[Secure-testing-commits] r14246 - data/CVE
Nico Golde
nion at alioth.debian.org
Thu Mar 11 08:50:05 UTC 2010
Author: nion
Date: 2010-03-11 08:50:03 +0000 (Thu, 11 Mar 2010)
New Revision: 14246
Modified:
data/CVE/list
Log:
- NFUs
- CVE-2010-0717 fixed in moin 1.9.0~rc2-1
- new mydms issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-03-11 07:55:12 UTC (rev 14245)
+++ data/CVE/list 2010-03-11 08:50:03 UTC (rev 14246)
@@ -9,33 +9,33 @@
TODO: File bug
NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
CVE-2010-0946 (SQL injection vulnerability in the Keep It Simple Stupid (KISS) ...)
- TODO: check
+ NOT-FOR-US: com_ksadvertiser component for Joomla!
CVE-2010-0945 (SQL injection vulnerability in the HotBrackets Tournament Brackets ...)
- TODO: check
+ NOT-FOR-US: com_hotbrackets component for Joomla!
CVE-2010-0944 (Directory traversal vulnerability in the JCollection (com_jcollection) ...)
- TODO: check
+ NOT-FOR-US: com_jcollection component for Joomla!
CVE-2010-0943 (Directory traversal vulnerability in the JA Showcase (com_jashowcase) ...)
- TODO: check
+ NOT-FOR-US: com_jashowcase component for Joomla!
CVE-2010-0942 (Directory traversal vulnerability in the jVideoDirect ...)
- TODO: check
+ NOT-FOR-US: com_jvideodirect component for Joomla!
CVE-2010-0941 (Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems ...)
- TODO: check
+ NOT-FOR-US: eTek Systems Hit Counter
CVE-2010-0940 (Cross-site scripting (XSS) vulnerability in guestbook.php in Simple ...)
- TODO: check
+ NOT-FOR-US: Simple PHP Guestbook
CVE-2010-0939 (Visialis ABB Forum 1.1 stores sensitive information under the web root ...)
- TODO: check
+ NOT-FOR-US: Visialis ABB Forum
CVE-2010-0938 (Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo ...)
- TODO: check
+ NOT-FOR-US: Todoo Forum
CVE-2010-0937 (Multiple unspecified vulnerabilities in Visualization Library before ...)
- TODO: check
+ NOT-FOR-US: Visualization Library
CVE-2010-0936 (Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK ...)
- TODO: check
+ NOT-FOR-US: D-LINK firmware
CVE-2009-4679 (Directory traversal vulnerability in the inertialFATE iF Portfolio ...)
- TODO: check
+ NOT-FOR-US: com_if_nexus component for Joomla!
CVE-2009-4678 (Cross-site scripting (XSS) vulnerability in index.php in Winn ...)
- TODO: check
+ NOT-FOR-US: Winn Guestbook
CVE-2009-4677 (Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP ...)
- TODO: check
+ NOT-FOR-US: phpFK PHP Forum
CVE-2010-XXXX [vlc bookmarks memory corruption]
- vlc <undetermined>
NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php
@@ -570,8 +570,7 @@
{DSA-2009-1}
- tdiary 2.2.1-1.1 (low; bug #572417)
CVE-2010-0717 (The default configuration of cfg.packagepages_actions_excluded in ...)
- - moin <undetermined>
- TODO: check
+ - moin 1.9.0~rc2-1
CVE-2009-4652 (The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in ...)
- ngircd <not-affected> (SSL/TLS support not yet present)
TODO: Recheck when 0.15 gets uploaded
@@ -1707,9 +1706,10 @@
- makepasswd 1.10-5 (low; bug #564559)
[lenny] - makepasswd <no-dsa> (Minor issue)
CVE-2010-XXXX [mydms multiple issues]
- - mydms <undetermined> (low)
- TODO: check
+ - mydms <unfixed> (low)
+ TODO: write bug report
NOTE: http://seclists.org/fulldisclosure/2010/Jan/267
+ NOTE: CVE ids requested
CVE-2010-0350 (Directory traversal vulnerability in the Photo Book (goof_fotoboek) ...)
NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0349 (Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 ...)
More information about the Secure-testing-commits
mailing list