[Secure-testing-commits] r15206 - data/CVE

Wed Aug 25 07:52:40 UTC 2010

Author: iuculano
Date: 2010-08-25 07:52:37 +0000 (Wed, 25 Aug 2010)
New Revision: 15206

Modified:
   data/CVE/list
Log:
- NFUs
- Filed bugs for CVE-2010-2790 CVE-2010-2809 and CVE-2010-2810

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-08-25 07:12:02 UTC (rev 15205)
+++ data/CVE/list	2010-08-25 07:52:37 UTC (rev 15206)
@@ -1,15 +1,15 @@
 CVE-2010-XXXX [two BGP DoS issues]
 	- quagga <unfixed> (bug #594262)
 CVE-2010-3109 (Stack-based buffer overflow in the browser plugin in Novell iPrint ...)
-	TODO: check
+	NOT-FOR-US: browser plugin in Novell iPrint Client
 CVE-2010-3108 (Buffer overflow in the browser plugin in Novell iPrint Client before ...)
-	TODO: check
+	NOT-FOR-US: browser plugin in Novell iPrint Client
 CVE-2010-3107 (A certain ActiveX control in ienipp.ocx in the browser plugin in ...)
-	TODO: check
+	NOT-FOR-US: browser plugin in Novell iPrint Client
 CVE-2010-3106 (The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint ...)
-	TODO: check
+	NOT-FOR-US: browser plugin in Novell iPrint Client
 CVE-2010-3105 (The PluginGetDriverFile function in Novell iPrint Client before 5.44 ...)
-	TODO: check
+	NOT-FOR-US: browser plugin in Novell iPrint Client
 CVE-2010-3104 (Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, ...)
 	NOT-FOR-US: DeskShare AutoFTP Manager
 CVE-2010-3103 (Directory traversal vulnerability in FTPGetter Team FTPGetter ...)
@@ -166,25 +166,25 @@
 CVE-2010-3033
 	RESERVED
 CVE-2010-3032 (Integer overflow in the OBGIOPServerWorker::extractHeader function in ...)
-	TODO: check
+	NOT-FOR-US: SAP Crystal Reports 2008
 CVE-2010-3031 (Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other ...)
-	TODO: check
+	NOT-FOR-US: Wyse ThinOS 
 CVE-2010-3030 (Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open ...)
-	TODO: check
+	NOT-FOR-US: Tomaz Muraus Open Blog
 CVE-2010-3029 (SQL injection vulnerability in statistics.php in PHPKick 0.8 allows ...)
-	TODO: check
+	NOT-FOR-US: PHPKick
 CVE-2010-3028 (The Aardvertiser component before 2.2.1 for Joomla! uses insecure ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2010-3027 (SQL injection vulnerability in index.php in Tycoon Baseball Script ...)
-	TODO: check
+	NOT-FOR-US: Tycoon Baseball Script
 CVE-2010-3026 (Cross-site request forgery (CSRF) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Tomaz Muraus Open Blog
 CVE-2010-3025 (Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus ...)
-	TODO: check
+	NOT-FOR-US: Tomaz Muraus Open Blog
 CVE-2010-3024 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: DiamondList
 CVE-2010-3023 (Multiple cross-site scripting (XSS) vulnerabilities in DiamondList ...)
-	TODO: check
+	NOT-FOR-US: DiamondList
 CVE-2010-3022 (Cross-site scripting (XSS) vulnerability in the Performance logging ...)
 	TODO: check
 CVE-2010-3021 (Unspecified vulnerability in Opera before 10.61 allows remote ...)
@@ -200,7 +200,7 @@
 CVE-2010-3016
 	REJECTED
 CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 ...)
-	TODO: check
+	NOT-FOR-US: Pligg
 CVE-2010-3012
 	RESERVED
 CVE-2010-3011
@@ -697,12 +697,12 @@
 CVE-2010-2811
 	RESERVED
 CVE-2010-2810 (Heap-based buffer overflow in the convert_to_idna function in ...)
-	- lynx-cur <unfixed>
+	- lynx-cur <unfixed> (bug #594300)
 	[lenny] - lynx-cur <no-dsa> (Minor issue)
 	NOTE: exploit scenario really obscure
 	TODO: File bug
 CVE-2010-2809 (The default configuration of the &lt;Button2&gt; binding in Uzbl before ...)
-	- uzbl <unfixed> 
+	- uzbl <unfixed> (bug #594301)
 	TODO: File bug
 CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in ...)
 	- freetype 2.4.2-1
@@ -747,7 +747,7 @@
 CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, ...)
 	- apache2 2.2.10-1 (low)
 CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery ...)
-	- zabbix <unfixed>
+	- zabbix <unfixed> (bug #594304)
 	NOTE: https://support.zabbix.com/browse/ZBX-2326
 	[lenny] - zabbix <no-dsa> (Minor issue)
 CVE-2010-2789 [mediawiki "register_globals arbitrary inclusion"]


