Author: joeyh
Date: 2012-01-15 21:14:17 +0000 (Sun, 15 Jan 2012)
New Revision: 18176
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-01-15 21:10:42 UTC (rev 18175)
+++ data/CVE/list 2012-01-15 21:14:17 UTC (rev 18176)
@@ -1240,6 +1240,7 @@
CVE-2011-4920 (Multiple cross-site scripting (XSS) vulnerabilities in e107
0.7.26, ...)
NOT-FOR-US: e107
CVE-2011-4919 [mpack info disclosure]
+ RESERVED
- mpack <unfixed> (low)
NOTE: http://openwall.com/lists/oss-security/2011/12/31/1
CVE-2011-4918
@@ -1256,6 +1257,7 @@
NOTE: Minor info leak, unlikely to be fixed upstream
CVE-2011-4914
RESERVED
+ {DSA-2389-1}
- linux-2.6 2.6.38-4
CVE-2011-4913
RESERVED
@@ -2513,6 +2515,7 @@
RESERVED
CVE-2011-4622
RESERVED
+ {DSA-2389-1}
- linux-2.6 <unfixed>
CVE-2011-4621
RESERVED
@@ -2520,6 +2523,7 @@
CVE-2011-4620 (Buffer overflow in the ulSetError function in util/ulError.cxx
in PLIB ...)
- plib <unfixed> (bug #654785)
CVE-2011-4619 (The Server Gated Cryptography (SGC) implementation in OpenSSL
before ...)
+ {DSA-2390-1}
- openssl 1.0.0f-1
CVE-2011-4618
RESERVED
@@ -2554,6 +2558,7 @@
[squeeze] - icecast2 <no-dsa> (Minor issue)
CVE-2011-4611
RESERVED
+ {DSA-2389-1}
- linux-2.6 3.0.0-1
CVE-2011-4610
RESERVED
@@ -2661,6 +2666,7 @@
- openssl 1.0.0f-1 (unimportant)
NOTE: RFC 3779 support has not been enabled at compile time.
CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x
before ...)
+ {DSA-2390-1}
- openssl 1.0.0f-1
CVE-2011-4575
RESERVED
@@ -3229,6 +3235,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=703238
CVE-2011-4354 [OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys]
RESERVED
+ {DSA-2390-1}
- openssl 0.9.8o-4squeeze3 (bug #650621)
[lenny] - openssl <no-dsa> (Minor issue)
CVE-2011-4353 [VP5/VP6 DoS]
@@ -3974,6 +3981,7 @@
[lenny] - gnutls26 <no-dsa> (Minor issue)
CVE-2011-4127
RESERVED
+ {DSA-2389-1}
- libguestfs 1:1.14.8-1
- linux-2.6 <unfixed>
CVE-2011-4126
@@ -4018,10 +4026,13 @@
[squeeze] - qemu <not-affected> (Vulnerable CCID code not present)
CVE-2011-4110
RESERVED
+ {DSA-2389-1}
- linux-2.6 3.1.4-1
CVE-2011-4109 (Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when
...)
+ {DSA-2390-1}
- openssl 1.0.0c-1
CVE-2011-4108 (The DTLS implementation in OpenSSL before 0.9.8s and 1.x before
1.0.0f ...)
+ {DSA-2390-1}
- openssl 1.0.0f-1 (low; bug #645805)
NOTE:
http://rt.openssl.org/Ticket/Display.html?id=2625&user=guest&pass=guest
CVE-2011-4107 (The simplexml_load_string function in the XML import plug-in
...)
@@ -4135,6 +4146,7 @@
NOTE: This is arguably a PHP issue, but will probably not be fixed upstream.
CVE-2011-4077
RESERVED
+ {DSA-2389-1}
- linux-2.6 3.0.0-6
CVE-2011-4076
RESERVED
@@ -6374,6 +6386,7 @@
- evolution-data-server3 3.2.1-1 (bug #641052)
CVE-2011-3353
RESERVED
+ {DSA-2389-1}
- linux-2.6 3.1.0~rc4-1~experimental.1 (low)
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in commit
3b463ae0)
[squeeze] - linux-2.6 2.6.32-36
@@ -7675,6 +7688,7 @@
[lenny] - system-config-printer <no-dsa> (Minor issue)
CVE-2011-2898
RESERVED
+ {DSA-2389-1}
- linux-2.6 3.0.0-1
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.27)
CVE-2011-2897
@@ -9576,7 +9590,7 @@
CVE-2011-2217 (Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) ...)
NOT-FOR-US: VMware
CVE-2011-2213 (The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the
Linux ...)
- {DSA-2310-1}
+ {DSA-2389-1 DSA-2310-1}
- linux-2.6 2.6.39-3
[squeeze] - linux-2.6 2.6.32-36
CVE-2011-2212
@@ -9751,6 +9765,7 @@
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
CVE-2011-2183 [race condition in KSM]
RESERVED
+ {DSA-2389-1}
- linux-2.6 2.6.39-3 (low)
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
[squeeze] - linux-2.6 2.6.32-36
@@ -11444,6 +11459,7 @@
CVE-2010-4778 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
TODO: check
CVE-2011-1554 (Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf
before ...)
+ {DSA-2388-2 DSA-2388-1}
- t1lib 5.1.2-3.3
[lenny] - t1lib 5.1.2-3+lenny1
[squeeze] - t1lib 5.1.2-3+squeeze1
@@ -11451,6 +11467,7 @@
- xpdf 3.02-9
- poppler <not-affected> (never used t1lib)
CVE-2011-1553 (Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used
in ...)
+ {DSA-2388-2 DSA-2388-1}
- t1lib 5.1.2-3.3
[lenny] - t1lib 5.1.2-3+lenny1
[squeeze] - t1lib 5.1.2-3+squeeze1
@@ -11458,6 +11475,7 @@
- xpdf 3.02-9
- poppler <not-affected> (never used t1lib)
CVE-2011-1552 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and
other ...)
+ {DSA-2388-2 DSA-2388-1}
- t1lib 5.1.2-3.3
[lenny] - t1lib 5.1.2-3+lenny1
[squeeze] - t1lib 5.1.2-3+squeeze1
@@ -13888,6 +13906,7 @@
CVE-2011-0765 (Unspecified vulnerability in lft in pWhois Layer Four Traceroute
(LFT) ...)
NOT-FOR-US: pWhois Layer Four Traceroute
CVE-2011-0764 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and
other ...)
+ {DSA-2388-2 DSA-2388-1}
- xpdf 3.02-9
- poppler <not-affected> (never used t1lib)
- t1lib 5.1.2-3.3
@@ -14832,6 +14851,7 @@
- dtc 0.32.10-1
CVE-2011-0433 [linetoken() buffer overflow]
RESERVED
+ {DSA-2388-2 DSA-2388-1}
- evince 2.32.0-1 (bug #614668)
- vftool 2.0alpha-4.1 (low; bug #614669)
[squeeze] - vftool 2.0alpha-4+squeeze1
@@ -21857,7 +21877,7 @@
{DSA-2357-1}
- evince 2.30.3-2 (bug #609534)
CVE-2010-2642 (Heap-based buffer overflow in the AFM font parser in the
dvi-backend ...)
- {DSA-2357-1}
+ {DSA-2388-2 DSA-2388-1 DSA-2357-1}
- evince 3.0.2-1 (bug #609534)
[squeeze] - evince 2.30.3-2+squeeze1
- t1lib 5.1.2-3.4