[Secure-testing-commits] r15655 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Tue Dec 7 01:59:18 UTC 2010 

Author: geissert
Date: 2010-12-07 01:59:18 +0000 (Tue, 07 Dec 2010)
New Revision: 15655

Modified:
   data/CVE/list
Log:
three, old, piwigo issues
piwik is ITP
IO::Socket::SSL issue by dkg


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-07 00:47:21 UTC (rev 15654)
+++ data/CVE/list	2010-12-07 01:59:18 UTC (rev 15655)
@@ -1,3 +1,5 @@
+CVE-2010-XXXX [IO::Socket::SSL verify peer mode ignored if no cert supplied]
+	- libio-socket-ssl-perl <unfixed> (bug #606058)
 CVE-2010-XXXX [cakephp controller/component/security.php unsafe unserialize]
 	- cakephp <unfixed>
 	NOTE: https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
@@ -1326,6 +1328,7 @@
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-28 (low)
 CVE-2010-3872 (The apr_status_t fcgid_header_bucket_read function in fcgid_bucket.c ...)
+	- libapache2-mod-fcgid <unfixed> (bug #605484)
 	TODO: check
 CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in ...)
 	- mahara <not-affected> (Vulnerable feature introduced in 1.3)
@@ -4222,7 +4225,7 @@
 	[lenny] - mediawiki <no-dsa> (Minor issue)
 	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
 CVE-2010-2786 (Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows ...)
-	NOT-FOR-US: Piwik
+	- piwik <itp> (bug #506933)
 CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not ...)
 	{DSA-2078-1}
 	- kvirc 4:4.0.0-3
@@ -7149,7 +7152,8 @@
 CVE-2010-1708 (Multiple SQL injection vulnerabilities in agentadmin.php in Free ...)
 	NOT-FOR-US: Free Realty
 CVE-2010-1707 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
-	NOT-FOR-US: Piwigo
+	- piwigo <undetermined>
+	TODO: check
 CVE-2010-1706 (Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction ...)
 	NOT-FOR-US: 2daybiz Auction Script
 CVE-2010-1705 (SQL injection vulnerability in casting_view.php in Modelbook allows ...)
@@ -13708,7 +13712,8 @@
 CVE-2009-4040 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and ...)
 	NOT-FOR-US: phpMyFAQ
 CVE-2009-4039 (Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows ...)
-	NOT-FOR-US: Piwigo
+	- piwigo <undetermined>
+	TODO: check
 CVE-2009-4038 (Multiple cross-site scripting (XSS) vulnerabilities in NCH Software ...)
 	NOT-FOR-US: NCH Software Axon Virtual PBX
 CVE-2009-4037 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...)
@@ -17387,7 +17392,8 @@
 CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in Programmed ...)
 	NOT-FOR-US: Programmed Integration PIPL
 CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before 2.0.3 ...)
-	NOT-FOR-US: Piwigo
+	- piwigo <undetermined>
+	TODO: check
 CVE-2009-2932 (Cross-site scripting (XSS) vulnerability in uddiclient/process in the ...)
 	NOT-FOR-US: SAP NetWeaver
 CVE-2009-2931 (Directory traversal vulnerability in p.php in SlideShowPro Director ...)

More information about the Secure-testing-commits mailing list