[Secure-testing-commits] r15655 - data/CVE

Raphael Geissert Mon, 06 Dec 2010 17:59:34 -0800

Author: geissert
Date: 2010-12-07 01:59:18 +0000 (Tue, 07 Dec 2010)
New Revision: 15655


Modified:
   data/CVE/list
Log:
three, old, piwigo issues
piwik is ITP
IO::Socket::SSL issue by dkg


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-12-07 00:47:21 UTC (rev 15654)
+++ data/CVE/list       2010-12-07 01:59:18 UTC (rev 15655)
@@ -1,3 +1,5 @@
+CVE-2010-XXXX [IO::Socket::SSL verify peer mode ignored if no cert supplied]
+       - libio-socket-ssl-perl <unfixed> (bug #606058)
 CVE-2010-XXXX [cakephp controller/component/security.php unsafe unserialize]
        - cakephp <unfixed>
        NOTE: 
https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
@@ -1326,6 +1328,7 @@
        {DSA-2126-1}
        - linux-2.6 2.6.32-28 (low)
 CVE-2010-3872 (The apr_status_t fcgid_header_bucket_read function in 
fcgid_bucket.c ...)
+       - libapache2-mod-fcgid <unfixed> (bug #605484)
        TODO: check
 CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in ...)
        - mahara <not-affected> (Vulnerable feature introduced in 1.3)
@@ -4222,7 +4225,7 @@
        [lenny] - mediawiki <no-dsa> (Minor issue)
        NOTE: 
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
 CVE-2010-2786 (Directory traversal vulnerability in Piwik 0.6 through 0.6.3 
allows ...)
-       NOT-FOR-US: Piwik
+       - piwik <itp> (bug #506933)
 CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693 
does not ...)
        {DSA-2078-1}
        - kvirc 4:4.0.0-3
@@ -7149,7 +7152,8 @@
 CVE-2010-1708 (Multiple SQL injection vulnerabilities in agentadmin.php in 
Free ...)
        NOT-FOR-US: Free Realty
 CVE-2010-1707 (Multiple cross-site scripting (XSS) vulnerabilities in 
register.php in ...)
-       NOT-FOR-US: Piwigo
+       - piwigo <undetermined>
+       TODO: check
 CVE-2010-1706 (Multiple SQL injection vulnerabilities in login.php in 2daybiz 
Auction ...)
        NOT-FOR-US: 2daybiz Auction Script
 CVE-2010-1705 (SQL injection vulnerability in casting_view.php in Modelbook 
allows ...)
@@ -13708,7 +13712,8 @@
 CVE-2009-4040 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 
2.0.17 and ...)
        NOT-FOR-US: phpMyFAQ
 CVE-2009-4039 (Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 
allows ...)
-       NOT-FOR-US: Piwigo
+       - piwigo <undetermined>
+       TODO: check
 CVE-2009-4038 (Multiple cross-site scripting (XSS) vulnerabilities in NCH 
Software ...)
        NOT-FOR-US: NCH Software Axon Virtual PBX
 CVE-2009-4037 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) 
before ...)
@@ -17387,7 +17392,8 @@
 CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in 
Programmed ...)
        NOT-FOR-US: Programmed Integration PIPL
 CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before 
2.0.3 ...)
-       NOT-FOR-US: Piwigo
+       - piwigo <undetermined>
+       TODO: check
 CVE-2009-2932 (Cross-site scripting (XSS) vulnerability in uddiclient/process 
in the ...)
        NOT-FOR-US: SAP NetWeaver
 CVE-2009-2931 (Directory traversal vulnerability in p.php in SlideShowPro 
Director ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r15655 - data/CVE

Reply via email to