[Secure-testing-commits] r15657 - data/CVE

Joey Hess Tue, 07 Dec 2010 13:16:24 -0800

Author: joeyh
Date: 2010-12-07 21:16:04 +0000 (Tue, 07 Dec 2010)
New Revision: 15657


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-12-07 21:07:47 UTC (rev 15656)
+++ data/CVE/list       2010-12-07 21:16:04 UTC (rev 15657)
@@ -1,3 +1,150 @@
+CVE-2010-4510
+       REJECTED
+       TODO: check
+CVE-2010-4479 (Unspecified vulnerability in pdf.c in libclamav in ClamAV 
before ...)
+       TODO: check
+CVE-2010-4478 (OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not 
properly ...)
+       TODO: check
+CVE-2010-4477
+       RESERVED
+CVE-2010-4476
+       RESERVED
+CVE-2010-4475
+       RESERVED
+CVE-2010-4474
+       RESERVED
+CVE-2010-4473
+       RESERVED
+CVE-2010-4472
+       RESERVED
+CVE-2010-4471
+       RESERVED
+CVE-2010-4470
+       RESERVED
+CVE-2010-4469
+       RESERVED
+CVE-2010-4468
+       RESERVED
+CVE-2010-4467
+       RESERVED
+CVE-2010-4466
+       RESERVED
+CVE-2010-4465
+       RESERVED
+CVE-2010-4464
+       RESERVED
+CVE-2010-4463
+       RESERVED
+CVE-2010-4462
+       RESERVED
+CVE-2010-4461
+       RESERVED
+CVE-2010-4460
+       RESERVED
+CVE-2010-4459
+       RESERVED
+CVE-2010-4458
+       RESERVED
+CVE-2010-4457
+       RESERVED
+CVE-2010-4456
+       RESERVED
+CVE-2010-4455
+       RESERVED
+CVE-2010-4454
+       RESERVED
+CVE-2010-4453
+       RESERVED
+CVE-2010-4452
+       RESERVED
+CVE-2010-4451
+       RESERVED
+CVE-2010-4450
+       RESERVED
+CVE-2010-4449
+       RESERVED
+CVE-2010-4448
+       RESERVED
+CVE-2010-4447
+       RESERVED
+CVE-2010-4446
+       RESERVED
+CVE-2010-4445
+       RESERVED
+CVE-2010-4444
+       RESERVED
+CVE-2010-4443
+       RESERVED
+CVE-2010-4442
+       RESERVED
+CVE-2010-4441
+       RESERVED
+CVE-2010-4440
+       RESERVED
+CVE-2010-4439
+       RESERVED
+CVE-2010-4438
+       RESERVED
+CVE-2010-4437
+       RESERVED
+CVE-2010-4436
+       RESERVED
+CVE-2010-4435
+       RESERVED
+CVE-2010-4434
+       RESERVED
+CVE-2010-4433
+       RESERVED
+CVE-2010-4432
+       RESERVED
+CVE-2010-4431
+       RESERVED
+CVE-2010-4430
+       RESERVED
+CVE-2010-4429
+       RESERVED
+CVE-2010-4428
+       RESERVED
+CVE-2010-4427
+       RESERVED
+CVE-2010-4426
+       RESERVED
+CVE-2010-4425
+       RESERVED
+CVE-2010-4424
+       RESERVED
+CVE-2010-4423
+       RESERVED
+CVE-2010-4422
+       RESERVED
+CVE-2010-4421
+       RESERVED
+CVE-2010-4420
+       RESERVED
+CVE-2010-4419
+       RESERVED
+CVE-2010-4418
+       RESERVED
+CVE-2010-4417
+       RESERVED
+CVE-2010-4416
+       RESERVED
+CVE-2010-4415
+       RESERVED
+CVE-2010-4414
+       RESERVED
+CVE-2010-4413
+       RESERVED
+CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 
2 beta ...)
+       TODO: check
+CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows 
remote ...)
+       TODO: check
+CVE-2010-4410 (CRLF injection vulnerability in the header function in (1) 
CGI.pm ...)
+       TODO: check
+CVE-2010-4408 (Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 
through ...)
+       TODO: check
+CVE-2008-7270 (OpenSSL before 0.9.8j, when 
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...)
+       TODO: check
 CVE-2010-XXXX [IO::Socket::SSL verify peer mode ignored if no cert supplied]
        - libio-socket-ssl-perl <unfixed> (bug #606058)
 CVE-2010-XXXX [cakephp controller/component/security.php unsafe unserialize]
@@ -11,7 +158,7 @@
        - php5 <unfixed> (low)
        NOTE: old, known, issue -- Pierre already requested an id
        NOTE: http://svn.php.net/viewvc?view=revision&revision=305507
-CVE-2010-4409 [php getSymbol() DoS]
+CVE-2010-4409 (Integer overflow in the NumberFormatter::getSymbol (aka ...)
        - php5 <unfixed>
        [lenny] - php5 <not-affected> (intl extension included since 5.3)
        NOTE: http://www.kb.cert.org/vuls/id/479900
@@ -196,8 +343,8 @@
        RESERVED
 CVE-2010-4331
        RESERVED
-CVE-2010-4330
-       RESERVED
+CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in 
Pulse ...)
+       TODO: check
 CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the 
PMA_linkOrButton ...)
        - phpmyadmin 4:3.3.7-2
 CVE-2010-4328
@@ -258,14 +405,14 @@
        NOT-FOR-US: Novell Zenworks
 CVE-2010-4298 (SQL injection vulnerability in the download module in Free 
Simple ...)
        NOT-FOR-US: Free Simple Software
-CVE-2010-4297
-       RESERVED
-CVE-2010-4296
-       RESERVED
-CVE-2010-4295
-       RESERVED
-CVE-2010-4294
-       RESERVED
+CVE-2010-4297 (The VMware Tools update functionality in VMware Workstation 
6.5.x ...)
+       TODO: check
+CVE-2010-4296 (vmware-mount in VMware Workstation 7.x before 7.1.2 build 
301548 on ...)
+       TODO: check
+CVE-2010-4295 (Race condition in the mounting process in vmware-mount in 
