[Secure-testing-commits] r15591 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Tue Nov 16 22:17:44 UTC 2010
Author: jmm-guest
Date: 2010-11-16 22:17:43 +0000 (Tue, 16 Nov 2010)
New Revision: 15591
Modified:
data/CVE/list
Log:
- new yaws issue (open in Squeeze, likely open in Lenny)
- new turbogears issue (already resolved in Squeeze, not in Lenny)
- new dhcp issue (open in Squeeze, not in Lenny)
- new php5 issues (three open in Squeze, two open in Lenny)
- texmacs fix was insufficient and reopened
- mercurial CVEfied
- NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-11-16 21:14:37 UTC (rev 15590)
+++ data/CVE/list 2010-11-16 22:17:43 UTC (rev 15591)
@@ -1,5 +1,3 @@
-CVE-2010-4237
- RESERVED
CVE-2010-4236 (Untrusted search path vulnerability in estaskwrapper in IBM OmniFind ...)
TODO: check
CVE-2010-4235
@@ -117,7 +115,7 @@
CVE-2010-4182 (Untrusted search path vulnerability in the Data Access Objects (DAO) ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote attackers ...)
- TODO: check
+ - yaws <unfixed> (bug filed)
CVE-2010-4180
RESERVED
CVE-2010-4179
@@ -161,7 +159,8 @@
CVE-2010-4159
RESERVED
CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ...)
- TODO: check
+ - php5 <unfixed> (bug filed)
+ [lenny] - php5 <not-affected> (Only affects 5.3.x)
CVE-2010-4155 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 ...)
NOT-FOR-US: eXV2 CMS
CVE-2010-4154 (Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager ...)
@@ -175,9 +174,9 @@
CVE-2010-4150
RESERVED
CVE-2009-5015 (The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 ...)
- TODO: check
+ - turbogears2 2.0.3-1
CVE-2009-5014 (The default quickstart configuration of TurboGears2 (aka tg2) before ...)
- TODO: check
+ - turbogears2 2.0.3-1
CVE-2008-7265 (The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote ...)
TODO: check
CVE-2010-4203 (WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google ...)
@@ -604,7 +603,7 @@
CVE-2010-3978
RESERVED
CVE-2010-3977 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: cForm wordpress plugin
CVE-2010-3976 (Untrusted search path vulnerability in Adobe Flash Player before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2010-3975 (Untrusted search path vulnerability in Adobe Flash Player 9 allows ...)
@@ -827,9 +826,9 @@
CVE-2010-3872
RESERVED
CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ - mahara <unfixed> (bug filed)
CVE-2010-3870 (The utf8_decode function in PHP before 5.3.4 does not properly handle ...)
- TODO: check
+ - php5 <unfixed> (bug filed)
CVE-2010-3869
RESERVED
CVE-2010-3868
@@ -846,7 +845,7 @@
CVE-2010-3864
RESERVED
CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize ...)
- TODO: check
+ NOT-FOR-US: Apache Shiro / JSecurity
CVE-2010-3862
RESERVED
CVE-2010-3861
@@ -923,7 +922,8 @@
RESERVED
- libapache-authenhook-perl 2.00-04+pristine-2 (low; bug #599712)
[lenny] - libapache-authenhook-perl <no-dsa> (Will be fixed in stable update)
-CVE-2010-XXXX
+CVE-2010-4237
+ RESERVED
- mercurial 1.6.4-1 (low; bug #598841)
CVE-2010-3840
RESERVED
@@ -1230,9 +1230,9 @@
- pidgin 2.7.4-1
[squeeze] - pidgin 2.7.3-1+squeeze1
CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in PHP ...)
- - php5 5.3.3-3 (bug filed)
+ - php5 5.3.3-3 (bug #601619)
CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...)
- TODO: check
+ - php5 <unfixed> (bug filed)
CVE-2010-3708
RESERVED
CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...)
@@ -1448,7 +1448,9 @@
CVE-2010-3612
RESERVED
CVE-2010-3611 (ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before ...)
- TODO: check
+ - isc-dhcp <unfixed>
+ - dhcp3 <not-affected> (Only affects DHCP 4.x)
+ - dhcp <not-affected> (Only affects DHCP 4.x)
CVE-2010-3610
RESERVED
CVE-2010-3609
@@ -2075,7 +2077,7 @@
CVE-2010-3395
RESERVED
CVE-2010-3394 (The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place ...)
- - texmacs 1:1.0.7.4-3 (bug #598424)
+ - texmacs <unfixed> (bug #598424)
CVE-2010-3393 (magics-config in Magics++ 2.10.0 places a zero-length directory name ...)
- magics++ 2.10.0.dfsg-5.1 (bug #598418)
CVE-2010-3392
@@ -4157,7 +4159,7 @@
CVE-2010-2638 (Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 ...)
TODO: check
CVE-2010-2637 (IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2010-2636 (Multiple cross-site scripting (XSS) vulnerabilities in sample store ...)
NOT-FOR-US: IBM WebSphere Commerce
CVE-2010-2635 (SQL injection vulnerability in IBM WebSphere Commerce 6.0 before ...)
@@ -4271,7 +4273,7 @@
CVE-2010-2584 (The Upload method in the RealPage Module Upload ActiveX control in ...)
NOT-FOR-US: RealPage Module ActiveX Controls
CVE-2010-2583 (Stack-based buffer overflow in SonicWALL SSL-VPN End-Point ...)
- TODO: check
+ NOT-FOR-US: SonicWALL
CVE-2010-2582 (An unspecified function in TextXtra.x32 in Adobe Shockwave Player ...)
NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote ...)
More information about the Secure-testing-commits
mailing list