[Secure-testing-commits] r14903 - data/CVE

Thu Jun 24 21:14:29 UTC 2010

Author: joeyh
Date: 2010-06-24 21:14:28 +0000 (Thu, 24 Jun 2010)
New Revision: 14903

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-06-24 17:21:53 UTC (rev 14902)
+++ data/CVE/list	2010-06-24 21:14:28 UTC (rev 14903)
@@ -1,3 +1,5 @@
+CVE-2010-2433 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2010-2432 (The cupsDoAuthentication function in auth.c in the client in CUPS ...)
 	TODO: check
 CVE-2010-2431 (The cupsFileOpen function in CUPS before 1.4.4 allows local users, ...)
@@ -4,22 +6,22 @@
 	TODO: check
 CVE-2010-2430
 	RESERVED
-CVE-2010-2429
-	RESERVED
-CVE-2010-2428
-	RESERVED
+CVE-2010-2429 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, ...)
+	TODO: check
+CVE-2010-2428 (Cross-site scripting (XSS) vulnerability in admin_loginok.html in the ...)
+	TODO: check
 CVE-2010-2427
 	RESERVED
-CVE-2010-2426
-	RESERVED
-CVE-2010-2425
-	RESERVED
+CVE-2010-2426 (Directory traversal vulnerability in TitanFTPd in South River ...)
+	TODO: check
+CVE-2010-2425 (Directory traversal vulnerability in TitanFTPd in South River ...)
+	TODO: check
 CVE-2010-2424
 	RESERVED
 CVE-2010-2423
 	RESERVED
-CVE-2010-2422
-	RESERVED
+CVE-2010-2422 (Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone ...)
+	TODO: check
 CVE-2010-2421 (Multiple unspecified vulnerabilities in Opera before 10.54 have ...)
 	TODO: check
 CVE-2010-2420 (Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser ...)
@@ -481,8 +483,8 @@
 	RESERVED
 CVE-2010-2226
 	RESERVED
-CVE-2010-2225
-	RESERVED
+CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage unserializer in ...)
+	TODO: check
 CVE-2010-2224
 	RESERVED
 CVE-2010-2223
@@ -865,14 +867,13 @@
 	RESERVED
 CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 ...)
 	- apache2 <not-affected> (does not affect UNIX, only Windows, etc.)
-CVE-2010-2067
-	RESERVED
+CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance function ...)
+	TODO: check
 CVE-2010-2066
 	RESERVED
 	- linux-2.6 <unfixed>
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.31)
-CVE-2010-2065 [tiff integer overflow]
-	RESERVED
+CVE-2010-2065 (Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 ...)
 	- tiff <undetermined>
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589145
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565
@@ -1119,7 +1120,7 @@
 	RESERVED
 CVE-2010-1965
 	RESERVED
-CVE-2010-1964 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
+CVE-2010-1964 (Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node ...)
 	NOT-FOR-US: HP OpenView Network Node Manager
 CVE-2010-1963 (Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows ...)
 	NOT-FOR-US: HP ServiceCenter
@@ -1964,8 +1965,8 @@
 	- mysql-5.1 5.1.46-1 (bug #582526)
 	- mysql-dfsg-5.0 <removed> (low; bug #584400)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648
-CVE-2010-1625
-	RESERVED
+CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer ...)
+	TODO: check
 CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol plugin in ...)
 	- pidgin 2.7.0-1 (low)
 	[lenny] - pidgin 2.4.3-4lenny6
@@ -2529,8 +2530,7 @@
 	[lenny] - python2.5 <no-dsa> (Minor issue)
 	- python2.4 <removed> (low)
 	[lenny] - python2.4 <no-dsa> (Minor issue)
-CVE-2010-1448 [lxr XSS on the search page]
-	RESERVED
+CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR ...)
 	- lxr-cvs <unfixed>
 	TODO: prod maintainer (and find out why we have lxr and lxr-cvs)
 CVE-2010-1447 (The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for ...)
@@ -2642,7 +2642,7 @@
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=29635
 	NOTE: http://trac.webkit.org/changeset/57759
 	NOTE: http://trac.webkit.org/changeset/57817
-CVE-2010-1411 (Multiple integer overflows in ImageIO in Apple Mac OS X 10.5.8, and ...)
+CVE-2010-1411 (Multiple integer overflows in the Fax3SetupState function in ...)
 	- tiff <undetermined>
 	TODO: check
 CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
@@ -3239,42 +3239,34 @@
 	RESERVED
 CVE-2010-1204
 	RESERVED
-CVE-2010-1203 [browser crashes with evidence of memory corruption]
-	RESERVED
+CVE-2010-1203 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
 	- xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2)
-CVE-2010-1202 [browser crashes with evidence of memory corruption]
-	RESERVED
+CVE-2010-1202 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
 	- xulrunner 1.9.1.10-1
 	- iceape 2.0.5-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-1201 [browser crashes with evidence of memory corruption]
-	RESERVED
+CVE-2010-1201 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
 	- xulrunner 1.9.1.10-1
 	- iceape 2.0.5-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-1200 [browser crashes with evidence of memory corruption]
-	RESERVED
+CVE-2010-1200 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- xulrunner 1.9.1.10-1
 	- iceape 2.0.5-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-1199
-	RESERVED
+CVE-2010-1199 (Integer overflow in the XSLT node sorting implementation in Mozilla ...)
 	- xulrunner 1.9.1.10-1
 	- iceape 2.0.5-1
 	- icedove <unfixed>
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-1198 [Freed object reuse across plugin instances]
-	RESERVED
+CVE-2010-1198 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 ...)
 	- xulrunner 1.9.1.10-1
 	- iceape 2.0.5-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-1197
-	RESERVED
+CVE-2010-1197 (Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and ...)
 	- xulrunner 1.9.1.10-1
 	- iceape 2.0.5-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-1196 [Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal]
-	RESERVED
+CVE-2010-1196 (Integer overflow in the nsGenericDOMDataNode::SetTextInternal function ...)
 	- xulrunner 1.9.1.10-1
 	- iceape 2.0.5-1
 	- icedove <unfixed>
@@ -3471,7 +3463,7 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers to ...)
 	- webkit <not-affected> (proof-of-concept not effective; windows-only?)
-CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x allows remote ...)
+CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and ...)
 	- xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2)
 	NOTE: Description is wrong, only affects Firefox 3.6 per https://bugzilla.mozilla.org/show_bug.cgi?id=552255
 CVE-2010-1124 (bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading ...)
@@ -6323,8 +6315,7 @@
 	NOT-FOR-US: Adobe ColdFusion
 CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in TIBCO ...)
 	NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent 
-CVE-2010-0183
-	RESERVED
+CVE-2010-0183 (Use-after-free vulnerability in the nsCycleCollector::MarkRoots ...)
 	- xulrunner 1.9.1.10-1
 	- iceape 2.0.5-1
 	[lenny] - iceape <not-affected> (Only a stub package)
@@ -21669,7 +21660,7 @@
 	NOT-FOR-US: Google
 CVE-2008-5914 (An unspecified function in the JavaScript implementation in Apple ...)
 	NOT-FOR-US: Apple
-CVE-2008-5913 (An unspecified function in the JavaScript implementation in Mozilla ...)
+CVE-2008-5913 (The Math.random function in the JavaScript implementation in Mozilla ...)
 	- xulrunner 1.9.1.10-1 (unimportant; bug #559792)
 	- iceape 2.0.5-1 (unimportant)
 	[lenny] - iceape <not-affected> (Just a stub package)


