[Secure-testing-commits] r14487 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Apr 14 21:14:52 UTC 2010
Author: joeyh
Date: 2010-04-14 21:14:43 +0000 (Wed, 14 Apr 2010)
New Revision: 14487
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-04-14 20:57:42 UTC (rev 14486)
+++ data/CVE/list 2010-04-14 21:14:43 UTC (rev 14487)
@@ -1,3 +1,46 @@
+CVE-2010-1564
+ REJECTED
+ TODO: check
+CVE-2010-1372 (SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) ...)
+ TODO: check
+CVE-2010-1371 (Cross-site scripting (XSS) vulnerability in signup.asp in Pre ...)
+ TODO: check
+CVE-2010-1370 (SQL injection vulnerability in detailad.asp in Pre Classified Listings ...)
+ TODO: check
+CVE-2010-1369 (SQL injection vulnerability in signup.asp in Pre Classified Listings ...)
+ TODO: check
+CVE-2010-1368 (SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows ...)
+ TODO: check
+CVE-2010-1367 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2010-1366 (Multiple SQL injection vulnerabilities in admin/admin_login.php in ...)
+ TODO: check
+CVE-2010-1365 (SQL injection vulnerability in index.php in Uiga Fan Club, as ...)
+ TODO: check
+CVE-2010-1364 (SQL injection vulnerability in index.php in Uiga Personal Portal, as ...)
+ TODO: check
+CVE-2010-1363 (SQL injection vulnerability in the JProjects (com_j-projects) ...)
+ TODO: check
+CVE-2010-1362 (Cross-site scripting (XSS) vulnerability in the Own Term module ...)
+ TODO: check
+CVE-2010-1361 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2010-1360 (Multiple PHP remote file inclusion vulnerabilities in FAQEngine ...)
+ TODO: check
+CVE-2010-1359 (SQL injection vulnerability in bluegate_seo.inc.php in the Direct URL ...)
+ TODO: check
+CVE-2010-1358 (Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) ...)
+ TODO: check
+CVE-2010-1357 (Cross-site scripting (XSS) vulnerability in editors/logindialogue.php ...)
+ TODO: check
+CVE-2010-1356 (Unspecified vulnerability on the TANDBERG Video Communication Server ...)
+ TODO: check
+CVE-2010-1355 (Cross-site scripting (XSS) vulnerability on the TANDBERG Video ...)
+ TODO: check
+CVE-2009-4766 (YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2 stores ...)
+ TODO: check
+CVE-2009-4765 (CNR Hikaye Portal 2.0 stores sensitive information under the web root ...)
+ TODO: check
CVE-2010-1354 (Directory traversal vulnerability in the VJDEO (com_vjdeo) component ...)
NOT-FOR-US: Joomla!
CVE-2010-1353 (Directory traversal vulnerability in the LoginBox Pro (com_loginbox) ...)
@@ -74,8 +117,8 @@
RESERVED
CVE-2010-1317
RESERVED
-CVE-2010-1316
- RESERVED
+CVE-2010-1316 (Multiple stack-based buffer overflows in Tembria Server Monitor before ...)
+ TODO: check
CVE-2010-1315 (Directory traversal vulnerability in weberpcustomer.php in the ...)
NOT-FOR-US: Joomla!
CVE-2010-1314 (Directory traversal vulnerability in the Highslide JS (com_hsconfig) ...)
@@ -248,6 +291,7 @@
NOTE: http://git.kernel.org/linus/b525c06cdbd8a3963f0173ccd23f9147d4c384b5
TODO: check affected/fixed versions, Moritz?
CVE-2010-1159 [aircrack-ng EAPOL buffer overflow]
+ RESERVED
- aircrack-ng <unfixed> (low; bug #577758)
[lenny] - aircrack-ng <no-dsa> (low)
[etch] - aircrack-ng <no-dsa> (low)
@@ -258,7 +302,7 @@
NOT-FOR-US: IBM Web Interface for Content Management
CVE-2010-1242 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web ...)
NOT-FOR-US: IBM Web Interface for Content Management
-CVE-2010-1241 (The custom heap management system in Adobe Reader 9.3.1 allows remote ...)
