[Secure-testing-commits] r15318 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Sep 13 21:14:40 UTC 2010
Author: joeyh
Date: 2010-09-13 21:14:38 +0000 (Mon, 13 Sep 2010)
New Revision: 15318
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-09-13 12:42:48 UTC (rev 15317)
+++ data/CVE/list 2010-09-13 21:14:38 UTC (rev 15318)
@@ -1,3 +1,31 @@
+CVE-2010-3278 (Multiple buffer overflows in the Novell Client novfs module for the ...)
+ TODO: check
+CVE-2010-3277
+ RESERVED
+CVE-2010-3276
+ RESERVED
+CVE-2010-3275
+ RESERVED
+CVE-2010-3274
+ RESERVED
+CVE-2010-3273
+ RESERVED
+CVE-2010-3272
+ RESERVED
+CVE-2010-3271
+ RESERVED
+CVE-2010-3270
+ RESERVED
+CVE-2010-3269
+ RESERVED
+CVE-2010-3268
+ RESERVED
+CVE-2010-3267
+ RESERVED
+CVE-2010-3266
+ RESERVED
+CVE-2010-3265
+ RESERVED
CVE-2010-XXXX [several security issues in drupal6]
- drupal6 6.14-1 (low; bug #592716)
NOTE: CVE ids requested, maintainer provides packages
@@ -4,8 +32,7 @@
NOTE: DSA justified due to XSS, other issues are minor
CVE-2010-3264 (The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores ...)
NOT-FOR-US: Novell Identity Manager
-CVE-2010-3263 [phpmyadmin PMASA-2010-7]
- RESERVED
+CVE-2010-3263 (Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php ...)
- phpmyadmin 4:3.3.7-1 (low)
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2010-3262
@@ -177,8 +204,8 @@
RESERVED
CVE-2010-3200
RESERVED
-CVE-2010-3199
- RESERVED
+CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 ...)
+ TODO: check
CVE-2010-3198 (ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows ...)
- zope2.10 <removed>
- zope2.11 <removed>
@@ -238,8 +265,7 @@
RESERVED
CVE-2010-3170
RESERVED
-CVE-2010-3169 [Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)]
- RESERVED
+CVE-2010-3169 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-2106-1}
- xulrunner <removed>
- iceweasel 3.5.12-1
@@ -247,8 +273,7 @@
- icedove <unfixed>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-3168 [XUL tree removal crash and remote code execution]
- RESERVED
+CVE-2010-3168 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...)
{DSA-2106-1}
- xulrunner <removed>
- iceweasel 3.5.12-1
@@ -256,8 +281,7 @@
- icedove <unfixed>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-3167 [Dangling pointer vulnerability in nsTreeContentView]
- RESERVED
+CVE-2010-3167 (The nsTreeContentView function in Mozilla Firefox before 3.5.12 and ...)
{DSA-2106-1}
- xulrunner <removed>
- iceweasel 3.5.12-1
@@ -265,8 +289,7 @@
- icedove <unfixed>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-3166 [Heap buffer overflow in nsTextFrameUtils::TransformText]
- RESERVED
+CVE-2010-3166 (Heap-based buffer overflow in the nsTextFrameUtils::TransformText ...)
- xulrunner <removed>
- iceweasel 3.5.12-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
@@ -297,7 +320,7 @@
RESERVED
CVE-2010-3133 (Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 ...)
- wireshark <not-affected> (Only affects Windows port)
-CVE-2010-3131 (Untrusted search path vulnerability in Mozilla Firefox 3.6.8 and ...)
+CVE-2010-3131 (Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 ...)
- xulrunner <not-affected> (Only affects Windows port)
CVE-2010-3123
RESERVED
@@ -453,12 +476,10 @@
- webkit <not-affected> (chromium specific)
CVE-2010-3110
RESERVED
-CVE-2010-2948 [quagga: buffer overflow in route refresh processing]
- RESERVED
+CVE-2010-2948 (Stack-based buffer overflow in the bgp_route_refresh_receive function ...)
{DSA-2104-1}
- quagga 0.99.17-1 (bug #594262)
-CVE-2010-2949 [quagga: crash while processing AS paths in BGP updates]
- RESERVED
+CVE-2010-2949 (bgpd in Quagga before 0.99.17 does not properly parse AS paths, which ...)
{DSA-2104-1}
- quagga 0.99.17-1 (bug #594262)
CVE-2010-3109 (Stack-based buffer overflow in the browser plugin in Novell iPrint ...)
@@ -635,10 +656,10 @@
RESERVED
CVE-2010-3035 (Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not ...)
