thr3ads.net - Secure testing commits - [Secure-testing-commits] r17837

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Dec-20 21:14 UTC
[Secure-testing-commits] r17837 - data/CVE

Author: joeyh
Date: 2011-12-20 21:14:19 +0000 (Tue, 20 Dec 2011)
New Revision: 17837

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-12-20 20:23:33 UTC (rev 17836)
+++ data/CVE/list	2011-12-20 21:14:19 UTC (rev 17837)
@@ -1,3 +1,87 @@
+CVE-2011-4869 (validator/val_nsec3.c in Unbound before 1.4.13p2 does not
properly ...)
+	TODO: check
+CVE-2011-4868
+	RESERVED
+CVE-2011-4867
+	RESERVED
+CVE-2011-4866
+	RESERVED
+CVE-2011-4865
+	RESERVED
+CVE-2011-4864
+	RESERVED
+CVE-2011-4863
+	RESERVED
+CVE-2011-4862
+	RESERVED
+CVE-2011-4861 (The modbus_125_handler function in the Schneider Electric
Quantum ...)
+	TODO: check
+CVE-2011-4860 (The ComputePassword function in the Schneider Electric Quantum
...)
+	TODO: check
+CVE-2011-4859 (The Schneider Electric Quantum Ethernet Module, as used in the
Quantum ...)
+	TODO: check
+CVE-2011-4858
+	RESERVED
+CVE-2011-4857 (Heap-based buffer overflow in the in_mod.dll plugin in Winamp
before ...)
+	TODO: check
+CVE-2010-5080
+	RESERVED
+CVE-2010-5079
+	RESERVED
+CVE-2010-5078
+	RESERVED
+CVE-2010-5077
+	RESERVED
+CVE-2010-5076
+	RESERVED
+CVE-2009-5108
+	RESERVED
+CVE-2009-5107
+	RESERVED
+CVE-2009-5106
+	RESERVED
+CVE-2009-5105
+	RESERVED
+CVE-2009-5104
+	RESERVED
+CVE-2008-7308
+	RESERVED
+CVE-2008-7307
+	RESERVED
+CVE-2008-7306
+	RESERVED
+CVE-2008-7305
+	RESERVED
+CVE-2008-7304
+	RESERVED
+CVE-2007-6749
+	RESERVED
+CVE-2007-6748
+	RESERVED
+CVE-2007-6747
+	RESERVED
+CVE-2007-6746
+	RESERVED
+CVE-2007-6745
+	RESERVED
+CVE-2006-7251
+	RESERVED
+CVE-2006-7250
+	RESERVED
+CVE-2006-7249
+	RESERVED
+CVE-2006-7248
+	RESERVED
+CVE-2006-7247
+	RESERVED
+CVE-2005-4894
+	RESERVED
+CVE-2005-4893
+	RESERVED
+CVE-2005-4892
+	RESERVED
+CVE-2005-4891
+	RESERVED
 CVE-2011-4856 (The Control Panel in Parallels Plesk Panel
10.4.4_build20111103.18 ...)
 	NOT-FOR-US: Plesk
 CVE-2011-4855 (The Control Panel in Parallels Plesk Panel
10.4.4_build20111103.18 ...)
@@ -566,8 +650,8 @@
 	NOT-FOR-US: Plesk
 CVE-2011-4724
 	RESERVED
-CVE-2011-4723
-	RESERVED
+CVE-2011-4723 (The D-Link DIR-300 router stores cleartext passwords, which
allows ...)
+	TODO: check
 CVE-2011-4722
 	RESERVED
 CVE-2011-4721
@@ -578,8 +662,8 @@
 	TODO: check
 CVE-2011-4718
 	RESERVED
-CVE-2011-4717
-	RESERVED
+CVE-2011-4717 (Directory traversal vulnerability in zFTPServer Suite 6.0.0.52
allows ...)
+	TODO: check
 CVE-2011-4716 (Directory traversal vulnerability in file in DreamBox DM800
1.6rc3, ...)
 	NOT-FOR-US: DreamBox
 CVE-2011-4715 (Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in
Koha ...)
@@ -964,10 +1048,10 @@
 	- linux-2.6 <unfixed>
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2011-4603
-	RESERVED
-CVE-2011-4602
-	RESERVED
+CVE-2011-4603 (The silc_channel_message function in ops.c in the SILC protocol
plugin ...)
+	TODO: check
+CVE-2011-4602 (The XMPP protocol plugin in libpurple in Pidgin before 2.10.1
does not ...)
+	TODO: check
 CVE-2011-4601
 	RESERVED
 CVE-2011-4600
@@ -1150,8 +1234,7 @@
 	RESERVED
 CVE-2011-4529
 	RESERVED
-CVE-2011-4528 [multiple CNAME records crash Unbound]
-	RESERVED
+CVE-2011-4528 (Unbound before 1.4.13p2 attempts to free unallocated memory
during ...)
 	- unbound <unfixed> (medium)
 CVE-2011-4527
 	RESERVED
@@ -1550,8 +1633,7 @@
 	RESERVED
 CVE-2011-4370
 	RESERVED
-CVE-2011-4369
-	RESERVED
+CVE-2011-4369 (Unspecified vulnerability in the PRC component in Adobe Reader
and ...)
 	NOT-FOR-US: Adobe Acrobat Reader
 CVE-2011-4368 (Cross-site scripting (XSS) vulnerability in Remote Development
...)
 	TODO: check
@@ -2309,8 +2391,8 @@
 	RESERVED
 CVE-2011-4142
 	RESERVED
-CVE-2011-4141
-	RESERVED
+CVE-2011-4141 (Untrusted search path vulnerability in EMC RSA SecurID Software
Token ...)
+	TODO: check
 CVE-2011-4140 (The CSRF protection mechanism in Django through 1.2.7 and 1.3.x
...)
 	{DSA-2332-1}
 	- python-django 1.3.1-1 (bug #641405)
@@ -3328,8 +3410,8 @@
 	RESERVED
 CVE-2011-3835
 	RESERVED
-CVE-2011-3834
-	RESERVED
+CVE-2011-3834 (Multiple integer overflows in the in_avi.dll plugin in Winamp
before ...)
+	TODO: check
 CVE-2011-3833
 	RESERVED
 CVE-2011-3832
@@ -4708,8 +4790,8 @@
 	NOTE: this is technically a kernel bug. however this has been workarounded
specifically
 	NOTE: for vsftpd by adding a kernel check before using this feature, see
DSA-2304-1
 	NOTE: for details
-CVE-2011-3339
-	RESERVED
+CVE-2011-3339 (Cross-site scripting (XSS) vulnerability in the Admin Control
Center ...)
+	TODO: check
 CVE-2011-3338
 	RESERVED
 CVE-2011-3337
@@ -8025,6 +8107,7 @@
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
 	[squeeze] - linux-2.6 2.6.32-36
 CVE-2005-4890 [login: tty hijacking possible in "su" via TIOCSTI
ioctl]
+	RESERVED
 	- shadow <unfixed> (bug #628843)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=173008
 CVE-2011-2331 (Integer overflow in img.exe in HP Intelligent Management Center
(IMC) ...)
@@ -45878,7 +45961,7 @@
 	RESERVED
 CVE-2008-4845
 	RESERVED
-CVE-2008-4844 (Use-after-free vulnerability in mshtml.dll in Microsoft Internet
...)
+CVE-2008-4844 (Use-after-free vulnerability in the ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-4843
 	RESERVED
Secure testing commits - Dec 2011 - r17837 - data/CVE

[Secure-testing-commits] r17837 - data/CVE
