[Secure-testing-commits] r15533 - data/CVE

Wed Oct 27 20:40:38 UTC 2010

Author: jmm-guest
Date: 2010-10-27 20:40:36 +0000 (Wed, 27 Oct 2010)
New Revision: 15533

Modified:
   data/CVE/list
Log:
- unimportant ghostscrip crasher
- new mantis and php5 issues: bug filed
- cleanup old REJECTED entries
- NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-10-27 20:18:52 UTC (rev 15532)
+++ data/CVE/list	2010-10-27 20:40:36 UTC (rev 15533)
@@ -93,7 +93,7 @@
 CVE-2010-4055 (Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 ...)
 	TODO: check
 CVE-2010-4054 (The gs_type2_interpret function in Ghostscript allows remote attackers ...)
-	TODO: check
+	- ghostscript <unfixed> (unimportant)
 CVE-2010-4053 (Stack-based buffer overflow in an unspecified logging function in ...)
 	TODO: check
 CVE-2010-4052
@@ -580,7 +580,7 @@
 	RESERVED
 	- curl <not-affected> (Doesn't affect POSIX systems)
 CVE-2010-3841 (Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in ...)
-	TODO: check
+	NOT-FOR-US: TWiki
 CVE-2009-5009 (Double free vulnerability in OpenConnect before 1.40 might allow ...)
 	- openconnect 1.40-1
 CVE-2009-5008 (Cisco Secure Desktop (CSD), when used in conjunction with an ...)
@@ -588,9 +588,9 @@
 CVE-2009-5007 (The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows ...)
 	NOT-FOR-US: Cisco AnyConnect SSL VPN trial client
 CVE-2009-5006 (The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in ...)
-	TODO: check
+	NOT-FOR-US: Apache Qpid
 CVE-2009-5005 (The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache ...)
-	TODO: check
+	NOT-FOR-US: Apache Qpid
 CVE-2009-5004
 	RESERVED
 CVE-2010-3845
@@ -770,7 +770,7 @@
 CVE-2010-3764
 	RESERVED
 CVE-2010-3763 (Cross-site scripting (XSS) vulnerability in core/summary_api.php in ...)
-	TODO: check
+	- mantis <unfixed> (bug filed)
 CVE-2010-3762 (ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not ...)
 	- bind9 <unfixed> (bug #599515)
 	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
@@ -893,7 +893,7 @@
 	- pidgin 2.7.4-1
 	[squeeze] - pidgin 2.7.3-1+squeeze1
 CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in PHP ...)
-	TODO: check
+	- php5 <unfixed> (bug filed)
 CVE-2010-3709
 	RESERVED
 CVE-2010-3708
@@ -1707,22 +1707,10 @@
 	- chromium-browser 6.0.472.59~r59126-1
 CVE-2010-3410
 	REJECTED
-	- webkit <undetermined>
-	- chromium-browser 6.0.472.59~r59126-1
-	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43587
-	NOTE: http://trac.webkit.org/changeset/66847
 CVE-2010-3409
 	REJECTED
-	- webkit <undetermined>
-	- chromium-browser 6.0.472.59~r59126-1
-	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43260
-	NOTE: http://trac.webkit.org/changeset/66795
 CVE-2010-3408
 	REJECTED
-	- webkit <undetermined>
-	- chromium-browser 6.0.472.59~r59126-1
-	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43055
-	NOTE: http://trac.webkit.org/changeset/65692
 CVE-2010-3407 (Stack-based buffer overflow in the MailCheck821Address function in ...)
 	NOT-FOR-US: IBM Lotus Domino
 CVE-2010-3406 (Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM ...)
@@ -1999,11 +1987,11 @@
 CVE-2010-3291 (Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x ...)
 	NOT-FOR-US: HP AssetCenter
 CVE-2010-3290 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...)
-	TODO: check
+	NOT-FOR-US: HP Systems Insight Manager
 CVE-2010-3289 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...)
-	TODO: check
+	NOT-FOR-US: HP Systems Insight Manager
 CVE-2010-3288 (Cross-site request forgery (CSRF) vulnerability in HP Systems Insight ...)
-	TODO: check
+	NOT-FOR-US: HP Systems Insight Manager
 CVE-2010-3287 (Unspecified vulnerability on HP ProCurve Access Points, Access ...)
 	NOT-FOR-US: HP ProCurve
 CVE-2010-3286 (Unspecified vulnerability in HP Systems Insight Manager (SIM) 6.0 and ...)
@@ -2609,7 +2597,7 @@
 CVE-2010-3084 (Buffer overflow in the niu_get_ethtool_tcam_all function in ...)
 	- linux-2.6 2.6.32-25
 CVE-2010-3083 (sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat ...)
-	TODO: check
+	NOT-FOR-US: Apache Qpid
 CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 ...)
 	- python-django 1.2.3-1 (low; bug #596205)
 	NOTE: http://www.djangoproject.com/weblog/2010/sep/08/security-release/
@@ -4601,16 +4589,9 @@
 	NOT-FOR-US: Symantec Sygate Personal Firewall
 CVE-2010-2304
 	REJECTED
-	- webkit 1.2.1-3 (medium; bug #586547)
-	- chromium-browser 5.0.375.70~r48679-1
-	NOTE: http://trac.webkit.org/changeset/59950
-	NOTE: duplicate of cve-2010-1773
 CVE-2010-2303
 	REJECTED
-	- webkit 1.2.1-3
-	- chromium-browser 5.0.375.70~r48679-1
-	NOTE: http://trac.webkit.org/changeset/59859
-	NOTE: duplicate of cve-2010-1772
+
 CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google Chrome ...)
 	- webkit 1.2.1-3
 	- chromium-browser 5.0.375.70~r48679-1
@@ -6834,13 +6815,6 @@
 	- webkit <not-affected> (chromium-specific directory traversal)
 CVE-2010-1501
 	REJECTED
-	- chromium-browser 5.0.375.29~r46008-1
-	- webkit 1.2.2-1 
-	[lenny] - webkit <not-affected> (introduced in r47291)
-	- qt4-x11 <undetermined>
-	- kdelibs <undetermined>
-	- kde4libs <undetermined>
-	NOTE: http://trac.webkit.org/changeset/57041
 CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support forms, ...)
 	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <not-affected> (proof-of-concept not effective; chromium-specific issue)
@@ -11450,7 +11424,6 @@
 	NOT-FOR-US: TVersity
 CVE-2009-4481
 	REJECTED
-	NOTE: dup of CVE-2009-3111
 CVE-2009-4480 (Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might ...)
 	NOT-FOR-US: AzeoTech DAQFactory
 CVE-2009-4479 (LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial ...)
@@ -15260,7 +15233,6 @@
 	NOT-FOR-US: module for XOOPS
 CVE-2009-3239
 	REJECTED
-	NOTE: dup of CVE-2009-2139 and CVE-2009-2140
 CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the Linux ...)
 	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
 	- linux-2.6 2.6.30-1 (low)