NOT-FOR-US: Cisco IOS XR
-CVE-2010-3034
- RESERVED
-CVE-2010-3033
- RESERVED
+CVE-2010-3034 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or ...)
+ TODO: check
+CVE-2010-3033 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through ...)
+ TODO: check
CVE-2010-3032 (Integer overflow in the OBGIOPServerWorker::extractHeader function in ...)
NOT-FOR-US: SAP Crystal Reports 2008
CVE-2010-3031 (Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other ...)
@@ -667,10 +688,10 @@
NOT-FOR-US: Opera
CVE-2010-3019 (Heap-based buffer overflow in Opera before 10.61 allows remote ...)
NOT-FOR-US: Opera
-CVE-2010-3018
- RESERVED
-CVE-2010-3017
- RESERVED
+CVE-2010-3018 (RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before ...)
+ TODO: check
+CVE-2010-3017 (Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before ...)
+ TODO: check
CVE-2010-3016
REJECTED
CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 ...)
@@ -685,16 +706,16 @@
RESERVED
CVE-2010-3008
RESERVED
-CVE-2010-3007
- RESERVED
-CVE-2010-3006
- RESERVED
+CVE-2010-3007 (Unspecified vulnerability in HP Data Protector Express, and Data ...)
+ TODO: check
+CVE-2010-3006 (Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote ...)
+ TODO: check
CVE-2010-3005 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on ...)
NOT-FOR-US: HP Operations Agents
CVE-2010-3004 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on ...)
NOT-FOR-US: HP Operations Agents
-CVE-2010-3003
- RESERVED
+CVE-2010-3003 (Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics ...)
+ TODO: check
CVE-2010-3002 (Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 ...)
NOT-FOR-US: RealPlayer
CVE-2010-3001 (Unspecified vulnerability in an ActiveX control in the Internet ...)
@@ -806,11 +827,9 @@
- phpmyadmin 4:3.3.6-1
[lenny] - phpmyadmin <not-affected> (only affects 3.x)
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php
-CVE-2010-2957 [serendipity xss]
- RESERVED
+CVE-2010-2957 (Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, ...)
- serendipity 1.5.3-2
-CVE-2010-2956 [sudo issue]
- RESERVED
+CVE-2010-2956 (Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not ...)
- sudo 1.7.4p4-1 (bug #595935)
[lenny] - sudo <not-affected> (Only affects 1.7.x)
NOTE: http://www.sudo.ws/sudo/alerts/runas_group.html
@@ -1003,8 +1022,7 @@
RESERVED
CVE-2010-2884
RESERVED
-CVE-2010-2883
- RESERVED
+CVE-2010-2883 (Stack-based buffer overflow in CoolType.dll in Adobe Reader and ...)
NOT-FOR-US: Adobe Reader
CVE-2010-2882 (DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not ...)
NOT-FOR-US: Adobe Shockwave Player
@@ -1122,12 +1140,12 @@
NOT-FOR-US: Joomla! QuickFAQ
CVE-2010-2844 (Cross-site scripting (XSS) vulnerability in news_show.php in Newanz ...)
NOT-FOR-US: Newanz NewsOffice
-CVE-2010-2843
- RESERVED
-CVE-2010-2842
- RESERVED
-CVE-2010-2841
- RESERVED
+CVE-2010-2843 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through ...)
+ TODO: check
+CVE-2010-2842 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through ...)
+ TODO: check
+CVE-2010-2841 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) ...)
+ TODO: check
CVE-2010-2840 (The Presence Engine (PE) service in Cisco Unified Presence 6.x before ...)
NOT-FOR-US: Cisco
CVE-2010-2839 (SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) ...)
@@ -1353,12 +1371,10 @@
CVE-2010-3485 [mapserver: insecure mapserv cgi command-line debug args]
- mapserver 5.6.4-1 (low)
[lenny] - mapserver <no-dsa> (Minor issue)
-CVE-2010-2770
- RESERVED
+CVE-2010-2770 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...)
- xulrunner <not-affected> (The vulnerability is MacOS-specific)
- iceape <not-affected> (The vulnerability is MacOS-specific)
-CVE-2010-2769 [Copy-and-paste or drag-and-drop into designMode document allows XSS]
- RESERVED
+CVE-2010-2769 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
{DSA-2106-1}
- xulrunner <removed>
- iceweasel 3.5.12-1
@@ -1366,8 +1382,7 @@
- icedove <unfixed>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-2768 [UTF-7 XSS by overriding document charset using <object> type attribute]
- RESERVED
+CVE-2010-2768 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...)
