[Secure-testing-commits] r16452 - data/CVE

2011-03-29 Thread Joey Hess 
Author: joeyh
Date: 2011-03-29 21:15:26 + (Tue, 29 Mar 2011)
New Revision: 16452

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2011-03-28 23:30:33 UTC (rev 16451)
+++ data/CVE/list   2011-03-29 21:15:26 UTC (rev 16452)
@@ -1,3 +1,15 @@
+CVE-2011-1524 (Cross-site scripting (XSS) vulnerability in the management 
login GUI ...)
+   TODO: check
+CVE-2011-1523
+   RESERVED
+CVE-2011-1522
+   RESERVED
+CVE-2010-4777
+   RESERVED
+CVE-2009-5063
+   RESERVED
+CVE-2006-7244
+   RESERVED
 CVE-2011-1520 (The default configuration of the server console in IBM Lotus 
Domino ...)
TODO: check
 CVE-2011-1519 (The remote console in the Server Controller in IBM Lotus Domino 
7.x ...)
@@ -5,6 +17,7 @@
 CVE-2011-1518
RESERVED
 CVE-2011-1521 [python urllib]
+   RESERVED
- python2.7 unfixed
- python2.6 unfixed
- python2.5 unfixed
@@ -305,8 +318,8 @@
RESERVED
 CVE-2011-1421
RESERVED
-CVE-2011-1420
-   RESERVED
+CVE-2011-1420 (EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris 
SPARC ...)
+   TODO: check
 CVE-2011-1419 (Apache Tomcat 7.x before 7.0.11, when web.xml has no security 
...)
- tomcat6 not-affected (Only affects Tomcat 7)
 CVE-2011-1418 (The stateless address autoconfiguration (aka SLAAC) 
functionality in ...)
@@ -930,8 +943,7 @@
[squeeze] - linux-2.6 not-affected (Introduced in 2.6.35)
 CVE-2011-1168
RESERVED
-CVE-2011-1167
-   RESERVED
+CVE-2011-1167 (Heap-based buffer overflow in the thunder (aka ThunderScan) 
decoder in ...)
- tiff unfixed (bug filed)
 CVE-2011-1166
RESERVED
@@ -2141,8 +2153,8 @@
TODO: check
 CVE-2011-0761
RESERVED
-CVE-2011-0760
-   RESERVED
+CVE-2011-0760 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
the ...)
+   TODO: check
 CVE-2011-0759 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
the ...)
TODO: check
 CVE-2010-4727 (Smarty before 3.0.0 beta 7 does not properly handle the 
lt;?php and ?gt; ...)
@@ -2725,8 +2737,8 @@
RESERVED
 CVE-2011-0546
RESERVED
-CVE-2011-0545
-   RESERVED
+CVE-2011-0545 (Cross-site request forgery (CSRF) vulnerability in adduser.do 
in ...)
+   TODO: check
 CVE-2011-0544
RESERVED
 CVE-2011-0543
@@ -2987,8 +2999,8 @@
RESERVED
 CVE-2011-0459
RESERVED
-CVE-2011-0458
-   RESERVED
+CVE-2011-0458 (Untrusted search path vulnerability in the Locate on Disk 
feature in ...)
+   TODO: check
 CVE-2011-0457 (Cross-site scripting (XSS) vulnerability in e107 0.7.22 and 
earlier ...)
TODO: check
 CVE-2011-0456 (Open Ticket Request System (OTRS) 2.3.4 and earlier allows 
remote ...)
@@ -3039,11 +3051,9 @@
{DSA-2195-1}
- php5 5.3.6-1 (bug #618489)
NOTE: Debian-specific
-CVE-2011-0440
-   RESERVED
+CVE-2011-0440 (Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x 
before ...)
- mahara 1.2.7-1
-CVE-2011-0439
-   RESERVED
+CVE-2011-0439 (Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 
1.2.7 ...)
- mahara 1.2.7-1
 CVE-2011-0438 (nslcd/pam.c in nss-pam-ldapd 0.8.0 PAM module returns a success 
code ...)
- nss-pam-ldapd not-affected (Only affects 0.8.0, which was only 
uploaded to experimental)
@@ -4592,8 +4602,8 @@
- openjdk-6 6b18-1.8.5-1
[squeeze] - openjdk-6 no-dsa (bug #614151)
[lenny] - openjdk-6 no-dsa (bug #614151)
-CVE-2011-0024
-   RESERVED
+CVE-2011-0024 (Heap-based buffer overflow in wiretap/pcapng.c in Wireshark 
before 1.2 ...)
+   TODO: check
 CVE-2011-0023
RESERVED
 CVE-2011-0022 (The setup scripts in 389 Directory Server 1.2.x (aka Red Hat 
Directory ...)
@@ -8024,11 +8034,9 @@
REJECTED
 CVE-2010-3277 (The installer in VMware Workstation 7.x before 7.1.2 build 
301548 and ...)
NOT-FOR-US: VMware Workstation
-CVE-2010-3276
-   RESERVED
+CVE-2010-3276 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 
allows ...)
- vlc unfixed
-CVE-2010-3275
-   RESERVED
+CVE-2010-3275 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 
allows ...)
- vlc unfixed
 CVE-2010-3274 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: ZOHO ManageEngine


