[Secure-testing-commits] r14764 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Fri May 28 21:38:11 UTC 2010
Author: jmm-guest
Date: 2010-05-28 21:38:10 +0000 (Fri, 28 May 2010)
New Revision: 14764
Modified:
data/CVE/list
data/mops.txt
Log:
MOPS CVE assignments
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-05-28 21:31:51 UTC (rev 14763)
+++ data/CVE/list 2010-05-28 21:38:10 UTC (rev 14764)
@@ -5,23 +5,28 @@
CVE-2010-2102 (Buffer overflow in Webby Webserver 1.01 allows remote attackers to ...)
TODO: check
CVE-2010-2101 (The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ...)
- TODO: check
+ - php5 <unfixed> (unimportant)
+ NOTE: Only triggerable through malicious script
CVE-2010-2100 (The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) ...)
- TODO: check
+ - php5 <unfixed> (unimportant)
+ NOTE: Only triggerable through malicious script
CVE-2010-2099 (bbcode/php.bb in e107 0.7.20 and earlier does not perform access ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2010-2098 (Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2010-2097 (The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...)
- TODO: check
+ - php5 <unfixed> (unimportant)
+ NOTE: Only triggerable through malicious script
CVE-2010-2096 (Directory traversal vulnerability in index.php in CMSQlite 1.2 and ...)
- TODO: check
+ NOT-FOR-US: CMSQlite
CVE-2010-2095 (SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier ...)
- TODO: check
+ NOT-FOR-US: CMSQlite
CVE-2010-2094 (Multiple format string vulnerabilities in the phar extension in PHP ...)
- TODO: check
+ - php5 <unfixed> (low)
+ [lenny] - php5 <not-affected> (Vulnerable code not present)
CVE-2010-2093 (Use-after-free vulnerability in the request shutdown functionality in ...)
- TODO: check
+ - php5 <unfixed> (unimportant)
+ NOTE: Only triggerable through malicious script
CVE-2010-2092 (SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier ...)
TODO: check
CVE-2010-2091 (Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 ...)
Modified: data/mops.txt
===================================================================
--- data/mops.txt 2010-05-28 21:31:51 UTC (rev 14763)
+++ data/mops.txt 2010-05-28 21:38:10 UTC (rev 14764)
@@ -21,28 +21,31 @@
019: CVE-2010-1916; Serendipity, doesn't affect Lenny (1.4 onwards), pinged Thijs
020: CVE-2010-1916; External app; xinha, Just an ITP: #479708, there are embedders
021: CVE-2010-1917; PHP fnmatch() Stack Exhaustion Vulnerability
-022: no CVE yet; Only triggerable by malicious script
+022: CVE-2010-2093; Only triggerable by malicious script
023: no CVE yet; Cacti, pinged Sean Finney
-024: no CVE yet; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR
-025: no CVE yet; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR
-026: no CVE yet; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR
-027: no CVE yet; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR
-028: no CVE yet; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR
+024: CVE-2010-2094; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR
+025: CVE-2010-2094; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR
+026: CVE-2010-2094; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR
+027: CVE-2010-2094; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR
+028: CVE-2010-2094; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR
029: External app not in Debian: CMSQLITE
030: External app not in Debian: CMSQLITE
031: External app not in Debian: e107
-032: no CVE yet; Only triggerable by malicious script
-033: no CVE yet; Only triggerable by malicious script
-034: no CVE yet; Only triggerable by malicious script
+032: CVE-2010-2097; Only triggerable by malicious script
+033: CVE-2010-2097; Only triggerable by malicious script
+034: CVE-2010-2097; Only triggerable by malicious script
035: External app not in Debian: e107
-036: no CVE yet; Only triggerable by malicious script
-037: no CVE yet; Only triggerable by malicious script
-038: no CVE yet; Only triggerable by malicious script
-039: no CVE yet; Only triggerable by malicious script
-040: no CVE yet; Only triggerable by malicious script
-041: no CVE yet; Only triggerable by malicious script
-042: no CVE yet; Only triggerable by malicious script
-043: no CVE yet; Only triggerable by malicious script
-044: no CVE yet; Only triggerable by malicious script
-045: no CVE yet; Only triggerable by malicious script
-046: no CVE yet; Only triggerable by malicious script
+036: CVE-2010-2100; Only triggerable by malicious script
+037: CVE-2010-2100; Only triggerable by malicious script
+038: CVE-2010-2100; Only triggerable by malicious script
+039: CVE-2010-2100; Only triggerable by malicious script
+040: CVE-2010-2100; Only triggerable by malicious script
+041: CVE-2010-2101; Only triggerable by malicious script
+042: CVE-2010-2101; Only triggerable by malicious script
+043: CVE-2010-2101; Only triggerable by malicious script
+044: CVE-2010-2101; Only triggerable by malicious script
+045: CVE-2010-2101; Only triggerable by malicious script
+046: CVE-2010-2101; Only triggerable by malicious script
+
+
+
More information about the Secure-testing-commits
mailing list