+CVE-2010-1241 (Heap-based buffer overflow in the custom heap management system in ...)
TODO: check
CVE-2010-1240 (Adobe Reader 9.3.1 on Windows does not restrict the contents of one ...)
NOT-FOR-US: Adobe Reader
@@ -479,7 +523,7 @@
RESERVED
CVE-2010-1162
RESERVED
-CVE-2010-1161 [nano: unsafe creation of backup files]
+CVE-2010-1161 [nano: unsafe creation of backup files]
RESERVED
- nano <unfixed> (low; bug #577817)
[lenny] - nano <no-dsa> (minor issue)
@@ -1308,100 +1352,100 @@
RESERVED
CVE-2010-0898
RESERVED
-CVE-2010-0897
- RESERVED
-CVE-2010-0896
- RESERVED
-CVE-2010-0895
- RESERVED
-CVE-2010-0894
- RESERVED
-CVE-2010-0893
- RESERVED
+CVE-2010-0897 (Unspecified vulnerability in the Sun Java System Directory Server ...)
+ TODO: check
+CVE-2010-0896 (Unspecified vulnerability in the Sun Convergence component in Oracle ...)
+ TODO: check
+CVE-2010-0895 (Unspecified vulnerability in the Solaris component in Oracle Sun ...)
+ TODO: check
+CVE-2010-0894 (Unspecified vulnerability in the Sun Java System Access Manager ...)
+ TODO: check
+CVE-2010-0893 (Unspecified vulnerability in the Sun Convergence component in Oracle ...)
+ TODO: check
CVE-2010-0892
RESERVED
-CVE-2010-0891
- RESERVED
-CVE-2010-0890
- RESERVED
-CVE-2010-0889
- RESERVED
-CVE-2010-0888
- RESERVED
+CVE-2010-0891 (Unspecified vulnerability in the Sun Management Center component in ...)
+ TODO: check
+CVE-2010-0890 (Unspecified vulnerability in the Solaris component in Oracle Sun ...)
+ TODO: check
+CVE-2010-0889 (Unspecified vulnerability in the Solaris component in Oracle Sun ...)
+ TODO: check
+CVE-2010-0888 (Unspecified vulnerability in the Sun Ray Server Software component in ...)
+ TODO: check
CVE-2010-0887
RESERVED
CVE-2010-0886
RESERVED
-CVE-2010-0885
- RESERVED
-CVE-2010-0884
- RESERVED
-CVE-2010-0883
- RESERVED
-CVE-2010-0882
- RESERVED
-CVE-2010-0881
- RESERVED
-CVE-2010-0880
- RESERVED
-CVE-2010-0879
- RESERVED
-CVE-2010-0878
- RESERVED
-CVE-2010-0877
- RESERVED
-CVE-2010-0876
- RESERVED
-CVE-2010-0875
- RESERVED
-CVE-2010-0874
- RESERVED
+CVE-2010-0885 (Unspecified vulnerability in the Sun Java System Communications ...)
+ TODO: check
+CVE-2010-0884 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun ...)
+ TODO: check
+CVE-2010-0883 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun ...)
+ TODO: check
+CVE-2010-0882 (Unspecified vulnerability in the Solaris component in Oracle Sun ...)
+ TODO: check
+CVE-2010-0881 (Unspecified vulnerability in the User Interface Components in Oracle ...)
+ TODO: check
+CVE-2010-0880 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
+ TODO: check
+CVE-2010-0879 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
+ TODO: check
+CVE-2010-0878 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
+ TODO: check
+CVE-2010-0877 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
+ TODO: check
+CVE-2010-0876 (Unspecified vulnerability in the Life Sciences - Oracle Clinical ...)
+ TODO: check
+CVE-2010-0875 (Unspecified vulnerability in the Life Sciences - Oracle Thesaurus ...)
+ TODO: check
+CVE-2010-0874 (Unspecified vulnerability in the Communications - Oracle ...)
