[Secure-testing-commits] r15584 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Mon Nov 15 18:36:45 UTC 2010
Author: jmm-guest
Date: 2010-11-15 18:36:33 +0000 (Mon, 15 Nov 2010)
New Revision: 15584
Modified:
data/CVE/list
Log:
- php5 fixed
- vlc issue is windows-specific
- new imagemagick issue (CVE requested on oss-sec)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-11-15 03:49:25 UTC (rev 15583)
+++ data/CVE/list 2010-11-15 18:36:33 UTC (rev 15584)
@@ -1,5 +1,8 @@
CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets ...)
- proftpd-dfsg 1.3.3a-5 (bug #603511; bug #602279)
+CVE-2010-XXXX [imagemagick reads config files from cwd]
+ - imagemagick <unfixed> (low; bug #601824)
+ [lenny] - imagemagick <no-dsa> (Minor issue)
CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated Solution ...)
NOT-FOR-US: IBM WebSphere
CVE-2010-4219 (Cross-site scripting (XSS) vulnerability in SemanticTagService.js in ...)
@@ -1195,7 +1198,7 @@
- pidgin 2.7.4-1
[squeeze] - pidgin 2.7.3-1+squeeze1
CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in PHP ...)
- - php5 <unfixed> (bug filed)
+ - php5 5.3.3-3 (bug filed)
CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...)
TODO: check
CVE-2010-3708
@@ -2516,9 +2519,7 @@
CVE-2010-3203 (Directory traversal vulnerability in the PicSell (com_picsell) ...)
NOT-FOR-US: PicSell
CVE-2010-XXXX [vlc stack overflow]
- - vlc <undetermined> (low; bug #595686)
- NOTE: poc didn't work. may be windows-only
- TODO: check with upstream
+ - vlc <not-affected> (Windows-specific)
CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 ...)
NOT-FOR-US: flock
CVE-2010-3201
More information about the Secure-testing-commits
mailing list