Secure testing commits - Dec 2011 - r17948 - data/CVE

Author: fw
Date: 2011-12-31 16:52:21 +0000 (Sat, 31 Dec 2011)
New Revision: 17948

Modified:
   data/CVE/list
Log:
Hash collision issues


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-12-31 15:30:28 UTC (rev 17947)
+++ data/CVE/list	2011-12-31 16:52:21 UTC (rev 17948)
@@ -5,13 +5,15 @@
 	NOTE: VU#903934
 	NOTE: a DoS that requires being able to do recursive queries. Allowing
recursive queries to the general public is already a security issue to begin
with, so this issue can better be addressed in a point update.
 CVE-2011-5037 (Google V8 computes hash values for form parameters without
restricting ...)
-	TODO: check
+	- libv8 <unfixed>
 CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6
computes ...)
 	TODO: check
 CVE-2011-5035 (Oracle Glassfish 3.1.1 and earlier computes hash values for form
...)
-	TODO: check
+	- glassfish <unfixed>
 CVE-2011-5034 (Apache Geronimo 2.2.1 and earlier computes hash values for form
...)
 	TODO: check
+	NOTE: It''s not clear if this issue is in Geronimo itself,
+	NOTE: or in the servlet container it uses.
 CVE-2011-5033 (Stack-based buffer overflow in CFS.c in ConfigServer Security
&amp; ...)
 	TODO: check
 CVE-2011-5032 (WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users
to ...)
@@ -419,7 +421,7 @@
 CVE-2011-4886
 	RESERVED
 CVE-2011-4885 (PHP before 5.3.9 computes hash values for form parameters
without ...)
-	TODO: check
+	- php5 <unfixed> (low)
 CVE-2011-4884
 	RESERVED
 CVE-2011-4883
@@ -577,7 +579,7 @@
 CVE-2011-4839
 	RESERVED
 CVE-2011-4838 (JRuby before 1.6.5.1 computes hash values without restricting
the ...)
-	TODO: check
+	- jruby <unfixed>
 CVE-2012-0220
 	RESERVED
 CVE-2012-0219
@@ -693,7 +695,7 @@
 CVE-2011-4816
 	RESERVED
 CVE-2011-4815 (Ruby (aka CRuby) before 1.8.7-p357 computes hash values without
...)
-	TODO: check
+	- ruby1.8 <unfixed>
 CVE-2012-0185
 	RESERVED
 CVE-2012-0184
@@ -1884,9 +1886,9 @@
 CVE-2011-4463
 	RESERVED
 CVE-2011-4462 (Plone 4.1.3 and earlier computes hash values for form parameters
...)
-	TODO: check
+	- plone3 <unfixed>
 CVE-2011-4461 (Jetty 8.1.0.RC2 and earlier computes hash values for form
parameters ...)
-	TODO: check
+	- jetty <unfixed>
 CVE-2011-4460
 	RESERVED
 CVE-2011-4459