Secure testing commits - Nov 2011 - r17712 - data/CVE

Author: jmm
Date: 2011-11-30 09:31:46 +0000 (Wed, 30 Nov 2011)
New Revision: 17712

Modified:
   data/CVE/list
Log:
kernel fixes
mediawiki CVEfied


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-11-29 23:02:50 UTC (rev 17711)
+++ data/CVE/list	2011-11-30 09:31:46 UTC (rev 17712)
@@ -156,12 +156,6 @@
 	TODO: check
 CVE-2011-4559 (SQL injection vulnerability in the Calendar module in vTiger CRM
5.2.1 ...)
 	TODO: check
-CVE-2011-XXXX [page titles on private wikis]
-	- mediawiki <unfixed> (bug #650434)
-	NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html
-CVE-2011-XXXX [lack of read permission checks]
-	- mediawiki <unfixed> (bug #650434)
-	NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html
 CVE-2011-4558
 	RESERVED
 CVE-2011-4557
@@ -653,10 +647,14 @@
 	NOTE: http://openwall.com/lists/oss-security/2011/11/29/8
 	NOTE: http://redmine.lighttpd.net/issues/2370
 	NOTE: the announcement says that the debian package is not affected, but there
are no additional patches that would cause different behavior (i.e. the
base64_reverse_table is the same in debian and upstream), so if upstream is
affected, so too is the debian package
-CVE-2011-4361
+CVE-2011-4361 [lack of read permission checks]
 	RESERVED
-CVE-2011-4360
+	- mediawiki <unfixed> (bug #650434)
+	NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html
+CVE-2011-4360 [page titles on private wikis]
 	RESERVED
+	- mediawiki <unfixed> (bug #650434)
+	NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html
 CVE-2011-4359 [MyFaces - includeViewParameters re-evaluates param/model values
as EL expressions]
 	RESERVED
 	NOT-FOR-US: Apache MyFaces
@@ -749,7 +747,7 @@
 	NOTE: Duplicate of CVE-2011-4110, will be rejected
 CVE-2011-4330
 	RESERVED
-	- linux-2.6 <unfixed>
+	- linux-2.6 3.1.4-1
 CVE-2011-4329 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr
3.1.0 ...)
 	- dolibarr <itp> (bug #634783)
 CVE-2011-4328 [gnash cookie infoleak]
@@ -1455,7 +1453,7 @@
 	[squeeze] - qemu <not-affected> (Vulnerable CCID code not present)
 CVE-2011-4110
 	RESERVED
-	- linux-2.6 <unfixed>
+	- linux-2.6 3.1.4-1
 CVE-2011-4109
 	RESERVED
 CVE-2011-4108