[Secure-testing-commits] r14384 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Apr 2 21:14:48 UTC 2010


Author: joeyh
Date: 2010-04-02 21:14:42 +0000 (Fri, 02 Apr 2010)
New Revision: 14384

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-04-02 20:39:50 UTC (rev 14383)
+++ data/CVE/list	2010-04-02 21:14:42 UTC (rev 14384)
@@ -1,3 +1,39 @@
+CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to ...)
+	TODO: check
+CVE-2010-1236 (Google Chrome before 4.1.249.1036 does not properly restrict ...)
+	TODO: check
+CVE-2010-1235 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...)
+	TODO: check
+CVE-2010-1234 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...)
+	TODO: check
+CVE-2010-1233 (Multiple integer overflows in Google Chrome before 4.1.249.1036 allow ...)
+	TODO: check
+CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before ...)
+	TODO: check
+CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected behavior ...)
+	TODO: check
+CVE-2010-1229 (The sandbox infrastructure in Google Chrome before 4.1.249.1036 does ...)
+	TODO: check
+CVE-2010-1228 (Multiple race conditions in the sandbox infrastructure in Google ...)
+	TODO: check
+CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
+	TODO: check
+CVE-2010-1226 (The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G ...)
+	TODO: check
+CVE-2010-1225 (The memory-management implementation in the Virtual Machine Monitor ...)
+	TODO: check
+CVE-2010-1224 (main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x ...)
+	TODO: check
+CVE-2010-1223
+	RESERVED
+CVE-2010-1222
+	RESERVED
+CVE-2010-1221
+	RESERVED
+CVE-2010-1220
+	RESERVED
 CVE-2010-XXXX [interchange potential HTTP response splitting vulnerability]
 	- interchange 5.7.6-1
 CVE-2010-1219 (Directory traversal vulnerability in the JA News (com_janews) ...)
@@ -145,9 +181,9 @@
 CVE-2010-1145
 	RESERVED
 CVE-2010-1144 [libnids null pointer dereference]
+	RESERVED
 	- libnids <unfixed> (low; bug #576281)
 	[lenny] - libnids <no-dsa> (Minor issue)
-	RESERVED
 	NOTE: dsniff is the only software in Debian using this lib so the impact is pretty minor
 CVE-2010-1143
 	RESERVED
@@ -161,8 +197,8 @@
 	RESERVED
 CVE-2010-1138
 	RESERVED
-CVE-2010-1137
-	RESERVED
+CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware ...)
+	TODO: check
 CVE-2009-4762 (MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs ...)
 	TODO: check
 CVE-2009-4761 (Stack-based buffer overflow in Mini-stream RM Downloader allows remote ...)
@@ -432,8 +468,8 @@
 	RESERVED
 CVE-2010-1032
 	RESERVED
-CVE-2010-1031
-	RESERVED
+CVE-2010-1031 (Unspecified vulnerability in HP Insight Control for Linux (aka ...)
+	TODO: check
 CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules ...)
 	TODO: check
 CVE-2010-1029 (Stack consumption vulnerability in the WebCore::CSSSelector function ...)
@@ -1012,73 +1048,59 @@
 	RESERVED
 CVE-2010-0851
 	RESERVED
-CVE-2010-0850
-	RESERVED
+CVE-2010-0850 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0849
-	RESERVED
+CVE-2010-0849 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0848
-	RESERVED
+CVE-2010-0848 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0847
-	RESERVED
+CVE-2010-0847 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0846
-	RESERVED
+CVE-2010-0846 (Unspecified vulnerability in the ImageIO component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0845
-	RESERVED
+CVE-2010-0845 (Unspecified vulnerability in the HotSpot Server component in Oracle ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0844
-	RESERVED
+CVE-2010-0844 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0843
-	RESERVED
+CVE-2010-0843 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0842
-	RESERVED
+CVE-2010-0842 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0841
-	RESERVED
+CVE-2010-0841 (Unspecified vulnerability in the ImageIO component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0840
-	RESERVED
+CVE-2010-0840 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0839
-	RESERVED
+CVE-2010-0839 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0838
-	RESERVED
+CVE-2010-0838 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0837
