Author: joeyh
Date: 2010-06-24 21:14:28 +0000 (Thu, 24 Jun 2010)
New Revision: 14903
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-06-24 17:21:53 UTC (rev 14902)
+++ data/CVE/list 2010-06-24 21:14:28 UTC (rev 14903)
@@ -1,3 +1,5 @@
+CVE-2010-2433 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2010-2432 (The cupsDoAuthentication function in auth.c in the client in
CUPS ...)
TODO: check
CVE-2010-2431 (The cupsFileOpen function in CUPS before 1.4.4 allows local
users, ...)
@@ -4,22 +6,22 @@
TODO: check
CVE-2010-2430
RESERVED
-CVE-2010-2429
- RESERVED
-CVE-2010-2428
- RESERVED
+CVE-2010-2429 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through
4.1.2, ...)
+ TODO: check
+CVE-2010-2428 (Cross-site scripting (XSS) vulnerability in admin_loginok.html
in the ...)
+ TODO: check
CVE-2010-2427
RESERVED
-CVE-2010-2426
- RESERVED
-CVE-2010-2425
- RESERVED
+CVE-2010-2426 (Directory traversal vulnerability in TitanFTPd in South River
...)
+ TODO: check
+CVE-2010-2425 (Directory traversal vulnerability in TitanFTPd in South River
...)
+ TODO: check
CVE-2010-2424
RESERVED
CVE-2010-2423
RESERVED
-CVE-2010-2422
- RESERVED
+CVE-2010-2422 (Cross-site scripting (XSS) vulnerability in PortalTransforms in
Plone ...)
+ TODO: check
CVE-2010-2421 (Multiple unspecified vulnerabilities in Opera before 10.54 have
...)
TODO: check
CVE-2010-2420 (Multiple unspecified vulnerabilities in Fenrir Inc.
ActiveGeckoBrowser ...)
@@ -481,8 +483,8 @@
RESERVED
CVE-2010-2226
RESERVED
-CVE-2010-2225
- RESERVED
+CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage
unserializer in ...)
+ TODO: check
CVE-2010-2224
RESERVED
CVE-2010-2223
@@ -865,14 +867,13 @@
RESERVED
CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server
2.2.9 ...)
- apache2 <not-affected> (does not affect UNIX, only Windows, etc.)
-CVE-2010-2067
- RESERVED
+CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance
function ...)
+ TODO: check
CVE-2010-2066
RESERVED
- linux-2.6 <unfixed>
[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in
2.6.31)
-CVE-2010-2065 [tiff integer overflow]
- RESERVED
+CVE-2010-2065 (Integer overflow in the TIFFroundup macro in LibTIFF before
3.9.3 ...)
- tiff <undetermined>
NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589145
NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565
@@ -1119,7 +1120,7 @@
RESERVED
CVE-2010-1965
RESERVED
-CVE-2010-1964 (Unspecified vulnerability in HP OpenView Network Node Manager
(OV NNM) ...)
+CVE-2010-1964 (Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node
...)
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1963 (Cross-site scripting (XSS) vulnerability in HP ServiceCenter
allows ...)
NOT-FOR-US: HP ServiceCenter
@@ -1964,8 +1965,8 @@
- mysql-5.1 5.1.46-1 (bug #582526)
- mysql-dfsg-5.0 <removed> (low; bug #584400)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648
-CVE-2010-1625
- RESERVED
+CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross
Referencer ...)
+ TODO: check
CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol
plugin in ...)
- pidgin 2.7.0-1 (low)
[lenny] - pidgin 2.4.3-4lenny6
@@ -2529,8 +2530,7 @@
[lenny] - python2.5 <no-dsa> (Minor issue)
- python2.4 <removed> (low)
[lenny] - python2.4 <no-dsa> (Minor issue)
-CVE-2010-1448 [lxr XSS on the search page]
- RESERVED
+CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm
in LXR ...)
