[Secure-testing-commits] r14125 - data/CVE

Thu Feb 18 21:14:30 UTC 2010

Author: joeyh
Date: 2010-02-18 21:14:29 +0000 (Thu, 18 Feb 2010)
New Revision: 14125

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-02-18 20:52:00 UTC (rev 14124)
+++ data/CVE/list	2010-02-18 21:14:29 UTC (rev 14125)
@@ -1,3 +1,9 @@
+CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to read the ...)
+	TODO: check
+CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2010-0640
+	RESERVED
 CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 ...)
 	TODO: check
 CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 ...)
@@ -198,6 +204,7 @@
 CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in ...)
 	NOT-FOR-US: Trend Micro URL Filtering Engine
 CVE-2009-4640 (Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote ...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
@@ -206,34 +213,42 @@
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4638 (Integer overflow in FFmpeg 0.5 allows remote attackers to cause a ...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4637 (FFmpeg 0.5 allows remote attackers to cause a denial of service ...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4636 (FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) ...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4635 (FFmpeg 0.5 allows remote attackers to cause a denial of service and ...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4634 (Multiple integer underflows in FFmpeg 0.5 allow remote attackers to ...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4633 (vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a ...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4632 (oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain ...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4631 (Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows ...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
@@ -571,7 +586,7 @@
 CVE-2010-0422 [another gnome-screensaver issue?]
 	RESERVED
 	- gnome-screensaver 2.28.3-1
-        TODO: Dupe? Is this different from CVE-2010-0414? 
+	TODO: Dupe? Is this different from CVE-2010-0414? 
 CVE-2010-0421
 	RESERVED
 CVE-2010-0420
@@ -584,8 +599,7 @@
 	RESERVED
 CVE-2010-0416
 	RESERVED
-CVE-2010-0415 [info leak in sys move pages]
-	RESERVED
+CVE-2010-0415 (The do_pages_move function in mm/migrate.c in the Linux kernel before ...)
 	{DSA-1996-1}
 	- linux-2.6 2.6.32-8
 	- linux-2.6.24 <removed>
@@ -983,8 +997,7 @@
 	- squid <unfixed>
 	- squid3 <unfixed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2010_1.txt
-CVE-2010-0307 [denial-of-service on amd64]
-	RESERVED
+CVE-2010-0307 (The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel ...)
 	{DSA-1996-1}
 	- linux-2.6 2.6.32-8
 	- linux-2.6.24 <removed>
@@ -1385,6 +1398,7 @@
 	RESERVED
 CVE-2010-0162 [same-origin bypass]
 	RESERVED
+	{DSA-1999-1}
 	- xulrunner <unfixed>
 	[etch] - xulrunner <end-of-life>
 	- iceape <unfixed>
@@ -1392,12 +1406,14 @@
 	RESERVED
 CVE-2010-0160 [vulnerability in web workers]
 	RESERVED
+	{DSA-1999-1}
 	- xulrunner <unfixed>
 	[etch] - xulrunner <not-affected> (web workers introduced in firefox 3.5)
 	[lenny] - xulrunner <not-affected> (web workers introduced in firefox 3.5)
 	- iceape <unfixed>
 CVE-2010-0159 [several vulnerabilities]
 	RESERVED
+	{DSA-1999-1}
 	- xulrunner <unfixed>
 	[etch] - xulrunner <end-of-life>
 	- iceape <unfixed>
@@ -3257,6 +3273,7 @@
 	NOTE: http://www.bugzilla.org/security/3.0.10/
 CVE-2009-3988 [same-origin flaw in showModalDialog]
 	RESERVED
+	{DSA-1999-1}
 	- xulrunner <unfixed>
 	[etch] - xulrunner <end-of-life>
 	- iceape <unfixed>
@@ -10845,6 +10862,7 @@
 	- ipsec-tools 1:0.7.1-1.4 (medium; bug #527634)
 CVE-2009-1571 [memory incorrectly freed]
 	RESERVED
+	{DSA-1999-1}
 	- xulrunner <unfixed>
 	[etch] - xulrunner <end-of-life>
 	- iceape <unfixed>
@@ -14261,7 +14279,7 @@
 	[etch] - nspr <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
 	- kdelibs 4:3.5.10.dfsg.1-3 (medium; bug #559265)
 	- kde4libs 4:4.3.4-1 (medium; bug #559266)
-        [lenny] - kde4libs <no-dsa> (Only uses by a few packages in Lenny, hardly any attack vector)
+	[lenny] - kde4libs <no-dsa> (Only uses by a few packages in Lenny, hardly any attack vector)
 	TODO: Someone posted a long list of dtoa embedded to debian-devel some time ago
 CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 ...)
 	{DSA-1807-1 DTSA-200-1 DTSA-201-1}


