[Secure-testing-commits] r15653 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Tue Dec 7 00:14:32 UTC 2010
Author: geissert
Date: 2010-12-07 00:14:31 +0000 (Tue, 07 Dec 2010)
New Revision: 15653
Modified:
data/CVE/list
Log:
11 linux issues
1 CGI.pm issue (more pending ids)
tikiwiki NFUs
1 wordpress issue
1 fontforge issue
1 xfig issue
2 clamav issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-12-06 22:06:20 UTC (rev 15652)
+++ data/CVE/list 2010-12-07 00:14:31 UTC (rev 15653)
@@ -359,56 +359,83 @@
RESERVED
CVE-2010-4264
RESERVED
-CVE-2010-4263
+CVE-2010-4263 [linux: igb panics when receiving tag vlan packet]
RESERVED
-CVE-2010-4262
+ - linux-2.6 <unfixed>
+CVE-2010-4262 [xfig color definition parsing stack buffer overflow]
RESERVED
-CVE-2010-4261
+ - xfig <unfixed>
+ TODO: check
+ NOTE: details and patch at https://bugzilla.redhat.com/659676
+CVE-2010-4261 [clamav icon_cb memory corruption]
RESERVED
-CVE-2010-4260
+ - clamav <unfixed>
+ [lenny] - clamav <end-of-life>
+ TODO: check
+CVE-2010-4260 [clamav PDF DoS]
RESERVED
-CVE-2010-4259
+ - clamav <unfixed>
+ [lenny] - clamav <end-of-life>
+ TODO: check
+CVE-2010-4259 [fontforge BDF files buffer overflow]
RESERVED
-CVE-2010-4258
+ - fontforge <unfixed> (bug #605537)
+CVE-2010-4258 [linux failure to revert address limit override in OOPS error path]
RESERVED
-CVE-2010-4257
+ - linux-2.6 <unfixed>
+CVE-2010-4257 [wordpress trackback SQL injection]
RESERVED
-CVE-2010-4256
+ - wordpress <unfixed>
+ TODO: check
+CVE-2010-4256 [linux: pipe_fcntl local DoS]
RESERVED
-CVE-2010-4255
+ - linux-2.6 <unfixed>
+CVE-2010-4255 [linux: Xen direct pv guest access crash]
RESERVED
+ - linux-2.6 <unfixed>
CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is ...)
+ - moon <unfixed>
TODO: check
+ NOTE: 201011251552.17678.thomas at suse.de
CVE-2010-4253
RESERVED
CVE-2010-4252
RESERVED
CVE-2010-4251
RESERVED
-CVE-2010-4250
+CVE-2010-4250 [linux inotify memory leak]
RESERVED
+ - linux-2.6 <unfixed>
CVE-2010-4249 (The wait_for_unix_gc function in net/unix/garbage.c in the Linux ...)
- linux-2.6 <unfixed>
CVE-2010-4248 (Race condition in the __exit_signal function in kernel/exit.c in the ...)
- linux-2.6 <unfixed>
-CVE-2010-4247
+CVE-2010-4247 [linux xen: request-processing loop is unbounded in blkback]
RESERVED
+ - linux-2.6 <unfixed>
+ TODO: check
+ NOTE: 4CEB7F72.2020202 at redhat.com
CVE-2010-4246
RESERVED
CVE-2010-4245
RESERVED
CVE-2010-4244
RESERVED
-CVE-2010-4243
+CVE-2010-4243 [linux: mem allocated invisible to oom_kill() when not attached to any threads]
RESERVED
-CVE-2010-4242
+ - linux-2.6 <unfixed>
+CVE-2010-4242 [linux: missing tty ops write function presence check in hci_uart_tty_open()]
RESERVED
+ - linux-2.6 <unfixed>
CVE-2010-4241
RESERVED
+ NOT-FOR-US: TikiWiki
CVE-2010-4240
RESERVED
+ NOT-FOR-US: TikiWiki
CVE-2010-4239
RESERVED
+ NOT-FOR-US: TikiWiki
CVE-2010-4238
RESERVED
CVE-2010-4236 (Untrusted search path vulnerability in estaskwrapper in IBM OmniFind ...)
@@ -568,8 +595,9 @@
CVE-2010-4176 [dracut: wrong /dev/systty permissions]
RESERVED
- dracut <not-affected> (vulnerable script not shipped)
-CVE-2010-4175
+CVE-2010-4175 [linux: integer overflow in RDS]
RESERVED
+ - linux-2.6 <unfixed>
CVE-2010-4174
RESERVED
CVE-2010-4173 (The default configuration of libsdp.conf in libsdp 1.1.104 and earlier ...)
@@ -602,8 +630,11 @@
RESERVED
CVE-2010-4162
RESERVED
-CVE-2010-4161
+CVE-2010-4161 [linux deadlock]
RESERVED
+ - linux-2.6 <undetermined>
+ TODO: check
+ NOTE: https://bugzilla.redhat.com/CVE-2010-4161
CVE-2010-4159 (Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 ...)
- mono <unfixed> (bug #605097)
[lenny] - mono <no-dsa> (Minor issue)
@@ -1754,8 +1785,9 @@
NOT-FOR-US: Red Hat Enterprise MRG
CVE-2010-3700 (VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before ...)
NOT-FOR-US: VMware SpringSource Spring Security
-CVE-2010-3699
+CVE-2010-3699 [linux guest->host denial of service from invalid xenbus transitions]
RESERVED
+ - linux-2.6 <unfixed>
CVE-2010-3698 (The KVM implementation in the Linux kernel before 2.6.36 does not ...)
- linux-2.6 2.6.32-28
CVE-2010-3697 (The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x ...)
@@ -4327,8 +4359,10 @@
CVE-2010-2762 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...)
- xulrunner <not-affected> (Only affects 3.6, only in experimental)
- iceweasel <not-affected> (Only affects 3.6, only in experimental)
-CVE-2010-2761
+CVE-2010-2761 [CGI.pm incorrect handling of newlines embedded in headers]
RESERVED
+ - libcgi-pm-perl <unfixed>
+ NOTE: 4CF685D7.4070208 at redhat.com
CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in ...)
{DSA-2106-1}
- xulrunner <removed>
More information about the Secure-testing-commits
mailing list