[Secure-testing-commits] r15765 - data/CVE

Giuseppe Iuculano iuculano at alioth.debian.org
Wed Dec 29 18:11:33 UTC 2010 

Author: iuculano
Date: 2010-12-29 18:11:31 +0000 (Wed, 29 Dec 2010)
New Revision: 15765

Modified:
   data/CVE/list
Log:
Filed some bugs
NFUs
CVE-2010-1707 is fixed
mysql triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-29 16:27:52 UTC (rev 15764)
+++ data/CVE/list	2010-12-29 18:11:31 UTC (rev 15765)
@@ -716,11 +716,11 @@
 CVE-2010-4522
 	RESERVED
 CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x ...)
-	TODO: check
+	NOT-FOR-US: mod for Drupal
 CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...)
-	TODO: check
+	NOT-FOR-US: mod for Drupal
 CVE-2010-4519 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: mod for Drupal
 CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Safe Search plugin for WordPress
 CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) ...)
@@ -895,10 +895,10 @@
 	NOTE: unimportant, bypass the pop-up blocker
 	NOTE: http://trac.webkit.org/changeset/69990
 CVE-2010-4481 (phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass ...)
-	- phpmyadmin <unfixed>
+	- phpmyadmin <unfixed> (bug #608290)
 	TODO: check
 CVE-2010-4480 (error.php in PhpMyAdmin 3.3.8.1, and other versions before ...)
-	- phpmyadmin <unfixed>
+	- phpmyadmin <unfixed> (bug #608290)
 	TODO: check
 CVE-2010-4510
 	REJECTED
@@ -1282,7 +1282,7 @@
 CVE-2010-4313 (Unrestricted file upload vulnerability in fileman_file_upload.php in ...)
 	NOT-FOR-US: Orbis CMS
 CVE-2010-4312 (The default configuration of Apache Tomcat 6.x does not include the ...)
-	- tomcat6 <unfixed>
+	- tomcat6 <unfixed> (bug #608286)
 	TODO: check
 CVE-2010-4311 (Free Simple Software 1.0 stores passwords in cleartext, which allows ...)
 	NOT-FOR-US: Free Simple Software
@@ -1393,7 +1393,7 @@
 CVE-2010-4278 (operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows ...)
 	NOT-FOR-US: Pandora FMS
 CVE-2010-4277 (Cross-site scripting (XSS) vulnerability in lembedded-video.php in the ...)
-	TODO: check
+	NOT-FOR-US: Embedded Video plugin 4.1 for WordPress 
 CVE-2010-4276
 	RESERVED
 CVE-2010-4275 (Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager ...)
@@ -1450,8 +1450,7 @@
 	RESERVED
 	- linux-2.6 <unfixed>
 CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is ...)
-	- moon <unfixed>
-	TODO: check
+	- moon <unfixed> (bug #608288)
 	NOTE: 201011251552.17678.thomas at suse.de
 CVE-2010-4253
 	RESERVED
@@ -2294,7 +2293,7 @@
 	- git-core <removed>
 	- git 1:1.7.2.3-2.2
 CVE-2010-3905 (The password reset feature in the administrator interface for ...)
-	- eucalyptus <unfixed>
+	- eucalyptus <unfixed> (bug #608289)
 CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the Reliable ...)
 	- linux-2.6 2.6.32-26
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.30)
@@ -2496,6 +2495,7 @@
 	RESERVED
 	- mysql-5.1 5.1.49-3 (bug #599937) 
 	- mysql-dfsg-5.0 <removed>
+	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
 CVE-2010-3838
 	RESERVED
 	- mysql-5.1 5.1.49-3 (bug #599937) 
@@ -2974,6 +2974,7 @@
 	RESERVED
 	- mysql-5.1 5.1.49-1 (bug #598580)
 	- mysql-dfsg-5.0 <removed>
+	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
 CVE-2010-3682
 	RESERVED
 	- mysql-5.1 5.1.49-1 (bug #598580)
@@ -8282,8 +8283,7 @@
 CVE-2010-1708 (Multiple SQL injection vulnerabilities in agentadmin.php in Free ...)
 	NOT-FOR-US: Free Realty
 CVE-2010-1707 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
-	- piwigo <undetermined>
-	TODO: check
+	- piwigo 2.0.10-1
 CVE-2010-1706 (Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction ...)
 	NOT-FOR-US: 2daybiz Auction Script
 CVE-2010-1705 (SQL injection vulnerability in casting_view.php in Modelbook allows ...)
@@ -8789,7 +8789,7 @@
 CVE-2010-1520 (Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! ...)
 	NOT-FOR-US: TaskFreak! Original multi user
 CVE-2010-1519 (Multiple integer overflows in glpng.c in glpng 1.45 allow ...)
-	- libglpng <unfixed> (low; bug filed)
+	- libglpng <unfixed> (low; bug #595171)
 	[lenny] - libglpng <no-dsa> (Minor issue)
 CVE-2010-1518 (Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ...)
 	NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control

More information about the Secure-testing-commits mailing list