[Secure-testing-commits] r15264 - in data: CVE DSA

Michael Gilbert gilbert-guest at alioth.debian.org
Sat Sep 4 17:40:09 UTC 2010 

Author: gilbert-guest
Date: 2010-09-04 17:40:06 +0000 (Sat, 04 Sep 2010)
New Revision: 15264

Modified:
   data/CVE/list
   data/DSA/list
Log:
new issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-09-04 04:37:24 UTC (rev 15263)
+++ data/CVE/list	2010-09-04 17:40:06 UTC (rev 15264)
@@ -1479,7 +1479,7 @@
 CVE-2010-2629 (The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 ...)
 	NOT-FOR-US: Cisco
 CVE-2010-2628 (The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 ...)
-	TODO: check
+	- strongswan 4.4.1-1
 CVE-2010-2627 (Multiple directory traversal vulnerabilities in the Refractor 2 ...)
 	NOT-FOR-US: Refractor 2
 CVE-2010-2626 (index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to ...)
@@ -1596,7 +1596,7 @@
 	[lenny] - kdegraphics <not-affected> (Lenny's kdegraphics doesn't yet contain Okular)
 	NOTE: http://www.kde.org/info/security/advisory-20100825-1.txt
 CVE-2010-2574 (Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in ...)
-	TODO: check
+	- mantis <undetermined> (bug #595510)
 CVE-2010-2598 (LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as ...)
 	- tiff <unfixed> (unimportant)
 CVE-2010-2597 (The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 ...)
@@ -1664,11 +1664,11 @@
 	{DSA-2081-1}
 	- libmikmod 3.1.11-6.3
 CVE-2010-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before ...)
-	TODO: check
+	- cacti 0.8.7g-1
 CVE-2010-2544 (Cross-site scripting (XSS) vulnerability in utilities.php in Cacti ...)
-	TODO: check
+	- cacti 0.8.7g-1
 CVE-2010-2543 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	- cacti 0.8.7g-1
 CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in ...)
 	- git-core 1:1.7.1-1.1 (low; bug #590026)
 	[lenny] - git-core <no-dsa> (Minor issue)
@@ -1813,7 +1813,7 @@
 CVE-2010-2496
 	RESERVED
 CVE-2010-2493 (The default configuration of the deployment descriptor (aka web.xml) ...)
-	TODO: check
+	NOT-FOR-US: JBoss Enterprise SOA Platform
 CVE-2010-2492
 	RESERVED
 CVE-2010-2491 [roundup XSS]
@@ -2102,9 +2102,9 @@
 CVE-2010-2366
 	RESERVED
 CVE-2010-2365 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 ...)
-	TODO: check
+	NOT-FOR-US: Free CGI Moo moobbs2
 CVE-2010-2364 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before ...)
-	TODO: check
+	NOT-FOR-US: Free CGI Moo moobbs2
 CVE-2010-2363 (The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the ...)
 	NOT-FOR-US: SEIL/X1, SEIL/X2, and SEIL/B1 routers
 CVE-2010-2362 (Winny 2.0b7.1 and earlier does not properly process node information, ...)
@@ -3343,7 +3343,7 @@
 CVE-2010-1871 (JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in Struts ...)
-	TODO: check
+	NOT-FOR-US: struts2
 CVE-2010-1869 (Stack-based buffer overflow in the parser function in GhostScript 8.70 ...)
 	{DSA-2080-1}
 	- ghostscript 8.71~dfsg-4 
@@ -3996,9 +3996,9 @@
 	{DSA-2062-1}
 	- sudo 1.7.2p7-1 (bug #585394)
 CVE-2010-1645 (Cacti before 0.8.7f, as used in Red Hat High Performance Computing ...)
-	TODO: check
+	- cacti 0.8.7g-1
 CVE-2010-1644 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before ...)
-	TODO: check
+	- cacti 0.8.7g-1
 CVE-2010-1643 (mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict ...)
 	- linux-2.6 2.6.28-1
 CVE-2010-1642 (The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in ...)
@@ -6503,7 +6503,7 @@
 CVE-2010-0835 (Unspecified vulnerability in the Wireless component in Oracle Fusion ...)
 	NOT-FOR-US: Oracle
 CVE-2010-0834 (The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before ...)
-	TODO: check
+	- base-files <not-affected> (ubuntu-specific fix for their default OEM configuration on the Dell Latitude 2110, which permitted installation of unsigned packages)
 CVE-2010-0833 (The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build ...)
 	NOT-FOR-US: Likewise
 CVE-2010-0832 (pam_motd (aka the MOTD module) in libpam-modules before ...)
@@ -7671,6 +7671,8 @@
 	NOTE: The binary package kdm was built from kdebase in Lenny and from kdebase-workspace
 	NOTE: in KDE 4.x, i.e. Squeeze onwards
 CVE-2010-0435 (The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise ...)
+	- linux-2.6 <undetermined>
+	- kvm <removed>
 	TODO: check
 CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP ...)
 	{DSA-2035-1}
@@ -8681,7 +8683,7 @@
 CVE-2010-0121
 	RESERVED
 CVE-2010-0120 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-0119 (Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, ...)
 	NOT-FOR-US: Bournal
 CVE-2010-0118 (Bournal before 1.4.1 allows local users to overwrite arbitrary files ...)
@@ -9722,6 +9724,7 @@
 	{DSA-2080-1}
 	- ghostscript 8.70~dfsg-2.1 (medium; bug #562643)
 CVE-2009-4269 (The password hash generation algorithm in the BUILTIN authentication ...)
+	- sun-java6 <undetermined>
 	TODO: check
 CVE-2009-4268
 	RESERVED
@@ -11172,7 +11175,7 @@
 CVE-2009-3744 (rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote ...)
 	NOT-FOR-US: EMC RepliStor
 CVE-2009-3743 (Off-by-one error in the TrueType bytecode interpreter in Ghostscript ...)
-	TODO: check
+	- ghostscript 8.71~dfsg-1
 CVE-2009-3742 (Cross-site scripting (XSS) vulnerability in Liferay Portal before ...)
 	NOT-FOR-US: Liferay Portal
 CVE-2009-3741

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2010-09-04 04:37:24 UTC (rev 15263)
+++ data/DSA/list	2010-09-04 17:40:06 UTC (rev 15264)
@@ -1,4 +1,4 @@
-[03 Sep 2010] DSA-2102-1  - arbitrary code execution
+[03 Sep 2010] DSA-2102-1 barnowl - arbitrary code execution
 	{CVE-2010-2725}
 	[lenny] - barnowl 1.0.1-4+lenny2
 [31 Aug 2010] DSA-2101-1 wireshark - several vulnerabilities

More information about the Secure-testing-commits mailing list