-	RESERVED
+CVE-2010-0837 (Unspecified vulnerability in the Pack200 component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
@@ -1150,8 +1172,7 @@
 CVE-2010-1192 (libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' ...)
 	- libesmtp <unfixed> (bug #572960)
 	NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6
-CVE-2010-1193 [libesmtp wildcard handling]
-	RESERVED
+CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server ...)
 	- libesmtp <undetermined>
 	NOTE: http://www.openwall.com/lists/oss-security/2010/03/30/10
 	TODO: check
@@ -1290,12 +1311,12 @@
 	RESERVED
 CVE-2010-0771
 	RESERVED
-CVE-2010-0770
-	RESERVED
-CVE-2010-0769
-	RESERVED
-CVE-2010-0768
-	RESERVED
+CVE-2010-0770 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...)
+	TODO: check
+CVE-2010-0769 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...)
+	TODO: check
+CVE-2010-0768 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
+	TODO: check
 CVE-2010-0767
 	RESERVED
 CVE-2010-0766 (Integer overflow in the Swap4 function in valet4.dll in Luxology Modo ...)
@@ -1331,9 +1352,9 @@
 CVE-2010-0751
 	RESERVED
 CVE-2010-0750 [policykit information disclosure]
+	RESERVED
 	- policykit <not-affected> (pkexec introduced in 0.92)
 	[lenny] - policykit <not-affected> (pkexec introduced in 0.92)
-	RESERVED
 CVE-2010-0749
 	RESERVED
 CVE-2010-0748
@@ -1498,8 +1519,8 @@
 	NOT-FOR-US: Orbital Viewer
 CVE-2010-0687
 	RESERVED
-CVE-2010-0686
-	RESERVED
+CVE-2010-0686 (WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, ...)
+	TODO: check
 CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source ...)
 	- asterisk <unfixed>
 	[lenny] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed)
@@ -3695,61 +3716,51 @@
 	NOT-FOR-US: Valarsoft Webmatic
 CVE-2009-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft ...)
 	NOT-FOR-US: Valarsoft Webmatic
-CVE-2010-0095
-	RESERVED
+CVE-2010-0095 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0094
-	RESERVED
-CVE-2010-0093
-	RESERVED
+CVE-2010-0094 (Unspecified vulnerability in the Java Runtime Environment component in ...)
+	TODO: check
+CVE-2010-0093 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0092
-	RESERVED
+CVE-2010-0092 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0091
-	RESERVED
+CVE-2010-0091 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0090
-	RESERVED
-CVE-2010-0089
-	RESERVED
+CVE-2010-0090 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...)
+	TODO: check
+CVE-2010-0089 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0088
-	RESERVED
+CVE-2010-0088 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0087
-	RESERVED
+CVE-2010-0087 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2010-0086
 	RESERVED
-CVE-2010-0085
-	RESERVED
+CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0084
-	RESERVED
+CVE-2010-0084 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2010-0083
 	RESERVED
-CVE-2010-0082
-	RESERVED
+CVE-2010-0082 (Unspecified vulnerability in the HotSpot Server component in Oracle ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
@@ -4215,6 +4226,7 @@
 CVE-2009-4275
 	RESERVED
 CVE-2009-4274 (Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm ...)
+	{DTSA-206-1}
 	- netpbm-free <unfixed> (medium; bug #569060)
 CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to execute ...)
 	- systemtap 1.1-1 (bug #568865)
@@ -5619,7 +5631,7 @@
 	RESERVED
 CVE-2009-3768
 	RESERVED
-CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not ...)
+CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other ...)
 	{DSA-1943-1}
 	- openldap 2.4.17-2.1 (low; bug #553432)
 	- openldap2.3 <removed>
@@ -10709,8 +10721,8 @@
 	RESERVED
 CVE-2009-2278
 	RESERVED
-CVE-2009-2277
-	RESERVED
+CVE-2009-2277 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware ...)
+	TODO: check
 CVE-2009-2276 (SQL injection vulnerability in voteforus.php in the Vote For Us ...)
 	NOT-FOR-US: voteforus.php extension for PunBB
 CVE-2009-2275 (Directory traversal vulnerability in frontend/x3/stats/lastvisit.html ...)




More information about the Secure-testing-commits mailing list