[Secure-testing-commits] r13991 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Feb 1 21:15:00 UTC 2010
Author: joeyh
Date: 2010-02-01 21:14:52 +0000 (Mon, 01 Feb 2010)
New Revision: 13991
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-02-01 18:20:14 UTC (rev 13990)
+++ data/CVE/list 2010-02-01 21:14:52 UTC (rev 13991)
@@ -1,3 +1,163 @@
+CVE-2010-0466
+ RESERVED
+CVE-2010-0465
+ RESERVED
+CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web browser ...)
+ TODO: check
+CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web browser ...)
+ TODO: check
+CVE-2010-0462 (Heap-based buffer overflow in IBM DB2 9.7 and 9.7.1 on Linux allows ...)
+ TODO: check
+CVE-2010-0461 (SQL injection vulnerability in the casino (com_casino) component 1.0 ...)
+ TODO: check
+CVE-2010-0460 (Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php ...)
+ TODO: check
+CVE-2010-0459 (SQL injection vulnerability in the Mochigames (com_mochigames) ...)
+ TODO: check
+CVE-2010-0458 (Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 ...)
+ TODO: check
+CVE-2010-0457 (SQL injection vulnerability in home.php in magic-portal 2.1 allows ...)
+ TODO: check
+CVE-2010-0456 (SQL injection vulnerability in the indianpulse Game Server ...)
+ TODO: check
+CVE-2010-0455 (Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in ...)
+ TODO: check
+CVE-2010-0454 (SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in ...)
+ TODO: check
+CVE-2010-0453
+ RESERVED
+CVE-2010-0452
+ RESERVED
+CVE-2010-0451
+ RESERVED
+CVE-2010-0450
+ RESERVED
+CVE-2010-0449
+ RESERVED
+CVE-2010-0448
+ RESERVED
+CVE-2010-0447
+ RESERVED
+CVE-2010-0446
+ RESERVED
+CVE-2010-0445
+ RESERVED
+CVE-2010-0444
+ RESERVED
+CVE-2010-0443
+ RESERVED
+CVE-2010-0441
+ RESERVED
+CVE-2010-0440
+ RESERVED
+CVE-2010-0439
+ RESERVED
+CVE-2010-0438
+ RESERVED
+CVE-2010-0437
+ RESERVED
+CVE-2010-0436
+ RESERVED
+CVE-2010-0435
+ RESERVED
+CVE-2010-0434
+ RESERVED
+CVE-2010-0433
+ RESERVED
+CVE-2010-0432
+ RESERVED
+CVE-2010-0431
+ RESERVED
+CVE-2010-0430
+ RESERVED
+CVE-2010-0429
+ RESERVED
+CVE-2010-0428
+ RESERVED
+CVE-2010-0427
+ RESERVED
+CVE-2010-0426
+ RESERVED
+CVE-2010-0425
+ RESERVED
+CVE-2010-0424
+ RESERVED
+CVE-2010-0423
+ RESERVED
+CVE-2010-0422
+ RESERVED
+CVE-2010-0421
+ RESERVED
+CVE-2010-0420
+ RESERVED
+CVE-2010-0419
+ RESERVED
+CVE-2010-0418
+ RESERVED
+CVE-2010-0417
+ RESERVED
+CVE-2010-0416
+ RESERVED
+CVE-2010-0415
+ RESERVED
+CVE-2010-0414
+ RESERVED
+CVE-2010-0413
+ RESERVED
+CVE-2010-0412
+ RESERVED
+CVE-2010-0411
+ RESERVED
+CVE-2010-0410
+ RESERVED
+CVE-2010-0409
+ RESERVED
+CVE-2010-0408
+ RESERVED
+CVE-2010-0407
+ RESERVED
+CVE-2010-0406
+ RESERVED
+CVE-2010-0405
+ RESERVED
+CVE-2010-0404
+ RESERVED
+CVE-2010-0403
+ RESERVED
+CVE-2010-0402
+ RESERVED
+CVE-2010-0401
+ RESERVED
+CVE-2010-0400
+ RESERVED
+CVE-2010-0399
+ RESERVED
+CVE-2010-0398
+ RESERVED
+CVE-2010-0397
+ RESERVED
+CVE-2010-0396
+ RESERVED
+CVE-2010-0395
+ RESERVED
+CVE-2010-0394
+ RESERVED
+CVE-2010-0393
+ RESERVED
+CVE-2009-4630 (Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, ...)
