[Secure-testing-commits] r14908 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sun Jun 27 02:10:37 UTC 2010
Author: gilbert-guest
Date: 2010-06-27 02:10:35 +0000 (Sun, 27 Jun 2010)
New Revision: 14908
Modified:
data/CVE/list
Log:
NFUs and new issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-06-25 21:14:41 UTC (rev 14907)
+++ data/CVE/list 2010-06-27 02:10:35 UTC (rev 14908)
@@ -3,53 +3,56 @@
CVE-2010-2451
RESERVED
CVE-2010-2443 (Unspecified vulnerability in LibTIFF before 3.9.3 allows remote ...)
+ - tiff <undetermined>
TODO: check
CVE-2010-2442 (Microsoft Internet Explorer, possibly 8, does not properly restrict ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows remote ...)
- TODO: check
+ - webkit <unfixed> (low)
+ - chromium-browser <unfixed> (low)
+ NOTE: poc seems to work, but only intermitently (maybe every 20th character)
CVE-2010-2440 (Stack-based buffer overflow in st-wizard.exe in Subtitle Translation ...)
- TODO: check
+ NOT-FOR-US: Subtitle Translation Wizard
CVE-2010-2439 (Stack-based buffer overflow in MoreAmp allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: MoreAmp
CVE-2010-2438 (SQL injection vulnerability in G.CMS generator allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: G.CMS
CVE-2010-2437 (Cross-site scripting (XSS) vulnerability in class/tools.class.php in ...)
- TODO: check
+ NOT-FOR-US: AneCMS BLog
CVE-2010-2436 (SQL injection vulnerability in modules/blog/index.php in AneCMS Blog ...)
- TODO: check
+ NOT-FOR-US: AneCMS Blog
CVE-2010-2435 (Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause ...)
- TODO: check
+ - weborf 0.12.2-1
CVE-2010-2434
RESERVED
CVE-2010-2433 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2010-2432 (The cupsDoAuthentication function in auth.c in the client in CUPS ...)
- TODO: check
+ - cups <unfixed>
CVE-2010-2431 (The cupsFileOpen function in CUPS before 1.4.4 allows local users, ...)
- TODO: check
+ - cups <unfixed>
CVE-2010-2430
RESERVED
CVE-2010-2429 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2010-2428 (Cross-site scripting (XSS) vulnerability in admin_loginok.html in the ...)
- TODO: check
+ NOT-FOR-US: Wing FTP Server
CVE-2010-2427
RESERVED
CVE-2010-2426 (Directory traversal vulnerability in TitanFTPd in South River ...)
- TODO: check
+ NOT-FOR-US: Titan FTP Server
CVE-2010-2425 (Directory traversal vulnerability in TitanFTPd in South River ...)
- TODO: check
+ NOT-FOR-US: Titan FTP Server
CVE-2010-2424
RESERVED
CVE-2010-2423
RESERVED
CVE-2010-2422 (Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone ...)
- TODO: check
+ NOT-FOR-US: PortalTransforms
CVE-2010-2421 (Multiple unspecified vulnerabilities in Opera before 10.54 have ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2010-2420 (Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser ...)
- TODO: check
+ NOT-FOR-US: Sleipnir
CVE-2008-7257
RESERVED
CVE-2010-XXXX [IE-specific XSS issue]
@@ -482,8 +485,9 @@
RESERVED
CVE-2010-2244
RESERVED
-CVE-2010-2243
+CVE-2010-2243 [timekeeping oops]
RESERVED
+ - linux-2.6 2.6.32-11
CVE-2010-2242
RESERVED
CVE-2010-2241
@@ -523,11 +527,12 @@
CVE-2010-2226
RESERVED
CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage unserializer in ...)
+ - php5 <undetermined>
TODO: check
CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise ...)
- TODO: check
+ NOT-FOR-US: Reh Had Enterprise Virtualization Manager (RHEV-M)
CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...)
- TODO: check
+ NOT-FOR-US: Red Hat Enterprise Virtualization Hypervisor (RHEV-H)
CVE-2010-2222
RESERVED
CVE-2010-2221
@@ -917,6 +922,7 @@
CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 ...)
- apache2 <not-affected> (does not affect UNIX, only Windows, etc.)
CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance function ...)
+ - tiff <undetermined>
TODO: check
CVE-2010-2066
RESERVED
@@ -1629,7 +1635,7 @@
CVE-2010-1776
RESERVED
CVE-2010-1775 (Race condition in Passcode Lock in Apple iOS before 4 on the iPhone ...)
