Author: jmm-guest
Date: 2010-05-11 18:44:29 +0000 (Tue, 11 May 2010)
New Revision: 14674
Modified:
data/CVE/list
Log:
- abcm2ps, dvipng, samhain fixed
- base is in the archive
- kolab-webclient issue also affects horde3
- new serendipity issue
- new jboss issues
- tomcat issue unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-05-11 09:45:44 UTC (rev 14673)
+++ data/CVE/list 2010-05-11 18:44:29 UTC (rev 14674)
@@ -1,5 +1,8 @@
CVE-2010-1850
RESERVED
+CVE-2010-XXXX [serendipity xinha issue]
+ - serendipity <unfixed>
+ [lenny] - serendipity <not-affected> (Only affects >= 1.4)
CVE-2010-1849
RESERVED
CVE-2010-1848
@@ -267,11 +270,11 @@
CVE-2009-4840 (Heap-based buffer overflow in the IAManager ActiveX control in
...)
NOT-FOR-US: Roxio CinePlayer
CVE-2009-4839 (Multiple cross-site scripting (XSS) vulnerabilities in Basic
Analysis ...)
- NOT-FOR-US: Basic Analysis Security Engine (BASE)
+ - acidbase <undetermined>
CVE-2009-4838 (SQL injection vulnerability in base_ag_common.php in Basic
Analysis ...)
- NOT-FOR-US: Basic Analysis Security Engine (BASE)
+ - acidbase <undetermined>
CVE-2009-4837 (Multiple cross-site scripting (XSS) vulnerabilities in Basic
Analysis ...)
- NOT-FOR-US: Basic Analysis and Security Engine (BASE)
+ - acidbase <undetermined>
CVE-2009-4836 (Eval injection vulnerability in system/services/init.php in
Movie PHP ...)
NOT-FOR-US: Movie PHP Script
CVE-2009-4835 (The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4)
pcm_init, ...)
@@ -640,7 +643,9 @@
NOT-FOR-US: 8pixel.net Blog
CVE-2009-4824 (Unspecified vulnerability in Kolab Webclient before 1.2.0 in
Kolab ...)
- kolab-webclient <undetermined>
+ - horde3 <unfixed>
NOTE: package only in experimental; claimed fixed in version 20091202,
but not enough info to check
+ NOTE:
http://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/server/patches/horde-webmail/1.2.0/tg/Attic/t_framework_H_JS_Form_FixFormSecurityForImageUploads.diff?rev=1.1.2.1&only_with_tag=kolab_2_2_branch
CVE-2009-4823 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: cPanel
CVE-2009-4822 (Multiple cross-site scripting (XSS) vulnerabilities in
index.php in ...)
@@ -821,8 +826,7 @@
CVE-2010-1491 (Directory traversal vulnerability in the MMS Blog (com_mmsblog)
...)
NOT-FOR-US: com_mmsblog component for joomla!
CVE-2009-4810 (The Secure Remote Password (SRP) implementation in Samhain
before ...)
- - samhain <undetermined>
- TODO: check
+ - samhain 2.5.4-1
CVE-2009-4809 (Directory traversal vulnerability in thumbnail.ghp in Easy File
...)
NOT-FOR-US: Easy File Sharing Web Server
CVE-2009-4808 (admin.php in Graugon PHP Article Publisher 1.0 allows remote
attackers ...)
@@ -1075,11 +1079,11 @@
CVE-2010-1430
RESERVED
CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or
JBEAP) ...)
- - jbossas4 <undetermined>
- TODO: check
+ - jbossas4 <unfixed> (bug filed)
+ [lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss
...)
- - jbossas4 <undetermined>
- TODO: check
+ - jbossas4 <unfixed> (bug filed)
+ [lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2010-1427 (Cross-site scripting (XSS) vulnerability in the SearchHighlight
plugin ...)
NOT-FOR-US: MODx Evolution
CVE-2010-1426 (SQL injection vulnerability in MODx Evolution before 1.0.3
allows ...)
@@ -1349,7 +1353,7 @@
CVE-2010-1303 (Multiple cross-site scripting (XSS) vulnerabilities in the
Taxonomy ...)
NOT-FOR-US: Drupal module
CVE-2010-XXXX [abcm2ps]
- - abcm2ps <unfixed> (low; bug #577014)
+ - abcm2ps 5.9.13-0.1 (low; bug #577014)
[lenny] - abcm2ps <no-dsa> (Minor issue)
CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the
DecryptWeb DW ...)
NOT-FOR-US: Joomla!
@@ -1747,8 +1751,9 @@
CVE-2010-1158 (Integer overflow in the regular expression engine in Perl 5.8.x
allows ...)
- perl <not-affected> (re engine rewritten for 5.10 to address issues
such as this; and proof-of-concept not effective)
CVE-2010-1157 (Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26
might ...)
- - tomcat6 <undetermined>
- TODO: check
+ - tomcat6 <unfixed> (unimportant)
+ TODO: File bug
+ NOTE: Negligable information disclosure
CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers
to ...)
- irssi 0.8.15-1 (low)
[lenny] - irssi <no-dsa> (Minor issue)
@@ -2739,7 +2744,7 @@
RESERVED
CVE-2010-0829
RESERVED
- - dvipng <unfixed> (low; bug filed)
+ - dvipng 1.13-1 (low; bug filed)
CVE-2010-0828 (Cross-site scripting (XSS) vulnerability in action/Despam.py in
the ...)
{DSA-2024-1}
- moin 1.9.2-3 (low; bug #575995)
@@ -3019,7 +3024,8 @@
- texlive-bin 2009-6 (low; bug #560668)
[lenny] - texlive-bin <no-dsa> (minor issue)
CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss
Enterprise ...)
- - jbossas4 <undetermined>
+ - jbossas4 <unfixed> (bug filed)
+ [lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2010-0737
RESERVED
CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform
...)
@@ -14498,7 +14504,6 @@
TODO: VMware products
CVE-2009-1563
REJECTED
- NOTE: Tracked as CVE-2009-0689
CVE-2009-1562
RESERVED
CVE-2009-1561 (Cross-site request forgery (CSRF) vulnerability in
administration.cgi ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
