[Secure-testing-commits] r14692 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Thu May 13 23:53:46 UTC 2010 

Author: gilbert-guest
Date: 2010-05-13 23:53:46 +0000 (Thu, 13 May 2010)
New Revision: 14692

Modified:
   data/CVE/list
Log:
NFUs and new issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-05-13 21:14:30 UTC (rev 14691)
+++ data/CVE/list	2010-05-13 23:53:46 UTC (rev 14692)
@@ -1,27 +1,27 @@
 CVE-2010-1936 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
-	TODO: check
+	NOT-FOR-US: openMairie openComInterne
 CVE-2010-1935 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
-	TODO: check
+	NOT-FOR-US: openMairie Openpresse
 CVE-2010-1934 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...)
-	TODO: check
+	NOT-FOR-US: openMairie openPlanning
 CVE-2010-1928 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
-	TODO: check
+	NOT-FOR-US: openMairie openPlanning
 CVE-2010-1927 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...)
-	TODO: check
+	NOT-FOR-US: openMairie openCourrier
 CVE-2010-1926 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
-	TODO: check
+	NOT-FOR-US: openMairie openCourrier
 CVE-2010-1925 (SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows ...)
-	TODO: check
+	NOT-FOR-US: tekno.Portal
 CVE-2010-1924 (SQL injection vulnerability in index.php in Hi Web Wiesbaden Live ...)
-	TODO: check
+	NOT-FOR-US: Hi Web Wiesbaden Live Shopping multi Portal System
 CVE-2010-1923 (SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 ...)
-	TODO: check
+	NOT-FOR-US: Hi Web Wiesbaden Web Social Network Community System
 CVE-2010-1922 (Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 ...)
-	TODO: check
+	NOT-FOR-US: 29o3 CMS
 CVE-2010-1921 (Multiple PHP remote file inclusion vulnerabilities in OpenMairie ...)
-	TODO: check
+	NOT-FOR-US: OpenMairie openAnnuaire
 CVE-2010-1920 (Directory traversal vulnerability in scr/soustab.php in OpenMairie ...)
-	TODO: check
+	NOT-FOR-US: OpenMairie openAnnuaire
 CVE-2010-1933
 	RESERVED
 CVE-2010-1932
@@ -726,8 +726,15 @@
 	RESERVED
 CVE-2010-1622
 	RESERVED
-CVE-2010-1621
+CVE-2010-1621 [mysql plugin issue]
 	RESERVED
+	- mysql <undetermined>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=590190
+	TODO: check
+CVE-2010-XXXX [mysql symlink attack]
+	- mysql <undetermined>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648
+	TODO: check
 CVE-2010-1620 (Integer overflow in the load_iface function in Tools/gdomap.c in ...)
 	- gnustep-base <unfixed>
 CVE-2010-1612 (The IBM WebSphere DataPower XML Accelerator XA35, Low Latency ...)
@@ -1006,10 +1013,16 @@
 	RESERVED
 CVE-2010-1513
 	RESERVED
-CVE-2010-1512
+CVE-2010-1512 [aria2 directory traversal]
 	RESERVED
-CVE-2010-1511
+	- aria2 <undetermined>
+	NOTE: http://seclists.org/fulldisclosure/2010/May/168
+	TODO: check
+CVE-2010-1511 [kget insecure file get]
 	RESERVED
+	- kdenetwork <undetermined>
+	NOTE: http://seclists.org/fulldisclosure/2010/May/164
+	TODO: check
 CVE-2010-1510
 	RESERVED
 CVE-2010-1509
@@ -1168,7 +1181,7 @@
 CVE-2010-1483
 	RESERVED
 CVE-2010-1482 (Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CVE-2010-1481 (Cross-site scripting (XSS) vulnerability in the table feature in ...)
 	NOT-FOR-US: PmWiki
 CVE-2010-1480 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...)
@@ -2402,8 +2415,11 @@
 	RESERVED
 CVE-2010-1001
 	RESERVED
-CVE-2010-1000
+CVE-2010-1000 [kget directory traversal]
 	RESERVED
+	- kdenetwork <undetermined>
+	NOTE: http://seclists.org/fulldisclosure/2010/May/165
+	TODO: check
 CVE-2010-0999
 	RESERVED
 CVE-2010-0998
@@ -4426,10 +4442,9 @@
 	- zope2.11 <removed>
 	- zope2.9 <removed>
 	NOTE: https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html
-CVE-2010-XXXX [potential sudo vuln]
-	- sudo <undetermined> (low; bug #565223)
-	TODO: check
-	NOTE: bug report is very speculative, but is probably worth checking
+CVE-2010-XXXX [sudo glob processing issue]
+	- sudo 1.7.0-1 (low; bug #565223)
+	[lenny] - sudo <no-dsa> (no known attack vector; attacker needs to be able to modify sudoers file)
 CVE-2010-XXXX [makepasswd: insecure passwords generated with default settings]
 	- makepasswd 1.10-5 (low; bug #564559)
 	[lenny] - makepasswd <no-dsa> (Minor issue)
@@ -4533,6 +4548,10 @@
 CVE-2010-XXXX [zend framework multiple issues]
 	- zendframework 1.9.7-1
 	NOTE: http://framework.zend.com/security/advisory/ZF2010-01 - ZF2010-06
+CVE-2010-XXXX [ZF2010-07]
+	- zendframework <undetermined>
+	NOTE: http://framework.zend.com/security/advisory/ZF2010-07
+	TODO: check
 CVE-2009-4612 (Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP ...)
 	- jetty 6.1.22-1 (bug #575789)
 CVE-2009-4611 (Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing ...)

More information about the Secure-testing-commits mailing list