diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2011-01-27 20:04:26 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2011-01-27 20:04:26 +0000 |
| commit | 3eb79aa5662e407a3147eea0dbdc682332a7b4ad (patch) | |
| tree | d5979a9efa1af6de90b4339d72fc353cf8e8b4a7 /data | |
| parent | 5b01ac2b2f02f359b7fbe3173783365f0dee4f46 (diff) | |
- hplip fixed
- otrs issues don't affect Lenny
- qemu unimportant
- update bip description
- mark remaining webkit/lenny issues as no-dsa
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@15990 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/data/CVE/list b/data/CVE/list index f2a4d0f622..d548d0ff69 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1820,7 +1820,7 @@ CVE-2010-4530 (Signedness error in ccid_serial.c in libccid in the USB Chip/Smar - ccid 1.3.11-2 (unimportant; bug #607780) NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356 NOTE: Theoretical attack -CVE-2011-XXXX [unspecified denial of service] +CVE-2011-XXXX [remote DoS when case of the characters of a nickname is modified] - bip 0.8.7-1 [squeeze] - bip 0.8.2-1squeeze3 [lenny] - bip <not-affected> (Vulnerable code not present) @@ -1948,8 +1948,9 @@ CVE-2011-0012 RESERVED CVE-2011-0011 [qemu-kvm: Setting VNC password to empty string silently disables all authentication] RESERVED - - qemu <unfixed> (bug #611134) - - kvm <removed> (bug #611134) + - qemu <unfixed> (unimportant; bug #611134) + - kvm <removed> (unimportant; bug #611134) + NOTE: Harmless implementation bug, see discussion in #611134 CVE-2011-0010 (check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is ...) - sudo 1.7.4p4-6 (bug #609641) [lenny] - sudo <not-affected> (Only affects 1.7.x) @@ -2570,7 +2571,7 @@ CVE-2010-4269 (SQL injection vulnerability in managechat.php in Collabtive 0.65 CVE-2010-4268 (SQL injection vulnerability in the Pulse Infotech Flip Wall ...) NOT-FOR-US: Pulse Infotech CVE-2010-4267 (Stack-based buffer overflow in the hpmud_get_pml function in ...) - - hplip <unfixed> (bug #610960) + - hplip 3.10.6-2 (bug #610960) CVE-2010-4266 RESERVED CVE-2010-4265 (The ...) @@ -2717,6 +2718,7 @@ CVE-2010-4207 (Cross-site scripting (XSS) vulnerability in the Flash component . - yui 2.8.2r1~squeeze-1 (bug #603513) CVE-2010-4206 (Array index error in the FEBlend::apply function in ...) - webkit 1.2.6-1 + [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-2 NOTE: http://trac.webkit.org/changeset/70652 CVE-2010-4205 (Google Chrome before 7.0.517.44 does not properly handle the data ...) @@ -2726,6 +2728,7 @@ CVE-2010-4205 (Google Chrome before 7.0.517.44 does not properly handle the data NOTE: http://trac.webkit.org/changeset/70550 CVE-2010-4204 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before ...) - webkit 1.2.6-1 + [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-2 NOTE: https://bugs.webkit.org/show_bug.cgi?id=48281 NOTE: http://trac.webkit.org/changeset/70517 @@ -2746,11 +2749,13 @@ CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast NOTE: http://trac.webkit.org/changeset/69936 CVE-2010-4198 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before ...) - webkit 1.2.6-1 + [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-2 NOTE: http://trac.webkit.org/changeset/69735 NOTE: style fix change set: http://trac.webkit.org/changeset/69801 CVE-2010-4197 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...) - webkit 1.2.6-1 + [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-2 NOTE: http://trac.webkit.org/changeset/70594 CVE-2010-4196 @@ -3042,6 +3047,7 @@ CVE-2010-4072 (The copy_shmid_to_user function in ipc/shm.c in the Linux kernel - linux-2.6 2.6.32-29 (low) CVE-2010-4071 (Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS ...) - otrs2 2.4.9+dfsg1-1 + [lenny] - otrs2 <not-affected> (Only affects OTRS 2.4) CVE-2010-4070 (Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper ...) NOT-FOR-US: portmap.exe CVE-2010-4069 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x ...) @@ -3117,6 +3123,7 @@ CVE-2010-4043 (Opera before 10.63 does not prevent interpretation of a cross-ori NOT-FOR-US: Opera CVE-2010-4042 (Google Chrome before 7.0.517.41 does not properly handle element maps, ...) - webkit 1.2.6-1 + [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser 6.0.472.63~r59945-1 NOTE: http://trac.webkit.org/changeset/68096 CVE-2010-4041 (The sandbox implementation in Google Chrome before 7.0.517.41 on Linux ...) @@ -3708,6 +3715,7 @@ CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c - freetype 2.4.2-2.1 (bug #602221) CVE-2010-3813 (The WebCore::HTMLLinkElement::process function in ...) - webkit 1.2.6-1 + [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser <undetermined> CVE-2010-3812 (Integer overflow in the Text::wholeText method in dom/Text.cpp in ...) - webkit 1.2.6-1 @@ -4635,6 +4643,7 @@ CVE-2010-3500 (Unspecified vulnerability in the Siebel Core - Highly Interactive NOT-FOR-US: Oracle Siebel Suite CVE-2010-3476 (Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before ...) - otrs2 2.4.8+dfsg1-1 + [lenny] - otrs2 <not-affected> (Only affects OTRS 2.3 and 2.4) CVE-2010-3475 (IBM DB2 9.7 before FP3 does not properly enforce privilege ...) NOT-FOR-US: IBM DB2 CVE-2010-3474 (IBM DB2 9.7 before FP3 does not perform the expected drops or ...) @@ -8392,6 +8401,7 @@ CVE-2010-2081 RESERVED CVE-2010-2080 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...) - otrs2 2.4.8+dfsg1-1 + [lenny] - otrs2 <not-affected> (Only affects OTRS 2.3 and 2.4) CVE-2009-4879 (The Identity Server in Novell Access Manager before 3.1 SP1 allows ...) NOT-FOR-US: Novell Access Manager CVE-2009-4878 (Unspecified vulnerability in the Administration Console in Novell ...) @@ -9177,6 +9187,7 @@ CVE-2010-1792 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 NOTE: Chromium uses a totally different regexp implementation. CVE-2010-1791 (Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac ...) - webkit 1.2.6-1 + [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) - chromium-browser <not-affected> NOTE: this is specific to Safari's JavaScript engine CVE-2010-1790 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) |