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r16453 - data/CVE

2011-03-29 Thread Martin Schulze 
Author: joey
Date: 2011-03-29 22:14:36 + (Tue, 29 Mar 2011)
New Revision: 16453

Modified:
   data/CVE/list
Log:
[DSA 2206-1] New mahara packages fix several vulnerabilities

Modified: data/CVE/list
===
--- data/CVE/list   2011-03-29 21:15:26 UTC (rev 16452)
+++ data/CVE/list   2011-03-29 22:14:36 UTC (rev 16453)
@@ -3052,8 +3052,10 @@
- php5 5.3.6-1 (bug #618489)
NOTE: Debian-specific
 CVE-2011-0440 (Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x 
before ...)
+   {DSA-2206-1}
- mahara 1.2.7-1
 CVE-2011-0439 (Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 
1.2.7 ...)
+   {DSA-2206-1}
- mahara 1.2.7-1
 CVE-2011-0438 (nslcd/pam.c in nss-pam-ldapd 0.8.0 PAM module returns a success 
code ...)
- nss-pam-ldapd not-affected (Only affects 0.8.0, which was only 
uploaded to experimental)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r16454 - in data: CVE DSA

2011-03-29 Thread Moritz Muehlenhoff 
Author: jmm
Date: 2011-03-29 22:17:13 + (Tue, 29 Mar 2011)
New Revision: 16454

Modified:
   data/CVE/list
   data/DSA/list
Log:
mahara DSA
openldap updates


Modified: data/CVE/list
===
--- data/CVE/list   2011-03-29 22:14:36 UTC (rev 16453)
+++ data/CVE/list   2011-03-29 22:17:13 UTC (rev 16454)
@@ -1268,7 +1268,9 @@
RESERVED
- linux-2.6 2.6.38-1 (low)
 CVE-2011-1081 (modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote 
...)
-   TODO: check
+   - openldap unfixed (low; bug #617606)
+   [lenny] - openldap no-dsa (Minor issue)
+   [squeeze] - openldap no-dsa (Minor issue)
 CVE-2011-1080
RESERVED
- linux-2.6 unfixed (low)
@@ -1437,9 +1439,8 @@
 CVE-2011-1026
RESERVED
 CVE-2011-1025 (bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not 
require ...)
-   - openldap unfixed (low; bug #617606)
-   [squeeze] - openldap no-dsa (Minor issue)
-   [lenny] - openldap not-affected (Vulnerable code not present, 
introduced in 2.4.12)
+   - openldap unfixed (unimportant; bug #617606)
+   NOTE: NBD backend disabled in Debian builds
 CVE-2011-1024 (chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a 
...)
- openldap unfixed (low; bug #617606)
[lenny] - openldap no-dsa (Minor issue)

Modified: data/DSA/list
===
--- data/DSA/list   2011-03-29 22:14:36 UTC (rev 16453)
+++ data/DSA/list   2011-03-29 22:17:13 UTC (rev 16454)
@@ -1,3 +1,7 @@
+[29 Mar 2011] DSA-2206-1 mahara - several
+   {CVE-2011-0439 CVE-2011-0440}
+   [squeeze] - mahara 1.2.6-2+squeeze1
+   [lenny] - mahara 1.0.4-4+lenny8
 [28 Mar 2011] DSA-2205-1 gdm3 - privilege escalation
{CVE-2011-0727 }
[squeeze] - gdm3 2.30.5-6squeeze2


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r16455 - data/CVE

2011-03-29 Thread Moritz Muehlenhoff 
Author: jmm
Date: 2011-03-29 22:19:25 + (Tue, 29 Mar 2011)
New Revision: 16455

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===
--- data/CVE/list   2011-03-29 22:17:13 UTC (rev 16454)
+++ data/CVE/list   2011-03-29 22:19:25 UTC (rev 16455)
@@ -1,5 +1,5 @@
 CVE-2011-1524 (Cross-site scripting (XSS) vulnerability in the management 
login GUI ...)
-   TODO: check
+   NOT-FOR-US: Symantec LiveUpdate Administrator 
 CVE-2011-1523
RESERVED
 CVE-2011-1522
@@ -11,9 +11,9 @@
 CVE-2006-7244
RESERVED
 CVE-2011-1520 (The default configuration of the server console in IBM Lotus 
Domino ...)
-   TODO: check
+   NOT-FOR-US: Lotus Domino
 CVE-2011-1519 (The remote console in the Server Controller in IBM Lotus Domino 
7.x ...)
-   TODO: check
+   NOT-FOR-US: Lotus Domino
 CVE-2011-1518
RESERVED
 CVE-2011-1521 [python urllib]


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits