[Secure-testing-commits] r15652 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Mon Dec 6 22:06:21 UTC 2010
Author: geissert
Date: 2010-12-06 22:06:20 +0000 (Mon, 06 Dec 2010)
New Revision: 15652
Modified:
data/CVE/list
Log:
3 php5 issues, 4 awstats issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-12-06 21:24:19 UTC (rev 15651)
+++ data/CVE/list 2010-12-06 22:06:20 UTC (rev 15652)
@@ -1,3 +1,11 @@
+CVE-2010-XXXX [php and NUL handling on file ops]
+ - php5 <unfixed> (low)
+ NOTE: old, known, issue -- Pierre already requested an id
+ NOTE: http://svn.php.net/viewvc?view=revision&revision=305507
+CVE-2010-4409 [php getSymbol() DoS]
+ - php5 <unfixed>
+ [lenny] - php5 <not-affected> (intl extension included since 5.3)
+ NOTE: http://www.kb.cert.org/vuls/id/479900
CVE-2010-4407 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
TODO: check
CVE-2010-4406 (Directory traversal vulnerability in gallery.php in Brunetton ...)
@@ -17,7 +25,7 @@
CVE-2010-4399 (Directory traversal vulnerability in languages.inc.php in DynPG CMS ...)
TODO: check
CVE-2010-4398 (Stack-based buffer overflow in the RtlQueryRegistryValues function in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2010-4397
RESERVED
CVE-2010-4396
@@ -75,12 +83,16 @@
CVE-2010-4370 (Multiple integer overflows in the in_midi plugin in Winamp before 5.6 ...)
TODO: check
CVE-2010-4369 (Directory traversal vulnerability in AWStats before 7.0 allows remote ...)
+ - awstats <unfixed>
TODO: check
CVE-2010-4368 (awstats.cgi in AWStats before 7.0 on Windows accepts a configdir ...)
- TODO: check
+ - awstats <unfixed> (unimportant)
+ NOTE: looks like it's the same as CVE-2010-4367
CVE-2010-4367 (awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the ...)
+ - awstats <unfixed>
TODO: check
CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95 ...)
+ - awstats <unfixed>
TODO: check
CVE-2010-XXXX [ocrodjvu insecure temp files handling]
- ocrodjvu 0.4.6-2 (low; bug #598134)
@@ -432,7 +444,9 @@
CVE-2009-5017 (Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong ...)
TODO: check
CVE-2009-5016 (Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in ...)
+ - php5 <unfixed>
TODO: check
+ NOTE: probably already fixed in squeeze/sid, have to check
CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets ...)
- proftpd-dfsg 1.3.3a-5 (bug #603511; bug #602279)
[lenny] - proftpd-dfsg <not-affected> (Introduced in 1.3.2rc3)
@@ -2560,6 +2574,7 @@
RESERVED
CVE-2010-3394 (The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place ...)
- texmacs 1:1.0.7.7-1.1 (bug #598424)
+ [squeeze] - texmacs 1:1.0.7.4-3.1
CVE-2010-3393 (magics-config in Magics++ 2.10.0 places a zero-length directory name ...)
- magics++ 2.10.0.dfsg-5.1 (bug #598418)
CVE-2010-3392
More information about the Secure-testing-commits
mailing list