[Secure-testing-commits] r14411 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Apr 5 21:15:16 UTC 2010 

Author: joeyh
Date: 2010-04-05 21:15:05 +0000 (Mon, 05 Apr 2010)
New Revision: 14411

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-04-05 19:04:02 UTC (rev 14410)
+++ data/CVE/list	2010-04-05 21:15:05 UTC (rev 14411)
@@ -1,3 +1,53 @@
+CVE-2010-1244 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2010-1243 (The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 ...)
+	TODO: check
+CVE-2010-1242 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web ...)
+	TODO: check
+CVE-2010-1241 (The custom heap management system in Adobe Reader 9.3.1 allows remote ...)
+	TODO: check
+CVE-2010-1240 (Adobe Reader 9.3.1 on Windows does not restrict the contents of one ...)
+	TODO: check
+CVE-2010-1239 (Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute ...)
+	TODO: check
+CVE-2010-1238 (MoinMoin 1.7.1 allows remote attackers to bypass the textcha ...)
+	TODO: check
+CVE-2009-4764 (Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that ...)
+	TODO: check
+CVE-2007-6735 (NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not ...)
+	TODO: check
+CVE-2007-6734 (NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 ...)
+	TODO: check
+CVE-2005-4888 (NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows ...)
+	TODO: check
+CVE-2005-4887 (NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 ...)
+	TODO: check
+CVE-2004-2767 (NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not ...)
+	TODO: check
+CVE-2003-1596 (NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not ...)
+	TODO: check
+CVE-2003-1595 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...)
+	TODO: check
+CVE-2003-1594 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...)
+	TODO: check
+CVE-2003-1593 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...)
+	TODO: check
+CVE-2003-1592 (Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell ...)
+	TODO: check
+CVE-2003-1591 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...)
+	TODO: check
+CVE-2002-2434 (NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not ...)
+	TODO: check
+CVE-2002-2433 (NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows ...)
+	TODO: check
+CVE-2002-2432 (Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server ...)
+	TODO: check
+CVE-2001-1587 (NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows ...)
+	TODO: check
+CVE-2000-1246 (NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 ...)
+	TODO: check
+CVE-2000-1245 (Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the ...)
+	TODO: check
 CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to ...)
 	- webkit 1.1.90-1
 	- kdelibs <undetermined>
@@ -1159,16 +1209,14 @@
 	RESERVED
 CVE-2010-0829
 	RESERVED
-CVE-2010-0828 [moin despam action xss]
-	RESERVED
+CVE-2010-0828 (Cross-site scripting (XSS) vulnerability in action/Despam.py in the ...)
 	{DSA-2024-1}
 	- moin 1.9.2-3 (low; bug #575995)
 CVE-2010-0827
 	RESERVED
-CVE-2010-0826
-	RESERVED
-CVE-2010-0825 [emacs Race condition]
-	RESERVED
+CVE-2010-0826 (The Free Software Foundation (FSF) Berkeley DB NSS module (aka ...)
+	TODO: check
+CVE-2010-0825 (lib-src/movemail.c in movemail in emacs 22 and 23 allows local users ...)
 	- emacs21 <removed>
 	- emacs22 <unfixed>
 	- xemacs21 <unfixed>
@@ -1387,7 +1435,7 @@
 CVE-2010-1144 [zabbix SQL injection]
 	RESERVED
 	- zabbix <unfixed>
-        TODO: File bug
+	TODO: File bug
 CVE-2010-0750 [policykit information disclosure]
 	RESERVED
 	- policykit <not-affected> (pkexec introduced in 0.92)
@@ -1401,10 +1449,10 @@
 	[lenny] - transmission <not-affected> (Support for Magnet links not yet available)
 CVE-2010-0746 [DeviceKit privilege escalation via pluggable storage device labels]
 	RESERVED
-        - devicekit-disks 1.0.0~git20100212.aae17d9-1
-        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178
-        NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2
-        NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235
+	- devicekit-disks 1.0.0~git20100212.aae17d9-1
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178
+	NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2
+	NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235
 CVE-2010-0745 [dovecot DoS]
 	RESERVED
 	- dovecot 1:1.2.11-1 (low)
@@ -1567,8 +1615,8 @@
 	- asterisk <unfixed>
 	[lenny] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed)
 	[squeeze] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed)
-CVE-2010-0684
-	RESERVED
+CVE-2010-0684 (Cross-site scripting (XSS) vulnerability in createDestination.action ...)
