1-1
+CVE-2011-XXXX [Privilege Escalation]
+ - mahara 1.4.1-1
+ NOTE: http://mahara.org/interaction/forum/topic.php?id=4138
CVE-2011-2773
RESERVED
+ - mahara 1.4.1-1
CVE-2011-2772
RESERVED
+ - mahara 1.4.1-1
CVE-2011-2771
RESERVED
+ - mahara 1.4.1-1
CVE-2011-2770
RESERVED
- man2html 1.6g-6
@@ -5228,7 +5238,7 @@
- bind9 <not-affected> (Only affects 9.8, which hasn''t been
uploaded yet)
CVE-2011-2464 (Unspecified vulnerability in ISC BIND 9 9.6.x before
9.6-ESV-R4-P3, ...)
{DSA-2272-1}
- - bind9 <unfixed> (high)
+ - bind9 1:9.8.1.dfsg-1 (high)
CVE-2011-2463
RESERVED
CVE-2011-2462
@@ -6702,7 +6712,7 @@
NOT-FOR-US: JasperReports Server
CVE-2011-1910 (Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x
...)
{DSA-2244-1}
- - bind9 <unfixed> (high)
+ - bind9 1:9.8.1.dfsg-1 (high)
NOTE: https://lists.isc.org/pipermail/bind-users/2011-May/083819.html
CVE-2011-1909
RESERVED