[Secure-testing-commits] r14353 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Mar 29 21:14:24 UTC 2010 

Author: joeyh
Date: 2010-03-29 21:14:22 +0000 (Mon, 29 Mar 2010)
New Revision: 14353

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-29 18:21:28 UTC (rev 14352)
+++ data/CVE/list	2010-03-29 21:14:22 UTC (rev 14353)
@@ -1,3 +1,57 @@
+CVE-2010-1136 (The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 ...)
+	TODO: check
+CVE-2010-1135 (The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does ...)
+	TODO: check
+CVE-2010-1134 (SQL injection vulnerability in the _find function in searchlib.php in ...)
+	TODO: check
+CVE-2010-1133 (Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x ...)
+	TODO: check
+CVE-2010-1131 (JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, ...)
+	TODO: check
+CVE-2010-1130 (session.c in the session extension in PHP before 5.2.13, and 5.3.1, ...)
+	TODO: check
+CVE-2010-1129 (The safe_mode implementation in PHP before 5.2.13 does not properly ...)
+	TODO: check
+CVE-2010-1128 (The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not ...)
+	TODO: check
+CVE-2010-1127 (Microsoft Internet Explorer 6 and 7 does not initialize certain data ...)
+	TODO: check
+CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers to ...)
+	TODO: check
+CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x allows remote ...)
+	TODO: check
+CVE-2010-1124 (bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading ...)
+	TODO: check
+CVE-2010-1123 (Chip Salzenberg Deliver does not properly associate a lockfile with ...)
+	TODO: check
+CVE-2009-4752 (PHP remote file inclusion vulnerability in anzeiger/start.php in ...)
+	TODO: check
+CVE-2009-4751 (SQL injection vulnerability in anzeiger/start.php in Swinger Club ...)
+	TODO: check
+CVE-2009-4750 (PHP remote file inclusion vulnerability in home.php in Top Paidmailer ...)
+	TODO: check
+CVE-2009-4749 (Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 ...)
+	TODO: check
+CVE-2009-4748 (SQL injection vulnerability in mycategoryorder.php in the My Category ...)
+	TODO: check
+CVE-2009-4747 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2009-4746 (Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels ...)
+	TODO: check
+CVE-2009-4745 (Multiple SQL injection vulnerabilities in index.php in Dreamlevels ...)
+	TODO: check
+CVE-2009-4744 (Cross-site scripting (XSS) vulnerability in the Contact module in ...)
+	TODO: check
+CVE-2009-4743 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2009-4742 (Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote ...)
+	TODO: check
+CVE-2009-4741 (Unspecified vulnerability in the Extras Manager before 2.0.0.67 in ...)
+	TODO: check
+CVE-2009-4740 (Directory traversal vulnerability in the Webesse E-Card (ws_ecard) ...)
+	TODO: check
+CVE-2009-4739 (PHP remote file inclusion vulnerability in index.php in SkaDate Dating ...)
+	TODO: check
 CVE-2010-XXXX [freeciv lua]
 	- freeciv <unfixed> (low)
 	[lenny] - freeciv <no-dsa> (Minor issue)
@@ -298,10 +352,10 @@
 	RESERVED
 CVE-2010-0990
 	RESERVED
-CVE-2010-0989
-	RESERVED
-CVE-2010-0988
-	RESERVED
+CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS before ...)
+	TODO: check
+CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow ...)
+	TODO: check
 CVE-2010-0987
 	RESERVED
 CVE-2010-0986
@@ -521,7 +575,7 @@
 	NOT-FOR-US: phpDirectorySource
 CVE-2009-4680 (SQL injection vulnerability in search.php in phpDirectorySource 1.x ...)
 	NOT-FOR-US: phpDirectorySource
-CVE-2010-1132 [spamass-milter report on full-disclosure]
+CVE-2010-1132 (The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter ...)
 	{DSA-2021-1}
 	- spamass-milter 0.3.1-9 (bug #573228)
 	[lenny] - spamass-milter 0.3.1-8+lenny1
@@ -1064,8 +1118,7 @@
 	RESERVED
 CVE-2010-0741
 	RESERVED
-CVE-2010-0740 [OpenSSL null pointer dereference]
-	RESERVED
+CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through ...)
 	- openssl 0.9.8n-1 (medium; bug #575607)
 	[lenny] - openssl <not-affected> (only 0.9.8m is affected with 16 bit shorts)
 	NOTE: http://www.openssl.org/news/secadv_20100324.txt
@@ -1093,8 +1146,7 @@
 	[etch] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
 	NOTE: http://osvdb.org/show/osvdb/61203
 	NOTE: http://www.openwall.com/lists/oss-security/2010/02/12/1
-CVE-2010-0731 [historic GNUTLS issue]
-	RESERVED
+CVE-2010-0731 (The gnutls_x509_crt_get_serial function in the GnuTLS library before ...)
 	- gnutls26 <not-affected> (Fixed before initial release)
 	- gnutls13 1.2.1-1
 CVE-2010-0730
@@ -1899,8 +1951,7 @@
 	[etch] - asterisk <not-affected> (Only affects 1.6.x)
 CVE-2010-0440 (Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in ...)
 	NOT-FOR-US: Cisco Secure Desktop
-CVE-2010-0439 [Multiple vulnerabilities in Deliver]
-	RESERVED
+CVE-2010-0439 (Chip Salzenberg Deliver allows local users to cause a denial of ...)
 	- deliver <removed>
 CVE-2010-0438 (Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in ...)
 	{DSA-1993-1}
@@ -3078,8 +3129,8 @@
 	RESERVED
 CVE-2009-4506
 	RESERVED
-CVE-2009-4505
-	RESERVED
+CVE-2009-4505 (Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP ...)
+	TODO: check
 CVE-2009-4504
 	RESERVED
 CVE-2009-4503

More information about the Secure-testing-commits mailing list