+	TODO: check
 CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator ...)
 	NOT-FOR-US: TIBCO Administrator
 CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...)
@@ -1774,8 +1822,8 @@
 	RESERVED
 CVE-2010-0626
 	RESERVED
-CVE-2010-0625
-	RESERVED
+CVE-2010-0625 (Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP ...)
+	TODO: check
 CVE-2010-0624 (Heap-based buffer overflow in the rmt_read__ function in ...)
 	- cpio 2.11-1 (low)
 	- tar 1.23-1 (low)
@@ -3084,57 +3132,48 @@
 	NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent 
 CVE-2010-0183
 	RESERVED
-CVE-2010-0182 [XMLDocument::load() doesn't check nsIContentPolicy]
-	RESERVED
+CVE-2010-0182 (The XMLDocument::load function in Mozilla Firefox before 3.5.9 and ...)
 	- xulrunner <unfixed> (low)
 	[lenny] - xulrunner <no-dsa> (Minor issue, no upstream fix for 3.0 series)
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0181 [Image src redirect to mailto: URL opens email editor]
-	RESERVED
+CVE-2010-0181 (Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey ...)
 	- xulrunner 1.9.1.9-1 (unimportant)
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-0180
 	RESERVED
-CVE-2010-0179
-	RESERVED
+CVE-2010-0179 (Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey ...)
 	{DSA-2027-1}
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0178 [Chrome privilege escalation via forced URL drag and drop]
-	RESERVED
+CVE-2010-0178 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...)
 	{DSA-2027-1}
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0177 [Dangling pointer vulnerability in nsPluginArray]
-	RESERVED
+CVE-2010-0177 (The window.navigator.plugins object in Mozilla Firefox before 3.0.19, ...)
 	{DSA-2027-1}
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0176 [Dangling pointer vulnerability in nsTreeContentView]
-	RESERVED
+CVE-2010-0176 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...)
 	{DSA-2027-1}
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0175 [Remote code execution with use-after-free in nsTreeSelection]
-	RESERVED
+CVE-2010-0175 (Use-after-free vulnerability in the nsTreeSelection implementation in ...)
 	{DSA-2027-1}
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0174 [crashes in the browser engine]
-	RESERVED
+CVE-2010-0174 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	{DSA-2027-1}
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0173 [crashes in the browser engine]
-	RESERVED
+CVE-2010-0173 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
@@ -4177,8 +4216,7 @@
 	NOTE: Exploitability is fairly limited: Can only be exploited by a malicious server,
 	NOTE: not by a client. No sane person uses apache 1.3 as forward proxy and in reverse
 	NOTE: proxy situations, the backend server is usually trusted, anyway.
-CVE-2010-0009 [Apache CouchDB Timing Attack Vulnerability]
-	RESERVED
+CVE-2010-0009 (Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain ...)
 	- couchdb <unfixed> (bug #576304)
 	NOTE: I don't really see the security implications?
 CVE-2010-0008 (The SCTP implementation in the Linux kernel before 2.6.23 allows ...)
@@ -6261,13 +6299,13 @@
 CVE-2009-3611 (common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes ...)
 	- backintime 0.9.26-3 (bug #543785)
 CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc ...)
-	{DSA-1941-1}
+	{DSA-2028-1 DSA-1941-1}
 	- xpdf 3.02-2 (medium; bug #551287)
 	- poppler 0.12.2-1 (medium; bug #551289)
 	- kdegraphics 4:4.0 (medium; bug #551290)
 	- swftools <removed> (medium; bug #551291)
 CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...)
