[Secure-testing-commits] r15534 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Oct 27 21:14:50 UTC 2010 

Author: joeyh
Date: 2010-10-27 21:14:47 +0000 (Wed, 27 Oct 2010)
New Revision: 15534

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-10-27 20:40:36 UTC (rev 15533)
+++ data/CVE/list	2010-10-27 21:14:47 UTC (rev 15534)
@@ -1,3 +1,7 @@
+CVE-2010-4095 (Directory traversal vulnerability in the FTP client in Serengeti ...)
+	TODO: check
+CVE-2010-4094 (The Tomcat server in IBM Rational Quality Manager and Rational Test ...)
+	TODO: check
 CVE-2010-4093
 	RESERVED
 CVE-2010-4092
@@ -64,6 +68,7 @@
 CVE-2010-4068 (Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x ...)
 	TODO: check
 CVE-2010-4096
+	RESERVED
 	- monkeysphere 0.31-3 (bug #600304)
 	NOTE: micah requested this CVE from mitre, issue has been fixed in debian already
 CVE-2010-4067
@@ -272,10 +277,10 @@
 	RESERVED
 CVE-2010-3987
 	RESERVED
-CVE-2010-3986
-	RESERVED
-CVE-2010-3985
-	RESERVED
+CVE-2010-3986 (Unspecified vulnerability in HP Virtual Connect Enterprise Manager ...)
+	TODO: check
+CVE-2010-3985 (Cross-site scripting (XSS) vulnerability in HP Operations ...)
+	TODO: check
 CVE-2010-3984
 	RESERVED
 CVE-2010-3983 (CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote ...)
@@ -477,7 +482,8 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2010-3886 (The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2010-3885 (Stack-based buffer overflow in the UpdateFrameTitleForDocument method ...)
+CVE-2010-3885
+	REJECTED
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-3884 (Cross-site request forgery (CSRF) vulnerability in CMS Made Simple ...)
 	NOT-FOR-US: CMS Made Simple
@@ -1028,8 +1034,8 @@
 	RESERVED
 CVE-2010-3654
 	RESERVED
-CVE-2010-3653
-	RESERVED
+CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave player 11.5.8.612, ...)
+	TODO: check
 CVE-2010-3652
 	RESERVED
 CVE-2010-3651
@@ -1222,8 +1228,8 @@
 	- python3.2 <unfixed> (unimportant)
 	NOTE: Unfixable design limitation, which needs to be coped with in applications
 	NOTE: This CVE is about proper documentation
-CVE-2010-3491
-	RESERVED
+CVE-2010-3491 (The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator ...)
+	TODO: check
 CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the System ...)
 	NOT-FOR-US: System Recordings component in the configuration interface in FreePBX
 CVE-2010-3489 (Cross-site scripting (XSS) vulnerability in ...)
@@ -1889,9 +1895,9 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-3330 (Microsoft Internet Explorer 6 through 8 does not properly restrict ...)
 	NOT-FOR-US: Microsoft Internet Explorer 
-CVE-2010-3329 (Microsoft Internet Explorer 7 and 8 does not properly handle objects ...)
+CVE-2010-3329 (mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote ...)
 	NOT-FOR-US: Microsoft Internet Explorer 
-CVE-2010-3328 (Microsoft Internet Explorer 6 through 8 does not properly handle ...)
+CVE-2010-3328 (Use-after-free vulnerability in the CAttrArray::PrivateFind function ...)
 	NOT-FOR-US: Microsoft Internet Explorer 
 CVE-2010-3327 (The implementation of HTML content creation in Microsoft Internet ...)
 	NOT-FOR-US: Microsoft Internet Explorer 
@@ -2162,8 +2168,8 @@
 	NOT-FOR-US: Microsoft OSes
 CVE-2010-3228 (The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms ...)
 	NOT-FOR-US: Microsoft .NET Framework
-CVE-2010-3227
-	RESERVED
+CVE-2010-3227 (Stack-based buffer overflow in the UpdateFrameTitleForDocument method ...)
+	TODO: check
 CVE-2010-3226
 	RESERVED
 CVE-2010-3225 (Use-after-free vulnerability in the Media Player Network Sharing ...)
@@ -2178,13 +2184,13 @@
 	NOT-FOR-US: Microsoft Word
 CVE-2010-3220 (Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 ...)
 	NOT-FOR-US: Microsoft Word
-CVE-2010-3219 (Microsoft Word 2002 SP3 does not properly handle indexes during ...)
+CVE-2010-3219 (Array index vulnerability in Microsoft Word 2002 SP3 allows remote ...)
 	NOT-FOR-US: Microsoft Word
 CVE-2010-3218 (Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote ...)
 	NOT-FOR-US: Microsoft Word
-CVE-2010-3217 (Microsoft Word 2002 SP3 does not properly handle pointers during ...)
+CVE-2010-3217 (Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary ...)
 	NOT-FOR-US: Microsoft Word
-CVE-2010-3216 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...)
+CVE-2010-3216 (Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers ...)
 	NOT-FOR-US: Microsoft Word
 CVE-2010-3215 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...)
 	NOT-FOR-US: Microsoft Word
@@ -3067,10 +3073,10 @@
 	NOT-FOR-US: Adobe Reader and Acrobat
 CVE-2010-2887 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2010-2886
-	RESERVED
-CVE-2010-2885
-	RESERVED
+CVE-2010-2886 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp ...)
+	TODO: check
+CVE-2010-2885 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, ...)
+	TODO: check
 CVE-2010-2884 (Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2010-2883 (Stack-based buffer overflow in CoolType.dll in Adobe Reader and ...)
@@ -3531,7 +3537,7 @@
 	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
 	- iceape 2.0.6-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-2750 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...)
+CVE-2010-2750 (Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac ...)
 	NOT-FOR-US: Microsoft Word
 CVE-2010-2749
 	RESERVED
@@ -3922,10 +3928,10 @@
 	RESERVED
 CVE-2010-2586
 	RESERVED
-CVE-2010-2585
-	RESERVED
-CVE-2010-2584
-	RESERVED
+CVE-2010-2585 (Multiple buffer overflows in the RealPage Module Upload ActiveX ...)
+	TODO: check
+CVE-2010-2584 (The Upload method in the RealPage Module Upload ActiveX control in ...)
+	TODO: check
 CVE-2010-2583
 	RESERVED
 CVE-2010-2582
@@ -4591,7 +4597,6 @@
 	REJECTED
 CVE-2010-2303
 	REJECTED
-
 CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google Chrome ...)
 	- webkit 1.2.1-3
 	- chromium-browser 5.0.375.70~r48679-1
@@ -6291,8 +6296,8 @@
 	RESERVED
 CVE-2010-1694
 	RESERVED
-CVE-2010-1693
-	RESERVED
+CVE-2010-1693 (openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows ...)
+	TODO: check
 CVE-2010-1692
 	RESERVED
 CVE-2010-1691

More information about the Secure-testing-commits mailing list