[Secure-testing-commits] r15179 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Aug 20 21:14:50 UTC 2010


Author: joeyh
Date: 2010-08-20 21:14:47 +0000 (Fri, 20 Aug 2010)
New Revision: 15179

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-08-20 13:23:16 UTC (rev 15178)
+++ data/CVE/list	2010-08-20 21:14:47 UTC (rev 15179)
@@ -1,7 +1,15 @@
+CVE-2010-3057
+	RESERVED
+CVE-2010-3054 (Unspecified vulnerability in FreeType 2.3.9, and other versions before ...)
+	TODO: check
+CVE-2010-3053 (bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause ...)
+	TODO: check
 CVE-2010-3056 [phpmyadmin PMASA-2010-5 Several XSS vulnerabilities were found in the code.]
+	RESERVED
 	- phpmyadmin 4:3.3.5.1-1
 	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php
 CVE-2010-3055 [phpmyadmin PMASA-2010-4 Insufficient output sanitizing when generating configuration file.]
+	RESERVED
 	- phpmyadmin <not-affected> (Affects only 2.x branch)
 	[lenny] - phpmyadmin <unfixed>
 	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php
@@ -242,9 +250,9 @@
 	RESERVED
 CVE-2010-2945
 	RESERVED
-CVE-2010-2944 (Authentication problem in zope-ldapuser)
-        - zope-ldapuserfolder <unfixed> (high; bug #593466)
+CVE-2010-2944
 	RESERVED
+	- zope-ldapuserfolder <unfixed> (high; bug #593466)
 CVE-2010-2943 [xfs infoleak]
 	RESERVED
 	- linux-2.6 <unfixed>
@@ -573,8 +581,7 @@
 	TODO: check
 CVE-2010-2814 (Unspecified vulnerability in the Transport Layer Security (TLS) ...)
 	TODO: check
-CVE-2010-2813 [squirrelmail denial of service with 8bit login characters]
-	RESERVED
+CVE-2010-2813 (functions/imap_general.php in SquirrelMail before 1.4.21 does not ...)
 	{DSA-2091-1}
 	- squirrelmail 2:1.4.21-1 (low)
 	[lenny] - squirrelmail <no-dsa> (low-risk issue)
@@ -584,19 +591,15 @@
 	RESERVED
 CVE-2010-2810
 	RESERVED
-CVE-2010-2809
-	RESERVED
-CVE-2010-2808
-	RESERVED
+CVE-2010-2809 (The default configuration of the &lt;Button2&gt; binding in Uzbl before ...)
+	TODO: check
+CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in ...)
 	- freetype 2.4.2-1
-CVE-2010-2807
-	RESERVED
+CVE-2010-2807 (FreeType before 2.4.2 uses incorrect integer data types during bounds ...)
 	- freetype 2.4.2-1
-CVE-2010-2806
-	RESERVED
+CVE-2010-2806 (Array index error in the t42_parse_sfnts function in type42/t42parse.c ...)
 	- freetype 2.4.2-1
-CVE-2010-2805
-	RESERVED
+CVE-2010-2805 (The FT_Stream_EnterFrame function in base/ftstream.c in FreeType ...)
 	- freetype 2.4.2-1
 CVE-2010-2804
 	RESERVED
@@ -1273,8 +1276,8 @@
 CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in ...)
 	- git-core 1:1.7.1-1.1 (low; bug #590026)
 	[lenny] - git-core <no-dsa> (Minor issue)
-CVE-2010-2541
-	RESERVED
+CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType ...)
+	TODO: check
 CVE-2010-2540 (mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 ...)
 	{DSA-2079-1}
 	- mapserver 5.6.4-1
@@ -1311,8 +1314,7 @@
 	[lenny] - iputils <no-dsa> (Minor issue)
 CVE-2010-2528 (The clientautoresp function in family_icbm.c in the oscar protocol ...)
 	- pidgin 2.7.2-1
-CVE-2010-2527
-	RESERVED
+CVE-2010-2527 (Multiple buffer overflows in demo programs in FreeType before 2.4.0 ...)
 	{DSA-2070-1}
 	- freetype 2.4.0-1
 CVE-2010-2526 (The cluster logical volume manager daemon (clvmd) in lvm2-cluster in ...)
@@ -1329,13 +1331,12 @@
 CVE-2010-2521
 	RESERVED
 	{DSA-2094-1}
-CVE-2010-2520 [freetype]
-	RESERVED
+CVE-2010-2520 (Heap-based buffer overflow in the Ins_IUP function in ...)
 	{DSA-2070-1}
 	- freetype 2.4.0-1
-CVE-2010-2519
-	RESERVED
+CVE-2010-2519 (Heap-based buffer overflow in the Mac_Read_POST_Resource function in ...)
 	{DSA-2070-1}
+	TODO: check
 CVE-2010-2518 (Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before ...)
 	NOT-FOR-US: P8 Content Search Engine
 CVE-2010-2517 (Multiple unspecified vulnerabilities in IBM Rational ClearQuest before ...)
