[Secure-testing-commits] r14222 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Mar 8 21:15:04 UTC 2010 

Author: joeyh
Date: 2010-03-08 21:14:54 +0000 (Mon, 08 Mar 2010)
New Revision: 14222

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-08 19:31:06 UTC (rev 14221)
+++ data/CVE/list	2010-03-08 21:14:54 UTC (rev 14222)
@@ -1,3 +1,7 @@
+CVE-2010-0928 (OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx ...)
+	TODO: check
+CVE-2010-0926
+	RESERVED
 CVE-2010-XXXX [dovecot DoS]
 	- dovecot <unfixed> (low)
 	[lenny] - dovecot <not-affected> (Vulnerable code not present)
@@ -5,45 +9,45 @@
 	TODO: Request CVE ID
 	NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
 	NOTE: maintainer is aware of it
-CVE-2010-0935
+CVE-2010-0935 (Perforce Server 2009.2 and earlier, when the protection table is ...)
 	NOT-FOR-US: Perforce Server
-CVE-2010-0934
+CVE-2010-0934 (The triggers functionality in Perforce Server 2008.1 allows remote ...)
 	NOT-FOR-US: Perforce Server
-CVE-2010-0933
+CVE-2010-0933 (Directory traversal vulnerability in Perforce Server 2008.1 allows ...)
 	NOT-FOR-US: Perforce Server
-CVE-2010-0932
+CVE-2010-0932 (The FTP server in Perforce Server 2008.1 allows remote attackers to ...)
 	NOT-FOR-US: Perforce Server
-CVE-2010-0931
+CVE-2010-0931 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...)
 	NOT-FOR-US: Perforce Server
-CVE-2010-0930
+CVE-2010-0930 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...)
 	NOT-FOR-US: Perforce Server
-CVE-2010-0929
+CVE-2010-0929 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...)
 	NOT-FOR-US: Perforce Server
-CVE-2010-0927
+CVE-2010-0927 (Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in ...)
 	NOT-FOR-US: IBM Lotus Domino
-CVE-2009-4676
+CVE-2009-4676 (Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio ...)
 	NOT-FOR-US: JetCast.exe
-CVE-2009-4675
+CVE-2009-4675 (admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant ...)
 	NOT-FOR-US: Mole Group Gastro Portal
-CVE-2009-4674
+CVE-2009-4674 (admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script ...)
 	NOT-FOR-US: Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket
-CVE-2009-4673
+CVE-2009-4673 (SQL injection vulnerability in profile.php in Mole Group Adult Portal ...)
 	NOT-FOR-US: Mole Group Adult Portal Script
-CVE-2009-4672
+CVE-2009-4672 (Directory traversal vulnerability in main.php in the WP-Lytebox plugin ...)
 	NOT-FOR-US: WP-Lytebox plugin for WordPress
-CVE-2009-4671
+CVE-2009-4671 (Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass ...)
 	NOT-FOR-US: RoomPHPlanning
-CVE-2009-4670
+CVE-2009-4670 (admin/delitem.php in RoomPHPlanning 1.6 does not require ...)
 	NOT-FOR-US: RoomPHPlanning
-CVE-2009-4669
+CVE-2009-4669 (Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow ...)
 	NOT-FOR-US: RoomPHPlanning
-CVE-2009-4668
+CVE-2009-4668 (Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio ...)
 	NOT-FOR-US: JetCast.exe
-CVE-2009-4667
+CVE-2009-4667 (SQL injection vulnerability in form.php in WebMember 1.0 allows remote ...)
 	NOT-FOR-US: WebMember
-CVE-2009-4666
+CVE-2009-4666 (Multiple PHP remote file inclusion vulnerabilities in Webradev ...)
 	NOT-FOR-US: Webradev Download Protect
-CVE-2009-4665
+CVE-2009-4665 (Directory traversal vulnerability in ...)
 	NOT-FOR-US: Cute Editor
 CVE-2010-0925 (cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 ...)
 	NOT-FOR-US: Apple Safari
@@ -369,8 +373,7 @@
 	RESERVED
 CVE-2010-0793
 	RESERVED
-CVE-2010-0792 [fcrontab information disclosure]
-	RESERVED
+CVE-2010-0792 (fcrontab in fcron before 3.0.5 allows local users to read arbitrary ...)
 	- fcron <unfixed> (low; bug #572587)
 	[lenny] - fcron <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2010/Mar/97
@@ -879,22 +882,17 @@
 	RESERVED
 CVE-2010-0593
 	RESERVED
-CVE-2010-0592
-	RESERVED
+CVE-2010-0592 (The CTI Manager service in Cisco Unified Communications Manager (aka ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2010-0591
-	RESERVED
+CVE-2010-0591 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2010-0590
-	RESERVED
+CVE-2010-0590 (The CMSIPUtility component in Cisco Unified Communications Manager ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
 CVE-2010-0589
 	RESERVED
-CVE-2010-0588
-	RESERVED
+CVE-2010-0588 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2010-0587
-	RESERVED
+CVE-2010-0587 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
 CVE-2010-0586
 	RESERVED
@@ -922,17 +920,13 @@
 	RESERVED
 CVE-2010-0574
 	RESERVED
