[Secure-testing-commits] r15721 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Tue Dec 21 08:54:31 UTC 2010 

Author: geissert
Date: 2010-12-21 08:54:30 +0000 (Tue, 21 Dec 2010)
New Revision: 15721

Modified:
   data/CVE/list
Log:
mantis, dbus, jboss, gitweb, cups, NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-20 21:14:34 UTC (rev 15720)
+++ data/CVE/list	2010-12-21 08:54:30 UTC (rev 15721)
@@ -501,33 +501,34 @@
 CVE-2010-4398 (Stack-based buffer overflow in the RtlQueryRegistryValues function in ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-4397 (Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4396 (Cross-zone scripting vulnerability in the HandleAction method in a ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4395 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4394 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4393
 	RESERVED
+	NOT-FOR-US: RealPlayer
 CVE-2010-4392 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4391 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4390 (Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4389 (Heap-based buffer overflow in the cook codec in RealNetworks ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4388 (The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4387 (The RealAudio codec in RealNetworks RealPlayer 11.0 through 11.1, ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4386 (RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4385 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4384 (Array index error in RealNetworks RealPlayer 11.0 through 11.1, ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4383 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
 	NOT-FOR-US: RealPlayer
 CVE-2010-4382 (Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 ...)
@@ -612,16 +613,24 @@
 	NOT-FOR-US: Cisco ASA
 CVE-2010-4353
 	RESERVED
-CVE-2010-4352
+CVE-2010-4352 [dbus stack overflow on excessive number of nested variants]
 	RESERVED
+	- dbus <unfixed>
+	TODO: check
 CVE-2010-4351
 	RESERVED
-CVE-2010-4350
+CVE-2010-4350 [mantisbt local file inclusion]
 	RESERVED
-CVE-2010-4349
+	- mantis <unfixed>
+	TODO: check
+CVE-2010-4349 [mantisbt path disclosure]
 	RESERVED
-CVE-2010-4348
+	- mantis <unfixed>
+	TODO: check
+CVE-2010-4348 [mantisbt XSS]
 	RESERVED
+	- mantis <unfixed>
+	TODO: check
 CVE-2010-4347
 	RESERVED
 	- linux-2.6 <not-affected> (Introduced in 2.6.33 and fixed in 2.6.36.2, we never released an affected kernel)
@@ -819,8 +828,9 @@
 	RESERVED
 CVE-2010-4266
 	RESERVED
-CVE-2010-4265
+CVE-2010-4265 [jboss: CVE-2010-3862 not actually fixed]
 	RESERVED
+	- jbossas4 <not-affected> (Red Hat issue, they didn't include the fix for CVE-2010-3862 in the update)
 CVE-2010-4264
 	RESERVED
 CVE-2010-4263 [linux: igb panics when receiving tag vlan packet]
@@ -1692,6 +1702,8 @@
 CVE-2010-3907
 	RESERVED
 CVE-2010-3906 (Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier ...)
+	- git-core <removed>
+	- git <unfixed>
 	TODO: check
 CVE-2010-3905
 	RESERVED
@@ -1754,8 +1766,10 @@
 CVE-2010-3879 [fuse: unprivileged user can unmount arbitrary locations via symlink attack]
 	RESERVED
 	- fuse <unfixed> (bug #602333)
-CVE-2010-3878
+CVE-2010-3878 [JBoss EAP jmx console FileDeployment CSRF]
 	RESERVED
+	- jbossas4a <unfixed>
+	TODO: check
 CVE-2010-3877
 	RESERVED
 	{DSA-2126-1}
@@ -1800,8 +1814,10 @@
 	- openssl 0.9.8o-3
 CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize ...)
 	NOT-FOR-US: Apache Shiro / JSecurity
-CVE-2010-3862
+CVE-2010-3862 [JBoss Remoting Denial-Of-Service]
 	RESERVED
+	- jbossas4 <unfixed>
+	TODO: check
 CVE-2010-3861 (The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux ...)
 	- linux-2.6 2.6.32-29
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
@@ -2279,8 +2295,10 @@
 	- php5 5.3.3-3 (bug #601619)
 CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...)
 	- php5 5.3.3-4 (bug #603751)
-CVE-2010-3708
+CVE-2010-3708 [JBoss drools deserialization remote code execution]
 	RESERVED
+	- jbossas4 <unfixed>
+	TODO: check
 CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...)
 	- dovecot 1.2.15-1
 	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
@@ -15855,6 +15873,7 @@
 	NOTE: http://www.cups.org/newsgroups.php/s1+gcups.bugs?s1+gcups.bugs+v4+T+Q3200
 CVE-2009-3552
 	RESERVED
+	NOT-FOR-US: Red Hat Enterprise Virtualization Manager
 CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in ...)
 	- wireshark 1.2.3-1 (low; bug #553583)
 	[lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
@@ -34705,7 +34724,8 @@
 CVE-2008-3274 (The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA ...)
 	NOT-FOR-US: FreeIPA
 CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before ...)
-	NOT-FOR-US: JBoss
+	- jbossas4 <undetermined>
+	TODO: check
 CVE-2008-3272 (The snd_seq_oss_synth_make_info function in ...)
 	{DSA-1636-1 DSA-1630-1}
 	- linux-2.6.24 2.6.24-6~etchnhalf.5
@@ -40124,7 +40144,8 @@
 CVE-2008-1034 (Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows ...)
 	NOT-FOR-US: Apple Mac OS
 CVE-2008-1033 (The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug ...)
-	NOT-FOR-US: Apple Mac OS
+	- cups <unfixed>
+	TODO: check
 CVE-2008-1032 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X ...)
 	NOT-FOR-US: Apple Mac OS
 CVE-2008-1031 (CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers ...)
@@ -40210,7 +40231,7 @@
 CVE-2008-0993 (Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0992 (Array index error in pax in Apple Mac OS X 10.5.2 allows ...)
-	NOT-FOR-US: Apple Mac OS X
+	- pax <not-affected> (issue specific to Apple's version of pax)
 CVE-2008-0991
 	RESERVED
 CVE-2008-0990 (notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death ...)

More information about the Secure-testing-commits mailing list