Author: joeyh
Date: 2012-01-03 21:14:24 +0000 (Tue, 03 Jan 2012)
New Revision: 18014
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-01-03 21:09:56 UTC (rev 18013)
+++ data/CVE/list 2012-01-03 21:14:24 UTC (rev 18014)
@@ -1,3 +1,65 @@
+CVE-2012-0286
+ RESERVED
+CVE-2012-0285
+ RESERVED
+CVE-2012-0284
+ RESERVED
+CVE-2012-0283
+ RESERVED
+CVE-2012-0282
+ RESERVED
+CVE-2012-0281
+ RESERVED
+CVE-2012-0280
+ RESERVED
+CVE-2012-0279
+ RESERVED
+CVE-2012-0278
+ RESERVED
+CVE-2012-0277
+ RESERVED
+CVE-2012-0276
+ RESERVED
+CVE-2012-0275
+ RESERVED
+CVE-2012-0274
+ RESERVED
+CVE-2012-0273
+ RESERVED
+CVE-2012-0272
+ RESERVED
+CVE-2012-0271
+ RESERVED
+CVE-2012-0270
+ RESERVED
+CVE-2012-0269
+ RESERVED
+CVE-2012-0268
+ RESERVED
+CVE-2012-0267
+ RESERVED
+CVE-2012-0266
+ RESERVED
+CVE-2012-0265
+ RESERVED
+CVE-2011-5046 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7
...)
+ TODO: check
+CVE-2011-5045 (Cross-site scripting (XSS) vulnerability in details_view.php in
PHP ...)
+ TODO: check
+CVE-2011-5044 (SopCast 3.4.7.45585 uses weak permissions (Everyone:Full
Control) for ...)
+ TODO: check
+CVE-2011-5043 (TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause
a ...)
+ TODO: check
+CVE-2011-5042 (Cross-site scripting (XSS) vulnerability in
inc/lib/lib.base.php in ...)
+ TODO: check
+CVE-2011-5041 (Multiple cross-site scripting (XSS) vulnerabilities in Pulse
Pro CMS ...)
+ TODO: check
+CVE-2011-5040 (Multiple cross-site scripting (XSS) vulnerabilities in
Infoproject ...)
+ TODO: check
+CVE-2011-5039 (Multiple SQL injection vulnerabilities in Infoproject Biznis
Heroj ...)
+ TODO: check
+CVE-2011-5038 (SQL injection vulnerability in hitCode hitAppoint 4.5.17 and
possibly ...)
+ TODO: check
CVE-2011-5037 (Google V8 computes hash values for form parameters without
restricting ...)
- libv8 <unfixed> (bug #653962)
CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6
computes ...)
@@ -905,8 +967,8 @@
- phpmyadmin 4:3.4.9-1
CVE-2011-4779
REJECTED
-CVE-2011-4778
- RESERVED
+CVE-2011-4778 (Cross-site scripting (XSS) vulnerability in Splunk Web in
Splunk 4.2.x ...)
+ TODO: check
CVE-2011-4777 (Cross-site scripting (XSS) vulnerability in the Site Editor
(aka ...)
NOT-FOR-US: Plesk
CVE-2011-4776 (Multiple cross-site scripting (XSS) vulnerabilities in the
Control ...)
@@ -1410,12 +1472,12 @@
NOT-FOR-US: Wordpress plugin
CVE-2011-4645
RESERVED
-CVE-2011-4644
- RESERVED
-CVE-2011-4643
- RESERVED
-CVE-2011-4642
- RESERVED
+CVE-2011-4644 (Splunk 4.2.5 and earlier, when free mode is used, does not
perform ...)
+ TODO: check
+CVE-2011-4643 (Multiple directory traversal vulnerabilities in Splunk 4.x
before ...)
+ TODO: check
+CVE-2011-4642 (mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not
properly ...)
