[Secure-testing-commits] r15301 - data/CVE

Thu Sep 9 21:15:24 UTC 2010

Author: joeyh
Date: 2010-09-09 21:15:10 +0000 (Thu, 09 Sep 2010)
New Revision: 15301

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-09-09 20:54:18 UTC (rev 15300)
+++ data/CVE/list	2010-09-09 21:15:10 UTC (rev 15301)
@@ -1,3 +1,7 @@
+CVE-2010-3264 (The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores ...)
+	TODO: check
+CVE-2010-3263
+	RESERVED
 CVE-2010-3262
 	RESERVED
 CVE-2010-3261
@@ -169,8 +173,7 @@
 	RESERVED
 CVE-2010-3199
 	RESERVED
-CVE-2010-3198 [zope DoS via PluggableAuthService]
-	RESERVED
+CVE-2010-3198 (ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows ...)
 	- zope2.10 <removed>
 	- zope2.11 <removed>
 CVE-2010-3197 (IBM DB2 9.7 before FP2 does not perform the expected access control on ...)
@@ -677,10 +680,10 @@
 	RESERVED
 CVE-2010-3006
 	RESERVED
-CVE-2010-3005
-	RESERVED
-CVE-2010-3004
-	RESERVED
+CVE-2010-3005 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on ...)
+	TODO: check
+CVE-2010-3004 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on ...)
+	TODO: check
 CVE-2010-3003
 	RESERVED
 CVE-2010-3002 (Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 ...)
@@ -784,16 +787,13 @@
 	RESERVED
 CVE-2010-2961
 	RESERVED
-CVE-2010-2960 [kernel: keyctl_session_to_parent null ptr deref]
-	RESERVED
+CVE-2010-2960 (The keyctl_session_to_parent function in security/keys/keyctl.c in the ...)
 	- linux-2.6 <unfixed>
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.32)
-CVE-2010-2959 [nframes issue]
-	RESERVED
+CVE-2010-2959 (Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) ...)
 	{DSA-2094-1}
 	- linux-2.6 2.6.32-20
-CVE-2010-2958 [phpmyadmin backtrace XSS]
-	RESERVED
+CVE-2010-2958 (Cross-site scripting (XSS) vulnerability in libraries/Error.class.php ...)
 	- phpmyadmin 4:3.3.6-1
 	[lenny] - phpmyadmin <not-affected> (only affects 3.x)
 	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php
@@ -805,13 +805,13 @@
 	- sudo 1.7.4p4-1 (bug #595935)
 	[lenny] - sudo <not-affected> (Only affects 1.7.x)
 	NOTE: http://www.sudo.ws/sudo/alerts/runas_group.html
-CVE-2010-2955 [infoleak in wireless extensions]
-	RESERVED
+CVE-2010-2955 (The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in ...)
 	- linux-2.6 <unfixed>
 CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel ...)
 	- linux-2.6 <unfixed>
 CVE-2010-2953 [CouchDB insecure library loading]
 	RESERVED
+	{DSA-2107-1}
 	- couchdb 0.11.0-2 (low; bug #594412)
 CVE-2010-2952
 	RESERVED
@@ -1199,8 +1199,7 @@
 	- freetype 2.4.2-1
 CVE-2010-2804
 	RESERVED
-CVE-2010-2803
-	RESERVED
+CVE-2010-2803 (The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct ...)
 	{DSA-2094-1}
 	- linux-2.6 2.6.32-22
 CVE-2010-2802 (Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 ...)
@@ -1215,8 +1214,7 @@
 	RESERVED
 	{DSA-2090-1}
 	- socat 1.7.1.3-1 (bug #591443; medium)
-CVE-2010-2798 [gfs2 null ptr dereference]
-	RESERVED
+CVE-2010-2798 (The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux ...)
 	{DSA-2094-1}
 	- linux-2.6 2.6.32-20
 CVE-2010-2797
@@ -1788,8 +1786,7 @@
 	- bogofilter 1.2.1-3 (low; bug #588090)
 	[lenny] - bogofilter <no-dsa> (Minor issue)
 	NOTE: this is "only" null write to an invalid pointer, no arbitrary location
-CVE-2010-2495 [l2tp oops]
-	RESERVED
+CVE-2010-2495 (The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP ...)
 	- linux-2.6 2.6.32-16 
 	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.29)
 CVE-2010-2618 (PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in ...)
@@ -2002,8 +1999,7 @@
 	- lvm2 2.02.66-3 (bug #591204)
 CVE-2010-2525
 	RESERVED
-CVE-2010-2524 [ms-dfs referrals]
-	RESERVED
+CVE-2010-2524 (The DNS resolution functionality in the CIFS implementation in the ...)
 	- linux-2.6 2.6.32-19
 CVE-2010-2523 (Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 ...)
 	NOT-FOR-US: UMIP
@@ -2098,8 +2094,8 @@
 	RESERVED
 CVE-2010-2493 (The default configuration of the deployment descriptor (aka web.xml) ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
-CVE-2010-2492
-	RESERVED
+CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in ...)
+	TODO: check
 CVE-2010-2491 [roundup XSS]
 	RESERVED
 	- roundup 1.4.13-3.1 (bug #590769)
@@ -2628,8 +2624,7 @@
 	NOT-FOR-US: Accoria Web Server
 CVE-2010-2266 (nginx 0.8.36 allows remote attackers to cause a denial of service ...)
 	- nginx <not-affected> (Confirmed Windows only, see bug #590768)
-CVE-2009-4895 [linux tty null ptr dereference]
-	RESERVED
+CVE-2009-4895 (Race condition in the tty_fasync function in drivers/char/tty_io.c in ...)
 	{DSA-2094-1}
 	- linux-2.6 2.6.32-9
 CVE-2009-4894 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
@@ -3168,8 +3163,7 @@
 CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance function ...)
 	- tiff 3.9.4-1
 	[lenny] - tiff <not-affected> (Only affects 3.9.x)
-CVE-2010-2066 [ext4 ioctl issue]
-	RESERVED
+CVE-2010-2066 (The mext_check_arguments function in fs/ext4/move_extent.c in the ...)
 	- linux-2.6 2.6.32-21
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.31)
 CVE-2010-2065 (Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 ...)


