automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@17252 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2011-09-15 21:14:23 +0000
committer: Joey Hess <joeyh@debian.org> 2011-09-15 21:14:23 +0000
commit: 44ba508223908a68296155512748c3dbc9b681a9 (patch)
tree: f4f898613b59a5bb63a64d3d6aac780bd6dc47db /data
parent: ffd68fb9507b4f106c401f98e59705a41d37b419 (diff)
1 files changed, 64 insertions, 63 deletions
diff --git a/data/CVE/list b/data/CVE/list
index b9e63f6c89..9e287f8d7c 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,15 @@
+CVE-2011-3481 (The index_get_ids function in index.c in imapd in Cyrus IMAP Server ...)
+	TODO: check
+CVE-2011-3480
+	RESERVED
+CVE-2011-3479
+	RESERVED
+CVE-2011-3478
+	RESERVED
+CVE-2011-3477
+	RESERVED
+CVE-2011-3476
+	RESERVED
 CVE-2011-XXXX
 	- tahoe-lafs 1.8.3-1 (bug #641540)
 CVE-2011-3475
@@ -140,16 +152,19 @@ CVE-2011-XXXX [Django several vulnerabilities]
 	NOTE: https://www.djangoproject.com/weblog/2011/sep/10/127/
 	NOTE: CVE id requested on oss-security
 CVE-2011-3482 [Wireshark CSN.1 dissector vulnerability]
+	RESERVED
 	- wireshark <unfixed>
 	[squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
 	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-16.html
 CVE-2011-3483 [Wireshark buffer exception handling vulnerability]
+	RESERVED
 	- wireshark <unfixed>
 	[squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
 	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-14.html
 CVE-2011-3484 [Wireshark OpenSafety dissector vulnerability]
+	RESERVED
 	- wireshark <unfixed>
 	[squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
 	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
@@ -675,8 +690,7 @@ CVE-2011-3210
 	[squeeze] - openssl <no-dsa> (Minor issue)
 CVE-2011-3209
 	RESERVED
-CVE-2011-3208
-	RESERVED
+CVE-2011-3208 (Stack-based buffer overflow in the split_wildmats function in nntpd.c ...)
 	- cyrus-imapd-2.2 <unfixed> (medium)
 	- cyrus-imapd-2.4 <unfixed> (medium)
 	- kolab-cyrus-imapd <unfixed> (medium)
@@ -2326,8 +2340,8 @@ CVE-2011-2597 (The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1
 	NOTE: no code injection, not treated as a security issue, see README.Debian.security
 CVE-2011-2596
 	RESERVED
-CVE-2011-2595
-	RESERVED
+CVE-2011-2595 (Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build ...)
+	TODO: check
 CVE-2011-2594 (Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other ...)
 	TODO: check
 CVE-2011-2593
@@ -2354,8 +2368,8 @@ CVE-2011-2583
 	RESERVED
 CVE-2011-2582
 	RESERVED
-CVE-2011-2581
-	RESERVED
+CVE-2011-2581 (The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before ...)
+	TODO: check
 CVE-2011-2580
 	RESERVED
 CVE-2011-2579
@@ -2704,41 +2718,29 @@ CVE-2011-2444
 	RESERVED
 CVE-2011-2443
 	RESERVED
-CVE-2011-2442
-	RESERVED
+CVE-2011-2442 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2441
-	RESERVED
+CVE-2011-2441 (Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2440
-	RESERVED
+CVE-2011-2440 (Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2439
-	RESERVED
+CVE-2011-2439 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2438
-	RESERVED
+CVE-2011-2438 (Multiple stack-based buffer overflows in the image-parsing library in ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2437
-	RESERVED
+CVE-2011-2437 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2436
-	RESERVED
+CVE-2011-2436 (Heap-based buffer overflow in the image-parsing library in Adobe ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2435
-	RESERVED
+CVE-2011-2435 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2434
-	RESERVED
+CVE-2011-2434 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2433
-	RESERVED
+CVE-2011-2433 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2432
-	RESERVED
+CVE-2011-2432 (Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2431
-	RESERVED
+CVE-2011-2431 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
 CVE-2011-2430
 	RESERVED
@@ -3274,8 +3276,8 @@ CVE-2011-2204 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x bef
 	[lenny] - tomcat6 <no-dsa> (Minor issue)
 	[squeeze] - tomcat6 <no-dsa> (Minor issue)
 	- tomcat7 7.0.16-3 (low; bug #632882)
-CVE-2011-2201
-	RESERVED
+CVE-2011-2201 (The Data::FormValidator module 4.66 and earlier for Perl, when ...)
