[Secure-testing-commits] r15526 - data/CVE

Tue Oct 26 21:26:51 UTC 2010

Author: jmm-guest
Date: 2010-10-26 21:26:50 +0000 (Tue, 26 Oct 2010)
New Revision: 15526

Modified:
   data/CVE/list
Log:
- tangerine fixed
- gollem NMUd
- filed bug for moodle/phpcas
- new kernel info leaks (more to come)


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-10-26 21:14:36 UTC (rev 15525)
+++ data/CVE/list	2010-10-26 21:26:50 UTC (rev 15526)
@@ -40,8 +40,10 @@
 	RESERVED
 CVE-2010-4073
 	RESERVED
+	- linux-2.6 <unfixed> (low)
 CVE-2010-4072
 	RESERVED
+	- linux-2.6 <unfixed> (low)
 CVE-2010-4071
 	RESERVED
 CVE-2010-4070 (Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper ...)
@@ -944,17 +946,17 @@
 	- libphp-cas <itp> (bug #495542)
 	- glpi <unfixed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
-	- moodle <unfixed>
+	- moodle <unfixed> (bug #601384)
 CVE-2010-3691 (PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ...)
 	- libphp-cas <itp> (bug #495542)
 	- glpi <unfixed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
-	- moodle <unfixed>
+	- moodle <unfixed> (bug #601384)
 CVE-2010-3690 (Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before ...)
 	- libphp-cas <itp> (bug #495542)
 	- glpi <unfixed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
-	- moodle <unfixed>
+	- moodle <unfixed> (bug #601384)
 CVE-2010-3689
 	RESERVED
 CVE-2010-3687 (Unspecified vulnerability in the powermail extension 1.5.3 and earlier ...)
@@ -1560,7 +1562,7 @@
 	NOTE: this is more of a hardware bug rather than a security issue
 CVE-2010-3447 [horde gollem XSS]
 	RESERVED
-	- gollem <unfixed> (bug #598585)
+	- gollem 1.1.1+debian0-1.1 (bug #598585)
 	NOTE: http://bugs.horde.org/ticket/9191
 CVE-2010-3446
 	RESERVED
@@ -1771,7 +1773,7 @@
 CVE-2010-3382 (tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a ...)
 	- tau 2.16.4-1.4 (bug #598303)
 CVE-2010-3381 (The (1) tangerine and (2) tangerine-properties scripts in Tangerine ...)
-	- tangerine <unfixed> (bug #598302)
+	- tangerine 0.3.2.2-6 (bug #598302)
 CVE-2010-3380 (The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before ...)
 	- slurm-llnl <unfixed>
 	NOTE: Debian package ships its own, also vulnerable, init script. NOT fixed in 2.1.14-1
@@ -3291,12 +3293,12 @@
 	- libphp-cas <itp> (bug #495542)
 	- glpi <unfixed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
-	- moodle <unfixed>
+	- moodle <unfixed> (bug #601384)
 CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack ...)
 	- libphp-cas <itp> (bug #495542)
 	- glpi <unfixed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
-	- moodle <unfixed>
+	- moodle <unfixed> (bug #601384)
 CVE-2010-2794 (The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users ...)
 	NOT-FOR-US: SPICE plugin for Firefox
 CVE-2010-2793