+ TODO: check
CVE-2010-0873
RESERVED
-CVE-2010-0872
- RESERVED
-CVE-2010-0871
- RESERVED
-CVE-2010-0870
- RESERVED
-CVE-2010-0869
- RESERVED
-CVE-2010-0868
- RESERVED
-CVE-2010-0867
- RESERVED
-CVE-2010-0866
- RESERVED
-CVE-2010-0865
- RESERVED
-CVE-2010-0864
- RESERVED
-CVE-2010-0863
- RESERVED
-CVE-2010-0862
- RESERVED
-CVE-2010-0861
- RESERVED
-CVE-2010-0860
- RESERVED
-CVE-2010-0859
- RESERVED
-CVE-2010-0858
- RESERVED
-CVE-2010-0857
- RESERVED
-CVE-2010-0856
- RESERVED
-CVE-2010-0855
- RESERVED
-CVE-2010-0854
- RESERVED
-CVE-2010-0853
- RESERVED
-CVE-2010-0852
- RESERVED
-CVE-2010-0851
- RESERVED
+CVE-2010-0872 (Unspecified vulnerability in the Oracle Internet Directory component ...)
+ TODO: check
+CVE-2010-0871 (Unspecified vulnerability in the Oracle Application Object Library ...)
+ TODO: check
+CVE-2010-0870 (Unspecified vulnerability in the Change Data Capture component in ...)
+ TODO: check
+CVE-2010-0869 (Unspecified vulnerability in the Oracle Transportation Management ...)
+ TODO: check
+CVE-2010-0868 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
+ TODO: check
+CVE-2010-0867 (Unspecified vulnerability in the JavaVM component in Oracle Database ...)
+ TODO: check
+CVE-2010-0866 (Unspecified vulnerability in the JavaVM component in Oracle Database ...)
+ TODO: check
+CVE-2010-0865 (Unspecified vulnerability in the Oracle Agile Engineering Data ...)
+ TODO: check
+CVE-2010-0864 (Unspecified vulnerability in the Retail - Oracle Retail Place ...)
+ TODO: check
+CVE-2010-0863 (Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season ...)
+ TODO: check
+CVE-2010-0862 (Unspecified vulnerability in the Retail - Oracle Retail Markdown ...)
+ TODO: check
+CVE-2010-0861 (Unspecified vulnerability in the Oracle HRMS (Self Service) component ...)
+ TODO: check
+CVE-2010-0860 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
+ TODO: check
+CVE-2010-0859 (Unspecified vulnerability in the Oracle Application Object Library ...)
+ TODO: check
+CVE-2010-0858 (Unspecified vulnerability in the E-Business Intelligence component in ...)
+ TODO: check
+CVE-2010-0857 (Unspecified vulnerability in the Oracle Workflow Cartridge component ...)
+ TODO: check
+CVE-2010-0856 (Unspecified vulnerability in the Portal component in Oracle Fusion ...)
+ TODO: check
+CVE-2010-0855 (Unspecified vulnerability in the Portal component in Oracle Fusion ...)
+ TODO: check
+CVE-2010-0854 (Unspecified vulnerability in the Audit component in Oracle Database ...)
+ TODO: check
+CVE-2010-0853 (Unspecified vulnerability in the Oracle Internet Directory component ...)
+ TODO: check
+CVE-2010-0852 (Unspecified vulnerability in the XML DB component in Oracle Database ...)
+ TODO: check
+CVE-2010-0851 (Unspecified vulnerability in the XML DB component in Oracle Database ...)
+ TODO: check
CVE-2010-0850 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
@@ -1574,12 +1618,12 @@
RESERVED
CVE-2010-0813
RESERVED
-CVE-2010-0812
- RESERVED
+CVE-2010-0812 (Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, ...)
+ TODO: check
CVE-2010-0811
RESERVED
-CVE-2010-0810
- RESERVED
+CVE-2010-0810 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows ...)
+ TODO: check
CVE-2010-0809
RESERVED
CVE-2010-0808
@@ -2389,13 +2433,13 @@
NOT-FOR-US: Apple iTunes
CVE-2010-0530
RESERVED
-CVE-2010-0529 (Heap-based buffer overflow in Apple QuickTime before 7.6.6 on Windows ...)
