[Secure-testing-commits] r14762 - in data: . CVE

Moritz Muehlenhoff Fri, 28 May 2010 14:30:25 -0700

Author: jmm-guest
Date: 2010-05-28 21:30:13 +0000 (Fri, 28 May 2010)
New Revision: 14762


Modified:
   data/CVE/list
   data/mops.txt
Log:
- new ocsinventory issue (unimportant)
- remove some TODOs, such issues are usually only fixed by Mozilla
  over a long time
- MOPS updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-05-28 21:15:43 UTC (rev 14761)
+++ data/CVE/list       2010-05-28 21:30:13 UTC (rev 14762)
@@ -258,17 +258,14 @@
        - xulrunner <unfixed> (unimportant)
        - iceape <unfixed> (unimportant)
        NOTE: these poc's do lead to heavy resource consumption on xulrunner 
1.9.1.9, but it does not crash (that may be a windows-specific symptom)
-       TODO: check 3.6.3
 CVE-2010-1987 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers 
to ...)
        - xulrunner <unfixed> (unimportant)
        - iceape <unfixed> (unimportant)
        NOTE: these poc's do lead to heavy resource consumption on xulrunner 
1.9.1.9, but it does not crash (that may be a windows-specific symptom)
-       TODO: check 3.6.3
 CVE-2010-1986 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers 
to ...)
        - xulrunner <unfixed> (unimportant)
        - iceape <unfixed> (unimportant)
        NOTE: these poc's do lead to heavy resource consumption on xulrunner 
1.9.1.9, but it does not crash (that may be a windows-specific symptom)
-       TODO: check 3.6.3
 CVE-2010-1985 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
        NOT-FOR-US: Six Apart Movable type
 CVE-2010-1984 (Cross-site scripting (XSS) vulnerability in the Taxonomy 
Breadcrumb ...)
@@ -851,8 +848,8 @@
 CVE-2010-1734 (The SfnINSTRING function in win32k.sys in the kernel in 
Microsoft ...)
        NOT-FOR-US: Microsoft Windows
 CVE-2010-1733 (Multiple SQL injection vulnerabilities in OCS Inventory NG 
before ...)
-       - ocsinventory-server <undetermined>
-       TODO: check
+       - ocsinventory-server <unfixed> (unimportant)
+       NOTE: Authentication is needed, only supported in trusted environments, 
see debtags
 CVE-2010-1732 (Cross-site request forgery (CSRF) vulnerability in the users 
module in ...)
        NOT-FOR-US: Zikula Application Framework
 CVE-2010-1731 (Google Chrome on the HTC Hero allows remote attackers to cause 
a ...)

Modified: data/mops.txt
===================================================================
--- data/mops.txt       2010-05-28 21:15:43 UTC (rev 14761)
+++ data/mops.txt       2010-05-28 21:30:13 UTC (rev 14762)
@@ -40,3 +40,9 @@
 038: no CVE yet; Only triggerable by malicious script
 039: no CVE yet; Only triggerable by malicious script
 040: no CVE yet; Only triggerable by malicious script
+041: no CVE yet; Only triggerable by malicious script
+042: no CVE yet; Only triggerable by malicious script
+043: no CVE yet; Only triggerable by malicious script
+044: no CVE yet; Only triggerable by malicious script
+045: no CVE yet; Only triggerable by malicious script
+046: no CVE yet; Only triggerable by malicious script


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r14762 - in data: . CVE

Reply via email to