Author: joeyh
Date: 2012-02-02 21:14:30 +0000 (Thu, 02 Feb 2012)
New Revision: 18368
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-02-02 19:33:00 UTC (rev 18367)
+++ data/CVE/list 2012-02-02 21:14:30 UTC (rev 18368)
@@ -1,3 +1,67 @@
+CVE-2012-0974
+ RESERVED
+CVE-2012-0973
+ RESERVED
+CVE-2012-0972
+ RESERVED
+CVE-2012-0971
+ RESERVED
+CVE-2012-0970
+ RESERVED
+CVE-2012-0969
+ RESERVED
+CVE-2012-0968
+ RESERVED
+CVE-2012-0967
+ RESERVED
+CVE-2012-0966
+ RESERVED
+CVE-2012-0965
+ RESERVED
+CVE-2012-0964
+ RESERVED
+CVE-2012-0963
+ RESERVED
+CVE-2012-0962
+ RESERVED
+CVE-2012-0961
+ RESERVED
+CVE-2012-0960
+ RESERVED
+CVE-2012-0959
+ RESERVED
+CVE-2012-0958
+ RESERVED
+CVE-2012-0957
+ RESERVED
+CVE-2012-0956
+ RESERVED
+CVE-2012-0955
+ RESERVED
+CVE-2012-0954
+ RESERVED
+CVE-2012-0953
+ RESERVED
+CVE-2012-0952
+ RESERVED
+CVE-2012-0951
+ RESERVED
+CVE-2012-0950
+ RESERVED
+CVE-2012-0949
+ RESERVED
+CVE-2012-0948
+ RESERVED
+CVE-2012-0947
+ RESERVED
+CVE-2012-0946
+ RESERVED
+CVE-2012-0945
+ RESERVED
+CVE-2012-0944
+ RESERVED
+CVE-2012-0943
+ RESERVED
CVE-2012-0942
RESERVED
CVE-2012-0941
@@ -555,14 +619,17 @@
CVE-2011-5065 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Application ...)
NOT-FOR-US: WebSphere
CVE-2011-5064 (DigestAuthenticator.java in the HTTP Digest Access
Authentication ...)
+ {DSA-2401-1}
- tomcat6 6.0.32-7
- tomcat7 7.0.12
- tomcat5.5 <removed>
CVE-2011-5063 (The HTTP Digest Access Authentication implementation in Apache
Tomcat ...)
+ {DSA-2401-1}
- tomcat6 6.0.32-7
- tomcat7 7.0.12
- tomcat5.5 <removed>
CVE-2011-5062 (The HTTP Digest Access Authentication implementation in Apache
Tomcat ...)
+ {DSA-2401-1}
- tomcat6 6.0.32-7
- tomcat7 7.0.12
- tomcat5.5 <removed>
@@ -1081,16 +1148,15 @@
RESERVED
CVE-2012-0451
RESERVED
-CVE-2012-0450 [mfsa2012-09]
- RESERVED
+CVE-2012-0450 (Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on
Linux and ...)
- icedove <unfixed>
- xulrunner <not-affected> (Only affects Firefox >= 4)
- iceweasel 10.0-1
[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
- iceape <not-affected> (Only affects Firefox >= 4)
-CVE-2012-0449 [mfsa2012-08]
- RESERVED
+CVE-2012-0449 (Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird
before ...)
+ {DSA-2402-1 DSA-2400-1}
- icedove <unfixed>
[lenny] - icedove <end-of-life>
- xulrunner <removed>
@@ -1101,32 +1167,29 @@
CVE-2012-0448
RESERVED
- bugzilla <removed> (low)
-CVE-2012-0447 [mfsa2012-06]
- RESERVED
+CVE-2012-0447 (Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0,
and ...)
- icedove <unfixed>
- xulrunner <not-affected> (Only affects Firefox >= 4)
- iceweasel 10.0-1
[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
- iceape <not-affected> (Only affects Firefox >= 4)
-CVE-2012-0446 [mfsa2012-05]
- RESERVED
+CVE-2012-0446 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla
Firefox ...)
