[Secure-testing-commits] r15323 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Tue Sep 14 01:59:32 UTC 2010
Author: geissert
Date: 2010-09-14 01:59:32 +0000 (Tue, 14 Sep 2010)
New Revision: 15323
Modified:
data/CVE/list
Log:
drupal6 CVEified, new issues: piwigo, mailman, mailscanner
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-09-13 21:35:48 UTC (rev 15322)
+++ data/CVE/list 2010-09-14 01:59:32 UTC (rev 15323)
@@ -1,3 +1,12 @@
+CVE-2010-XXXX [piwigo multiple vulnerabilities]
+ - piwigo <unfixed>
+ TODO: check, secunia only reported the XSS one
+ NOTE: http://www.exploit-db.com/exploits/14973/
+CVE-2010-3293 [mailscanner virus updates DoS]
+ - mailscanner <unfixed> (bug #596397; low)
+ NOTE: or even unimportant, the script is not used by default
+CVE-2010-3292 [mailscanner may use spoofed data]
+ - mailscanner <unfixed> (bug #596396; low)
CVE-2010-3278 (Multiple buffer overflows in the Novell Client novfs module for the ...)
TODO: check
CVE-2010-3277
@@ -26,10 +35,6 @@
RESERVED
CVE-2010-3265
RESERVED
-CVE-2010-XXXX [several security issues in drupal6]
- - drupal6 6.14-1 (low; bug #592716)
- NOTE: CVE ids requested, maintainer provides packages
- NOTE: DSA justified due to XSS, other issues are minor
CVE-2010-3264 (The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores ...)
NOT-FOR-US: Novell Identity Manager
CVE-2010-3263 (Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php ...)
@@ -511,20 +516,27 @@
NOT-FOR-US: WinFrigate Frigate 3 FTP
CVE-2010-3096 (Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly ...)
NOT-FOR-US: SoftX FTP Client 3.3
-CVE-2010-3095
+CVE-2010-3095 [mailscanner incomplete fix for CVE-2008-5313]
RESERVED
-CVE-2010-3094
+ - mailscanner <unfixed> (bug #596403)
+CVE-2010-3094 [drupal Actions cross site scripting]
RESERVED
-CVE-2010-3093
+ - drupal6 6.14-1 (low; bug #592716)
+CVE-2010-3093 [drupal Comment unpublishing bypass]
RESERVED
-CVE-2010-3092
+ - drupal6 6.14-1 (low; bug #592716)
+CVE-2010-3092 [drupal File download access bypass]
RESERVED
-CVE-2010-3091
+ - drupal6 6.14-1 (low; bug #592716)
+CVE-2010-3091 [drupal OpenID authentication bypass]
RESERVED
+ - drupal6 6.14-1 (low; bug #592716)
CVE-2010-3090
RESERVED
-CVE-2010-3089
+CVE-2010-3089 [mailman XSS]
RESERVED
+ - mailman <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id={631881,631859}
CVE-2010-3088
RESERVED
CVE-2010-3087
More information about the Secure-testing-commits
mailing list