+ TODO: check
+CVE-2009-4629 (Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other ...)
+ TODO: check
+CVE-2005-4885 (Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130) ...)
+ TODO: check
+CVE-2004-2766 (Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server ...)
+ TODO: check
+CVE-2004-2765 (Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE ...)
+ TODO: check
+CVE-2003-1576 (Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun ...)
+ TODO: check
+CVE-2003-1575 (VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling ...)
+ TODO: check
CVE-2010-0392 (Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN ...)
NOT-FOR-US: TheGreenBow IPSec VPN Client
CVE-2010-0391 (Multiple stack-based buffer overflows in Embarcadero Technologies ...)
@@ -36,6 +196,7 @@
- gmetad <unfixed> (low; bug #567175)
TODO: check old/stable versions
CVE-2010-0442 [postgres bitsubstr overflow]
+ RESERVED
- postgresql-7.4 <removed>
- postgresql-8.1 <removed>
- postgresql-8.2 <removed>
@@ -343,7 +504,7 @@
RESERVED
CVE-2010-0291
RESERVED
- - linux-2.6 2.6.32-6
+ - linux-2.6 2.6.32-6
CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...)
- bind9 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7
@@ -725,14 +886,14 @@
RESERVED
CVE-2010-0143
RESERVED
-CVE-2010-0142
- RESERVED
-CVE-2010-0141
- RESERVED
-CVE-2010-0140
- RESERVED
-CVE-2010-0139
- RESERVED
+CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly ...)
+ TODO: check
+CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly ...)
+ TODO: check
+CVE-2010-0140 (Multiple unspecified vulnerabilities in the web server in Cisco ...)
+ TODO: check
+CVE-2010-0139 (Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before ...)
+ TODO: check
CVE-2010-0138 (Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor ...)
NOT-FOR-US: Cisco CiscoWorks Internetwork Performance Monitor
CVE-2010-0137 (Unspecified vulnerability in the sshd_child_handler process in the SSH ...)
@@ -913,14 +1074,14 @@
CVE-2010-0096
RESERVED
CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel ...)
- - linux-2.6 2.6.32-6 (low; bug #564114)
+ - linux-2.6 2.6.32-6 (low; bug #564114)
- linux-2.6.24 <removed> (low)
NOTE: just like CVE-2009-4536 but was reported later
CVE-2009-4537 (drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 ...)
- linux-2.6 <unfixed> (medium; bug #564110)
- linux-2.6.24 <removed> (medium)
CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel ...)
- - linux-2.6 2.6.32-6 (low; bug #564114)
+ - linux-2.6 2.6.32-6 (low; bug #564114)
- linux-2.6.24 <removed> (low)
CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the ...)
NOT-FOR-US: Mongoose
@@ -1631,28 +1792,25 @@
CVE-2010-0008
RESERVED
CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the ...)
- - linux-2.6 2.6.32-6
+ - linux-2.6 2.6.32-6
- linux-2.6.24 <removed>
CVE-2010-0006 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel ...)
- - linux-2.6 2.6.32-6
+ - linux-2.6 2.6.32-6
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
-CVE-2010-0005 [viewvc: query.py issue]
- RESERVED
+CVE-2010-0005 (query.py in the query interface in ViewVC before 1.1.3 does not reject ...)
- viewvc <unfixed>
TODO: check
-CVE-2010-0004 [viewvc: root listing issue]
- RESERVED
+CVE-2010-0004 (ViewVC before 1.1.3 composes the root listing view without using the ...)
- viewvc <unfixed>
TODO: check
CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux kernel ...)
