[Secure-testing-commits] r14325 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Mar 26 09:14:51 UTC 2010
Author: joeyh
Date: 2010-03-26 09:14:45 +0000 (Fri, 26 Mar 2010)
New Revision: 14325
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-03-25 21:50:25 UTC (rev 14324)
+++ data/CVE/list 2010-03-26 09:14:45 UTC (rev 14325)
@@ -1,3 +1,245 @@
+CVE-2010-1122 (Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 ...)
+ TODO: check
+CVE-2010-1121 (Unspecified vulnerability in Mozilla Firefox 3 on Windows 7 allows ...)
+ TODO: check
+CVE-2010-1120 (Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows ...)
+ TODO: check
+CVE-2010-1119 (Unspecified vulnerability in Safari on Apple iPhone OS allows remote ...)
+ TODO: check
+CVE-2010-1118 (Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows ...)
+ TODO: check
+CVE-2010-1117 (Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows ...)
+ TODO: check
+CVE-2010-1116 (LookMer Music Portal stores sensitive information under the web root ...)
+ TODO: check
+CVE-2010-1115 (Directory traversal vulnerability in news/include/customize.php in Web ...)
+ TODO: check
+CVE-2010-1114 (Multiple PHP remote file inclusion vulnerabilities in Web Server ...)
+ TODO: check
+CVE-2010-1113 (Cross-site scripting (XSS) vulnerability in the forum page in Web ...)
+ TODO: check
+CVE-2010-1112 (Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 ...)
+ TODO: check
+CVE-2010-1111 (Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete ...)
+ TODO: check
+CVE-2010-1110 (Directory traversal vulnerability in index.php in phpMySport 1.4 ...)
+ TODO: check
+CVE-2010-1109 (Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, ...)
+ TODO: check
+CVE-2010-1108 (Cross-site scripting (XSS) vulnerability in the Control Panel module ...)
+ TODO: check
+CVE-2010-1107 (Cross-site scripting (XSS) vulnerability in the Recent Comments module ...)
+ TODO: check
+CVE-2010-1106 (PHP remote file inclusion vulnerability in cgi/index.php in ...)
+ TODO: check
+CVE-2010-1105 (Cross-site scripting (XSS) vulnerability in cgi/index.php in ...)
+ TODO: check
+CVE-2010-1104 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, ...)
+ TODO: check
+CVE-2010-1103 (Integer overflow in Stainless allows remote attackers to bypass ...)
+ TODO: check
+CVE-2010-1102 (Integer overflow in OmniWeb allows remote attackers to bypass intended ...)
+ TODO: check
+CVE-2010-1101 (Integer overflow in Alexander Clauss iCab allows remote attackers to ...)
+ TODO: check
+CVE-2010-1100 (Integer overflow in Arora allows remote attackers to bypass intended ...)
+ TODO: check
+CVE-2010-1099 (Integer overflow in Apple Safari allows remote attackers to bypass ...)
+ TODO: check
+CVE-2010-1098 (The ANI parser in Microsoft Windows before 7 on the x86 platform, as ...)
+ TODO: check
+CVE-2010-1097 (include/userlogin.class.php in DeDeCMS 5.5 GBK, when ...)
+ TODO: check
+CVE-2010-1096 (Multiple SQL injection vulnerabilities in searchmatch.php in ...)
+ TODO: check
+CVE-2010-1095 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2010-1094 (SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus ...)
+ TODO: check
+CVE-2010-1093 (SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when ...)
+ TODO: check
+CVE-2010-1092 (Multiple SQL injection vulnerabilities in login.php in ScriptsFeed ...)
+ TODO: check
+CVE-2010-1091 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in ...)
+ TODO: check
+CVE-2010-1090 (SQL injection vulnerability in index.php in phpMySite allows remote ...)
+ TODO: check
+CVE-2010-1089 (SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 ...)
+ TODO: check
+CVE-2010-1088
+ RESERVED
+CVE-2010-1087
+ RESERVED
+CVE-2010-1086
+ RESERVED
+CVE-2010-1085
+ RESERVED
+CVE-2010-1084
+ RESERVED
+CVE-2010-1083
+ RESERVED
+CVE-2010-1082 (Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when ...)
+ TODO: check
+CVE-2010-1081 (Directory traversal vulnerability in the Community Polls ...)
+ TODO: check
+CVE-2010-1080 (Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS ...)
+ TODO: check
+CVE-2010-1079 (Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 ...)
+ TODO: check
+CVE-2010-1078 (SQL injection vulnerability in archive.php in XlentProjects SphereCMS ...)
