[Secure-testing-commits] r15656 - data/CVE

Moritz Muehlenhoff Tue, 07 Dec 2010 13:08:26 -0800

Author: jmm-guest
Date: 2010-12-07 21:07:47 +0000 (Tue, 07 Dec 2010)
New Revision: 15656


Modified:
   data/CVE/list
Log:
- pythonpath fixed in distcc, gquilt and dlr-languages
- fontforge, openssl fixed
- NFUs
- one awstats issue windows-specific


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-12-07 01:59:18 UTC (rev 15655)
+++ data/CVE/list       2010-12-07 21:07:47 UTC (rev 15656)
@@ -82,20 +82,20 @@
 CVE-2010-4375
        RESERVED
 CVE-2010-4374 (The in_mkv plugin in Winamp before 5.6 allows remote attackers 
to ...)
-       TODO: check
+       NOT-FOR-US: Winamp
 CVE-2010-4373 (The in_mp4 plugin in Winamp before 5.6 allows remote attackers 
to ...)
-       TODO: check
+       NOT-FOR-US: Winamp
 CVE-2010-4372 (Integer overflow in the in_nsv plugin in Winamp before 5.6 
allows ...)
-       TODO: check
+       NOT-FOR-US: Winamp
 CVE-2010-4371 (Buffer overflow in the in_mod plugin in Winamp before 5.6 
allows ...)
-       TODO: check
+       NOT-FOR-US: Winamp
 CVE-2010-4370 (Multiple integer overflows in the in_midi plugin in Winamp 
before 5.6 ...)
-       TODO: check
+       NOT-FOR-US: Winamp
 CVE-2010-4369 (Directory traversal vulnerability in AWStats before 7.0 allows 
remote ...)
        - awstats <unfixed>
        TODO: check
 CVE-2010-4368 (awstats.cgi in AWStats before 7.0 on Windows accepts a 
configdir ...)
-       - awstats <unfixed> (unimportant)
+       - awstats <not-affected> (Windows-specific issue)
        NOTE: looks like it's the same as CVE-2010-4367
 CVE-2010-4367 (awstats.cgi in AWStats before 7.0 accepts a configdir parameter 
in the ...)
        - awstats <unfixed>
@@ -281,13 +281,13 @@
        - calendarserver <unfixed> (low; bug #605157)
        [lenny] - calendarserver <no-dsa> (Minor issue)
 CVE-2010-XXXX [python path]
-       - gquilt <unfixed> (low; bug #605152)
+       - gquilt 0.22-1.1 (low; bug #605152)
        [lenny] - gquilt <no-dsa> (Minor issue)
 CVE-2010-XXXX [python path]
        - snappea <unfixed> (low; bug #605151)
        [lenny] - snappea <no-dsa> (Minor issue)
 CVE-2010-XXXX [python path]
-       - ironpython <removed> (low; bug #605158)
+       - dlr-languages 20090805+git.e6b28d27+dfsg-3 (low; bug #605158)
        [lenny] - ironpython <no-dsa> (Minor issue)
 CVE-2010-XXXX [python path]
        - gnome-schedule <unfixed> (low; bug #605169)
@@ -296,7 +296,7 @@
        - gnumed-client <unfixed> (low; bug #605159)
        [lenny] - gnumed-client <no-dsa> (Minor issue)
 CVE-2010-XXXX [python path]
-       - distcc <unfixed> (low; bug #605168)
+       - distcc 3.1-3.2 (low; bug #605168)
        [lenny] - distcc <not-affected> (Vulnerable code not present)
 CVE-2010-XXXX [python path]
        - mmass 3.8.0-2 (low; bug #605150)
@@ -329,17 +329,17 @@
 CVE-2010-4284
        RESERVED
 CVE-2010-4283 (PHP remote file inclusion vulnerability in 
extras/pandora_diag.php in ...)
-       TODO: check
+       NOT-FOR-US: Pandora FMS
 CVE-2010-4282 (Multiple directory traversal vulnerabilities in Pandora FMS 
before ...)
-       TODO: check
+       NOT-FOR-US: Pandora FMS
 CVE-2010-4281 (Incomplete blacklist vulnerability in the safe_url_extraclean 
function ...)
-       TODO: check
+       NOT-FOR-US: Pandora FMS
 CVE-2010-4280 (Multiple SQL injection vulnerabilities in Pandora FMS before 
3.1.1 ...)
-       TODO: check
+       NOT-FOR-US: Pandora FMS
 CVE-2010-4279 (The default configuration of Pandora FMS 3.1 and earlier 
specifies an ...)
-       TODO: check
+       NOT-FOR-US: Pandora FMS
 CVE-2010-4278 (operation/agentes/networkmap.php in Pandora FMS before 3.1.1 
allows ...)
-       TODO: check
+       NOT-FOR-US: Pandora FMS
 CVE-2010-4277
        RESERVED
 CVE-2010-4276
@@ -388,7 +388,7 @@
        TODO: check
 CVE-2010-4259 [fontforge BDF files buffer overflow]
        RESERVED
-       - fontforge <unfixed> (bug #605537)
+       - fontforge 0.0.20100501-4 (bug #605537)
 CVE-2010-4258 [linux failure to revert address limit override in OOPS error 
path]
        RESERVED
        - linux-2.6 <unfixed>
@@ -591,7 +591,7 @@
        - yaws <not-affected> (Only affects Windows)
 CVE-2010-4180 [OpenSSL Ciphersuite Downgrade Attack]
        RESERVED
-       - openssl <unfixed>
+       - openssl 0.9.8o-4
        NOTE: http://www.openssl.org/news/secadv_20101202.txt
 CVE-2010-4179
        RESERVED
@@ -2930,9 +2930,9 @@
 CVE-2010-3268
        RESERVED
 CVE-2010-3267 (Multiple SQL injection vulnerabilities in BugTracker.NET before 
3.4.5 ...)
-       TODO: check
+       NOT-FOR-US: BugTracker.NET
 CVE-2010-3266 (Multiple cross-site scripting (XSS) vulnerabilities in 
BugTracker.NET ...)
-       TODO: check
+       NOT-FOR-US: BugTracker.NET
 CVE-2010-3265
        RESERVED
 CVE-2010-3264 (The engine installer in Novell Identity Manager (aka IDM) 3.6.1 
stores ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r15656 - data/CVE

Reply via email to