[Secure-testing-commits] r15654 - data/CVE

[Raphael Geissert]

Author: geissert
Date: 2010-12-07 00:47:21 +0000 (Tue, 07 Dec 2010)
New Revision: 15654

Modified:
   data/CVE/list
Log:
2 openssl issues
tomcat, cakephp, collectd, gnash issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-07 00:14:31 UTC (rev 15653)
+++ data/CVE/list	2010-12-07 00:47:21 UTC (rev 15654)
@@ -1,3 +1,10 @@
+CVE-2010-XXXX [cakephp controller/component/security.php unsafe unserialize]
+	- cakephp <unfixed>
+	NOTE: https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
+CVE-2010-XXXX [collectd: DoS in RRDtool and RRDCacheD plugins]
+	- collectd <unfixed> (bug #605092)
+CVE-2010-XXXX [gnash: insecure temp files handling in configure script]
+	- gnash <unfixed> (unimportant; bug #605419)
 CVE-2010-XXXX [php and NUL handling on file ops]
 	- php5 <unfixed> (low)
 	NOTE: old, known, issue -- Pierre already requested an id
@@ -399,8 +406,10 @@
 	NOTE: 201011251552.17678.thomas at suse.de
 CVE-2010-4253
 	RESERVED
-CVE-2010-4252
+CVE-2010-4252 [OpenSSL JPAKE validation error]
 	RESERVED
+	- openssl <unfixed>
+	NOTE: http://www.openssl.org/news/secadv_20101202.txt
 CVE-2010-4251
 	RESERVED
 CVE-2010-4250 [linux inotify memory leak]
@@ -578,8 +587,10 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote attackers ...)
 	- yaws <not-affected> (Only affects Windows)
-CVE-2010-4180
+CVE-2010-4180 [OpenSSL Ciphersuite Downgrade Attack]
 	RESERVED
+	- openssl <unfixed>
+	NOTE: http://www.openssl.org/news/secadv_20101202.txt
 CVE-2010-4179
 	RESERVED
 CVE-2010-4178
@@ -603,6 +614,7 @@
 CVE-2010-4173 (The default configuration of libsdp.conf in libsdp 1.1.104 and earlier ...)
 	- libsdp 1.1.99-2.1 (bug #603841)
 CVE-2010-4172 (Multiple cross-site scripting (XSS) vulnerabilities in the Manager ...)
+	- tomcat6 <unfixed>
 	TODO: check
 CVE-2010-4171
 	RESERVED