+ TODO: check
+CVE-2010-1077 (Directory traversal vulnerability in vbseo.php in Crawlability vBSEO ...)
+ TODO: check
+CVE-2010-1076 (Cross-site scripting (XSS) vulnerability in index.php in Entry Level ...)
+ TODO: check
+CVE-2010-1075 (SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) ...)
+ TODO: check
+CVE-2010-1074 (Cross-site scripting (XSS) vulnerability in the Currency Exchange ...)
+ TODO: check
+CVE-2010-1073 (SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) ...)
+ TODO: check
+CVE-2010-1072 (Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS ...)
+ TODO: check
+CVE-2010-1071 (SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows ...)
+ TODO: check
+CVE-2010-1070 (SQL injection vulnerability in index.php in ImagoScripts Deviant Art ...)
+ TODO: check
+CVE-2010-1069 (SQL injection vulnerability in games/game.php in ProArcadeScript ...)
+ TODO: check
+CVE-2010-1068 (Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi ...)
+ TODO: check
+CVE-2010-1067 (E-membres 1.0 stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2010-1066 (AR Web Content Manager (AWCM) 2.1 stores sensitive information under ...)
+ TODO: check
+CVE-2010-1065 (Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information ...)
+ TODO: check
+CVE-2010-1064 (Erolife AjxGaleri VT stores sensitive information under the web root ...)
+ TODO: check
+CVE-2010-1063 (Multiple directory traversal vulnerabilities in Phpkobo Free Real ...)
+ TODO: check
+CVE-2010-1062 (Directory traversal vulnerability in codelib/sys/common.inc.php in ...)
+ TODO: check
+CVE-2010-1061 (Multiple directory traversal vulnerabilities in Phpkobo Short URL ...)
+ TODO: check
+CVE-2010-1060 (Directory traversal vulnerability in staff/app/common.inc.php in ...)
+ TODO: check
+CVE-2010-1059 (Directory traversal vulnerability in staff/app/common.inc.php in ...)
+ TODO: check
+CVE-2010-1058 (Directory traversal vulnerability in codelib/cfg/common.inc.php in ...)
+ TODO: check
+CVE-2010-1057 (Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka ...)
+ TODO: check
+CVE-2010-1056 (Directory traversal vulnerability in the RokDownloads ...)
+ TODO: check
+CVE-2010-1055 (Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and ...)
+ TODO: check
+CVE-2010-1054 (Multiple SQL injection vulnerabilities in ParsCMS allow remote ...)
+ TODO: check
+CVE-2010-1053 (Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and ...)
+ TODO: check
+CVE-2010-1052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2010-1051 (Multiple SQL injection vulnerabilities in index.php in AudiStat 1.3 ...)
+ TODO: check
+CVE-2010-1050 (SQL injection vulnerability in index.php in AudiStat 1.3 allows remote ...)
+ TODO: check
+CVE-2010-1049 (Multiple SQL injection vulnerabilities in Uiga Business Portal allow ...)
+ TODO: check
+CVE-2010-1048 (Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga ...)
+ TODO: check
+CVE-2010-1047 (SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and ...)
+ TODO: check
+CVE-2010-1046 (Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 ...)
+ TODO: check
+CVE-2010-1045 (SQL injection vulnerability in the Productbook (com_productbook) ...)
+ TODO: check
+CVE-2010-1044 (SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 ...)
+ TODO: check
+CVE-2010-1043 (Directory traversal vulnerability in index.php in jaxCMS 1.0 allows ...)
+ TODO: check
+CVE-2010-1042 (Microsoft Windows Media Player 11 does not properly perform colorspace ...)
+ TODO: check
+CVE-2010-1041 (Unspecified vulnerability in the single sign-on functionality in the ...)
+ TODO: check
+CVE-2010-1040 (The "IP address range limitation" function in OpenPNE 1.6 through 1.8, ...)
+ TODO: check
+CVE-2010-1039
+ RESERVED
+CVE-2010-1038
+ RESERVED
+CVE-2010-1037
+ RESERVED
+CVE-2010-1036
+ RESERVED
+CVE-2010-1035
+ RESERVED
+CVE-2010-1034
+ RESERVED
+CVE-2010-1033
+ RESERVED
+CVE-2010-1032
+ RESERVED
+CVE-2010-1031
+ RESERVED
+CVE-2010-1030
+ RESERVED
+CVE-2010-1029 (Stack consumption vulnerability in the WebCore::CSSSelector function ...)
+ TODO: check
+CVE-2010-1027 (SQL injection vulnerability in the Meet Travelmates (travelmate) ...)
+ TODO: check
+CVE-2010-1026 (SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) ...)
