Author: jmm Date: 2011-12-07 13:45:42 +0000 (Wed, 07 Dec 2011) New Revision: 17759 Modified: data/CVE/list Log: acpid CVEfied new chromium issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-12-06 21:14:27 UTC (rev 17758) +++ data/CVE/list 2011-12-07 13:45:42 UTC (rev 17759) @@ -1,7 +1,7 @@ CVE-2011-4678 (The password reset feature in One Click Orgs before 1.2.3 generates ...) - TODO: check + NOT-FOR-US: One Click Orgs CVE-2011-4677 (One Click Orgs before 1.2.3 does not have an off autocomplete ...) - TODO: check + NOT-FOR-US: One Click Orgs CVE-2011-4676 RESERVED CVE-2011-4675 (The pathname canonicalization functionality in ...) @@ -17,7 +17,7 @@ CVE-2011-4671 (SQL injection vulnerability in adrotate/adrotate-out.php in the ...) TODO: check CVE-2011-4670 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM ...) - TODO: check + NOT-FOR-US: vTiger CRM CVE-2011-4669 (SQL injection vulnerability in wp-users.php in WordPress Users plugin ...) TODO: check CVE-2011-XXXX [FFmpeg Libavcodec memory corruption remote code execution] @@ -214,8 +214,9 @@ RESERVED CVE-2011-4579 RESERVED -CVE-2011-4578 +CVE-2011-4578 [acpid insecure umasks for calling external scripts] RESERVED + - acpid 1:2.0.11-1 CVE-2011-4577 RESERVED CVE-2011-4576 @@ -2302,33 +2303,33 @@ CVE-2011-3901 RESERVED CVE-2011-3900 (Google V8, as used in Google Chrome before 15.0.874.121, allows remote ...) - - chromium-browser <unfixed> + - chromium-browser 15.0.874.121~r109964-1 - webkit <undetermined> CVE-2011-3899 RESERVED CVE-2011-3898 (Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) ...) - - chromium-browser <unfixed> + - chromium-browser 15.0.874.121~r109964-1 - webkit <undetermined> CVE-2011-3897 (Use-after-free vulnerability in Google Chrome before 15.0.874.120 ...) - - chromium-browser <unfixed> + - chromium-browser 15.0.874.121~r109964-1 - webkit <undetermined> CVE-2011-3896 (Buffer overflow in Google Chrome before 15.0.874.120 allows remote ...) - - chromium-browser <unfixed> + - chromium-browser 15.0.874.121~r109964-1 - webkit <undetermined> CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google Chrome ...) - - chromium-browser <undetermined> + - chromium-browser 15.0.874.121~r109964-1 - webkit <undetermined> TODO: might affect libvorbis or libav, didn''t check CVE-2011-3894 (Google Chrome before 15.0.874.120 does not properly perform VP8 ...) - - chromium-browser <unfixed> + - chromium-browser 15.0.874.121~r109964-1 - webkit <undetermined> TODO: check CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement the MKV ...) - - chromium-browser <unfixed> + - chromium-browser 15.0.874.121~r109964-1 - webkit <undetermined> TODO: might affect libtheora or libav CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google Chrome ...) - - chromium-browser <undetermined> + - chromium-browser 15.0.874.121~r109964-1 - webkit <undetermined> TODO: might affect libtheora or libav CVE-2011-3891 (Google Chrome before 15.0.874.102 does not properly restrict access to ...) @@ -4875,8 +4876,6 @@ NOT-FOR-US: Sunway ForceControl CVE-2011-2959 (Stack-based buffer overflow in the Open Database Connectivity (ODBC) ...) NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System (IGSS) -CVE-2011-XXXX [acpid insecure umasks for calling external scripts] - - acpid 1:2.0.11-1 CVE-2011-XXXX [TYPO3-SA-2011-001] - typo3-src 4.5.4+dfsg1-1 (bug #635937) CVE-2011-2958 (Multiple cross-site scripting (XSS) vulnerabilities in Ecava ...)