[Secure-testing-commits] r15660 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Wed Dec 8 04:52:33 UTC 2010 

Author: geissert
Date: 2010-12-08 04:52:33 +0000 (Wed, 08 Dec 2010)
New Revision: 15660

Modified:
   data/CVE/list
Log:
some issues CVEIfied
new clamav and openssh issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-07 21:48:42 UTC (rev 15659)
+++ data/CVE/list	2010-12-08 04:52:33 UTC (rev 15660)
@@ -2,8 +2,11 @@
 	REJECTED
 	TODO: check
 CVE-2010-4479 (Unspecified vulnerability in pdf.c in libclamav in ClamAV before ...)
+	- clamav <undetermined>
+	[lenny] - clamav <end-of-life>
 	TODO: check
 CVE-2010-4478 (OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly ...)
+	- openssh <unfixed>
 	TODO: check
 CVE-2010-4477
 	RESERVED
@@ -138,21 +141,24 @@
 CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta ...)
 	TODO: check
 CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote ...)
+	- libcgi-pm-perl <unfixed>
 	TODO: check
 CVE-2010-4410 (CRLF injection vulnerability in the header function in (1) CGI.pm ...)
+	- libcgi-pm-perl <unfixed>
 	TODO: check
 CVE-2010-4408 (Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through ...)
 	TODO: check
 CVE-2008-7270 (OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...)
+	- openssl <unfixed>
 	TODO: check
-CVE-2010-XXXX [IO::Socket::SSL verify peer mode ignored if no cert supplied]
+CVE-2010-4334 [IO::Socket::SSL verify peer mode ignored if no cert supplied]
 	- libio-socket-ssl-perl <unfixed> (bug #606058)
-CVE-2010-XXXX [cakephp controller/component/security.php unsafe unserialize]
+CVE-2010-4335 [cakephp controller/component/security.php unsafe unserialize]
 	- cakephp <unfixed>
 	NOTE: https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
-CVE-2010-XXXX [collectd: DoS in RRDtool and RRDCacheD plugins]
+CVE-2010-4336 [collectd: DoS in RRDtool and RRDCacheD plugins]
 	- collectd <unfixed> (bug #605092)
-CVE-2010-XXXX [gnash: insecure temp files handling in configure script]
+CVE-2010-4337 [gnash: insecure temp files handling in configure script]
 	- gnash <unfixed> (unimportant; bug #605419)
 CVE-2010-XXXX [php and NUL handling on file ops]
 	- php5 5.3.3-6 (low)
@@ -247,9 +253,9 @@
 	- awstats <unfixed> (bug #606263)
 CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95 ...)
 	- awstats 6.9.5~dfsg-1
-CVE-2010-XXXX [ocrodjvu insecure temp files handling]
+CVE-2010-4338 [ocrodjvu insecure temp files handling]
 	- ocrodjvu 0.4.6-2 (low; bug #598134)
-CVE-2010-XXXX [hypermail XSS]
+CVE-2010-4339 [hypermail XSS]
 	- hypermail <removed> (low; bug #598743)
 CVE-2010-4366 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	TODO: check
@@ -316,20 +322,6 @@
 	RESERVED
 CVE-2010-4341
 	RESERVED
-CVE-2010-4340
-	RESERVED
-CVE-2010-4339
-	RESERVED
-CVE-2010-4338
-	RESERVED
-CVE-2010-4337
-	RESERVED
-CVE-2010-4336
-	RESERVED
-CVE-2010-4335
-	RESERVED
-CVE-2010-4334
-	RESERVED
 CVE-2010-4333
 	RESERVED
 CVE-2010-4332
@@ -1977,7 +1969,7 @@
 CVE-2010-3685 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
 	{DSA-2113-1}
 	- drupal6 6.18-1 (low; bug #592716)
-CVE-2010-XXXX [libcloud doesn't verify SSL certificate]
+CVE-2010-4340 [libcloud doesn't verify SSL certificate]
 	- libcloud <unfixed> (bug #598463)
 CVE-2010-3688 (Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA ...)
 	NOT-FOR-US: NetArtMEDIA WebSiteAdmin

More information about the Secure-testing-commits mailing list