+ TODO: check
CVE-2003-1597
RESERVED
CVE-2011-4641
@@ -1480,14 +1542,13 @@
CVE-2011-4621
RESERVED
- linux-2.6 <unfixed>
-CVE-2011-4620
- RESERVED
+CVE-2011-4620 (Buffer overflow in the ulSetError function in util/ulError.cxx
in PLIB ...)
+ TODO: check
CVE-2011-4619
RESERVED
CVE-2011-4618
RESERVED
-CVE-2011-4617 [python-virtualenv: insecure /tmp file handling]
- RESERVED
+CVE-2011-4617 (virtualenv.py in virtualenv before 1.5 allows local users to
overwrite ...)
- python-virtualenv 1.4.9-1 (low; bug #652653)
[lenny] - python-virtualenv <no-dsa> (Minor issue)
[squeeze] - python-virtualenv <no-dsa> (Minor issue)
@@ -1611,6 +1672,7 @@
RESERVED
CVE-2011-4579 [SVQ1 issue]
RESERVED
+ {DSA-2378-1}
- libav 4:0.7.3-1
- ffmpeg <removed>
- ffmpeg-debian <end-of-life>
@@ -2142,6 +2204,7 @@
NOTE: duplicate of CVE-2011-4090
CVE-2011-4364 [vmd_decode buffer overflow]
RESERVED
+ {DSA-2378-1}
- libav 4:0.7.3-1
- ffmpeg <removed>
- ffmpeg-debian <end-of-life>
@@ -2191,6 +2254,7 @@
[lenny] - openssl <no-dsa> (Minor issue)
CVE-2011-4353 [VP5/VP6 DoS]
RESERVED
+ {DSA-2378-1}
- libav 4:0.7.3-1
- ffmpeg <removed>
- ffmpeg-debian <end-of-life>
@@ -2207,6 +2271,7 @@
NOTE: http://article.gmane.org/gmane.comp.video.libav.devel/15182
CVE-2011-4351 [QDM2 buffer overflow]
RESERVED
+ {DSA-2378-1}
- libav 4:0.7.3-1
- ffmpeg <removed>
- ffmpeg-debian <end-of-life>
@@ -4319,18 +4384,15 @@
RESERVED
CVE-2011-3670
RESERVED
-CVE-2011-3669
- RESERVED
+CVE-2011-3669 (Cross-site request forgery (CSRF) vulnerability in
attachment.cgi in ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <no-dsa> (Minor issue)
[lenny] - bugzilla <no-dsa> (Minor issue)
-CVE-2011-3668
- RESERVED
+CVE-2011-3668 (Cross-site request forgery (CSRF) vulnerability in post_bug.cgi
in ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <no-dsa> (Minor issue)
[lenny] - bugzilla <no-dsa> (Minor issue)
-CVE-2011-3667
- RESERVED
+CVE-2011-3667 (The User.offer_account_by_email WebService method in Bugzilla
2.x and ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <no-dsa> (Minor issue)
[lenny] - bugzilla <no-dsa> (Minor issue)
@@ -4368,8 +4430,7 @@
[lenny] - iceweasel <not-affected> (Only affects Firefox >= 8)
[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 8)
- iceape <not-affected> (Only affects Firefox >= 8)
-CVE-2011-3657
- RESERVED
+CVE-2011-3657 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla
2.x ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <no-dsa> (Minor issue)
[lenny] - bugzilla <no-dsa> (Minor issue)
@@ -9959,8 +10020,8 @@
- iceweasel 4.0.1-1 (unimportant)
CVE-2011-1711 (Unspecified vulnerability in the Mobility Pack 1.1.2 and
earlier in ...)
NOT-FOR-US: Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer
-CVE-2011-1710
- RESERVED
+CVE-2011-1710 (Multiple integer overflows in the HTTP server in the Novell
XTier ...)
+ TODO: check
CVE-2011-1709 (GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is
used, ...)
- gdm3 <not-affected> (Vulnerable code patched out in Debian package in
sid, patched in 3.0.4 experimental)
- gdm <not-affected> (Vulnerable code not present)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