+CVE-2010-0529 (Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before ...)
NOT-FOR-US: Apple QuickTime
CVE-2010-0528 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to ...)
NOT-FOR-US: Apple Quicktime
CVE-2010-0527 (Integer overflow in Apple QuickTime before 7.6.6 on Windows allows ...)
NOT-FOR-US: Apple QuickTime
-CVE-2010-0526 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...)
+CVE-2010-0526 (Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple ...)
NOT-FOR-US: Apple QuickTime
CVE-2010-0525 (Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key ...)
NOT-FOR-US: Apple Mail
@@ -2407,7 +2451,7 @@
NOT-FOR-US: Apple Server Admin
CVE-2010-0521 (Server Admin in Apple Mac OS X Server before 10.6.3 does not properly ...)
NOT-FOR-US: Apple Server Admin
-CVE-2010-0520 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...)
+CVE-2010-0520 (Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in ...)
NOT-FOR-US: Apple QuickTime
CVE-2010-0519 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows ...)
NOT-FOR-US: Apple QuickTime
@@ -2463,7 +2507,7 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0493
RESERVED
-CVE-2010-0492 (mstime.dll in Microsoft Internet Explorer 8 does not properly handle ...)
+CVE-2010-0492 (Use-after-free vulnerability in mstime.dll in Microsoft Internet ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0491 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...)
NOT-FOR-US: Microsoft Internet Explorer
@@ -2473,30 +2517,30 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0488 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2010-0487
- RESERVED
-CVE-2010-0486
- RESERVED
+CVE-2010-0487 (The Authenticode Signature verification functionality in cabview.dll ...)
+ TODO: check
+CVE-2010-0486 (The WinVerifyTrust function in Authenticode Signature Verification ...)
+ TODO: check
CVE-2010-0485
RESERVED
CVE-2010-0484
RESERVED
-CVE-2010-0483 (VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server ...)
+CVE-2010-0483 (vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows ...)
NOT-FOR-US: Microsoft Windows
-CVE-2010-0482
- RESERVED
-CVE-2010-0481
- RESERVED
-CVE-2010-0480
- RESERVED
-CVE-2010-0479
- RESERVED
-CVE-2010-0478
- RESERVED
-CVE-2010-0477
- RESERVED
-CVE-2010-0476
- RESERVED
+CVE-2010-0482 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not ...)
+ TODO: check
+CVE-2010-0481 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows ...)
+ TODO: check
+CVE-2010-0480 (Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs ...)
+ TODO: check
+CVE-2010-0479 (Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and ...)
+ TODO: check
+CVE-2010-0478 (Stack-based buffer overflow in nsum.exe in the Windows Media Unicast ...)
+ TODO: check
+CVE-2010-0477 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does ...)
+ TODO: check
+CVE-2010-0476 (The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, ...)
+ TODO: check
CVE-2010-0475
RESERVED
CVE-2010-0474
@@ -3208,12 +3252,12 @@
NOT-FOR-US: Sun Java System Web Server
CVE-2010-0271 (hald in Sun OpenSolaris snv_51 through snv_130 does not have the ...)
NOT-FOR-US: hald in Sun OpenSolaris
-CVE-2010-0270
- RESERVED
-CVE-2010-0269
- RESERVED
-CVE-2010-0268
- RESERVED
+CVE-2010-0270 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does ...)
+ TODO: check
+CVE-2010-0269 (The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, ...)
+ TODO: check
+CVE-2010-0268 (Unspecified vulnerability in the Windows Media Player ActiveX control ...)
+ TODO: check
CVE-2010-0267 (Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0266
@@ -3236,12 +3280,12 @@
NOT-FOR-US: Microsoft Office
CVE-2010-0257 (Microsoft Office Excel 2002 SP3 does not properly parse the Excel file ...)
NOT-FOR-US: Microsoft Office
-CVE-2010-0256
- RESERVED
+CVE-2010-0256 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does ...)
+ TODO: check
CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2010-0254
- RESERVED
+CVE-2010-0254 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does ...)
+ TODO: check
CVE-2010-0253
RESERVED
CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office Excel ...)