+ TODO: check
+CVE-2010-1025 (Cross-site scripting (XSS) vulnerability in the TGM-Newsletter ...)
+ TODO: check
+CVE-2010-1024 (SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) ...)
+ TODO: check
+CVE-2010-1023 (Cross-site scripting (XSS) vulnerability in the UserTask Center, ...)
+ TODO: check
+CVE-2010-1022 (The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) ...)
+ TODO: check
+CVE-2010-1021 (Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer ...)
+ TODO: check
+CVE-2010-1020 (Cross-site scripting (XSS) vulnerability in the Simple Gallery ...)
+ TODO: check
+CVE-2010-1019 (SQL injection vulnerability in the Simple Gallery (sk_simplegallery) ...)
+ TODO: check
+CVE-2010-1018 (SQL injection vulnerability in the Book Reviews (sk_bookreview) ...)
+ TODO: check
+CVE-2010-1017 (SQL injection vulnerability in the SAV Filter Months ...)
+ TODO: check
+CVE-2010-1016 (SQL injection vulnerability in the SAV Filter Selectors ...)
+ TODO: check
+CVE-2010-1015 (SQL injection vulnerability in the SAV Filter Alphabetic ...)
+ TODO: check
+CVE-2010-1014 (Cross-site scripting (XSS) vulnerability in the Reports Logfile View ...)
+ TODO: check
+CVE-2010-1013 (SQL injection vulnerability in the Diocese of Portsmouth Database ...)
+ TODO: check
+CVE-2010-1012 (SQL injection vulnerability in the CleanDB (nf_cleandb) extension ...)
+ TODO: check
+CVE-2010-1011 (Cross-site scripting (XSS) vulnerability in the myDashboard ...)
+ TODO: check
+CVE-2010-1010 (SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) ...)
+ TODO: check
+CVE-2010-1009 (SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 ...)
+ TODO: check
+CVE-2010-1008 (Cross-site scripting (XSS) vulnerability in the Sellector.com Widget ...)
+ TODO: check
+CVE-2010-1007 (Unspecified vulnerability in the Power Extension Manager (ch_lightem) ...)
+ TODO: check
+CVE-2010-1006 (SQL injection vulnerability in the Brainstorming extension 0.1.8 and ...)
+ TODO: check
+CVE-2010-1005 (Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 ...)
+ TODO: check
+CVE-2010-1004 (SQL injection vulnerability in the Yet another TYPO3 search engine ...)
+ TODO: check
+CVE-2009-4738
+ RESERVED
+CVE-2009-4737
+ RESERVED
+CVE-2009-4736 (Cross-site scripting (XSS) vulnerability in search.php in CommonSense ...)
+ TODO: check
CVE-2010-XXXX [phpCAS XSS in final_uri; PHPCAS-52]
- glpi <unfixed> (bug #574760)
- moodle <unfixed> (bug #574757)
@@ -2,3 +244,3 @@
NOTE: http://www.ja-sig.org/issues/browse/PHPCAS-52
-CVE-2010-1028 [mfsa-2010-08]
+CVE-2010-1028 (Integer overflow in the decompression functionality in the Web Open ...)
- xulrunner <not-affected> (vulnerability introduced in firefox 3.6)
@@ -13,8 +255,8 @@
CVE-2010-XXXX [Fixes permission check in QueriesController]
- redmine 0.9.3-3
TODO: Check severity, Lenny status
-CVE-2010-1003
- RESERVED
+CVE-2010-1003 (Directory traversal vulnerability in ...)
+ TODO: check
CVE-2010-1002
RESERVED
CVE-2010-1001
@@ -817,26 +1059,23 @@
RESERVED
CVE-2010-0737
RESERVED
-CVE-2010-0736
- RESERVED
+CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform ...)
+ TODO: check
CVE-2010-0735
REJECTED
-CVE-2010-0734 [curl issue]
- RESERVED
+CVE-2010-0734 (content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is ...)
- curl <undetermined>
NOTE: only affected when automatic decompression set, which is off by default upstream
NOTE: http://www.openwall.com/lists/oss-security/2010/03/16/11
TODO: check
-CVE-2010-0733 [postgresql integer overflow]
- RESERVED
+CVE-2010-0733 (Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL ...)
- postgresql-7.4 <undetermined>
- postgresql-8.1 <undetermined>
- postgresql-8.2 <undetermined>
- postgresql-8.3 <undetermined>
- postgresql-8.4 <undetermined>
TODO: check
-CVE-2010-0732 [gnome-screensaver always unlocks after five failed attempts]
- RESERVED
+CVE-2010-0732 (gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver ...)