- icedove <unfixed>
- xulrunner <not-affected> (Only affects Firefox >= 4)
- iceweasel 10.0-1
[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
- iceape <not-affected> (Only affects Firefox >= 4)
-CVE-2012-0445
- RESERVED
+CVE-2012-0445 (Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0,
and ...)
- icedove <unfixed>
- xulrunner <not-affected> (Only affects Firefox >= 4)
- iceweasel 10.0-1
[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
- iceape <not-affected> (Only affects Firefox >= 4)
-CVE-2012-0444 [mfsa2012-07]
- RESERVED
+CVE-2012-0444 (Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird
before ...)
+ {DSA-2402-1 DSA-2400-1}
- libvorbis <unfixed>
- icedove <unfixed>
[lenny] - icedove <not-affected> (Vulnerable code not present)
@@ -1135,15 +1198,14 @@
[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-10
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2012-0443 [mfsa2012-01 part 1]
- RESERVED
+CVE-2012-0443 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- xulrunner <not-affected> (Only affects Firefox >= 4)
- iceweasel 10.0-1
[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
- iceape <not-affected> (Only affects Firefox >= 4)
-CVE-2012-0442 [mfsa2012-01 part 2]
- RESERVED
+CVE-2012-0442 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
+ {DSA-2402-1 DSA-2400-1}
- icedove <unfixed>
[lenny] - icedove <end-of-life>
- xulrunner <removed>
@@ -2142,6 +2204,7 @@
CVE-2011-4859 (The Schneider Electric Quantum Ethernet Module, as used in the
Quantum ...)
NOT-FOR-US: Schneider Electric Quantum Ethernet Module
CVE-2011-4858 (Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before
7.0.23 ...)
+ {DSA-2401-1}
- tomcat5 <removed>
- tomcat6 <unfixed>
- tomcat7 <unfixed>
@@ -2546,8 +2609,8 @@
RESERVED
CVE-2011-4791
RESERVED
-CVE-2011-4790
- RESERVED
+CVE-2011-4790 (Unspecified vulnerability in HP Network Automation 7.5x, 7.6x,
9.0, ...)
+ TODO: check
CVE-2011-4789 (Stack-based buffer overflow in magentservice.exe in the server
in HP ...)
NOT-FOR-US: HP Diagnostics
CVE-2011-4788 (Absolute path traversal vulnerability in the web interface on HP
...)
@@ -2908,8 +2971,7 @@
[lenny] - linux-2.6 <not-affected> (introduced in 3.2-rc1)
NOTE: fix is
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=69e4747ee9727d660b88d7e1efe0f4afcb35db1b
(queued for 3.3)
NOTE: actually unfixed in experimental, not marked because of version
numbering
-CVE-2012-0057
- RESERVED
+CVE-2012-0057 (PHP before 5.3.9 has improper libxslt security settings, which
allows ...)
{DSA-2399-1}
- php5 5.3.9-1 (bug #656308)
CVE-2012-0056 (The mem_write function in Linux kernel 2.6.39 and other
versions, when ...)
@@ -3028,6 +3090,7 @@
RESERVED
- vlc 1.1.13-1
CVE-2012-0022 (Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x
before ...)
+ {DSA-2401-1}
- tomcat5 <removed>
- tomcat6 6.0.35-1
- tomcat7 7.0.23-1
@@ -4542,8 +4605,8 @@
RESERVED
CVE-2011-4195
RESERVED
-CVE-2011-4194
- RESERVED
+CVE-2011-4194 (Buffer overflow in Novell iPrint Server in Novell Open
Enterprise ...)
+ TODO: check
CVE-2011-4193
RESERVED
CVE-2011-4192
@@ -4652,8 +4715,8 @@
RESERVED
CVE-2011-4145
RESERVED
-CVE-2011-4144
- RESERVED
+CVE-2011-4144 (Unspecified vulnerability in EMC Documentum Content Server 6.0,
6.5 ...)
