thr3ads.net - Secure testing commits - [Secure-testing-commits] r18093

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2012-Jan-09 07:02 UTC
[Secure-testing-commits] r18093 - in data: CVE DSA

Author: jmm
Date: 2012-01-09 07:02:23 +0000 (Mon, 09 Jan 2012)
New Revision: 18093

Modified:
   data/CVE/list
   data/DSA/list
Log:
redmine CVEfied
NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-01-09 06:59:18 UTC (rev 18092)
+++ data/CVE/list	2012-01-09 07:02:23 UTC (rev 18093)
@@ -572,10 +572,16 @@
 	RESERVED
 CVE-2011-4929
 	RESERVED
+	- redmine 1.0.5-1 (bug #608397)
+	NOTE: http://www.redmine.org/news/49
 CVE-2011-4928
 	RESERVED
+	- redmine 1.0.5-1 (bug #608397)
+	NOTE: http://www.redmine.org/news/49
 CVE-2011-4927
 	RESERVED
+	- redmine 1.0.5-1 (bug #608397)
+	NOTE: http://www.redmine.org/news/49
 CVE-2011-4926
 	RESERVED
 CVE-2011-4925
@@ -7526,9 +7532,9 @@
 CVE-2011-2743 (Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1
and ...)
 	NOT-FOR-US: Chyrp
 CVE-2011-2742 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1
Patch 2, ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
 CVE-2011-2741 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1
Patch 2, ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
 CVE-2011-2740 (EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when
...)
 	NOT-FOR-US: EMC RSA Key Manager
 CVE-2011-2739 (The file-blocking feature in EMC Documentum eRoom 7.3.x and
7.4.x ...)
@@ -8292,11 +8298,11 @@
 	{DSA-2272-1}
 	- bind9 1:9.8.1.dfsg-1 (high)
 CVE-2011-2463 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0
...)
-	TODO: check
+	NOT-FOR-US: Adobe ColdFusion
 CVE-2011-2462 (Unspecified vulnerability in the U3D component in Adobe Reader
and ...)
 	NOT-FOR-US: Adobe Acrobat Reader
 CVE-2011-2461 (Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK
3.x and ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flex
 CVE-2011-2460 (Adobe Flash Player before 10.3.183.11 and 11.x before
11.1.102.55 on ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-2459 (Adobe Flash Player before 10.3.183.11 and 11.x before
11.1.102.55 on ...)
@@ -8424,7 +8430,7 @@
 CVE-2011-2398 (Unspecified vulnerability in the dynamic loader in HP HP-UX
B.11.11, ...)
 	NOT-FOR-US: HP-UX
 CVE-2011-2397 (The Agent service in Iron Mountain Connected Backup 8.4 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Iron Mountain Connected Backup 
 CVE-2011-2396
 	RESERVED
 CVE-2011-2394
@@ -9459,9 +9465,9 @@
 CVE-2011-2020 (Cross-site scripting (XSS) vulnerability in TIBCO iProcess
Engine ...)
 	NOT-FOR-US: TIBCO iProcess Engine
 CVE-2011-2019 (Untrusted search path vulnerability in Microsoft Internet
Explorer 9 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-2018 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server
2003 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows XP
 CVE-2011-2017
 	RESERVED
 CVE-2011-2016 (Untrusted search path vulnerability in Windows Mail and Windows
...)
@@ -9477,7 +9483,7 @@
 CVE-2011-2011 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-2010 (The Microsoft Office Input Method Editor (IME) for Simplified
Chinese ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2011-2009 (Untrusted search path vulnerability in Windows Media Center in
...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-2008 (Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1,
2009, and ...)
@@ -9513,7 +9519,7 @@
 CVE-2011-1993 (Microsoft Internet Explorer 6 through 9 does not properly handle
...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1992 (The XSS Filter in Microsoft Internet Explorer 8 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1991 (Multiple untrusted search path vulnerabilities in Microsoft
Windows XP ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-1990 (Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer
SP2; ...)
@@ -9531,7 +9537,7 @@
 CVE-2011-1984 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2,
R2, and ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-1983 (Use-after-free vulnerability in Microsoft Office 2007 SP2 and
SP3, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2011-1982 (Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not
initialize ...)
 	NOT-FOR-US: Microsoft Office
 CVE-2011-1981
@@ -10893,7 +10899,7 @@
 CVE-2011-1514 (The inet service in HP OpenView Storage Data Protector 6.00
through ...)
 	NOT-FOR-US: HP OpenView
 CVE-2011-1513 (Static code injection vulnerability in install_.php in e107 CMS
0.7.24 ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2011-1512 (Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as
used ...)
 	NOT-FOR-US: Autonomy KeyView
 CVE-2011-1511 (Unspecified vulnerability in the Oracle GlassFish Server
component in ...)
@@ -10903,7 +10909,7 @@
 CVE-2011-1509 (The encryptPassword function in Login.js in ManageEngine
ServiceDesk ...)
 	NOT-FOR-US: ManageEngine ServiceDesk Plus
 CVE-2011-1508 (Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not
properly ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Publisher
 CVE-2011-1507 (Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before
1.6.1.25, ...)
 	{DSA-2225-1}
 	- asterisk 1:1.8.3.3-1
@@ -13617,9 +13623,6 @@
 	- ffmpeg <removed> (low; bug #611495)
 	- ffmpeg-debian <removed>
 	NOTE: this is a crash found by fuzzing and not clearly exploitable (can be
combined with other fixes so low urgency)
-CVE-2010-XXXX
-	- redmine 1.0.5-1 (bug #608397)
-	NOTE: http://www.redmine.org/news/49
 CVE-2011-XXXX [shibboleth Single TransientID Mapped to Multiple Principals]
 	NOTE: Not packaged in Debian, separate package Shibboleth IdP
 	NOTE: http://shibboleth.internet2.edu/secadv/secadv_20110113.txt

Modified: data/DSA/list
==================================================================---
data/DSA/list	2012-01-09 06:59:18 UTC (rev 18092)
+++ data/DSA/list	2012-01-09 07:02:23 UTC (rev 18093)
@@ -450,6 +450,7 @@
 	{CVE-2011-4133 CVE-2011-4278 CVE-2011-4283 CVE-2011-4286 CVE-2011-4288
CVE-2011-4290}
 	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze1
 [15 Jun 2011] DSA-2261-1 redmine - several
+	{CVE-2011-4927 CVE-2011-4928 CVE-2011-4929}
 	[squeeze] - redmine 1.0.1-2
 [14 Jun 2011] DSA-2260-1 rails - several
 	{CVE-2009-3086 CVE-2009-4214}
Secure testing commits - Jan 2012 - r18093 - in data: CVE DSA

[Secure-testing-commits] r18093 - in data: CVE DSA
