[Secure-testing-commits] r15765 - data/CVE
Giuseppe Iuculano
iuculano at alioth.debian.org
Wed Dec 29 18:11:33 UTC 2010
Author: iuculano
Date: 2010-12-29 18:11:31 +0000 (Wed, 29 Dec 2010)
New Revision: 15765
Modified:
data/CVE/list
Log:
Filed some bugs
NFUs
CVE-2010-1707 is fixed
mysql triage
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-12-29 16:27:52 UTC (rev 15764)
+++ data/CVE/list 2010-12-29 18:11:31 UTC (rev 15765)
@@ -716,11 +716,11 @@
CVE-2010-4522
RESERVED
CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x ...)
- TODO: check
+ NOT-FOR-US: mod for Drupal
CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...)
- TODO: check
+ NOT-FOR-US: mod for Drupal
CVE-2010-4519 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: mod for Drupal
CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Safe Search plugin for WordPress
CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) ...)
@@ -895,10 +895,10 @@
NOTE: unimportant, bypass the pop-up blocker
NOTE: http://trac.webkit.org/changeset/69990
CVE-2010-4481 (phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass ...)
- - phpmyadmin <unfixed>
+ - phpmyadmin <unfixed> (bug #608290)
TODO: check
CVE-2010-4480 (error.php in PhpMyAdmin 3.3.8.1, and other versions before ...)
- - phpmyadmin <unfixed>
+ - phpmyadmin <unfixed> (bug #608290)
TODO: check
CVE-2010-4510
REJECTED
@@ -1282,7 +1282,7 @@
CVE-2010-4313 (Unrestricted file upload vulnerability in fileman_file_upload.php in ...)
NOT-FOR-US: Orbis CMS
CVE-2010-4312 (The default configuration of Apache Tomcat 6.x does not include the ...)
- - tomcat6 <unfixed>
+ - tomcat6 <unfixed> (bug #608286)
TODO: check
CVE-2010-4311 (Free Simple Software 1.0 stores passwords in cleartext, which allows ...)
NOT-FOR-US: Free Simple Software
@@ -1393,7 +1393,7 @@
CVE-2010-4278 (operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows ...)
NOT-FOR-US: Pandora FMS
CVE-2010-4277 (Cross-site scripting (XSS) vulnerability in lembedded-video.php in the ...)
- TODO: check
+ NOT-FOR-US: Embedded Video plugin 4.1 for WordPress
CVE-2010-4276
RESERVED
CVE-2010-4275 (Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager ...)
@@ -1450,8 +1450,7 @@
RESERVED
- linux-2.6 <unfixed>
CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is ...)
- - moon <unfixed>
- TODO: check
+ - moon <unfixed> (bug #608288)
NOTE: 201011251552.17678.thomas at suse.de
CVE-2010-4253
RESERVED
@@ -2294,7 +2293,7 @@
- git-core <removed>
- git 1:1.7.2.3-2.2
CVE-2010-3905 (The password reset feature in the administrator interface for ...)
- - eucalyptus <unfixed>
+ - eucalyptus <unfixed> (bug #608289)
CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the Reliable ...)
- linux-2.6 2.6.32-26
[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.30)
@@ -2496,6 +2495,7 @@
RESERVED
- mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
+ [lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3838
RESERVED
- mysql-5.1 5.1.49-3 (bug #599937)
@@ -2974,6 +2974,7 @@
RESERVED
- mysql-5.1 5.1.49-1 (bug #598580)
- mysql-dfsg-5.0 <removed>
+ [lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3682
RESERVED
- mysql-5.1 5.1.49-1 (bug #598580)
@@ -8282,8 +8283,7 @@
CVE-2010-1708 (Multiple SQL injection vulnerabilities in agentadmin.php in Free ...)
NOT-FOR-US: Free Realty
CVE-2010-1707 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
- - piwigo <undetermined>
- TODO: check
+ - piwigo 2.0.10-1
CVE-2010-1706 (Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction ...)
NOT-FOR-US: 2daybiz Auction Script
CVE-2010-1705 (SQL injection vulnerability in casting_view.php in Modelbook allows ...)
@@ -8789,7 +8789,7 @@
CVE-2010-1520 (Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! ...)
NOT-FOR-US: TaskFreak! Original multi user
CVE-2010-1519 (Multiple integer overflows in glpng.c in glpng 1.45 allow ...)
- - libglpng <unfixed> (low; bug filed)
+ - libglpng <unfixed> (low; bug #595171)
[lenny] - libglpng <no-dsa> (Minor issue)
CVE-2010-1518 (Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ...)
NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control
More information about the Secure-testing-commits
mailing list