[Secure-testing-commits] r15550 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Nov 1 21:15:13 UTC 2010
Author: joeyh
Date: 2010-11-01 21:15:05 +0000 (Mon, 01 Nov 2010)
New Revision: 15550
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-11-01 21:04:39 UTC (rev 15549)
+++ data/CVE/list 2010-11-01 21:15:05 UTC (rev 15550)
@@ -1,3 +1,43 @@
+CVE-2010-4141
+ RESERVED
+CVE-2010-4140
+ RESERVED
+CVE-2010-4139
+ RESERVED
+CVE-2010-4138
+ RESERVED
+CVE-2010-4137
+ RESERVED
+CVE-2010-4136
+ RESERVED
+CVE-2010-4135
+ RESERVED
+CVE-2010-4134
+ RESERVED
+CVE-2010-4133
+ RESERVED
+CVE-2010-4132
+ RESERVED
+CVE-2010-4131
+ RESERVED
+CVE-2010-4130
+ RESERVED
+CVE-2010-4129
+ RESERVED
+CVE-2010-4128
+ RESERVED
+CVE-2010-4127
+ RESERVED
+CVE-2010-4126
+ RESERVED
+CVE-2010-4125
+ RESERVED
+CVE-2010-4124
+ RESERVED
+CVE-2010-4123
+ RESERVED
+CVE-2010-4122
+ RESERVED
CVE-2010-4121 (** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning ...)
NOT-FOR-US: IBM Tivoli
CVE-2010-XXXX
@@ -60,20 +100,20 @@
RESERVED
CVE-2010-4091
RESERVED
-CVE-2010-4090
- RESERVED
-CVE-2010-4089
- RESERVED
-CVE-2010-4088
- RESERVED
-CVE-2010-4087
- RESERVED
-CVE-2010-4086
- RESERVED
-CVE-2010-4085
- RESERVED
-CVE-2010-4084
- RESERVED
+CVE-2010-4090 (Adobe Shockwave Player before 11.5.9.615 allows attackers to execute ...)
+ TODO: check
+CVE-2010-4089 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...)
+ TODO: check
+CVE-2010-4088 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...)
+ TODO: check
+CVE-2010-4087 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...)
+ TODO: check
+CVE-2010-4086 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...)
+ TODO: check
+CVE-2010-4085 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...)
+ TODO: check
+CVE-2010-4084 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...)
+ TODO: check
CVE-2010-4083
RESERVED
- linux-2.6 <unfixed> (low)
@@ -827,6 +867,7 @@
CVE-2010-3766
RESERVED
CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when ...)
+ {DSA-2124-1}
- xulrunner <removed>
- iceweasel 3.5.15-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
@@ -999,8 +1040,8 @@
NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
CVE-2010-3701 (lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows ...)
NOT-FOR-US: Red Hat Enterprise MRG
-CVE-2010-3700
- RESERVED
+CVE-2010-3700 (VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before ...)
+ TODO: check
CVE-2010-3699
RESERVED
CVE-2010-3698
@@ -1091,11 +1132,11 @@
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3656 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2010-3655
- RESERVED
-CVE-2010-3654
- RESERVED
-CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave player 11.5.8.612, ...)
+CVE-2010-3655 (Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player ...)
+ TODO: check
+CVE-2010-3654 (Adobe Flash Player 10.1.85.3 and earlier on Windows, Mac OS X, Linux, ...)
+ TODO: check
+CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave Player before ...)
NOT-FOR-US: Adobe Shockwave
CVE-2010-3652
RESERVED
@@ -2325,6 +2366,7 @@
CVE-2010-3184
RESERVED
CVE-2010-3183 (The LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and ...)
+ {DSA-2124-1}
- xulrunner <removed>
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
@@ -2338,6 +2380,7 @@
CVE-2010-3181 (Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 ...)
- iceweasel <not-affected> (Windows-specific)
CVE-2010-3180 (Use-after-free vulnerability in the nsBarProp function in Mozilla ...)
+ {DSA-2124-1}
- xulrunner <removed>
- icedove 3.0.9-1
- iceweasel 3.5.14-1
@@ -2345,6 +2388,7 @@
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-3179 (Stack-based buffer overflow in the text-rendering functionality in ...)
+ {DSA-2124-1}
- xulrunner <removed>
- icedove 3.0.9-1
- iceweasel 3.5.14-1
@@ -2352,6 +2396,7 @@
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-3178 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird ...)
+ {DSA-2124-1}
- xulrunner <removed>
- icedove 3.0.9-1
- iceweasel 3.5.14-1
@@ -2359,12 +2404,14 @@
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-3177 (Multiple cross-site scripting (XSS) vulnerabilities in the Gopher ...)
+ {DSA-2124-1}
- xulrunner <removed>
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-3176 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
+ {DSA-2124-1}
- xulrunner <removed>
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
@@ -2373,6 +2420,7 @@
CVE-2010-3175 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox 3.6, which is only in experimental)
CVE-2010-3174 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
+ {DSA-2124-1}
- xulrunner <removed>
- icedove 3.0.9-1
- iceweasel 3.5.14-1
@@ -2380,12 +2428,14 @@
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-3173 (The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x ...)
+ {DSA-2123-1}
- nss 3.12.8-1
CVE-2010-3172
RESERVED
CVE-2010-3171 (The Math.random function in the JavaScript implementation in Mozilla ...)
NOTE: Will likely be rejected by MITRE
CVE-2010-3170 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird ...)
+ {DSA-2123-1}
- nss 3.12.8-1
CVE-2010-3169 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-2106-1}
@@ -2782,8 +2832,8 @@
RESERVED
CVE-2010-3037
RESERVED
-CVE-2010-3036
- RESERVED
+CVE-2010-3036 (Multiple buffer overflows in the authentication functionality in the ...)
+ TODO: check
CVE-2010-3035 (Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not ...)
NOT-FOR-US: Cisco IOS XR
CVE-2010-3034 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or ...)
@@ -3488,7 +3538,7 @@
- iceweasel <not-affected> (The vulnerability is MacOS-specific)
- iceape <not-affected> (The vulnerability is MacOS-specific)
CVE-2010-2769 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
- {DSA-2106-1}
+ {DSA-2124-1 DSA-2106-1}
- xulrunner <removed>
- iceweasel 3.5.12-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
@@ -3996,10 +4046,10 @@
NOT-FOR-US: RealPage Module ActiveX Controls
CVE-2010-2583
RESERVED
-CVE-2010-2582
- RESERVED
-CVE-2010-2581
- RESERVED
+CVE-2010-2582 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.9.615 ...)
+ TODO: check
+CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...)
+ TODO: check
CVE-2010-2580 (The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not ...)
NOT-FOR-US: MailEnable
CVE-2010-2579
@@ -9544,7 +9594,7 @@
- chromium-browser 5.0.375.29~r46008-1
- webkit <not-affected> (chrome-specific issue)
CVE-2010-0654 (Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, ...)
- {DSA-2075-1}
+ {DSA-2124-1 DSA-2075-1}
- xulrunner 1.9.1.11-1 (bug #570743)
- iceweasel 3.5.11-2
[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
More information about the Secure-testing-commits
mailing list