- - linux-2.6 2.6.32-6
+ - linux-2.6 2.6.32-6
- linux-2.6.24 <removed>
CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash package for ...)
- bash <not-affected> (mandriva-specific packaging issue)
-CVE-2010-0001 [gzip: integer underflow via LZW compressed gzip archive]
- RESERVED
+CVE-2010-0001 (Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 ...)
{DSA-1974-1}
- gzip 1.3.12-9 (medium; bug #566002)
CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method in ...)
@@ -1742,8 +1900,7 @@
- systemtap 1.1-1
[lenny] - systemtap <not-affected> (Server component not yet present)
[etch] - systemtap <not-affected> (Server component not yet present)
-CVE-2009-4272 [linux deadlock or null pointer dereference via routing hash table's emergency route flush]
- RESERVED
+CVE-2009-4272 (A certain Red Hat patch for net/ipv4/route.c in the Linux kernel ...)
- linux-2.6 <unfixed> (medium)
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
@@ -2016,8 +2173,8 @@
RESERVED
CVE-2009-4184
RESERVED
-CVE-2009-4183
- RESERVED
+CVE-2009-4183 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.00 ...)
+ TODO: check
CVE-2009-4182 (Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a ...)
NOT-FOR-US: HP Web Jetadmin
CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network ...)
@@ -2106,7 +2263,7 @@
CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not properly ...)
- php5 5.2.12.dfsg.1-1 (medium)
CVE-2009-4141 (Use-after-free vulnerability in the fasync_helper function in ...)
- - linux-2.6 2.6.32-6
+ - linux-2.6 2.6.32-6
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
@@ -2676,7 +2833,7 @@
CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox ...)
- virtualbox-guest-additions 3.0.10-1
CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux kernel ...)
- - linux-2.6 2.6.32-6 (low)
+ - linux-2.6 2.6.32-6 (low)
[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
- linux-2.6.24 <removed> (low)
CVE-2009-4004 (Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in ...)
@@ -3889,8 +4046,7 @@
CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12 and ...)
- php5 5.2.12.dfsg.1-1 (unimportant)
NOTE: safe_mode bypass
-CVE-2009-3556 [world-writable vport_(create|delete) in the qla2xxx driver]
- RESERVED
+CVE-2009-3556 (A certain Red Hat configuration step for the qla2xxx driver in the ...)
TODO: check
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3556
NOTE: said to be RH-specific
@@ -6119,14 +6275,12 @@
{DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.31-1 (low)
- linux-2.6.24 <removed> (low)
-CVE-2009-2902 [tomcat directory traversal via WAR file names]
- RESERVED
+CVE-2009-2902 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through ...)
- tomcat6 <unfixed>
- tomcat5 <removed>
TODO: check
NOTE: tomcat 5.0 (in etch) is unsupported by upstream and may also be affected
-CVE-2009-2901 [tomcat insecure partial deploy after failed undeploy]
- RESERVED
+CVE-2009-2901 (The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and ...)
- tomcat6 <unfixed>
- tomcat5 <removed>
TODO: check
@@ -6942,8 +7096,7 @@
- pidgin 2.5.9-1 (medium; bug #542486)
[lenny] - gaim <not-affected> (Only a transitional package)
- gaim <removed>
-CVE-2009-2693 [tomcat directory traversal via WAR files]
- RESERVED
+CVE-2009-2693 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through ...)
- tomcat6 <unfixed>
- tomcat5 <removed>
TODO: check
@@ -7226,8 +7379,7 @@
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- openjdk-6 6b16-1.6-1 (medium; bug #542210)
- libxerces2-java 2.9.1-4.1 (bug #548358)
-CVE-2009-2624 [gzip: missing input sanitation related to dynamic Huffman codes]
- RESERVED
+CVE-2009-2624 (The huft_build function in inflate.c in gzip before 1.3.13 creates a ...)
{DSA-1974-1}
- gzip 1.3.12-8 (medium; bug #507263)
CVE-2009-2623
More information about the Secure-testing-commits
mailing list