Author: jmm
Date: 2011-10-31 19:33:36 +0000 (Mon, 31 Oct 2011)
New Revision: 17535
Modified:
data/CVE/list
Log:
- new chrome issues
- new openldap issue
- NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-10-31 07:36:35 UTC (rev 17534)
+++ data/CVE/list 2011-10-31 19:33:36 UTC (rev 17535)
@@ -334,7 +334,8 @@
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.37 with
eaf06b241b091357e72b76863ba16e89610d31bd)
[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.37 with
eaf06b241b091357e72b76863ba16e89610d31bd)
CVE-2011-4079 (Off-by-one error in the UTF8StringNormalize function in
OpenLDAP ...)
- TODO: check
+ - openldap <unfixed>
+ NOTE: Might not be exploitable, see Red Hat bz
CVE-2011-4078
RESERVED
CVE-2011-4077
@@ -471,7 +472,7 @@
CVE-2011-4027
RESERVED
CVE-2011-4026 (SQL injection vulnerability in thanks.php in NexusPHP 1.5
allows ...)
- TODO: check
+ NOT-FOR-US: NexusPHP
CVE-2010-4963 (SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8
allows ...)
NOT-FOR-US: Hulihan BXR
CVE-2010-4962 (Unspecified vulnerability in the Webkit PDFs (webkitpdf)
extension ...)
@@ -716,7 +717,7 @@
CVE-2011-4005
RESERVED
CVE-2011-4004 (Buffer overflow in the ATAS32 processing functionality in the
Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco Webex
CVE-2011-4003
RESERVED
CVE-2011-4002
@@ -756,9 +757,9 @@
CVE-2011-3985
RESERVED
CVE-2011-3984 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM
5.1 and ...)
- TODO: check
+ NOT-FOR-US: KENT-WEB WEB FORUM
CVE-2011-3983 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM
5.1 and ...)
- TODO: check
+ NOT-FOR-US: KENT-WEB WEB FORUM
CVE-2011-3982 (The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and
7.1 ...)
NOT-FOR-US: IBM AIX driver
CVE-2010-4869 (SQL injection vulnerability in index.php in DBHcms 1.1.4 allows
remote ...)
@@ -988,39 +989,56 @@
CVE-2011-3892
RESERVED
CVE-2011-3891 (Google Chrome before 15.0.874.102 does not properly restrict
access to ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3890 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3889 (Heap-based buffer overflow in the Web Audio implementation in
Google ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3888 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3887 (Google Chrome before 15.0.874.102 does not properly handle
javascript: ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3886 (Google V8, as used in Google Chrome before 15.0.874.102, allows
remote ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3885 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3884 (Google Chrome before 15.0.874.102 does not properly address
timing ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3883 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3882 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3881 (Google Chrome before 15.0.874.102 allows remote attackers to
bypass ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3880 (Google Chrome before 15.0.874.102 does not prevent use of an
...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3879 (Google Chrome before 15.0.874.102 does not prevent redirects to
...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3878 (Race condition in Google Chrome before 15.0.874.102 allows
remote ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3877 (Cross-site scripting (XSS) vulnerability in the appcache
internals ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3876 (Google Chrome before 15.0.874.102 does not properly handle
downloading ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3875 (Google Chrome before 15.0.874.102 does not properly handle drag
and ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3874
RESERVED
CVE-2011-3873 (Google Chrome before 14.0.835.202 does not properly implement
shader ...)
@@ -2252,7 +2270,7 @@
CVE-2011-3384 (Cross-site scripting (XSS) vulnerability in the Sage add-on
1.3.10 and ...)
NOT-FOR-US: Sage
CVE-2011-3383 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM
5.1 and ...)
- TODO: check
+ NOT-FOR-US: KENT-WEB WEB FORUM
CVE-2011-3382 (Cross-site scripting (XSS) vulnerability in Phorum before
5.2.16 ...)
NOT-FOR-US: Phorum
CVE-2011-3381 (Cross-site request forgery (CSRF) vulnerability in Phorum
before ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
