Author: joeyh
Date: 2011-03-09 21:15:05 +0000 (Wed, 09 Mar 2011)
New Revision: 16344
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-03-09 21:12:33 UTC (rev 16343)
+++ data/CVE/list 2011-03-09 21:15:05 UTC (rev 16344)
@@ -1,3 +1,37 @@
+CVE-2011-1322 (The SOAP with Attachments API for Java (SAAJ) implementation in
the ...)
+ TODO: check
+CVE-2011-1321 (The AuthCache purge implementation in the Security component in
IBM ...)
+ TODO: check
+CVE-2011-1320 (The Security component in IBM WebSphere Application Server
(WAS) ...)
+ TODO: check
+CVE-2011-1319 (The Security component in IBM WebSphere Application Server
(WAS) ...)
+ TODO: check
+CVE-2011-1318 (Memory leak in org.apache.jasper.runtime.JspWriterImpl.response
in the ...)
+ TODO: check
+CVE-2011-1317 (Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in
the ...)
+ TODO: check
+CVE-2011-1316 (The Session Initiation Protocol (SIP) Proxy in the HTTP
Transport ...)
+ TODO: check
+CVE-2011-1315 (Memory leak in the messaging engine in IBM WebSphere
Application ...)
+ TODO: check
+CVE-2011-1314 (The Service Integration Bus (SIB) messaging engine in IBM
WebSphere ...)
+ TODO: check
+CVE-2011-1313 (Double free vulnerability in IBM WebSphere Application Server
(WAS) ...)
+ TODO: check
+CVE-2011-1312 (The Administrative Console component in IBM WebSphere
Application ...)
+ TODO: check
+CVE-2011-1311 (The Security component in IBM WebSphere Application Server
(WAS) ...)
+ TODO: check
+CVE-2011-1310 (The Administrative Scripting Tools component in IBM WebSphere
...)
+ TODO: check
+CVE-2011-1309 (The Plug-in component in IBM WebSphere Application Server (WAS)
before ...)
+ TODO: check
+CVE-2011-1308 (Cross-site scripting (XSS) vulnerability in the Installation
...)
+ TODO: check
+CVE-2011-1307 (The installer in IBM WebSphere Application Server (WAS) before
...)
+ TODO: check
+CVE-2011-1306 (Unspecified vulnerability in the Scratchpad application in
Google ...)
+ TODO: check
CVE-2011-XXXX [gmime segfault]
- gmime2.4 <unfixed> (bug #616366)
CVE-2011-1305
@@ -491,15 +525,15 @@
RESERVED
- kde4libs <unfixed>
- kdelibs <undetermined>
- NOTE: http://seclists.org/oss-sec/2011/q1/434
- TODO: file a bug in BTS, check severity. check if kdelibs is affected too.
+ NOTE: http://seclists.org/oss-sec/2011/q1/434
+ TODO: file a bug in BTS, check severity. check if kdelibs is affected
too.
CVE-2011-1093
RESERVED
CVE-2011-1092 [PHP: shmop_read, missing sanity check]
RESERVED
- php5 <unfixed>
- NOTE: http://seclists.org/oss-sec/2011/q1/430
- TODO: determine severity. file a bts bug.
+ NOTE: http://seclists.org/oss-sec/2011/q1/430
+ TODO: determine severity. file a bts bug.
CVE-2011-1091
RESERVED
CVE-2011-1090
@@ -2263,20 +2297,16 @@
RESERVED
CVE-2011-0438
RESERVED
-CVE-2011-0437
- RESERVED
+CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management
implementation ...)
{DSA-2179-1}
- dtc 0.32.10-1
-CVE-2011-0436 [new users' unencrypted passwords emailed to admin]
- RESERVED
+CVE-2011-0436 (The register_user function in client/new_account_form.php in
Domain ...)
{DSA-2179-1}
- dtc 0.32.10-1 (bug #614302)
-CVE-2011-0435
- RESERVED
+CVE-2011-0435 (Domain Technologie Control (DTC) before 0.32.9 does not require
...)
{DSA-2179-1}
- dtc 0.32.10-1
-CVE-2011-0434
- RESERVED
+CVE-2011-0434 (Multiple SQL injection vulnerabilities in Domain Technologie
Control ...)
{DSA-2179-1}
- dtc 0.32.10-1
CVE-2011-0433 [linetoken() buffer overflow]
@@ -2349,15 +2379,15 @@
RESERVED
CVE-2011-0411
RESERVED
- TODO: lots of various other packages potentially affected, need to
check them, see http://www.kb.cert.org/vuls/id/555316
+ TODO: lots of various other packages potentially affected, need to
check them, see http://www.kb.cert.org/vuls/id/555316
- postfix 2.8.0-1
NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded
NOTE: http://www.postfix.org/announcements/postfix-2.7.3.html
NOTE: http://www.postfix.org/CVE-2011-0411.html
- - qmail <unfixed>
- [lenny] - qmail <no-dsa> (non-free doesn't get security support)
- [squeeze] - qmail <no-dsa> (non-free doesn't get security support)
- NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q
+ - qmail <unfixed>
+ [lenny] - qmail <no-dsa> (non-free doesn't get security support)
+ [squeeze] - qmail <no-dsa> (non-free doesn't get security support)
+ NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q
CVE-2011-0410 (CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for
...)
