[Secure-testing-commits] r14901 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Jun 24 17:18:45 UTC 2010 

Author: jmm-guest
Date: 2010-06-24 17:18:39 +0000 (Thu, 24 Jun 2010)
New Revision: 14901

Modified:
   data/CVE/list
Log:
CVE assignments


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-06-24 17:12:43 UTC (rev 14900)
+++ data/CVE/list	2010-06-24 17:18:39 UTC (rev 14901)
@@ -2160,7 +2160,10 @@
 	NOT-FOR-US: Wolfram Research webMathematica
 CVE-2009-4811 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware ...)
 	NOT-FOR-US: VMware
-CVE-2010-XXXX [gitolite two weaknesses]
+CVE-2010-2447 [gitolite "not filtering src/ or hooks/ from pathnames"]
+	- gitolite 1.4.2-1 (low)
+	NOTE: http://secunia.com/advisories/39587/
+CVE-2010-2448 [gitolite os command injection]
 	- gitolite 1.4.2-1 (medium)
 	NOTE: http://secunia.com/advisories/39587/
 CVE-2010-1558 (Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital ...)
@@ -2784,7 +2787,7 @@
 CVE-2010-1423 (Argument injection vulnerability in the URI handler in (a) Java NPAPI ...)
 	- sun-java6 6.20-1 (high)
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-XXXX [gource: predictable log file located in /tmp]
+CVE-2010-2449 [gource: predictable log file located in /tmp]
 	- gource 0.26-2 (low; bug #577958)
 CVE-2010-XXXX [webkit: lots of dns lookups]
 	- webkit <unfixed> (unimportant; bug #578019)
@@ -3504,11 +3507,11 @@
 	NOT-FOR-US: ws_ecard extension for typo3
 CVE-2009-4739 (PHP remote file inclusion vulnerability in index.php in SkaDate Dating ...)
 	NOT-FOR-US: SkaDate Dating
-CVE-2010-XXXX [freeciv lua]
+CVE-2010-2445 [freeciv lua]
 	- freeciv <unfixed> (low; bug #584589)
 	[lenny] - freeciv <no-dsa> (Minor issue)
 	NOTE: http://gna.org/bugs/?15624
-CVE-2010-XXXX [Rbot Owner Reaction Command Execution]
+CVE-2010-2446 [Rbot Owner Reaction Command Execution]
 	- rbot 0.9.14-2 (bug #575286)
 	[lenny] - rbot <not-affected> ("reaction" plugin not present in 0.9.10)
 	[etch] - rbot <not-affected> ("reaction" plugin not present in 0.9.10)
@@ -4426,7 +4429,7 @@
 	NOTE: Documentation advises against adding password data to the respective config file
 CVE-2010-XXXX [irssi emote leak]
 	- irssi-plugin-otr <unfixed> (unimportant; bug #569506)
-CVE-2010-XXXX [shibboleth-sp2: world-readable key]
+CVE-2010-2450 [shibboleth-sp2: world-readable key]
 	- shibboleth-sp2 2.3.1+dfsg-2 (low; bug #571631)
 	[lenny] - shibboleth-sp2 <no-dsa> (Minor issue)
 	- shibboleth-sp <not-affected> (Vulnerable code not present)
@@ -5709,7 +5712,7 @@
 	- bozohttpd 20090522-2 (low; bug #566325)
 	[lenny] - bozohttpd <no-dsa> (Minor issue)
 	[etch] - bozohttpd <no-dsa> (Minor issue)
-CVE-2010-XXXX [maradns null pointer dereference]
+CVE-2010-2444 [maradns null pointer dereference]
 	- maradns <unfixed> (low; bug #584587)
 	[lenny] - maradns <no-dsa> (minor issue)
 	[etch] - maradns <not-affected> (vulnerable code introduced in 1.3.03)

More information about the Secure-testing-commits mailing list