@@ -1400,20 +1401,16 @@
 	NOT-FOR-US: Splunk
 CVE-2010-2501
 	RESERVED
-CVE-2010-2500 [freetype]
-	RESERVED
+CVE-2010-2500 (Integer overflow in the gray_render_span function in smooth/ftgrays.c ...)
 	{DSA-2070-1}
 	- freetype 2.4.0-1
-CVE-2010-2499 [freetype]
-	RESERVED
+CVE-2010-2499 (Buffer overflow in the Mac_Read_POST_Resource function in ...)
 	{DSA-2070-1}
 	- freetype 2.4.0-1
-CVE-2010-2498 [freetype]
-	RESERVED
+CVE-2010-2498 (The psh_glyph_find_strong_points function in pshinter/pshalgo.c in ...)
 	{DSA-2070-1}
 	- freetype 2.4.0-1
-CVE-2010-2497 [freetype]
-	RESERVED
+CVE-2010-2497 (Integer underflow in glyph handling in FreeType before 2.4.0 allows ...)
 	{DSA-2070-1}
 	- freetype 2.4.0-1
 CVE-2010-2496
@@ -2057,8 +2054,7 @@
 CVE-2010-2243 [timekeeping oops]
 	RESERVED
 	- linux-2.6 2.6.32-11
-CVE-2010-2242 [libvirt privilege scalation because of improperly mapped source privileged ports]
-	RESERVED
+CVE-2010-2242 (Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with ...)
 	- libvirt 0.8.3-1 (low)
 	[lenny] - libvirt <no-dsa> (Minor issue)
 CVE-2010-2241 (The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red ...)
@@ -2067,24 +2063,21 @@
 	RESERVED
 	{DSA-2094-1}
 	- linux-2.6 2.6.32-21
-CVE-2010-2239 [libvirt not setting user defined backing store format]
-	RESERVED
+CVE-2010-2239 (Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images ...)
 	- libvirt 0.8.3-1 (low)
 	[lenny] - libvirt <not-affected> (only affects >= 0.6.0)
-CVE-2010-2238 [libvirt: ignoring defined disk backing store format when recursing into disk image backing stores]
-	RESERVED
+CVE-2010-2238 (Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into ...)
 	- libvirt 0.8.3-1
 	[lenny] - libvirt <not-affected> (only affects >= 0.7.2)
-CVE-2010-2237 [libvirt: ignoring defined main disk format when looking up disk backing stores]
-	RESERVED
+CVE-2010-2237 (Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing ...)
 	- libvirt 0.8.3-1
 	[lenny] - libvirt <not-affected> (only affects >= 0.6.1)
 CVE-2010-2236
 	RESERVED
 CVE-2010-2235
 	RESERVED
-CVE-2010-2234
-	RESERVED
+CVE-2010-2234 (Cross-site request forgery (CSRF) vulnerability in Apache CouchDB ...)
+	TODO: check
 CVE-2010-2233 (tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used ...)
 	- tiff 3.9.1-1
 	[lenny] - tiff <not-affected> (Only affects 3.9.x)
@@ -2473,8 +2466,8 @@
 	NOT-FOR-US: DataTrack System
 CVE-2010-2077
 	REJECTED
-CVE-2010-2076
-	RESERVED
+CVE-2010-2076 (Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before ...)
+	TODO: check
 CVE-2010-2075 (UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from ...)
 	- unrealircd <itp> (bug #515130)
 CVE-2010-2074 (istream.c in w3m 0.5.2 and possibly other versions, when ...)
@@ -3176,7 +3169,7 @@
 	TODO: check
 CVE-2010-1798
 	RESERVED
-CVE-2010-1797 (Stack-based buffer overflow in FreeType in Apple iOS before 4.0.2 on ...)
+CVE-2010-1797 (Multiple stack-based buffer overflows in the ...)
 	- freetype 2.4.2-1
 CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 ...)
 	- webkit <undetermined>
@@ -3312,8 +3305,7 @@
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37760
 	NOTE: http://trac.webkit.org/changeset/59263
-CVE-2010-1760
-	RESERVED
+CVE-2010-1760 (loader/DocumentThreadableLoader.cpp in the XMLHttpRequest ...)
 	- webkit 1.2.2-1 
 	- chromium-browser 5.0.375.99~r51029-2
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37781
@@ -4500,8 +4492,7 @@
 	NOTE: http://trac.webkit.org/changeset/54129
 	NOTE: http://trac.webkit.org/changeset/54141
 	NOTE: http://trac.webkit.org/changeset/54265
-CVE-2010-1386
-	RESERVED
+CVE-2010-1386 (page/Geolocation.cpp in WebCore in WebKit before r56188 does not ...)
 	- webkit 1.2.2-1 
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36255




More information about the Secure-testing-commits mailing list