[Secure-testing-commits] r14896 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Wed Jun 23 00:08:46 UTC 2010 

Author: gilbert-guest
Date: 2010-06-23 00:08:44 +0000 (Wed, 23 Jun 2010)
New Revision: 14896

Modified:
   data/CVE/list
Log:
NFUs and new issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-06-22 21:14:38 UTC (rev 14895)
+++ data/CVE/list	2010-06-23 00:08:44 UTC (rev 14896)
@@ -119,83 +119,85 @@
 CVE-2010-2360
 	RESERVED
 CVE-2010-2359 (SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com ...)
-	TODO: check
+	NOT-FOR-US: eWebquiz
 CVE-2010-2358 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Nakid CMS
 CVE-2010-2357 (SQL injection vulnerability in index.php in Eicra Realestate Script ...)
-	TODO: check
+	NOT-FOR-US: Eicra Realestate Script
 CVE-2010-2356 (Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot ...)
-	TODO: check
+	NOT-FOR-US: Pilot Group eLMS Pro
 CVE-2010-2355 (Cross-site scripting (XSS) vulnerability in error.php in Pilot Group ...)
-	TODO: check
+	NOT-FOR-US: Pilot Group eLMS Pro
 CVE-2010-2354 (SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS ...)
-	TODO: check
+	NOT-FOR-US: Pilot Group eLMS Pro
 CVE-2010-2353 (The Node Reference module in Content Construction Kit (CCK) module 6.x ...)
-	TODO: check
+	NOT-FOR-US: CCK module for Drupal
 CVE-2010-2352 (The Node Reference module in Content Construction Kit (CCK) module 5.x ...)
-	TODO: check
+	NOT-FOR-US: CCK module for Drupal
 CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 ...)
-	TODO: check
+	NOT-FOR-US: Novell Netware
 CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows ...)
+	- ziproxy <undetermined>
 	TODO: check
 CVE-2010-2349 (H264WebCam 3.7 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOT-FOR-US: H264WebCam
 CVE-2010-2348 (Stack-based buffer overflow in Batch Audio Converter Lite Edition ...)
-	TODO: check
+	NOT-FOR-US: Batch Audio Converter
 CVE-2010-2347 (The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 ...)
-	TODO: check
+	NOT-FOR-US: SAP J2EE Telnet Interface
 CVE-2010-2346
 	RESERVED
 CVE-2010-2345 (Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and ...)
-	TODO: check
+	NOT-FOR-US: odCMS
 CVE-2010-2344 (Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and ...)
-	TODO: check
+	NOT-FOR-US: odCMS
 CVE-2010-2343 (Stack-based buffer overflow in D.R. Software Audio Converter 8.1, ...)
-	TODO: check
+	NOT-FOR-US: D.R. Software Audio Converter
 CVE-2010-2342 (SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady ...)
-	TODO: check
+	NOT-FOR-US: DMXReady Online Notebook Manager
 CVE-2010-2341 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: EZPX Photoblog
 CVE-2010-2340 (SQL injection vulnerability in members.php in Arab Portal 2.2, when ...)
-	TODO: check
+	NOT-FOR-US: Arab Portal
 CVE-2010-2339 (SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x ...)
-	TODO: check
+	NOT-FOR-US: Subdreamer CMS
 CVE-2010-2338 (Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor ...)
-	TODO: check
+	NOT-FOR-US: VU Web Visitor Analyst
 CVE-2010-2337
 	RESERVED
 CVE-2010-2336 (index.php in Yamamah Photo Gallery 1.00 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Yamamah Photo Gallery
 CVE-2010-2335 (SQL injection vulnerability in index.php in Yamamah Photo Gallery ...)
-	TODO: check
+	NOT-FOR-US: Yamamah Photo Gallery
 CVE-2010-2334 (Directory traversal vulnerability in themes/default/download.php in ...)
-	TODO: check
+	NOT-FOR-US: Yamamah Phote Gallery
 CVE-2010-2333 (LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows ...)
-	TODO: check
+	NOT-FOR-US: LiteSpeed Web Server
 CVE-2010-2332 (Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions ...)
-	TODO: check
+	NOT-FOR-US: Impact PDF Reader
 CVE-2010-2331 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 ...)
-	TODO: check
+	NOT-FOR-US: iSharer File Sharing Wizard
 CVE-2010-2330 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 ...)
-	TODO: check
+	NOT-FOR-US: iSharer File Sharing Wizard
 CVE-2010-2329 (Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Rosoft Audio Converter
 CVE-2010-2328 (The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-2327 (mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before ...)
-	TODO: check
+	NOT-FOR-US: IBM HTTP Server
 CVE-2010-2326 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-2325 (Cross-site scripting (XSS) vulnerability in the administrative console ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-2324 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-2323 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-2322 (Absolute path traversal vulnerability in the extract_jar function in ...)
-	TODO: check
+	- fastjar 2:0.98-3
+	- openjdk <undetermined>
 CVE-2010-2321 (Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote ...)
-	TODO: check
+	NOT-FOR-US: Adobe InDesign
 CVE-2009-4902 (Buffer overflow in the MSGFunctionDemarshall function in ...)
 	TODO: check
 CVE-2009-4901 (The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC ...)
@@ -235,23 +237,32 @@
 CVE-2010-2304 (The toAlphabetic function in rendering/RenderListMarker.cpp in WebCore ...)
 	- webkit <unfixed> (medium; bug #586547)
 CVE-2010-2303 (page/Geolocation.cpp in WebCore in WebKit in Google Chrome before ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google Chrome ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2010-2301 (Cross-site scripting (XSS) vulnerability in editing/markup.cpp in ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2010-2300 (Use-after-free vulnerability in the Element::normalizeAttributes ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2010-2299 (The Clipboard::DispatchObject function in app/clipboard/clipboard.cc ...)
-	TODO: check
+	- webkit <not-affected> (chromium-specific)
+	- chromium-browser <undetermined>
 CVE-2010-2298 (browser/renderer_host/database_dispatcher_host.cc in Google Chrome ...)
-	TODO: check
+	- webkit <not-affected> (chromium-specific)
+	- chromium-browser <undetermined>
 CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome before ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome before ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2009-4900
 	RESERVED
 CVE-2009-4899
@@ -800,9 +811,10 @@
 	- pyftpd 0.8.5 (low; bug #585773)
 	[lenny] - pyftpd <no-dsa> (Minor issue)
 CVE-2010-2071 (The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	[lenny] - linux-2.6 <not-affected> (btrfs introduced in 2.6.29)
 CVE-2010-2070 (arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and ...)
-	TODO: check
+	- linux-2.6 <not-affected> (redhat-specific issue)
 CVE-2010-2069
 	RESERVED
 CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 ...)
@@ -1062,7 +1074,7 @@
 CVE-2010-1965
 	RESERVED
 CVE-2010-1964 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
-	TODO: check
+	NOT-FOR-US: HP OpenView Network Node Manager
 CVE-2010-1963 (Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows ...)
 	NOT-FOR-US: HP ServiceCenter
 CVE-2010-1962 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...)
@@ -1841,11 +1853,9 @@
 	NOT-FOR-US: Joomla
 CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login interface ...)
 	- mediawiki 1.15.4-1 (bug #585918; low)
-	[lenny] - mediawiki <unfixed> (low)
 	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
 CVE-2010-1647 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before ...)
 	- mediawiki 1.15.4-1 (bug #585918; low)
-	[lenny] - mediawiki <unfixed> (low)
 	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
 CVE-2010-1646 (The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and ...)
 	{DSA-2062-1}

More information about the Secure-testing-commits mailing list