-	{DSA-1941-1}
+	{DSA-2028-1 DSA-1941-1}
 	- xpdf 3.02-2 (medium; bug #551287)
 	- poppler 0.12.2-1 (medium; bug #551289)
 	- kdegraphics 4:4.0 (medium; bug #551290)
@@ -6276,7 +6314,7 @@
 	{DSA-1941-1}
 	- poppler 0.12.2-1 (medium; bug #551289)
 CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf ...)
-	{DSA-1941-1}
+	{DSA-2028-1 DSA-1941-1}
 	- xpdf 3.02-2 (medium; bug #551287)
 	- poppler 0.12.2-1 (medium; bug #551289)
 	- kdegraphics 4:4.0 (medium; bug #551290)
@@ -6285,13 +6323,13 @@
 	{DSA-1941-1}
 	- poppler 0.12.2-1 (medium; bug #551289)
 CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...)
-	{DSA-1941-1}
+	{DSA-2028-1 DSA-1941-1}
 	- xpdf 3.02-2 (medium; bug #551287)
 	- poppler 0.12.2-1 (medium; bug #551289)
 	- kdegraphics 4:4.0 (medium; bug #551290)
 	- swftools <removed> (medium; bug #551291)
 CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...)
-	{DSA-1941-1}
+	{DSA-2028-1 DSA-1941-1}
 	- xpdf 3.02-2 (medium; bug #551287)
 	- poppler 0.12.2-1 (medium; bug #551289)
 	- kdegraphics 4:4.0 (medium; bug #551290)
@@ -8526,8 +8564,7 @@
 	- planet-venus 0~bzr116-1 (low; bug #546179)
 	[lenny] - planet-venus 0~bzr95-2+lenny1
 	[etch] - planet-venus <no-dsa> (Minor issue)
-CVE-2009-2936 [varnish] 
-	RESERVED
+CVE-2009-2936 (** DISPUTED ** The Command Line Interface (aka Server CLI or ...)
 	- varnish 2.1.0-2 (unimportant)
 	NOTE: Only a security issue if used against best practices
 CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote ...)
@@ -8916,8 +8953,8 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2823 (The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the ...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2009-2822
-	RESERVED
+CVE-2009-2822 (AirPort Utility before 5.5.1 for Apple AirPort Base Station does not ...)
+	TODO: check
 CVE-2009-2821
 	RESERVED
 CVE-2009-2820 (The web interface in CUPS before 1.4.2, as used on Apple Mac OS X ...)
@@ -14275,7 +14312,7 @@
 	NOTE: remote signature spoofing possible, and this was supposed to be
 	NOTE: originally fixed with the updates for CVE-2008-3834
 CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the ...)
-	{DSA-1941-1}
+	{DSA-2028-1 DSA-1941-1}
 	- poppler 0.10.6-1 (medium; bug #524806)
 	[etch] - poppler <not-affected> (SplashBitmap code not present)
 	- xpdf 3.02-2 (bug #575779)
@@ -17277,6 +17314,7 @@
 CVE-2008-6080 (Directory traversal vulnerability in download.php in the ionFiles ...)
 	NOT-FOR-US: Joomla
 CVE-2008-6079 (Multiple unspecified vulnerabilities in imlib2 before 1.4.2 have ...)
+	{DSA-2029-1}
 	- imlib2 1.4.2-1 (bug #576469)
 	NOTE: poked upstream for more details
 CVE-2008-6078 (SQL injection vulnerability in open.php in the Private Messaging ...)
@@ -25237,8 +25275,8 @@
 	- libxml2 2.6.32.dfsg-3 (medium)
 CVE-2008-3280
 	RESERVED
-CVE-2008-3279
-	RESERVED
+CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 ...)
+	TODO: check
 CVE-2008-3278
 	RESERVED
 CVE-2008-3277

More information about the Secure-testing-commits mailing list