[Secure-testing-commits] r14874 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Jun 15 22:07:45 UTC 2010


Author: jmm-guest
Date: 2010-06-15 22:07:45 +0000 (Tue, 15 Jun 2010)
New Revision: 14874

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- new minor w3m issue
- notified maintainer on pyftpd spu upload, he's preparing one
- deluge of new webkit issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-06-15 21:14:24 UTC (rev 14873)
+++ data/CVE/list	2010-06-15 22:07:45 UTC (rev 14874)
@@ -547,14 +547,19 @@
 	RESERVED
 CVE-2010-2075 (UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from ...)
 	TODO: check
-CVE-2010-2074
+CVE-2010-2074 [w3m NULL byte in SSL cert]
 	RESERVED
+	- w3m <unfixed> (low)
+	[lenny] - w3m <no-dsa> (Minor issue)
+	TODO: File bug
 CVE-2010-2073 [pyftpd default user accounts]
 	RESERVED
-	- pyftpd <unfixed> (bug #585776)
+	- pyftpd <unfixed> (low; bug #585776)
+	[lenny] - pyftpd <no-dsa> (Minor issue)
 CVE-2010-2072 [pyftpd insecure temp file]
 	RESERVED
-	- pyftpd <unfixed> (bug #585773)
+	- pyftpd <unfixed> (low; bug #585773)
+	[lenny] - pyftpd <no-dsa> (Minor issue)
 CVE-2010-2071
 	RESERVED
 CVE-2010-2070
@@ -1749,13 +1754,13 @@
 CVE-2010-1574
 	RESERVED
 CVE-2010-1573 (Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded ...)
-	TODO: check
+	NOT-FOR-US: Linksys firmware
 CVE-2010-1572 (Unspecified vulnerability in the tech support diagnostic shell in ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2010-1571 (Directory traversal vulnerability in the bootstrap service in Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2010-1570 (The computer telephony integration (CTI) server component in Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2010-1569
 	RESERVED
 CVE-2010-1568 (The Send Secure functionality in the Cisco IronPort Desktop Flag ...)
@@ -2253,85 +2258,85 @@
 CVE-2010-1424 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...)
 	NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government
 CVE-2010-1422 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1421 (The execCommand JavaScript function in WebKit in Apple Safari before ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1420
 	RESERVED
 CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1418 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1417 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1416 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1415 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1414 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1413 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1412 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1411 [tiff heap overflow]
 	RESERVED
 	- tiff <undetermined>
 	TODO: check
 CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1409 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1408 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1407
 	RESERVED
 CVE-2010-1406 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1405 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1404 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1403 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1402 (Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1401 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1400 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1399 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1398 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1397 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1396 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1395 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1394 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1393 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1392 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1391 (Multiple directory traversal vulnerabilities in the (a) Local Storage ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1390 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1389 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1388 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1387
 	RESERVED
 CVE-2010-1386
 	RESERVED
 CVE-2010-1385 (Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1384 (Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2010-1383
 	RESERVED
 CVE-2010-1382

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-06-15 21:14:24 UTC (rev 14873)
+++ data/spu-candidates.txt	2010-06-15 22:07:45 UTC (rev 14874)
@@ -327,6 +327,12 @@
 
 --
 
+pyftpd (CVE-2010-2072, CVE-2010-2073)
+bug #585776, #585773
+notified maintainer
+
+--
+
 squid (CVE-2009-0801)
 #521053
 notified maintainer
@@ -480,6 +486,10 @@
 
 --
 
+w3m (CVE-2010-2074)
+
+--
+
 webkit (CVE-2008-4724)
 #520052
 asked maintainer




More information about the Secure-testing-commits mailing list