[Secure-testing-commits] r15654 - data/CVE

Mon, 06 Dec 2010 16:47:53 -0800 

Author: geissert
Date: 2010-12-07 00:47:21 +0000 (Tue, 07 Dec 2010)
New Revision: 15654

Modified:
   data/CVE/list
Log:
2 openssl issues
tomcat, cakephp, collectd, gnash issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-12-07 00:14:31 UTC (rev 15653)
+++ data/CVE/list       2010-12-07 00:47:21 UTC (rev 15654)
@@ -1,3 +1,10 @@
+CVE-2010-XXXX [cakephp controller/component/security.php unsafe unserialize]
+       - cakephp <unfixed>
+       NOTE: 
https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
+CVE-2010-XXXX [collectd: DoS in RRDtool and RRDCacheD plugins]
+       - collectd <unfixed> (bug #605092)
+CVE-2010-XXXX [gnash: insecure temp files handling in configure script]
+       - gnash <unfixed> (unimportant; bug #605419)
 CVE-2010-XXXX [php and NUL handling on file ops]
        - php5 <unfixed> (low)
        NOTE: old, known, issue -- Pierre already requested an id
@@ -399,8 +406,10 @@
        NOTE: 201011251552.17678.tho...@suse.de
 CVE-2010-4253
        RESERVED
-CVE-2010-4252
+CVE-2010-4252 [OpenSSL JPAKE validation error]
        RESERVED
+       - openssl <unfixed>
+       NOTE: http://www.openssl.org/news/secadv_20101202.txt
 CVE-2010-4251
        RESERVED
 CVE-2010-4250 [linux inotify memory leak]
@@ -578,8 +587,10 @@
        NOT-FOR-US: Microsoft Windows
 CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote 
attackers ...)
        - yaws <not-affected> (Only affects Windows)
-CVE-2010-4180
+CVE-2010-4180 [OpenSSL Ciphersuite Downgrade Attack]
        RESERVED
+       - openssl <unfixed>
+       NOTE: http://www.openssl.org/news/secadv_20101202.txt
 CVE-2010-4179
        RESERVED
 CVE-2010-4178
@@ -603,6 +614,7 @@
 CVE-2010-4173 (The default configuration of libsdp.conf in libsdp 1.1.104 and 
earlier ...)
        - libsdp 1.1.99-2.1 (bug #603841)
 CVE-2010-4172 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Manager ...)
+       - tomcat6 <unfixed>
        TODO: check
 CVE-2010-4171
        RESERVED


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to