NOT-FOR-US: CollabNet ScrumWorks Basic
CVE-2011-0409
@@ -2491,10 +2521,10 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0346 (Use-after-free vulnerability in the ReleaseInterface function
in ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2011-0345
- RESERVED
-CVE-2011-0344
- RESERVED
+CVE-2011-0345 (Directory traversal vulnerability in the NMS server in
Alcatel-Lucent ...)
+ TODO: check
+CVE-2011-0344 (Multiple stack-based buffer overflows in unspecified CGI
programs in ...)
+ TODO: check
CVE-2011-0342
RESERVED
CVE-2011-0341
@@ -2885,8 +2915,8 @@
NOT-FOR-US: IBM Rational ClearQuest
CVE-2011-0280
RESERVED
-CVE-2011-0279
- RESERVED
+CVE-2011-0279 (HP Multifunction Peripheral (MFP) Digital Sending Software
(DSS) ...)
+ TODO: check
CVE-2011-0278 (Unspecified vulnerability in HP Web Jetadmin 10.2 Service
Release 3 ...)
NOT-FOR-US: HP Web Jetadmin
CVE-2011-0277 (Cross-site request forgery (CSRF) vulnerability in HP Power
Manager ...)
@@ -3387,8 +3417,7 @@
RESERVED
CVE-2011-0065
RESERVED
-CVE-2011-0064 [NULL pointer dereference in hb_buffer_add_glyph]
- RESERVED
+CVE-2011-0064 (The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as
used in ...)
{DSA-2178-1}
- pango1.0 1.28.3-2~sid1
[lenny] - pango1.0 <not-affected> (introduced in code cleanup)
@@ -3403,7 +3432,7 @@
CVE-2011-0060
RESERVED
CVE-2011-0059 (Cross-site request forgery (CSRF) vulnerability in Mozilla
Firefox ...)
- {DSA-2180-1}
+ {DSA-2187-1 DSA-2186-1 DSA-2180-1}
- icedove 3.0.11-2
[lenny] - icedove <end-of-life>
- xulrunner <removed>
@@ -3417,7 +3446,7 @@
- xulrunner <not-affected> (Windows-specific)
- iceweasel <not-affected> (Windows-specific)
CVE-2011-0057 (Use-after-free vulnerability in the Web Workers implementation
in ...)
- {DSA-2180-1}
+ {DSA-2187-1 DSA-2186-1 DSA-2180-1}
- icedove 3.0.11-2
[lenny] - icedove <end-of-life>
- xulrunner <not-affected> (Vulnerable code not present)
@@ -3426,7 +3455,7 @@
- iceape 2.0.12-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-0056 (Buffer overflow in the JavaScript engine in Mozilla Firefox
before ...)
- {DSA-2180-1}
+ {DSA-2187-1 DSA-2186-1 DSA-2180-1}
- icedove 3.0.11-2
[lenny] - icedove <end-of-life>
- xulrunner <removed>
@@ -3436,7 +3465,7 @@
- iceape 2.0.12-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in
Mozilla ...)
- {DSA-2180-1}
+ {DSA-2187-1 DSA-2186-1 DSA-2180-1}
- icedove 3.0.11-2
[lenny] - icedove <end-of-life>
- xulrunner <not-affected> (Vulnerable code not present)
@@ -3445,7 +3474,7 @@
- iceape 2.0.12-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-0054 (Buffer overflow in the JavaScript engine in Mozilla Firefox
before ...)
- {DSA-2180-1}
+ {DSA-2187-1 DSA-2186-1 DSA-2180-1}
- icedove 3.0.11-2
[lenny] - icedove <end-of-life>
- xulrunner <not-affected> (Vulnerable code not present)
@@ -3454,7 +3483,7 @@
- iceape 2.0.12-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-0053 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- {DSA-2180-1}
+ {DSA-2187-1 DSA-2186-1 DSA-2180-1}
- icedove 3.0.11-2
[lenny] - icedove <end-of-life>
- xulrunner <removed>
@@ -3466,7 +3495,7 @@
CVE-2011-0052
RESERVED
CVE-2011-0051 (Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and
SeaMonkey ...)
- {DSA-2180-1}
+ {DSA-2187-1 DSA-2186-1 DSA-2180-1}
- icedove 3.0.11-2
[lenny] - icedove <end-of-life>
- xulrunner <removed>
@@ -11872,7 +11901,7 @@
CVE-2010-1586 (Open redirect vulnerability in red2301.html in HP System
Management ...)
NOT-FOR-US: HP System Management Homepage
CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in the ...)
- {DSA-2180-1}
+ {DSA-2187-1 DSA-2186-1 DSA-2180-1}
- icedove 3.0.11-2
[lenny] - icedove <end-of-life>
- xulrunner <removed>
@@ -21465,8 +21494,8 @@
NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in
Symantec ...)
NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
-CVE-2009-3028
- RESERVED
+CVE-2009-3028 (The Altiris eXpress NS SC Download ActiveX control in ...)
+ TODO: check
CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous
Protection ...)
NOT-FOR-US: Symantec Backup Exec Continuous Protection Server
CVE-2009-3025 (Unspecified vulnerability in Pidgin 2.6.0 allows remote
attackers to ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
