Secure testing commits - Nov 2011 - r17617 - data/CVE

Author: joeyh
Date: 2011-11-15 21:14:34 +0000 (Tue, 15 Nov 2011)
New Revision: 17617

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-11-15 20:40:49 UTC (rev 17616)
+++ data/CVE/list	2011-11-15 21:14:34 UTC (rev 17617)
@@ -1,3 +1,25 @@
+CVE-2011-4447
+	RESERVED
+CVE-2011-4446
+	RESERVED
+CVE-2011-4445
+	RESERVED
+CVE-2011-4444
+	RESERVED
+CVE-2011-4443
+	RESERVED
+CVE-2011-4442
+	RESERVED
+CVE-2011-4441
+	RESERVED
+CVE-2011-4440
+	RESERVED
+CVE-2011-4439
+	RESERVED
+CVE-2011-4438
+	RESERVED
+CVE-2011-4437
+	RESERVED
 CVE-2012-0020
 	RESERVED
 CVE-2012-0019
@@ -921,8 +943,8 @@
 	- libpam-yubico <itp> (bug #612662)
 CVE-2011-4119
 	RESERVED
-CVE-2011-4118
-	RESERVED
+CVE-2011-4118 (Mahara before 1.4.1, when MNet (aka the Moodle network feature)
is ...)
+	TODO: check
 CVE-2011-4117
 	RESERVED
 CVE-2011-4116
@@ -4819,24 +4841,20 @@
 	RESERVED
 CVE-2011-2775
 	RESERVED
-CVE-2011-2774
-	RESERVED
+CVE-2011-2774 (The &quot;Reply to message&quot; feature in Mahara 1.3.x
and 1.4.x before 1.4.1 ...)
 	- mahara 1.4.1-1
 	[squeeze] - mahara <not-affected> (Vulnerable code not present)
 	[lenny] - mahara <not-affected> (Vulnerable code not present)
 CVE-2011-XXXX [Privilege Escalation]
 	- mahara 1.4.1-1
 	NOTE: http://mahara.org/interaction/forum/topic.php?id=4138
-CVE-2011-2773
-	RESERVED
+CVE-2011-2773 (Cross-site request forgery (CSRF) vulnerability in Mahara before
1.4.1 ...)
 	{DSA-2334-1}
 	- mahara 1.4.1-1
-CVE-2011-2772
-	RESERVED
+CVE-2011-2772 (The get_dataroot_image_path function in lib/file.php in Mahara
before ...)
 	{DSA-2334-1}
 	- mahara 1.4.1-1
-CVE-2011-2771
-	RESERVED
+CVE-2011-2771 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara
before ...)
 	{DSA-2334-1}
 	- mahara 1.4.1-1
 CVE-2011-2770 [man2html XSS]