+ TODO: check
CVE-2011-4143 (EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows
remote ...)
TODO: check
CVE-2011-4142 (The Web Search feature in EMC SourceOne Email Management 6.5
before ...)
@@ -6099,8 +6162,8 @@
RESERVED
CVE-2011-3671
RESERVED
-CVE-2011-3670 [mfsa2012-02]
- RESERVED
+CVE-2011-3670 (Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird
before ...)
+ {DSA-2402-1 DSA-2400-1}
- icedove 7.0-1
[lenny] - icedove <end-of-life>
- xulrunner <removed>
@@ -6150,8 +6213,7 @@
[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
- iceape <not-affected> (Only affects Firefox >= 4)
-CVE-2011-3659 [mfsa2012-04]
- RESERVED
+CVE-2011-3659 (Use-after-free vulnerability in Mozilla Firefox before 3.6.26
and 4.x ...)
- xulrunner <not-affected> (Only affects Firefox >= 4)
- iceweasel 10.0-1
[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
@@ -7044,6 +7106,7 @@
CVE-2011-3376 (org/apache/catalina/core/DefaultInstanceManager.java in Apache
Tomcat ...)
- tomcat7 7.0.22-1
CVE-2011-3375 (Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does
not ...)
+ {DSA-2401-1}
- tomcat6 6.0.33-1
- tomcat7 7.0.22-1
CVE-2011-3374 [apt-key insecure validation]
@@ -7555,6 +7618,7 @@
{DSA-2310-1 DSA-2303-1}
- linux-2.6 3.0.0-5
CVE-2011-3190 (Certain AJP protocol connector implementations in Apache Tomcat
7.0.0 ...)
+ {DSA-2401-1}
- tomcat6 <unfixed>
- tomcat7 7.0.21-1
- tomcat5.5 <removed>
@@ -9538,11 +9602,11 @@
- qemu-kvm 0.14.1+dfsg-3 (bug #633669)
- kvm <not-affected> (Vulnerable code not present)
CVE-2011-2526 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x
before ...)
+ {DSA-2401-1}
- tomcat6 6.0.32-7 (bug #634992)
- tomcat7 7.0.19-1 (bug #634992)
- tomcat5.5 <removed> (bug #634992)
-CVE-2011-2525
- RESERVED
+CVE-2011-2525 (The qdisc_notify function in net/sched/sch_api.c in the Linux
kernel ...)
{DSA-2310-1 DSA-2303-1}
- linux-2.6 2.6.35-1
CVE-2011-2524 (Directory traversal vulnerability in soup-uri.c in SoupServer in
...)
@@ -10359,6 +10423,7 @@
[squeeze] - prosody <no-dsa> (Minor issue)
[lenny] - prosody <no-dsa> (Minor issue)
CVE-2011-2204 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x
before ...)
+ {DSA-2401-1}
- tomcat5.5 <removed> (low; bug #632882)
[lenny] - tomcat5.5 <no-dsa> (Minor issue)
- tomcat6 6.0.32-5 (low; bug #632882)
@@ -12152,8 +12217,8 @@
CVE-2011-1574 (Stack-based buffer overflow in the ReadS3M method in
load_s3m.cpp in ...)
{DSA-2226-1}
- libmodplug 1:0.8.8.2-1 (low; bug #622091)
-CVE-2011-1573
- RESERVED
+CVE-2011-1573 (net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when
...)
+ TODO: check
CVE-2011-1572 (Directory traversal vulnerability in the Admin Defined Commands
(ADC) ...)
{DSA-2215-1}
- gitolite 1.5.7-2
@@ -13353,6 +13418,7 @@
- webkit <unfixed>
NOTE: http://trac.webkit.org/changeset/74853
CVE-2011-1184 (The HTTP Digest Access Authentication implementation in Apache
Tomcat ...)
+ {DSA-2401-1}
- tomcat6 6.0.32-7
- tomcat7 7.0.12
- tomcat5.5 <removed>