-CVE-2010-0573
-	RESERVED
+CVE-2010-0573 (Unspecified vulnerability on the Cisco Digital Media Player before 5.2 ...)
 	NOT-FOR-US: Cisco Digital Media Player
-CVE-2010-0572
-	RESERVED
+CVE-2010-0572 (Cisco Digital Media Manager (DMM) before 5.2 allows remote ...)
 	NOT-FOR-US: Cisco Digital Media Manager
-CVE-2010-0571
-	RESERVED
+CVE-2010-0571 (Unspecified vulnerability in Cisco Digital Media Manager (DMM) 5.0.x ...)
 	NOT-FOR-US: Cisco Digital Media Manager
-CVE-2010-0570
-	RESERVED
+CVE-2010-0570 (Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default ...)
 	NOT-FOR-US: Cisco Digital Media Manager
 CVE-2010-0569 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...)
 	NOT-FOR-US: Cisco
@@ -1323,10 +1317,9 @@
 	RESERVED
 CVE-2010-0435
 	RESERVED
-CVE-2010-0434
-	RESERVED
-CVE-2010-0433 [openssl remote crash]
-	RESERVED
+CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP ...)
+	TODO: check
+CVE-2010-0433 (The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before ...)
 	- openssl <not-affected> (Kerberos support not enabled)
 	NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/5
 CVE-2010-0432
@@ -1347,8 +1340,7 @@
 	{DSA-2006-1}
 	- sudo 1.7.2p1-1.2 (bug #570737)
 	NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
-CVE-2010-0425 [apache mod_isapi DoS]
-	RESERVED
+CVE-2010-0425 (modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server ...)
 	- apache2 <not-affected> (Windows only)
 CVE-2010-0424 (The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) ...)
 	- cron <undetermined> 
@@ -1367,8 +1359,8 @@
 	- gaim <removed> (low)
 	[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
 	- qutecom <undetermined> (low; bug #572946)
-CVE-2010-0419
-	RESERVED
+CVE-2010-0419 (The x86 emulator in KVM 83, when a guest is configured for Symmetric ...)
+	TODO: check
 CVE-2010-0418
 	RESERVED
 CVE-2010-0417 (Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and ...)
@@ -1402,8 +1394,7 @@
 CVE-2010-0409 (Buffer overflow in the GMIME_UUENCODE_LEN macro in ...)
 	- gmime2.2 <unfixed> (bug #568291)
 	- gmime2.4 <unfixed> (bug #568291)
-CVE-2010-0408 [apache2 mod_proxy_ajp DoS]
-	RESERVED
+CVE-2010-0408 (The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp ...)
 	- apache2 <unfixed> (low)
 	[lenny] - apache2 <no-dsa> (minor issue)
 	NOTE: Will be fixed in s-p-u
@@ -1436,8 +1427,7 @@
 CVE-2010-0394 (PyGIT.py in the Trac Git plugin (trac-git) before ...)
 	{DSA-1990-2 DSA-1990-1}
 	- trac-git 0.0.20090320-1 (high; bug #567039)
-CVE-2010-0393 [lpasswd format string]
-	RESERVED
+CVE-2010-0393 (The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS ...)
 	{DSA-2007-1}
 	- cupsys <removed>
 	- cups 1.4.2-9.1
@@ -1801,8 +1791,7 @@
 CVE-2010-0303 (mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2 ...)
 	{DSA-1982-1}
 	- hybserv 1.9.2-4.1 (low; bug #550389)
-CVE-2010-0302 [cups denial-of-service]
-	RESERVED
+CVE-2010-0302 (Use-after-free vulnerability in the abstract file-descriptor handling ...)
 	- cups <unfixed> (bug #572940)
 	[lenny] - cups <no-dsa> (Minor issue)
 	- cupsys <not-affected> (vulnerable code introduced in 1.3.x)
@@ -6245,8 +6234,7 @@
 CVE-2008-7244 (Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a ...)
 	- xulrunner <unfixed> (unimportant)
 	NOTE: browser denial-of-services are unimportant
-CVE-2009-3245
-	RESERVED
+CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value from ...)
 	- openssl 0.9.8m-1 (low)
 	[lenny] - openssl <no-dsa> (Minor issue)
 CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ...)
@@ -7079,8 +7067,7 @@
 	RESERVED
 CVE-2009-3033 (Buffer overflow in the RunCmd method in the Altiris eXpress NS Console ...)
 	NOT-FOR-US: ActiveX
-CVE-2009-3032
-	RESERVED
+CVE-2009-3032 (Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the ...)
 	NOT-FOR-US: Autonomy KeyView
 CVE-2009-3031 (Stack-based buffer overflow in the BrowseAndSaveFile method in the ...)
 	NOT-FOR-US: Symantec Altiris Notification Server
@@ -8136,11 +8123,9 @@
 	RESERVED
 CVE-2009-2755
 	RESERVED
-CVE-2009-2754
-	RESERVED
+CVE-2009-2754 (Integer signedness error in the authentication functionality in ...)
 	NOT-FOR-US: Informix Storage Manager
-CVE-2009-2753
-	RESERVED
+CVE-2009-2753 (Multiple buffer overflows in the authentication functionality in ...)
 	NOT-FOR-US: Informix Storage Manager
 CVE-2009-2752 (IBM WebSphere Commerce 7.0 does not properly encrypt data in a ...)
 	NOT-FOR-US: IBM WebSphere Commerce

More information about the Secure-testing-commits mailing list