@@ -3272,16 +3316,16 @@
NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
NOT-FOR-US: Microsoft Windows Vista Gold
-CVE-2010-0238
- RESERVED
-CVE-2010-0237
- RESERVED
-CVE-2010-0236
- RESERVED
-CVE-2010-0235
- RESERVED
-CVE-2010-0234
- RESERVED
+CVE-2010-0238 (Unspecified vulnerability in registry-key validation in the kernel in ...)
+ TODO: check
+CVE-2010-0237 (The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows ...)
+ TODO: check
+CVE-2010-0236 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
+ TODO: check
+CVE-2010-0235 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
+ TODO: check
+CVE-2010-0234 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
+ TODO: check
CVE-2010-0233 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7, including ...)
@@ -3375,36 +3419,36 @@
- libpng 1.2.43-1 (low; bug #572308)
TODO: check freeimage, tuxonice-userui
NOTE: http://www.kb.cert.org/vuls/id/576029
-CVE-2010-0204
- RESERVED
-CVE-2010-0203
- RESERVED
-CVE-2010-0202
- RESERVED
-CVE-2010-0201
- RESERVED
+CVE-2010-0204 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
+ TODO: check
+CVE-2010-0203 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...)
+ TODO: check
+CVE-2010-0202 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...)
+ TODO: check
+CVE-2010-0201 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
+ TODO: check
CVE-2010-0200
- RESERVED
-CVE-2010-0199
- RESERVED
-CVE-2010-0198
- RESERVED
-CVE-2010-0197
- RESERVED
-CVE-2010-0196
- RESERVED
-CVE-2010-0195
- RESERVED
-CVE-2010-0194
- RESERVED
-CVE-2010-0193
- RESERVED
-CVE-2010-0192
- RESERVED
-CVE-2010-0191
- RESERVED
-CVE-2010-0190
- RESERVED
+ REJECTED
+CVE-2010-0199 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...)
+ TODO: check
+CVE-2010-0198 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...)
+ TODO: check
+CVE-2010-0197 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
+ TODO: check
+CVE-2010-0196 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...)
+ TODO: check
+CVE-2010-0195 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
+ TODO: check
+CVE-2010-0194 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
+ TODO: check
+CVE-2010-0193 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...)
+ TODO: check
+CVE-2010-0192 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...)
+ TODO: check
+CVE-2010-0191 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
+ TODO: check
+CVE-2010-0190 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat ...)
+ TODO: check
CVE-2010-0189 (A certain ActiveX control in NOS Microsystems getPlus Download Manager ...)
NOT-FOR-US: Adobe Download Manager
CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 ...)
@@ -3441,7 +3485,7 @@
- xulrunner 1.9.1.9-1
- iceape 2.0.4-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0177 (The window.navigator.plugins object in Mozilla Firefox before 3.0.19, ...)
+CVE-2010-0177 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...)
{DSA-2027-1}
- xulrunner 1.9.1.9-1
- iceape 2.0.4-1
@@ -3820,12 +3864,12 @@
NOT-FOR-US: module for Drupal
CVE-2009-4512 (Directory traversal vulnerability in index.php in Oscailt 3.3, when ...)
NOT-FOR-US: Oscailt
-CVE-2009-4511
- RESERVED
-CVE-2009-4510
- RESERVED
-CVE-2009-4509
- RESERVED
+CVE-2009-4511 (Multiple directory traversal vulnerabilities in the web administration ...)
+ TODO: check
+CVE-2009-4510 (The SSH service on the TANDBERG Video Communication Server (VCS) ...)
+ TODO: check
+CVE-2009-4509 (The administrative web console on the TANDBERG Video Communication ...)
+ TODO: check
CVE-2009-4508
RESERVED
CVE-2009-4507
@@ -4174,8 +4218,8 @@
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-0086
- RESERVED
+CVE-2010-0086 (Unspecified vulnerability in the Portal component in Oracle Fusion ...)
+ TODO: check
CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment component in ...)
