[Secure-testing-commits] r14971 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Jul 7 21:14:24 UTC 2010 

Author: joeyh
Date: 2010-07-07 21:14:24 +0000 (Wed, 07 Jul 2010)
New Revision: 14971

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-07-07 09:15:39 UTC (rev 14970)
+++ data/CVE/list	2010-07-07 21:14:24 UTC (rev 14971)
@@ -1,3 +1,75 @@
+CVE-2010-2652 (Google Chrome before 5.0.375.99 does not properly implement modal ...)
+	TODO: check
+CVE-2010-2651 (The Cascading Style Sheets (CSS) implementation in Google Chrome ...)
+	TODO: check
+CVE-2010-2650 (Unspecified vulnerability in Google Chrome before 5.0.375.99 has ...)
+	TODO: check
+CVE-2010-2649 (Unspecified vulnerability in Google Chrome before 5.0.375.99 allows ...)
+	TODO: check
+CVE-2010-2648 (The implementation of the Unicode Bidirectional Algorithm (aka Bidi ...)
+	TODO: check
+CVE-2010-2647 (Google Chrome before 5.0.375.99 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2010-2646 (Google Chrome before 5.0.375.99 does not properly isolate sandboxed ...)
+	TODO: check
+CVE-2010-2645 (Unspecified vulnerability in Google Chrome before 5.0.375.99, when ...)
+	TODO: check
+CVE-2010-2644
+	RESERVED
+CVE-2010-2643
+	RESERVED
+CVE-2010-2642
+	RESERVED
+CVE-2010-2641
+	RESERVED
+CVE-2010-2640
+	RESERVED
+CVE-2010-2639
+	RESERVED
+CVE-2010-2638
+	RESERVED
+CVE-2010-2637
+	RESERVED
+CVE-2010-2636
+	RESERVED
+CVE-2010-2635
+	RESERVED
+CVE-2010-2634
+	RESERVED
+CVE-2010-2633
+	RESERVED
+CVE-2010-2632
+	RESERVED
+CVE-2010-2631 (LibTIFF 3.9.0 ignores tags in certain situations during the first ...)
+	TODO: check
+CVE-2010-2630 (The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly ...)
+	TODO: check
+CVE-2010-2629 (The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 ...)
+	TODO: check
+CVE-2010-2628
+	RESERVED
+CVE-2010-2627 (Multiple directory traversal vulnerabilities in the Refractor 2 ...)
+	TODO: check
+CVE-2010-2626 (index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to ...)
+	TODO: check
+CVE-2010-2625 (Unspecified vulnerability in the Client Service for DPM in Hitachi ...)
+	TODO: check
+CVE-2010-2624 (Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow ...)
+	TODO: check
+CVE-2010-2623 (SQL injection vulnerability in pages.php in Internet DM Specialist Bed ...)
+	TODO: check
+CVE-2010-2622 (SQL injection vulnerability in the Joomanager component, possibly ...)
+	TODO: check
+CVE-2010-2621 (The QSslSocketBackendPrivate::transmit function in ...)
+	TODO: check
+CVE-2010-2620 (Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote ...)
+	TODO: check
+CVE-2010-2619 (Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and ...)
+	TODO: check
+CVE-2009-4924 (Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument ...)
+	TODO: check
+CVE-2004-2769 (Cerberus FTP Server before 4.0.3.0 allows remote authenticated users ...)
+	TODO: check
 CVE-2010-2494 [bogofilter invalid null write]
 	RESERVED
 	- bogofilter 1.2.1-3 (low; bug #588090)
@@ -145,8 +217,8 @@
 	RESERVED
 CVE-2010-2550
 	RESERVED
-CVE-2010-2549
-	RESERVED
+CVE-2010-2549 (Use-after-free vulnerability in Microsoft Windows Vista and Server ...)
+	TODO: check
 CVE-2010-2548
 	RESERVED
 CVE-2010-2547
@@ -319,17 +391,13 @@
 CVE-2010-2484 [strrchr() interruption]
 	RESERVED
 	- php5 <unfixed> (unimportant)
-CVE-2010-2483 [OOB read in TIFFRGBAImageGet()]
-	RESERVED
+CVE-2010-2483 (The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers ...)
 	- tiff <unfixed> (unimportant)
-CVE-2010-2482 [NULL pointer dereference due to invalid td_stripbytecount]
-	RESERVED
+CVE-2010-2482 (LibTIFF 3.9.4 and earlier does not properly handle an invalid ...)
 	- tiff 3.9.4-1 (unimportant)
-CVE-2010-2481 [OOB read in TIFFExtractData()]
-	RESERVED
+CVE-2010-2481 (The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly ...)
 	- tiff 3.9.4-1 (unimportant)
-CVE-2010-2480 [XSS in python mako's escape.cgi]
-	RESERVED
+CVE-2010-2480 (Mako before 0.3.4 relies on the cgi.escape function in the Python ...)
 	- python-mako <undetermined>
 	TODO: check
 	NOTE: http://bugs.python.org/issue9061
@@ -410,7 +478,7 @@
 CVE-2010-2451 (Multiple format string vulnerabilities in the DCC functionality in ...)
 	{DSA-2065-1}
 	- kvirc 4:4.0.0~svn4340+rc3-1
-CVE-2010-2443 (Unspecified vulnerability in LibTIFF before 3.9.3 allows remote ...)
+CVE-2010-2443 (The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before ...)