- TODO: check
+ NOT-FOR-US: Apple iPhone Passcode Lock
CVE-2010-1774 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit <undetermined>
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38261
@@ -1702,19 +1708,23 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=28697
NOTE: http://trac.webkit.org/changeset/59098
CVE-2010-1757 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...)
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
+ NOTE: is this CVE-2010-2441 a dup of this?
TODO: check
CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone and iPod ...)
- TODO: check
+ NOT-FOR-US: Apple iPhone
CVE-2010-1755 (Safari in Apple iOS before 4 on the iPhone and iPod touch does not ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2010-1754 (Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does ...)
- TODO: check
+ NOT-FOR-US: Apple Passcode Lock
CVE-2010-1753 (ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows ...)
+ - tiff <undetermined>
TODO: check
CVE-2010-1752 (Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the ...)
- TODO: check
+ NOT-FOR-US: Apple CFNetwork
CVE-2010-1751 (Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch ...)
- TODO: check
+ NOT-FOR-US: Apple Application Sandbox
CVE-2010-1750 (Use-after-free vulnerability in Apple Safari before 5.0 on Windows ...)
- webkit <undetermined>
CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
@@ -1723,7 +1733,7 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38625
NOTE: http://trac.webkit.org/changeset/45941
CVE-2010-1748 (The cgi_initialize_string function in cgi-bin/var.c in the web ...)
- TODO: check
+ - cups <unfixed>
CVE-2010-1747
RESERVED
CVE-2010-1746 (Multiple cross-site scripting (XSS) vulnerabilities in the Table JX ...)
@@ -1980,6 +1990,8 @@
- clamav 0.96.1+dfsg-1 (bug #584183)
[lenny] - clamav <end-of-life>
CVE-2010-1638 (The IMP plugin in Horde allows remote attackers to bypass firewall ...)
+ - horde3 <undetermined>
+ - squirrelmail <undetermined>
TODO: check
CVE-2010-1637 (The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote ...)
- squirrelmail <unfixed> (unimportant)
@@ -2001,6 +2013,7 @@
- openssl <not-affected> (This bug is only present in OpenSSL 1.0.0)
TODO: recheck once >= 1.0.0 gets uploaded
CVE-2010-1632 (Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server ...)
+ - axis2c <undetermined>
TODO: check
CVE-2010-1631
RESERVED
@@ -2021,6 +2034,8 @@
- mysql-dfsg-5.0 <removed> (low; bug #584400)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648
CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer ...)
+ - lxr <undetermined>
+ - lxr-cvs <undetermined>
TODO: check
CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol plugin in ...)
- pidgin 2.7.0-1 (low)
@@ -3392,7 +3407,7 @@
- postgresql-8.4 8.4.4-1 (low)
- postgresql-8.3 <removed>
CVE-2010-1168 (The Safe (aka Safe.pm) module before 2.25 for Perl allows ...)
- TODO: check
+ - perl 5.10.1-13 (bug #582978)
CVE-2010-1166 (The fbComposite function in fbpict.c in the Render extension in the X ...)
- xorg-server <not-affected> (Xorg in Lenny onwards uses Pixman, which isn't affected)
NOTE: https://rhn.redhat.com/errata/RHSA-2010-0382.html
@@ -4609,9 +4624,9 @@
CVE-2010-0780
RESERVED
CVE-2010-0779 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2010-0778 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2010-0777 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0776 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...)
@@ -5335,13 +5350,15 @@
NOTE: http://trac.webkit.org/changeset/58792
NOTE: http://trac.webkit.org/changeset/58796
CVE-2010-0543 (ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows ...)
+ - tiff <undetermined>
TODO: check
CVE-2010-0542 (The _WriteProlog function in texttops.c in texttops in the Text Filter ...)
- TODO: check
+ - cups <unfixed>
CVE-2010-0541 (Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in ...)
+ - libwebapp-ruby <undetermined>
TODO: check
CVE-2010-0540 (Cross-site request forgery (CSRF) vulnerability in the web interface ...)
- TODO: check
+ - cups <unfixed>
CVE-2010-0539 (Integer signedness error in the window drawing implementation in Apple ...)
NOT-FOR-US: Apple Java
CVE-2010-0538 (Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X ...)
@@ -8985,7 +9002,7 @@
CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and ...)
NOT-FOR-US: Adobe Flash
CVE-2009-3793 (Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2009-3792 (Directory traversal vulnerability in Adobe Flash Media Server (FMS) ...)
NOT-FOR-US: Adobe Flash Media Server
CVE-2009-3791 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...)
More information about the Secure-testing-commits
mailing list