Author: geissert
Date: 2012-04-19 02:36:57 +0000 (Thu, 19 Apr 2012)
New Revision: 19009
Modified:
data/CVE/list
Log:
NFUs, tracking issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-04-19 02:27:39 UTC (rev 19008)
+++ data/CVE/list 2012-04-19 02:36:57 UTC (rev 19009)
@@ -1748,6 +1748,7 @@
CVE-2012-1502
RESERVED
{DSA-2430-1}
+ - python-pam <undetermined>
CVE-2012-1501
RESERVED
CVE-2012-1500
@@ -5778,10 +5779,11 @@
NOT-FOR-US: Microsoft
CVE-2012-0153
RESERVED
+ NOT-FOR-US: Microsoft
CVE-2012-0152 (The Remote Desktop Protocol (RDP) service in Microsoft Windows
Server ...)
NOT-FOR-US: Microsoft Windows
CVE-2012-0151 (The Authenticode Signature Verification function in Microsoft
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2012-0150 (Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2,
Windows ...)
NOT-FOR-US: Microsoft
CVE-2012-0149 (afd.sys in the Ancillary Function Driver in Microsoft Windows
Server ...)
@@ -5789,23 +5791,28 @@
CVE-2012-0148 (afd.sys in the Ancillary Function Driver in Microsoft Windows XP
SP2, ...)
NOT-FOR-US: Microsoft
CVE-2012-0147 (Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and
SP1 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2012-0146 (Open redirect vulnerability in Microsoft Forefront Unified
Access ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2012-0145 (Cross-site scripting (XSS) vulnerability in wizardlist.aspx in
...)
NOT-FOR-US: Microsoft
CVE-2012-0144 (Cross-site scripting (XSS) vulnerability in themeweb.aspx in
Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2012-0143
RESERVED
+ NOT-FOR-US: Microsoft
CVE-2012-0142
RESERVED
+ NOT-FOR-US: Microsoft
CVE-2012-0141
RESERVED
+ NOT-FOR-US: Microsoft
CVE-2012-0140
RESERVED
+ NOT-FOR-US: Microsoft
CVE-2012-0139
RESERVED
+ NOT-FOR-US: Microsoft
CVE-2012-0138 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly
handle ...)
NOT-FOR-US: Microsoft
CVE-2012-0137 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly
handle ...)
@@ -5817,17 +5824,17 @@
CVE-2012-0134
RESERVED
CVE-2012-0133 (HP ProCurve 5400 zl switches with certain serial numbers include
a ...)
- TODO: check
+ NOT-FOR-US: HP ProCurve
CVE-2012-0132 (Cross-site scripting (XSS) vulnerability in HP Business
Availability ...)
- TODO: check
+ NOT-FOR-US: HP Business Availability
CVE-2012-0131 (Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX
...)
NOT-FOR-US: HP HP-UX
CVE-2012-0130 (HP Onboard Administrator (OA) before 3.50 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: HP Onboard Administrator
CVE-2012-0129 (HP Onboard Administrator (OA) before 3.50 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: HP Onboard Administrator
CVE-2012-0128 (HP Onboard Administrator (OA) before 3.50 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: HP Onboard Administrator
CVE-2012-0127 (Unspecified vulnerability in HP Performance Manager 9.00 allows
remote ...)
NOT-FOR-US: HP Performance Manager
CVE-2012-0126 (Unspecified vulnerability in the WBEM implementation in HP HP-UX
11.11 ...)
@@ -12233,6 +12240,7 @@
- libxml2 2.7.8.dfsg-5 (low; bug #643648)
[squeeze] - libxml2 <no-dsa> (denial-of-service only issue)
CVE-2011-2820 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
+ - chromium-browser <undetermined>
[squeeze] - chromium-browser <not-affected>
CVE-2011-2819 (Google Chrome before 13.0.782.107 allows remote attackers to
bypass ...)
- chromium-browser 13.0.782.107~r94237-1
@@ -14922,7 +14930,7 @@
NOT-FOR-US: Silverlight
CVE-2011-1843 (Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow
...)
- tinyproxy 1.8.2-2 (unimportant; bug #627503)
- [squeeze] - tinyproxy 1.8.2-1squeeze2
+ [squeeze] - tinyproxy 1.8.2-1squeeze2 (unimportant)
NOTE: Only exploitable through config files, which are under admin control
CVE-2011-1842 (dbus_backend/lsd.py in the D-Bus backend in language-selector
before ...)
NOT-FOR-US: Ubuntu-specific language-selector package
@@ -20405,6 +20413,8 @@
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <not-affected> (Only affects Firefox 4.0/3.6, not yet in
unstable)
- iceweasel <not-affected> (Only affects Firefox 4.0/3.6, not yet in
unstable)
+ - iceape <undetermined>
+ - icedove <undetermined>
CVE-2011-0080 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
@@ -20463,6 +20473,7 @@
[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
+ - icedove <undetermined>
CVE-2011-0072 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
@@ -20510,6 +20521,7 @@
[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
+ - icedove <undetermined>
CVE-2011-0066 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19
and ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
@@ -32588,6 +32600,7 @@
CVE-2010-0474
RESERVED
{DSA-2188-1}
+ - webkit <undetermined>
CVE-2010-0473
RESERVED
CVE-2010-0472 (kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2
9.7 FP1 ...)