 	- tiff 3.9.4-1 (unimportant)
 	NOTE: Triggers a NULL pointer deref, crasher only
 CVE-2010-2442 (Microsoft Internet Explorer, possibly 8, does not properly restrict ...)
@@ -464,8 +532,7 @@
 	NOT-FOR-US: Sleipnir
 CVE-2008-7257 (CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco ...)
 	NOT-FOR-US: Cisco Adaptive Security Appliances
-CVE-2010-2479 [IE-specific XSS issue]
-	RESERVED
+CVE-2010-2479 (Cross-site scripting (XSS) vulnerability in HTML Purifier before ...)
 	{DSA-2067-1}
 	- php-htmlpurifier 4.1.1+dfsg1-1
 	- mahara 1.2.5-1
@@ -890,15 +957,12 @@
 	NOT-FOR-US: com_bfsurvey component for joomla!
 CVE-2010-2254 (SQL injection vulnerability in the Shape5 Bridge of Hope template for ...)
 	NOT-FOR-US: joomla!
-CVE-2010-2253 [lftp, wget, libwww-perl unexpected download issue]
-	RESERVED
+CVE-2010-2253 (lwp-download in libwww-perl before 5.835 does not reject downloads to ...)
 	- libwww-perl 5.835-1 (low)
 	[lenny] - libwww-perl <no-dsa> (Minor issue)
-CVE-2010-2252
-	RESERVED
+CVE-2010-2252 (GNU Wget 1.12 and earlier uses a server-provided filename instead of ...)
 	- wget <unfixed>
-CVE-2010-2251
-	RESERVED
+CVE-2010-2251 (The get1 command, as used by lftpget, in LFTP before 4.0.6 does not ...)
 	- lftp 4.0.6-1 (low)
 	[lenny] - lftp <no-dsa> (Minor issue)
 	NOTE: http://www.ocert.org/advisories/ocert-2010-001.html
@@ -990,7 +1054,7 @@
 	RESERVED
 CVE-2010-2213
 	RESERVED
-CVE-2010-2212 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
+CVE-2010-2212 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2010-2211 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
 	NOT-FOR-US: Adobe Reader
@@ -1002,7 +1066,7 @@
 	NOT-FOR-US: Adobe Reader
 CVE-2010-2207 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
 	NOT-FOR-US: Adobe Reader
-CVE-2010-2206 (Array index error in Adobe Reader and Acrobat 9.x before 9.3.3, and ...)
+CVE-2010-2206 (Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2010-2205 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
 	NOT-FOR-US: Adobe Reader
@@ -1885,7 +1949,7 @@
 	NOT-FOR-US: PHP Photo Vote
 CVE-2009-4856 (Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy ...)
 	NOT-FOR-US: PHP Easy Shopping Cart
-CVE-2009-4855 (SQL injection vulnerability in index.php in TYPO3 4.0 allows remote ...)
+CVE-2009-4855 (** DISPUTED ** ...)
 	NOT-FOR-US: Bogus issue claimed for typo3
 	NOTE: See http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/4.2.5-1+lenny3
 CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to ...)
@@ -2378,24 +2442,19 @@
 	RESERVED
 CVE-2010-1671
 	RESERVED
-CVE-2010-1670
-	RESERVED
+CVE-2010-1670 (Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has ...)
 	{DSA-2067-1}
 	- mahara 1.2.5-1
-CVE-2010-1669
-	RESERVED
+CVE-2010-1669 (SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x ...)
 	- mahara 1.2.5-1
 	[lenny] - mahara <not-affected>
-CVE-2010-1668
-	RESERVED
+CVE-2010-1668 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara ...)
 	{DSA-2067-1}
 	- mahara 1.2.5-1
-CVE-2010-1667
-	RESERVED
+CVE-2010-1667 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara before ...)
 	{DSA-2067-1}
 	- mahara 1.2.5-1
-CVE-2010-1666 [python-cjson buffer overflow]
-	RESERVED
+CVE-2010-1666 (Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding ...)
 	- python-cjson <unfixed> (bug #587700)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274
 CVE-2010-1665 (Google Chrome before 4.1.249.1064 does not properly handle fonts, ...)
@@ -2622,10 +2681,10 @@
 	RESERVED
 CVE-2010-1577
 	RESERVED
-CVE-2010-1576
-	RESERVED
-CVE-2010-1575
-	RESERVED
+CVE-2010-1576 (The Cisco Content Services Switch (CSS) 11500 with software before ...)
+	TODO: check
+CVE-2010-1575 (The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 ...)
+	TODO: check
 CVE-2010-1574
 	RESERVED
 CVE-2010-1573 (Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded ...)
@@ -3472,10 +3531,10 @@
 	RESERVED
 CVE-2010-1329 (Imperva SecureSphere Web Application Firewall and Database Firewall ...)
 	NOT-FOR-US: Imperva SecureSphere Web Application Firewall and Database Firewall
-CVE-2010-1328
-	RESERVED
-CVE-2010-1327
-	RESERVED
+CVE-2010-1328 (Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore ...)
+	TODO: check
+CVE-2010-1327 (Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and ...)
+	TODO: check
 CVE-2010-1326
 	RESERVED
 CVE-2010-1325

More information about the Secure-testing-commits mailing list