[Secure-testing-commits] r14907 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Jun 25 21:14:42 UTC 2010 

Author: joeyh
Date: 2010-06-25 21:14:41 +0000 (Fri, 25 Jun 2010)
New Revision: 14907

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-06-25 20:15:13 UTC (rev 14906)
+++ data/CVE/list	2010-06-25 21:14:41 UTC (rev 14907)
@@ -1,3 +1,27 @@
+CVE-2010-2452
+	RESERVED
+CVE-2010-2451
+	RESERVED
+CVE-2010-2443 (Unspecified vulnerability in LibTIFF before 3.9.3 allows remote ...)
+	TODO: check
+CVE-2010-2442 (Microsoft Internet Explorer, possibly 8, does not properly restrict ...)
+	TODO: check
+CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows remote ...)
+	TODO: check
+CVE-2010-2440 (Stack-based buffer overflow in st-wizard.exe in Subtitle Translation ...)
+	TODO: check
+CVE-2010-2439 (Stack-based buffer overflow in MoreAmp allows remote attackers to ...)
+	TODO: check
+CVE-2010-2438 (SQL injection vulnerability in G.CMS generator allows remote attackers ...)
+	TODO: check
+CVE-2010-2437 (Cross-site scripting (XSS) vulnerability in class/tools.class.php in ...)
+	TODO: check
+CVE-2010-2436 (SQL injection vulnerability in modules/blog/index.php in AneCMS Blog ...)
+	TODO: check
+CVE-2010-2435 (Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause ...)
+	TODO: check
+CVE-2010-2434
+	RESERVED
 CVE-2010-2433 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	TODO: check
 CVE-2010-2432 (The cupsDoAuthentication function in auth.c in the client in CUPS ...)
@@ -500,10 +524,10 @@
 	RESERVED
 CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage unserializer in ...)
 	TODO: check
-CVE-2010-2224
-	RESERVED
-CVE-2010-2223
-	RESERVED
+CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise ...)
+	TODO: check
+CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...)
+	TODO: check
 CVE-2010-2222
 	RESERVED
 CVE-2010-2221
@@ -2192,9 +2216,11 @@
 CVE-2009-4811 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware ...)
 	NOT-FOR-US: VMware
 CVE-2010-2447 [gitolite "not filtering src/ or hooks/ from pathnames"]
+	RESERVED
 	- gitolite 1.4.2-1 (low)
 	NOTE: http://secunia.com/advisories/39587/
 CVE-2010-2448 [gitolite os command injection]
+	RESERVED
 	- gitolite 1.4.2-1 (medium)
 	NOTE: http://secunia.com/advisories/39587/
 CVE-2010-1558 (Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital ...)
@@ -2311,7 +2337,7 @@
 	- webkit <not-affected> (doesn't use v8 bindings yet)
 	NOTE: http://trac.webkit.org/changeset/45826
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37210
-        NOTE: http://trac.webkit.org/changeset/57224
+	NOTE: http://trac.webkit.org/changeset/57224
 CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from loading ...)
 	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <not-affected> (chromium-specific issue)
@@ -2821,6 +2847,7 @@
 	- sun-java6 6.20-1 (high)
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2010-2449 [gource: predictable log file located in /tmp]
+	RESERVED
 	- gource 0.26-2 (low; bug #577958)
 CVE-2010-XXXX [webkit: lots of dns lookups]
 	- webkit <unfixed> (unimportant; bug #578019)
@@ -3532,10 +3559,12 @@
 CVE-2009-4739 (PHP remote file inclusion vulnerability in index.php in SkaDate Dating ...)
 	NOT-FOR-US: SkaDate Dating
 CVE-2010-2445 [freeciv lua]
+	RESERVED
 	- freeciv <unfixed> (low; bug #584589)
 	[lenny] - freeciv <no-dsa> (Minor issue)
 	NOTE: http://gna.org/bugs/?15624
 CVE-2010-2446 [Rbot Owner Reaction Command Execution]
+	RESERVED
 	- rbot 0.9.14-2 (bug #575286)
 	[lenny] - rbot <not-affected> ("reaction" plugin not present in 0.9.10)
 	[etch] - rbot <not-affected> ("reaction" plugin not present in 0.9.10)
@@ -4454,6 +4483,7 @@
 CVE-2010-XXXX [irssi emote leak]
 	- irssi-plugin-otr <unfixed> (unimportant; bug #569506)
 CVE-2010-2450 [shibboleth-sp2: world-readable key]
+	RESERVED
 	- shibboleth-sp2 2.3.1+dfsg-2 (low; bug #571631)
 	[lenny] - shibboleth-sp2 <no-dsa> (Minor issue)
 	- shibboleth-sp <not-affected> (Vulnerable code not present)
@@ -4578,10 +4608,10 @@
 	RESERVED
 CVE-2010-0780
 	RESERVED
-CVE-2010-0779
-	RESERVED
-CVE-2010-0778
-	RESERVED
+CVE-2010-0779 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
+	TODO: check
+CVE-2010-0778 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
+	TODO: check
 CVE-2010-0777 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-0776 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...)
@@ -5752,6 +5782,7 @@
 	[lenny] - bozohttpd <no-dsa> (Minor issue)
 	[etch] - bozohttpd <no-dsa> (Minor issue)
 CVE-2010-2444 [maradns null pointer dereference]
+	RESERVED
 	- maradns <unfixed> (low; bug #584587)
 	[lenny] - maradns <no-dsa> (minor issue)
 	[etch] - maradns <not-affected> (vulnerable code introduced in 1.3.03)

More information about the Secure-testing-commits mailing list