[Secure-testing-commits] r15664 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Dec 8 09:15:00 UTC 2010
Author: joeyh
Date: 2010-12-08 09:14:58 +0000 (Wed, 08 Dec 2010)
New Revision: 15664
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-12-08 07:41:42 UTC (rev 15663)
+++ data/CVE/list 2010-12-08 09:14:58 UTC (rev 15664)
@@ -152,13 +152,17 @@
- openssl <unfixed>
TODO: check
CVE-2010-4334 [IO::Socket::SSL verify peer mode ignored if no cert supplied]
+ RESERVED
- libio-socket-ssl-perl <unfixed> (bug #606058)
CVE-2010-4335 [cakephp controller/component/security.php unsafe unserialize]
+ RESERVED
- cakephp <unfixed>
NOTE: https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
CVE-2010-4336 [collectd: DoS in RRDtool and RRDCacheD plugins]
+ RESERVED
- collectd 4.10.1-2.1 (bug #605092; low)
CVE-2010-4337 [gnash: insecure temp files handling in configure script]
+ RESERVED
- gnash <unfixed> (unimportant; bug #605419)
CVE-2010-XXXX [php and NUL handling on file ops]
- php5 5.3.3-6 (low)
@@ -254,8 +258,10 @@
CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95 ...)
- awstats 6.9.5~dfsg-1
CVE-2010-4338 [ocrodjvu insecure temp files handling]
+ RESERVED
- ocrodjvu 0.4.6-2 (low; bug #598134)
CVE-2010-4339 [hypermail XSS]
+ RESERVED
- hypermail <removed> (low; bug #598743)
CVE-2010-4366 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
TODO: check
@@ -1971,6 +1977,7 @@
{DSA-2113-1}
- drupal6 6.18-1 (low; bug #592716)
CVE-2010-4340 [libcloud doesn't verify SSL certificate]
+ RESERVED
- libcloud <unfixed> (bug #598463)
CVE-2010-3688 (Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA ...)
NOT-FOR-US: NetArtMEDIA WebSiteAdmin
More information about the Secure-testing-commits
mailing list