+	TODO: check
 CVE-2011-2200 (The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus ...)
 	- dbus 1.4.12-1 (low; bug #629938)
 	[squeeze] - dbus 1.2.24-4+squeeze1
@@ -3888,30 +3890,30 @@ CVE-2011-1993
 	RESERVED
 CVE-2011-1992
 	RESERVED
-CVE-2011-1991
-	RESERVED
-CVE-2011-1990
-	RESERVED
-CVE-2011-1989
-	RESERVED
-CVE-2011-1988
-	RESERVED
-CVE-2011-1987
-	RESERVED
-CVE-2011-1986
-	RESERVED
+CVE-2011-1991 (Multiple untrusted search path vulnerabilities in Microsoft Windows XP ...)
+	TODO: check
+CVE-2011-1990 (Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; ...)
+	TODO: check
+CVE-2011-1989 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel ...)
+	TODO: check
+CVE-2011-1988 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; ...)
+	TODO: check
+CVE-2011-1987 (Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in ...)
+	TODO: check
+CVE-2011-1986 (Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote ...)
+	TODO: check
 CVE-2011-1985
 	RESERVED
-CVE-2011-1984
-	RESERVED
+CVE-2011-1984 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and ...)
+	TODO: check
 CVE-2011-1983
 	RESERVED
-CVE-2011-1982
-	RESERVED
+CVE-2011-1982 (Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize ...)
+	TODO: check
 CVE-2011-1981
 	RESERVED
-CVE-2011-1980
-	RESERVED
+CVE-2011-1980 (Untrusted search path vulnerability in Microsoft Office 2003 SP3 and ...)
+	TODO: check
 CVE-2011-1979 (Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate ...)
 	NOT-FOR-US: Microsoft Visio
 CVE-2011-1978 (Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly ...)
@@ -4146,14 +4148,14 @@ CVE-2011-1895
 	RESERVED
 CVE-2011-1894 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2011-1893
-	RESERVED
-CVE-2011-1892
-	RESERVED
-CVE-2011-1891
-	RESERVED
-CVE-2011-1890
-	RESERVED
+CVE-2011-1893 (Cross-site scripting (XSS) vulnerability in Microsoft Office ...)
+	TODO: check
+CVE-2011-1892 (Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and ...)
+	TODO: check
+CVE-2011-1891 (Cross-site scripting (XSS) vulnerability in Microsoft Windows ...)
+	TODO: check
+CVE-2011-1890 (Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft ...)
+	TODO: check
 CVE-2011-1889 (The NSPLookupServiceNext function in the client in Microsoft Forefront ...)
 	NOT-FOR-US: Microsoft Forefront Threat Management Gateway
 CVE-2011-1888 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 ...)
@@ -5775,8 +5777,7 @@ CVE-2011-1355 (Open redirect vulnerability in IBM WebSphere Application Server (
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2011-1354
 	RESERVED
-CVE-2011-1353
-	RESERVED
+CVE-2011-1353 (Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
 CVE-2011-1352
 	RESERVED
@@ -6015,7 +6016,7 @@ CVE-2011-1254 (Microsoft Internet Explorer 6 through 8 does not properly handle
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1253
 	RESERVED
-CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API in ...)
+CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the SafeHTML function in ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1251 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
 	NOT-FOR-US: Microsoft Internet Explorer
@@ -7908,8 +7909,8 @@ CVE-2011-0655 (Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 20
 	NOT-FOR-US: Microsoft
 CVE-2011-0654 (Integer underflow in the BowserWriteErrorLogEntry function in the ...)
 	NOT-FOR-US: Windows 2003
-CVE-2011-0653
-	RESERVED
+CVE-2011-0653 (Cross-site scripting (XSS) vulnerability in Microsoft Office ...)
+	TODO: check
 CVE-2011-0652 (lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 ...)
 	NOT-FOR-US: Look 'n' Stop Firewall
 CVE-2011-0651 (Buffer overflow in the key exchange functionality in Icon Labs ...)
author	Joey Hess <joeyh@debian.org>	2011-09-15 21:14:23 +0000
committer	Joey Hess <joeyh@debian.org>	2011-09-15 21:14:23 +0000
commit	44ba508223908a68296155512748c3dbc9b681a9 (patch)
tree	f4f898613b59a5bb63a64d3d6aac780bd6dc47db /data
parent	ffd68fb9507b4f106c401f98e59705a41d37b419 (diff)