- openjdk-6 <undetermined>
- sun-java6 <unfixed>
@@ -4206,8 +4250,8 @@
NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0074 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
NOT-FOR-US: BEA Product Suite
-CVE-2010-0073
- RESERVED
+CVE-2010-0073 (Unspecified vulnerability in the WebLogic Server in Oracle WebLogic ...)
+ TODO: check
CVE-2010-0072 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
NOT-FOR-US: Oracle Secure Backup
CVE-2010-0071 (Unspecified vulnerability in the Listener component in Oracle Database ...)
@@ -4373,7 +4417,7 @@
NOT-FOR-US: Apple DesktopServices
CVE-2010-0063 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X ...)
NOT-FOR-US: Apple CoreTypes
-CVE-2010-0062 (Heap-based buffer overflow in CoreMedia and QuickTime in Apple Mac OS ...)
+CVE-2010-0062 (Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime ...)
NOT-FOR-US: Apple QuickTime
CVE-2010-0061
RESERVED
@@ -4489,10 +4533,10 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0026 (The Hyper-V server implementation in Microsoft Windows Server 2008 ...)
NOT-FOR-US: Microsoft Windows Server
-CVE-2010-0025
- RESERVED
-CVE-2010-0024
- RESERVED
+CVE-2010-0025 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...)
+ TODO: check
+CVE-2010-0024 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...)
+ TODO: check
CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-0022 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
@@ -4537,7 +4581,7 @@
CVE-2010-0009 (Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain ...)
- couchdb <unfixed> (bug #576304)
NOTE: I don't really see the security implications?
-CVE-2010-0008 (The SCTP implementation in the Linux kernel before 2.6.23 allows ...)
+CVE-2010-0008 (The sctp_rcv_ootb function in the SCTP implementation in the Linux ...)
- linux-2.6 2.6.23-1
CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the ...)
{DSA-2005-1 DSA-2003-1 DSA-1996-1}
@@ -5568,7 +5612,7 @@
NOT-FOR-US: LiveCycle
CVE-2009-3959 (Integer overflow in the U3D implementation in Adobe Reader and Acrobat ...)
NOT-FOR-US: Adobe Reader and Acrobat 8.0
-CVE-2009-3958 (Buffer overflow in the Download Manager in Adobe Reader and Acrobat ...)
+CVE-2009-3958 (Multiple stack-based buffer overflows in the NOS Microsystems getPlus ...)
NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3957 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows ...)
NOT-FOR-US: Adobe Reader and Acrobat 8.0
@@ -5578,7 +5622,7 @@
NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3954 (The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and ...)
NOT-FOR-US: Adobe Reader and Acrobat 8.0
-CVE-2009-3953 (The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and ...)
+CVE-2009-3953 (The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x ...)
NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3952 (Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and ...)
NOT-FOR-US: Adobe Illustrator
@@ -6120,7 +6164,7 @@
RESERVED
CVE-2009-3737
RESERVED
-CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, ...)
+CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as ...)
{DSA-1958-1}
- libtool 2.2.6b-1 (low; bug #559797)
- arts <not-affected> (Uses absolute path to the sound backend)
@@ -6426,7 +6470,7 @@
RESERVED
CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows 2000 ...)
NOT-FOR-US: Microsoft Internet Authentication Service
-CVE-2009-3676 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows ...)
+CVE-2009-3676 (The SMB client in the kernel in Microsoft Windows Server 2008 R2 and ...)
NOT-FOR-US: Microsoft Windows Server
CVE-2009-3675 (LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in ...)
NOT-FOR-US: Microsoft Local Security Authority Subsystem Service
@@ -20971,7 +21015,7 @@
- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5181 (Microsoft Communicator allows remote attackers to cause a denial of ...)
NOT-FOR-US: Microsoft Communicator
-CVE-2008-5180 (Microsoft Communicator allows remote attackers to cause a denial of ...)
+CVE-2008-5180 (Microsoft Communicator, and Communicator in Microsoft Office 2010 ...)
NOT-FOR-US: Microsoft Communicator
CVE-2008-5179 (Unspecified vulnerability in Microsoft Office Communications Server ...)
NOT-FOR-US: Microsoft Office Communications Server
More information about the Secure-testing-commits
mailing list