VMware ...)
+       TODO: check
+CVE-2010-4294 (The frame decompression functionality in the VMnc media codec 
in ...)
+       TODO: check
 CVE-2008-7266 (Cross-site scripting (XSS) vulnerability in an unspecified 
Shockwave ...)
        NOT-FOR-US: RSA Adaptive Authentication
 CVE-2010-XXXX [directory traversal]
@@ -376,24 +523,20 @@
        - xfig <unfixed>
        TODO: check
        NOTE: details and patch at https://bugzilla.redhat.com/659676
-CVE-2010-4261 [clamav icon_cb memory corruption]
-       RESERVED
+CVE-2010-4261 (Off-by-one error in the icon_cb function in pe_icons.c in 
libclamav in ...)
        - clamav <unfixed>
        [lenny] - clamav <end-of-life>
        TODO: check
-CVE-2010-4260 [clamav PDF DoS]
-       RESERVED
+CVE-2010-4260 (Multiple unspecified vulnerabilities in pdf.c in libclamav in 
ClamAV ...)
        - clamav <unfixed>
        [lenny] - clamav <end-of-life>
        TODO: check
-CVE-2010-4259 [fontforge BDF files buffer overflow]
-       RESERVED
+CVE-2010-4259 (Stack-based buffer overflow in FontForge 20100501 allows remote 
...)
        - fontforge 0.0.20100501-4 (bug #605537)
 CVE-2010-4258 [linux failure to revert address limit override in OOPS error 
path]
        RESERVED
        - linux-2.6 <unfixed>
-CVE-2010-4257 [wordpress trackback SQL injection]
-       RESERVED
+CVE-2010-4257 (SQL injection vulnerability in the do_trackbacks function in 
...)
        - wordpress <unfixed>
        TODO: check
 CVE-2010-4256 [linux: pipe_fcntl local DoS]
@@ -408,8 +551,7 @@
        NOTE: 201011251552.17678.tho...@suse.de
 CVE-2010-4253
        RESERVED
-CVE-2010-4252 [OpenSSL JPAKE validation error]
-       RESERVED
+CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not 
properly ...)
        - openssl <unfixed>
        NOTE: http://www.openssl.org/news/secadv_20101202.txt
 CVE-2010-4251
@@ -426,8 +568,8 @@
        - linux-2.6 <unfixed>
        TODO: check
        NOTE: 4ceb7f72.2020...@redhat.com
-CVE-2010-4246
-       RESERVED
+CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in 
graph.php in ...)
+       TODO: check
 CVE-2010-4245
        RESERVED
 CVE-2010-4244
@@ -589,8 +731,7 @@
        NOT-FOR-US: Microsoft Windows
 CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote 
attackers ...)
        - yaws <not-affected> (Only affects Windows)
-CVE-2010-4180 [OpenSSL Ciphersuite Downgrade Attack]
-       RESERVED
+CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when ...)
        - openssl 0.9.8o-4
        NOTE: http://www.openssl.org/news/secadv_20101202.txt
 CVE-2010-4179
@@ -1246,8 +1387,7 @@
        RESERVED
 CVE-2010-3905
        RESERVED
-CVE-2010-3904
-       RESERVED
+CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the 
Reliable ...)
        - linux-2.6 2.6.32-26
        [lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 
2.6.30)
 CVE-2010-3903 (Unspecified vulnerability in OpenConnect before 2.23 allows 
remote ...)
@@ -2443,8 +2583,8 @@
        RESERVED
 CVE-2010-3450
        RESERVED
-CVE-2010-3449
-       RESERVED
+CVE-2010-3449 (Cross-site request forgery (CSRF) vulnerability in Redback 
before ...)
+       TODO: check
 CVE-2010-3448 [Linux ThinkPad video output status local DoS]
        RESERVED
        {DSA-2126-1}
@@ -3542,8 +3682,8 @@
 CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in 
the Linux ...)
        {DSA-2126-1}
        - linux-2.6 2.6.32-24
-CVE-2010-3066
-       RESERVED
+CVE-2010-3066 (The io_submit_one function in fs/aio.c in the Linux kernel 
before ...)
+       TODO: check
 CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write 
function in ...)
        - php5 <unfixed> (unimportant)
        NOTE: mysqlnd not used in squeeze/sid
@@ -4374,8 +4514,7 @@
 CVE-2010-2762 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper 
(aka SJOW) ...)
        - xulrunner <not-affected> (Only affects 3.6, only in experimental)
        - iceweasel <not-affected> (Only affects 3.6, only in experimental)
-CVE-2010-2761 [CGI.pm incorrect handling of newlines embedded in headers]
-       RESERVED
+CVE-2010-2761 (The multipart_init function in (1) CGI.pm before 3.50 and (2) 
...)
        - libcgi-pm-perl <unfixed>
        NOTE: 4cf685d7.4070...@redhat.com
 CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in 
...)
@@ -4705,8 +4844,8 @@
        RESERVED
 CVE-2010-2640
        RESERVED
-CVE-2010-2639
-       RESERVED
+CVE-2010-2639 (IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows 
remote ...)
+       TODO: check
 CVE-2010-2638 (Unspecified vulnerability in IBM WebSphere MQ 7.0 before 
7.0.1.5 ...)
        NOT-FOR-US: IBM WebSphere MQ
 CVE-2010-2637 (IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does 
not ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r15657 - data/CVE

Reply via email to