[Secure-testing-commits] r15646 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Fri Dec 3 16:24:51 UTC 2010
Author: jmm-guest
Date: 2010-12-03 16:24:51 +0000 (Fri, 03 Dec 2010)
New Revision: 15646
Modified:
data/CVE/list
Log:
- new kernel issues (mostly already present in kernel-sec repo)
- imagemagick/cwd CVEfied
- plenty of new chrome/webkit issues
- NFUs
- festival not-affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-12-03 08:17:04 UTC (rev 15645)
+++ data/CVE/list 2010-12-03 16:24:51 UTC (rev 15646)
@@ -1,8 +1,7 @@
CVE-2010-XXXX [ocrodjvu insecure temp files handling]
- ocrodjvu 0.4.6-2 (low; bug #598134)
CVE-2010-XXXX [hypermail XSS]
- - hypermail <removed> (bug #598743)
- TODO: check
+ - hypermail <removed> (low; bug #598743)
CVE-2010-4366 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
TODO: check
CVE-2010-4365 (SQL injection vulnerability in JE Ajax Event Calendar ...)
@@ -252,7 +251,7 @@
CVE-2010-4271 (SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows ...)
NOT-FOR-US: ImpressCMS
CVE-2010-4270 (Directory traversal vulnerability in the nBill (com_netinvoice) ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2010-4269 (SQL injection vulnerability in managechat.php in Collabtive 0.65 ...)
NOT-FOR-US: Collabtive
CVE-2010-4268 (SQL injection vulnerability in the Pulse Infotech Flip Wall ...)
@@ -294,9 +293,9 @@
CVE-2010-4250
RESERVED
CVE-2010-4249 (The wait_for_unix_gc function in net/unix/garbage.c in the Linux ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2010-4248 (Race condition in the __exit_signal function in kernel/exit.c in the ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2010-4247
RESERVED
CVE-2010-4246
@@ -357,9 +356,6 @@
CVE-2010-XXXX [pootle XSS vulnerability via 'match_names']
- pootle <unfixed> (low; bug #604060)
[lenny] - pootle <not-affected> (Minor issue)
-CVE-2010-XXXX [imagemagick reads config files from cwd]
- - imagemagick 8:6.6.0.4-3 (low; bug #601824)
- [lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4
CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated Solution ...)
NOT-FOR-US: IBM WebSphere
CVE-2010-4219 (Cross-site scripting (XSS) vulnerability in SemanticTagService.js in ...)
@@ -489,12 +485,13 @@
RESERVED
- systemtap 1.2-3 (bug #603946)
CVE-2010-4169 (Use-after-free vulnerability in mm/mprotect.c in the Linux kernel ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2010-4168 (Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 ...)
- openttd 1.0.4-3 (bug #603752)
[lenny] - openttd <not-affected> (Introduced in 1.0)
CVE-2010-4167 (Untrusted search path vulnerability in configure.c in ImageMagick ...)
- TODO: check
+ - imagemagick 8:6.6.0.4-3 (low; bug #601824)
+ [lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4
CVE-2010-4166
RESERVED
CVE-2010-4165 (The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel ...)
@@ -899,7 +896,7 @@
CVE-2010-3997
RESERVED
CVE-2010-3996 (festival_server in Centre for Speech Technology Research (CSTR) ...)
- TODO: check
+ - festival <not-affected> (From Lenny onwards we don't include the server component)
CVE-2009-5013 (Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib ...)
- python-pyftpdlib 0.5.2-1
CVE-2009-5012 (ftpserver.py in pyftpdlib before 0.5.2 does not require the l ...)
@@ -1095,9 +1092,9 @@
CVE-2010-3912
RESERVED
CVE-2010-3911 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM ...)
- TODO: check
+ NOT-FOR-US: vTiger CRM
CVE-2010-3910 (Multiple directory traversal vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: vTiger CRM
CVE-2010-3909 (Incomplete blacklist vulnerability in config.template.php in vtiger ...)
NOT-FOR-US: vtiger CRM
CVE-2010-3908
@@ -1217,7 +1214,7 @@
RESERVED
CVE-2010-3861
RESERVED
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-29
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
CVE-2010-3860
RESERVED
@@ -1344,55 +1341,73 @@
CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures before ...)
NOT-FOR-US: Apple iOS
CVE-2010-3826 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3825
RESERVED
CVE-2010-3824 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3823 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3822 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3821 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3820 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3819 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3818 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3817 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3816 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3815
RESERVED
CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in ...)
- freetype 2.4.2-2.1 (bug #602221)
CVE-2010-3813 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3812 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X ...)
- webkit <unfixed>
- chromium-browser <undetermined>
NOTE: http://www.zerodayinitiative.com/advisories/ZDI-10-257
CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3810 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3809 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3808 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3807
RESERVED
CVE-2010-3806
RESERVED
CVE-2010-3805 (Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3804 (The JavaScript implementation in WebKit in Apple Safari before 5.0.3 ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3803 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3802
RESERVED
CVE-2010-3801
More information about the Secure-testing-commits
mailing list