- gtk+2.0 2.18.5-1
[lenny] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
[etch] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
@@ -948,8 +1187,8 @@
NOT-FOR-US: CommodityRentals Video Games Rentals
CVE-2010-0689 (The ExecuteExe method in the DVBSExeCall Control ActiveX control ...)
NOT-FOR-US: ActiveX
-CVE-2010-0688
- RESERVED
+CVE-2010-0688 (Stack-based buffer overflow in Orbital Viewer 1.04 allows ...)
+ TODO: check
CVE-2010-0687
RESERVED
CVE-2010-0686
@@ -1110,7 +1349,7 @@
NOT-FOR-US: Cisco Collaboration Server
CVE-2010-0640 (Cross-site scripting (XSS) vulnerability in CA eHealth Performance ...)
NOT-FOR-US: CA eHealth Performance Manager
-CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 ...)
+CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x before ...)
- squid 2.7.STABLE8-1 (bug #572553)
[lenny] - squid <no-dsa> (Minor issue, only affects non-default setup)
- squid3 <unfixed> (bug #572554)
@@ -1137,8 +1376,7 @@
- flex 2.5.35-1
CVE-2010-0629
RESERVED
-CVE-2010-0628 [MITKRB5-SA-2010-002]
- RESERVED
+CVE-2010-0628 (The spnego_gss_accept_sec_context function in ...)
- krb5 <unfixed>
[lenny] - krb5 <not-affected> (Only affects 1.7/1.8)
CVE-2010-XXXX [CouchDB: browser interface has XSS, CSRF issues]
@@ -1176,10 +1414,10 @@
RESERVED
CVE-2010-0620 (Directory traversal vulnerability in the SSL Service in EMC HomeBase ...)
NOT-FOR-US: EMC HomeBase Server
-CVE-2010-0619
- RESERVED
-CVE-2010-0618
- RESERVED
+CVE-2010-0619 (Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode ...)
+ TODO: check
+CVE-2010-0618 (The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode ...)
+ TODO: check
CVE-2010-0617 (Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI ...)
NOT-FOR-US: evalSMSI
CVE-2010-0616 (evalSMSI 2.1.03 stores passwords in cleartext in the database, which ...)
@@ -1242,28 +1480,28 @@
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0587 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2010-0586
- RESERVED
-CVE-2010-0585
- RESERVED
-CVE-2010-0584
- RESERVED
-CVE-2010-0583
- RESERVED
-CVE-2010-0582
- RESERVED
-CVE-2010-0581
- RESERVED
-CVE-2010-0580
- RESERVED
-CVE-2010-0579
- RESERVED
-CVE-2010-0578
- RESERVED
-CVE-2010-0577
- RESERVED
-CVE-2010-0576
- RESERVED
+CVE-2010-0586 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager ...)
+ TODO: check
+CVE-2010-0585 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager ...)
+ TODO: check
+CVE-2010-0584 (Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP ...)
+ TODO: check
+CVE-2010-0583 (Memory leak in the H.323 implementation in Cisco IOS 12.1 through ...)
+ TODO: check
+CVE-2010-0582 (Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote ...)
+ TODO: check
+CVE-2010-0581 (Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 ...)
+ TODO: check
+CVE-2010-0580 (Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 ...)
+ TODO: check
+CVE-2010-0579 (The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote ...)
+ TODO: check
+CVE-2010-0578 (The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 ...)
+ TODO: check
+CVE-2010-0577 (Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size ...)
+ TODO: check
+CVE-2010-0576 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x ...)
+ TODO: check
CVE-2010-0575
RESERVED
CVE-2010-0574
@@ -1595,8 +1833,8 @@
- kde4libs <unfixed> (unimportant)
CVE-2010-0466
RESERVED
-CVE-2010-0465
- RESERVED
+CVE-2010-0465 (Cross-site scripting (XSS) vulnerability in the online Documents ...)
+ TODO: check
CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web browser ...)
- roundcube 0.3.1-3 (bug #569660)
CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web browser ...)
@@ -1656,8 +1894,8 @@
[etch] - otrs2 <not-affected> (vulnerable code not present)
- otrs2 2.4.7-1 (medium)
NOTE: http://otrs.org/advisory/OSA-2010-01-en/
-CVE-2010-0437
- RESERVED
+CVE-2010-0437 (The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux ...)
