[Secure-testing-commits] r14762 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Fri May 28 21:30:13 UTC 2010 

Author: jmm-guest
Date: 2010-05-28 21:30:13 +0000 (Fri, 28 May 2010)
New Revision: 14762

Modified:
   data/CVE/list
   data/mops.txt
Log:
- new ocsinventory issue (unimportant)
- remove some TODOs, such issues are usually only fixed by Mozilla
  over a long time
- MOPS updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-05-28 21:15:43 UTC (rev 14761)
+++ data/CVE/list	2010-05-28 21:30:13 UTC (rev 14762)
@@ -258,17 +258,14 @@
 	- xulrunner <unfixed> (unimportant)
 	- iceape <unfixed> (unimportant)
 	NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom)
-	TODO: check 3.6.3
 CVE-2010-1987 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...)
 	- xulrunner <unfixed> (unimportant)
 	- iceape <unfixed> (unimportant)
 	NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom)
-	TODO: check 3.6.3
 CVE-2010-1986 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...)
 	- xulrunner <unfixed> (unimportant)
 	- iceape <unfixed> (unimportant)
 	NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom)
-	TODO: check 3.6.3
 CVE-2010-1985 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOT-FOR-US: Six Apart Movable type
 CVE-2010-1984 (Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb ...)
@@ -851,8 +848,8 @@
 CVE-2010-1734 (The SfnINSTRING function in win32k.sys in the kernel in Microsoft ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-1733 (Multiple SQL injection vulnerabilities in OCS Inventory NG before ...)
-	- ocsinventory-server <undetermined>
-	TODO: check
+	- ocsinventory-server <unfixed> (unimportant)
+	NOTE: Authentication is needed, only supported in trusted environments, see debtags
 CVE-2010-1732 (Cross-site request forgery (CSRF) vulnerability in the users module in ...)
 	NOT-FOR-US: Zikula Application Framework
 CVE-2010-1731 (Google Chrome on the HTC Hero allows remote attackers to cause a ...)

Modified: data/mops.txt
===================================================================
--- data/mops.txt	2010-05-28 21:15:43 UTC (rev 14761)
+++ data/mops.txt	2010-05-28 21:30:13 UTC (rev 14762)
@@ -40,3 +40,9 @@
 038: no CVE yet; Only triggerable by malicious script
 039: no CVE yet; Only triggerable by malicious script
 040: no CVE yet; Only triggerable by malicious script
+041: no CVE yet; Only triggerable by malicious script
+042: no CVE yet; Only triggerable by malicious script
+043: no CVE yet; Only triggerable by malicious script
+044: no CVE yet; Only triggerable by malicious script
+045: no CVE yet; Only triggerable by malicious script
+046: no CVE yet; Only triggerable by malicious script

More information about the Secure-testing-commits mailing list