{DSA-2106-1}
- xulrunner <removed>
- iceweasel 3.5.12-1
@@ -1375,8 +1390,7 @@
- icedove <unfixed>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-2767 [Dangling pointer vulnerability using DOM plugin array]
- RESERVED
+CVE-2010-2767 (The navigator.plugins implementation in Mozilla Firefox before 3.5.12 ...)
{DSA-2106-1}
- xulrunner <removed>
- iceweasel 3.5.12-1
@@ -1384,8 +1398,7 @@
- icedove <unfixed>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-2766 [Crash and remote code execution in normalizeDocument]
- RESERVED
+CVE-2010-2766 (The normalizeDocument function in Mozilla Firefox before 3.5.12 and ...)
{DSA-2106-1}
- xulrunner <removed>
- iceweasel 3.5.12-1
@@ -1393,8 +1406,7 @@
- icedove <unfixed>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-2765 [Frameset integer overflow vulnerability]
- RESERVED
+CVE-2010-2765 (Integer overflow in the FRAMESET element implementation in Mozilla ...)
{DSA-2106-1}
- xulrunner <removed>
- iceweasel 3.5.12-1
@@ -1402,8 +1414,7 @@
- icedove <unfixed>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-2764 [Information leak via XMLHttpRequest statusText]
- RESERVED
+CVE-2010-2764 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...)
- xulrunner <removed>
- iceweasel 3.5.12-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
@@ -1412,8 +1423,7 @@
[lenny] - icedove <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-2763 [XSS using SJOW scripted function]
- RESERVED
+CVE-2010-2763 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...)
{DSA-2106-1}
- xulrunner <removed>
- iceweasel 3.5.12-1
@@ -1421,13 +1431,11 @@
- icedove <unfixed>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-2762 [SJOW creates scope chains ending in outer object]
- RESERVED
+CVE-2010-2762 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...)
- xulrunner <not-affected> (Only affects 3.6, only in experimental)
CVE-2010-2761
RESERVED
-CVE-2010-2760 [Dangling pointer vulnerability in nsTreeSelection]
- RESERVED
+CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in ...)
{DSA-2106-1}
- xulrunner <removed>
- iceweasel 3.5.12-1
@@ -3814,32 +3822,32 @@
RESERVED
CVE-2010-1818 (The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple ...)
NOT-FOR-US: QuickTime
-CVE-2010-1817
- RESERVED
+CVE-2010-1817 (Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and ...)
+ TODO: check
CVE-2010-1816
RESERVED
-CVE-2010-1815
- RESERVED
-CVE-2010-1814
- RESERVED
-CVE-2010-1813
- RESERVED
-CVE-2010-1812
- RESERVED
-CVE-2010-1811
- RESERVED
-CVE-2010-1810
- RESERVED
-CVE-2010-1809
- RESERVED
+CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
+ TODO: check
+CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
+ TODO: check
+CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
+ TODO: check
+CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
+ TODO: check
+CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
+ TODO: check
+CVE-2010-1810 (FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not ...)
+ TODO: check
+CVE-2010-1809 (The Accessibility component in Apple iOS before 4.1 on the iPhone and ...)
+ TODO: check
CVE-2010-1808 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2010-1807
- RESERVED
-CVE-2010-1806
- RESERVED
-CVE-2010-1805
- RESERVED
+CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 does not ...)
+ TODO: check
+CVE-2010-1806 (Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x ...)
+ TODO: check
+CVE-2010-1805 (Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 ...)
+ TODO: check
CVE-2010-1804
RESERVED
CVE-2010-1803
@@ -3923,8 +3931,7 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=41375
NOTE: http://trac.webkit.org/changeset/63772
TODO: recheck webkit (the changeset was wrong)
-CVE-2010-1781
- RESERVED
+CVE-2010-1781 (Double free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
- webkit <undetermined>
- chromium-browser <undetermined>
NOTE: claimed fixed in upstream webkit 1.2.4 changelog, but no info currently available
@@ -7591,10 +7598,10 @@
NOT-FOR-US: Cisco IOS
CVE-2010-0576 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x ...)
NOT-FOR-US: Cisco IOS
-CVE-2010-0575
- RESERVED
-CVE-2010-0574
- RESERVED
+CVE-2010-0575 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or ...)
+ TODO: check
+CVE-2010-0574 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) ...)
+ TODO: check
CVE-2010-0573 (Unspecified vulnerability on the Cisco Digital Media Player before 5.2 ...)
NOT-FOR-US: Cisco Digital Media Player
CVE-2010-0572 (Cisco Digital Media Manager (DMM) before 5.2 allows remote ...)
More information about the Secure-testing-commits
mailing list