+ TODO: check
CVE-2010-0436
RESERVED
CVE-2010-0435
@@ -2495,34 +2733,34 @@
RESERVED
CVE-2010-0173
RESERVED
-CVE-2010-0172
- RESERVED
-CVE-2010-0171
- RESERVED
-CVE-2010-0170
- RESERVED
-CVE-2010-0169
- RESERVED
-CVE-2010-0168
- RESERVED
-CVE-2010-0167
- RESERVED
-CVE-2010-0166
- RESERVED
-CVE-2010-0165
- RESERVED
-CVE-2010-0164
- RESERVED
-CVE-2010-0163
- RESERVED
+CVE-2010-0172 (toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the ...)
+ TODO: check
+CVE-2010-0171 (Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x ...)
+ TODO: check
+CVE-2010-0170 (Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected ...)
+ TODO: check
+CVE-2010-0169 (The CSSLoaderImpl::DoSheetComplete function in ...)
+ TODO: check
+CVE-2010-0168 (The nsDocument::MaybePreLoadImage function in ...)
+ TODO: check
+CVE-2010-0167 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x ...)
+ TODO: check
+CVE-2010-0166 (The gfxTextRun::SanitizeGlyphRuns function in ...)
+ TODO: check
+CVE-2010-0165 (The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp ...)
+ TODO: check
+CVE-2010-0164 (Use-after-free vulnerability in the ...)
+ TODO: check
+CVE-2010-0163 (Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 ...)
+ TODO: check
CVE-2010-0162 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and ...)
{DSA-1999-1}
- xulrunner 1.9.1.8-1
[etch] - xulrunner <end-of-life>
- iceape 2.0.3-1
[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
-CVE-2010-0161
- RESERVED
+CVE-2010-0161 (The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in ...)
+ TODO: check
CVE-2010-0160 (The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 ...)
- xulrunner 1.9.1.8-1
[etch] - xulrunner <not-affected> (web workers introduced in gecko 1.9.1)
@@ -2936,7 +3174,7 @@
NOT-FOR-US: Active Business Directory
CVE-2009-4463 (** DISPUTED ** ...)
NOT-FOR-US: Intellicom NetBiter WebSCADA
-CVE-2009-4462 (Stack-based buffer overflow in NetBiterConfig.exe 1.3.0 in Intellicom ...)
+CVE-2009-4462 (Stack-based buffer overflow in the NetBiterConfig utility ...)
NOT-FOR-US: Intellicom NetBiter WebSCADA
CVE-2009-4461 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 ...)
- flatpress <itp> (bug #466297)
@@ -3502,8 +3740,7 @@
NOTE: proxy situations, the backend server is usually trusted, anyway.
CVE-2010-0009
RESERVED
-CVE-2010-0008 [linux-2.6 sctp remote denial-of-service]
- RESERVED
+CVE-2010-0008 (The SCTP implementation in the Linux kernel before 2.6.23 allows ...)
- linux-2.6 2.6.23-1
CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the ...)
{DSA-2005-1 DSA-2003-1 DSA-1996-1}
@@ -3628,8 +3865,7 @@
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.27)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545411
-CVE-2009-4271 [linux-2.6: 32-bit processes on 64-bit system kernel panic]
- RESERVED
+CVE-2009-4271 (The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 ...)
- linux-2.6 2.6.18-1
CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsmisc.c ...)
- ghostscript 8.70~dfsg-2.1 (medium; bug #562643)
@@ -6218,8 +6454,8 @@
CVE-2009-3386 (Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 ...)
- bugzilla <not-affected> (Only 3.3 onwards are affected)
TODO: recheck, once a more recent (3.3.x or 3.4.x) version has been uploaded
-CVE-2009-3385
- RESERVED
+CVE-2009-3385 (The mail component in Mozilla SeaMonkey before 1.1.19 does not ...)
+ TODO: check
CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari before ...)
- webkit 1.1.17-2 (medium; bug #559759)
- qt4-x11 <undetermined> (bug #561760)
@@ -8000,8 +8236,8 @@
- linux-2.6 2.6.31-1 (medium)
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.19)
- linux-2.6.24 <removed> (medium)
-CVE-2009-2907
- RESERVED
+CVE-2009-2907 (Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc ...)
+ TODO: check
CVE-2009-2906 (smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, ...)
{DSA-1908-1}
- samba 2:3.4.2-1 (low; bug #550423)
@@ -9535,7 +9771,7 @@
{DSA-1840-1}
- xulrunner 1.9.0.12-1
[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
-CVE-2009-2463 (Integer overflow in a base64 decoding function in Mozilla Firefox ...)
+CVE-2009-2463 (Multiple integer overflows in the (1) PL_Base64Decode and (2) ...)
{DSA-1931-1}
- nspr 4.8.2-1
[etch] - nspr <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
More information about the Secure-testing-commits
mailing list