[Secure-testing-commits] r14182 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Thu Mar 4 03:26:13 UTC 2010
Author: gilbert-guest
Date: 2010-03-04 03:26:12 +0000 (Thu, 04 Mar 2010)
New Revision: 14182
Modified:
data/CVE/list
Log:
new issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-03-04 02:37:08 UTC (rev 14181)
+++ data/CVE/list 2010-03-04 03:26:12 UTC (rev 14182)
@@ -197,10 +197,12 @@
CVE-2010-0727
RESERVED
CVE-2010-0726 (Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack ...)
- TODO: check
+ - tdiary <unfixed> (bug #572417)
CVE-2010-0717 (The default configuration of cfg.packagepages_actions_excluded in ...)
+ - moin <undetermined>
TODO: check
CVE-2009-4652 (The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in ...)
+ - ngircd <undetermined>
TODO: check
CVE-2003-1590 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 ...)
NOT-FOR-US: Sun ONE Web Server
@@ -293,12 +295,14 @@
CVE-2010-0686
RESERVED
CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source ...)
+ - asterisk <undetermined>
TODO: check
CVE-2010-0684
RESERVED
CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator ...)
NOT-FOR-US: TIBCO Administrator
CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...)
+ - wodpress <undetermined>
TODO: check
CVE-2010-XXXX [http://downloads.digium.com/pub/security/AST-2010-003.pdf]
- asterisk <unfixed>
@@ -330,10 +334,13 @@
CVE-2010-0670 (Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) ...)
NOT-FOR-US: IP-Tech JQuarks (com_jquarks) Component
CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly ...)
+ - moin <undetermined>
TODO: check
CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x ...)
+ - moin <undetermined>
TODO: check
CVE-2010-0667 (MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of ...)
+ - moin <undetermined>
TODO: check
CVE-2010-0666 (Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch ...)
NOT-FOR-US: Novell eDirectory
@@ -356,11 +363,11 @@
CVE-2009-4644 (Accellion Secure File Transfer Appliance before 8_0_105 allows remote ...)
NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2005-4886 (The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the ...)
- TODO: check
+ - linux-2.6 2.6.12-1
+ - linux-2.6.24 <not-affected> (fixed before 2.6.24)
CVE-2010-XXXX [konversation DoS]
- konversation 1.2.3-1 (low)
NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
- TODO: check
CVE-2010-0664 (Stack consumption vulnerability in the ...)
- chromium-browser <itp> (bug #520334)
CVE-2010-0663 (The ParamTraits<SkBitmap>::Read function in ...)
@@ -437,6 +444,7 @@
CVE-2010-0640 (Cross-site scripting (XSS) vulnerability in CA eHealth Performance ...)
NOT-FOR-US: CA eHealth Performance Manager
CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 ...)
+ - squid <undetermined>
TODO: check
CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 ...)
- webcalendar <undetermined>
@@ -458,7 +466,6 @@
NOTE: http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7
CVE-2010-XXXX [pfribidi buffer overflow]
- pyfribidi 0.10.0-2 (bug #570068)
- TODO: check
CVE-2010-XXXX [phpbb3 weak captcha]
- phpbb3 <unfixed> (unimportant; bug #570011)
CVE-2010-XXXX [screensavers unlocked via enter key]
@@ -470,6 +477,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2010/02/12/2
NOTE: http://www.kde.org/info/security/advisory-2010-02-17-1.txt
CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) ...)
+ - flex <undetermined>
TODO: check
CVE-2010-0629
RESERVED
@@ -481,8 +489,10 @@
NOTE: http://mail-archives.apache.org/mod_mbox/couchdb-dev/201002.mbox/%3C87bpfz5t39.fsf@mid.deneb.enyo.de%3E
NOTE: http://www.openwall.com/lists/oss-security/2010/02/15/5
CVE-2010-0637 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ - webcalendar <undetermined>
TODO: check, webcalendar is in the archive
CVE-2010-0636 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...)
+ - webcalendar <undetermined>
TODO: check, webcalendar is in the archive
CVE-2010-0635 (SQL injection vulnerability in the plgSearchEventsearch::onSearch ...)
NOT-FOR-US: JEvents Search plugin for Joomla!
@@ -617,7 +627,9 @@
CVE-2010-0565 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...)
NOT-FOR-US: Cisco
CVE-2009-4642 (gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface ...)
- TODO: check
+ - gnome-screensaver 2.26.1-2
+ [lenny] - gnome-screensaver <not-affected> (vulnerability introduced in 2.26)
+ NOTE: only an issue under certain desktop environments such as xfce
CVE-2009-4641 (gnome-screensaver 2.28.0 does not resume adherence to its activation ...)
- gnome-screensaver 2.28.0-2 (low; bug #569667)
[etch] - gnome-screensaver <not-affected> (Vulnerable code not present)
@@ -1017,7 +1029,7 @@
RESERVED
- apache2 <not-affected> (Windows only)
CVE-2010-0424 (The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) ...)
- TODO: check
+ NOT-FOR-US: cronie and vixie-cron
CVE-2010-0423 (gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a ...)
- pidgin 2.6.6-1 (low)
CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize ...)
@@ -1046,6 +1058,7 @@
CVE-2010-0413
RESERVED
CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the value of ...)
+ - systemtap <undetermined>
TODO: check
CVE-2010-0411 (Multiple integer signedness errors in the (1) __get_argv and (2) ...)
- systemtap <unfixed> (low; bug #568809)
@@ -1414,12 +1427,16 @@
- zendframework 1.9.7-1
NOTE: http://framework.zend.com/security/advisory/ZF2010-01 - ZF2010-06
CVE-2009-4612 (Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP ...)
+ - jetty <undetermined>
TODO: check
CVE-2009-4611 (Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing ...)
+ - jetty <undetermined>
TODO: check
CVE-2009-4610 (Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty ...)
+ - jetty <undetermined>
TODO: check
CVE-2009-4609 (The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote ...)
+ - jetty <undetermined>
TODO: check
CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer (PIT) ...)
{DSA-1996-1}
@@ -4079,7 +4096,10 @@
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...)
- TODO: check
+ - openjdk-6 6b17 (unimportant)
+ - sun-java6 6-17-1 (unimportant)
+ NOTE: a problem in their updater, which is irrelevant since debian
+ NOTE: updates are provided by the security team
CVE-2009-3863 (Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise ...)
NOT-FOR-US: ActiveX
CVE-2009-3862 (The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and ...)
@@ -42219,7 +42239,7 @@
CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to ...)
NOT-FOR-US: Snaps! Gallery
CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet ...)
- TODO: check: - wordpress <unfixed>
+ - wordpress <undetermined>
CVE-2007-2713 (ifdate 2.x sends a redirect to the web browser but does not exit when ...)
NOT-FOR-US: iFdate
CVE-2007-2712 (Unspecified vulnerability in MH Software Connect Daily before 3.3.3 ...)
More information about the Secure-testing-commits
mailing list