[Secure-testing-commits] r14414 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Tue Apr 6 05:23:47 UTC 2010
Author: geissert
Date: 2010-04-06 05:23:45 +0000 (Tue, 06 Apr 2010)
New Revision: 14414
Modified:
data/CVE/list
Log:
multiple new issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-04-06 04:34:19 UTC (rev 14413)
+++ data/CVE/list 2010-04-06 05:23:45 UTC (rev 14414)
@@ -1,3 +1,32 @@
+CVE-2010-XXXX [tcpdf code execution via tcpdf tag]
+ - moodle <undetermined>
+ - phpmyadmin <undetermined>
+ - tcpdf <itp> (bug #495985)
+ TODO: check
+ NOTE: http://sourceforge.net/projects/tcpdf/files/CHANGELOG.TXT/view
+ NOTE: setting K_TCPDF_CALLS_IN_HTML to false mitigates the problem
+CVE-2010-XXXX [linux r128 ioctl handlers null pointer deref]
+ - linux-2.6 <undetermined>
+ TODO: check
+ NOTE: http://git.kernel.org/linus/7dc482dfeeeefcfd000d4271c4626937406756d7
+CVE-2010-XXXX [xmail insecure temp files handling]
+ - xmail <undetermined>
+ TODO: check
+ NOTE: http://www.xmailserver.org/ChangeLog.html#feb_25__2010_v_1_27
+CVE-2010-XXXX [dovecot wrong Mail dir permissions]
+ - dovecot <undetermined>
+ TODO: check
+ NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
+CVE-2010-XXXX [Linux ThinkPad video output status local DoS]
+ - linux-2.6 <unfixed> (bug #565790)
+ NOTE: http://git.kernel.org/linus/b525c06cdbd8a3963f0173ccd23f9147d4c384b5
+ TODO: check affected/fixed versions, Moritz?
+CVE-2010-XXXX [aircrack-ng EAPOL buffer overflow]
+ - aircrack-ng <unfixed> (low)
+ [lenny] - aircrack-ng <no-dsa> (low)
+ [etch] - aircrack-ng <no-dsa> (low)
+ NOTE: http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py
+ TODO: file bug, request id
CVE-2010-1244 (Cross-site request forgery (CSRF) vulnerability in ...)
TODO: check
CVE-2010-1243 (The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 ...)
@@ -1445,7 +1474,7 @@
CVE-2010-0749
RESERVED
- transmission 1.92-1 (unimportant; bug filed)
-CVE-2010-0748
+CVE-2010-0748 [transmission magnet links parser buffer overflow]
RESERVED
- transmission 1.92-1 (medium; bug filed)
[lenny] - transmission <not-affected> (Support for Magnet links not yet available)
@@ -1455,11 +1484,12 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178
NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2
NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235
-CVE-2010-0745 [dovecot DoS]
+CVE-2010-0745 [dovecot large header resource consumption/DoS]
RESERVED
- dovecot 1:1.2.11-1 (low)
[lenny] - dovecot <not-affected> (Vulnerable code not present)
[etch] - dovecot <not-affected> (Vulnerable code not present)
+ NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
CVE-2010-0744 [amsn SSL verification vuln]
RESERVED
- amsn <unfixed> (bug #572818)
More information about the Secure-testing-commits
mailing list