- lxr-cvs <unfixed>
TODO: prod maintainer (and find out why we have lxr and lxr-cvs)
CVE-2010-1447 (The Safe (aka Safe.pm) module 2.26, and certain earlier
versions, for ...)
@@ -2642,7 +2642,7 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=29635
NOTE: http://trac.webkit.org/changeset/57759
NOTE: http://trac.webkit.org/changeset/57817
-CVE-2010-1411 (Multiple integer overflows in ImageIO in Apple Mac OS X 10.5.8,
and ...)
+CVE-2010-1411 (Multiple integer overflows in the Fax3SetupState function in
...)
- tiff <undetermined>
TODO: check
CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6
and ...)
@@ -3239,42 +3239,34 @@
RESERVED
CVE-2010-1204
RESERVED
-CVE-2010-1203 [browser crashes with evidence of memory corruption]
- RESERVED
+CVE-2010-1203 (Multiple unspecified vulnerabilities in the JavaScript engine
in ...)
- xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner
1.9.2)
-CVE-2010-1202 [browser crashes with evidence of memory corruption]
- RESERVED
+CVE-2010-1202 (Multiple unspecified vulnerabilities in the JavaScript engine
in ...)
- xulrunner 1.9.1.10-1
- iceape 2.0.5-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-1201 [browser crashes with evidence of memory corruption]
- RESERVED
+CVE-2010-1201 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
- xulrunner 1.9.1.10-1
- iceape 2.0.5-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-1200 [browser crashes with evidence of memory corruption]
- RESERVED
+CVE-2010-1200 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- xulrunner 1.9.1.10-1
- iceape 2.0.5-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-1199
- RESERVED
+CVE-2010-1199 (Integer overflow in the XSLT node sorting implementation in
Mozilla ...)
- xulrunner 1.9.1.10-1
- iceape 2.0.5-1
- icedove <unfixed>
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-1198 [Freed object reuse across plugin instances]
- RESERVED
+CVE-2010-1198 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before
3.5.10 ...)
- xulrunner 1.9.1.10-1
- iceape 2.0.5-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-1197
- RESERVED
+CVE-2010-1197 (Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and
...)
- xulrunner 1.9.1.10-1
- iceape 2.0.5-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-1196 [Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal]
- RESERVED
+CVE-2010-1196 (Integer overflow in the nsGenericDOMDataNode::SetTextInternal
function ...)
- xulrunner 1.9.1.10-1
- iceape 2.0.5-1
- icedove <unfixed>
@@ -3471,7 +3463,7 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers
to ...)
- webkit <not-affected> (proof-of-concept not effective; windows-only?)
-CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x allows
remote ...)
+CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x before
3.5.10 and ...)
- xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner
1.9.2)
NOTE: Description is wrong, only affects Firefox 3.6 per
https://bugzilla.mozilla.org/show_bug.cgi?id=552255
CVE-2010-1124 (bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support
reading ...)
@@ -6323,8 +6315,7 @@
NOT-FOR-US: Adobe ColdFusion
CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in
TIBCO ...)
NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent
-CVE-2010-0183
- RESERVED
+CVE-2010-0183 (Use-after-free vulnerability in the nsCycleCollector::MarkRoots
...)
- xulrunner 1.9.1.10-1
- iceape 2.0.5-1
[lenny] - iceape <not-affected> (Only a stub package)
@@ -21669,7 +21660,7 @@
NOT-FOR-US: Google
CVE-2008-5914 (An unspecified function in the JavaScript implementation in
Apple ...)
NOT-FOR-US: Apple
-CVE-2008-5913 (An unspecified function in the JavaScript implementation in
Mozilla ...)
+CVE-2008-5913 (The Math.random function in the JavaScript implementation in
Mozilla ...)
- xulrunner 1.9.1.10-1 (unimportant; bug #559792)
- iceape 2.0.5-1 (unimportant)
[lenny] - iceape <not-affected> (Just a stub package)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
