[Secure-testing-commits] r15653 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Tue Dec 7 00:14:32 UTC 2010 

Author: geissert
Date: 2010-12-07 00:14:31 +0000 (Tue, 07 Dec 2010)
New Revision: 15653

Modified:
   data/CVE/list
Log:
11 linux issues
1 CGI.pm issue (more pending ids)
tikiwiki NFUs
1 wordpress issue
1 fontforge issue
1 xfig issue
2 clamav issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-06 22:06:20 UTC (rev 15652)
+++ data/CVE/list	2010-12-07 00:14:31 UTC (rev 15653)
@@ -359,56 +359,83 @@
 	RESERVED
 CVE-2010-4264
 	RESERVED
-CVE-2010-4263
+CVE-2010-4263 [linux: igb panics when receiving tag vlan packet]
 	RESERVED
-CVE-2010-4262
+	- linux-2.6 <unfixed>
+CVE-2010-4262 [xfig color definition parsing stack buffer overflow]
 	RESERVED
-CVE-2010-4261
+	- xfig <unfixed>
+	TODO: check
+	NOTE: details and patch at https://bugzilla.redhat.com/659676
+CVE-2010-4261 [clamav icon_cb memory corruption]
 	RESERVED
-CVE-2010-4260
+	- clamav <unfixed>
+	[lenny] - clamav <end-of-life>
+	TODO: check
+CVE-2010-4260 [clamav PDF DoS]
 	RESERVED
-CVE-2010-4259
+	- clamav <unfixed>
+	[lenny] - clamav <end-of-life>
+	TODO: check
+CVE-2010-4259 [fontforge BDF files buffer overflow]
 	RESERVED
-CVE-2010-4258
+	- fontforge <unfixed> (bug #605537)
+CVE-2010-4258 [linux failure to revert address limit override in OOPS error path]
 	RESERVED
-CVE-2010-4257
+	- linux-2.6 <unfixed>
+CVE-2010-4257 [wordpress trackback SQL injection]
 	RESERVED
-CVE-2010-4256
+	- wordpress <unfixed>
+	TODO: check
+CVE-2010-4256 [linux: pipe_fcntl local DoS]
 	RESERVED
-CVE-2010-4255
+	- linux-2.6 <unfixed>
+CVE-2010-4255 [linux: Xen direct pv guest access crash]
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is ...)
+	- moon <unfixed>
 	TODO: check
+	NOTE: 201011251552.17678.thomas at suse.de
 CVE-2010-4253
 	RESERVED
 CVE-2010-4252
 	RESERVED
 CVE-2010-4251
 	RESERVED
-CVE-2010-4250
+CVE-2010-4250 [linux inotify memory leak]
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2010-4249 (The wait_for_unix_gc function in net/unix/garbage.c in the Linux ...)
 	- linux-2.6 <unfixed>
 CVE-2010-4248 (Race condition in the __exit_signal function in kernel/exit.c in the ...)
 	- linux-2.6 <unfixed>
-CVE-2010-4247
+CVE-2010-4247 [linux xen: request-processing loop is unbounded in blkback]
 	RESERVED
+	- linux-2.6 <unfixed>
+	TODO: check
+	NOTE: 4CEB7F72.2020202 at redhat.com
 CVE-2010-4246
 	RESERVED
 CVE-2010-4245
 	RESERVED
 CVE-2010-4244
 	RESERVED
-CVE-2010-4243
+CVE-2010-4243 [linux: mem allocated invisible to oom_kill() when not attached to any threads]
 	RESERVED
-CVE-2010-4242
+	- linux-2.6 <unfixed>
+CVE-2010-4242 [linux: missing tty ops write function presence check in hci_uart_tty_open()]
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2010-4241
 	RESERVED
+	NOT-FOR-US: TikiWiki
 CVE-2010-4240
 	RESERVED
+	NOT-FOR-US: TikiWiki
 CVE-2010-4239
 	RESERVED
+	NOT-FOR-US: TikiWiki
 CVE-2010-4238
 	RESERVED
 CVE-2010-4236 (Untrusted search path vulnerability in estaskwrapper in IBM OmniFind ...)
@@ -568,8 +595,9 @@
 CVE-2010-4176 [dracut: wrong /dev/systty permissions]
 	RESERVED
 	- dracut <not-affected> (vulnerable script not shipped)
-CVE-2010-4175
+CVE-2010-4175 [linux: integer overflow in RDS]
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2010-4174
 	RESERVED
 CVE-2010-4173 (The default configuration of libsdp.conf in libsdp 1.1.104 and earlier ...)
@@ -602,8 +630,11 @@
 	RESERVED
 CVE-2010-4162
 	RESERVED
-CVE-2010-4161
+CVE-2010-4161 [linux deadlock]
 	RESERVED
+	- linux-2.6 <undetermined>
+	TODO: check
+	NOTE: https://bugzilla.redhat.com/CVE-2010-4161
 CVE-2010-4159 (Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 ...)
 	- mono <unfixed> (bug #605097)
 	[lenny] - mono <no-dsa> (Minor issue)
@@ -1754,8 +1785,9 @@
 	NOT-FOR-US: Red Hat Enterprise MRG
 CVE-2010-3700 (VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before ...)
 	NOT-FOR-US: VMware SpringSource Spring Security
-CVE-2010-3699
+CVE-2010-3699 [linux guest->host denial of service from invalid xenbus transitions]
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2010-3698 (The KVM implementation in the Linux kernel before 2.6.36 does not ...)
 	- linux-2.6 2.6.32-28
 CVE-2010-3697 (The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x ...)
@@ -4327,8 +4359,10 @@
 CVE-2010-2762 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...)
 	- xulrunner <not-affected> (Only affects 3.6, only in experimental)
 	- iceweasel <not-affected> (Only affects 3.6, only in experimental)
-CVE-2010-2761
+CVE-2010-2761 [CGI.pm incorrect handling of newlines embedded in headers]
 	RESERVED
+	- libcgi-pm-perl <unfixed>
+	NOTE: 4CF685D7.4070208 at redhat.com
 CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in ...)
 	{DSA-2106-1}
 	- xulrunner <removed>

More information about the Secure-testing-commits mailing list