[Secure-testing-commits] r15339 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Thu Sep 16 23:58:09 UTC 2010 

Author: geissert
Date: 2010-09-16 23:58:08 +0000 (Thu, 16 Sep 2010)
New Revision: 15339

Modified:
   data/CVE/list
Log:
new issues: python, linux, gnome-power-manager, mantis, rails, dovecot


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-09-16 21:31:44 UTC (rev 15338)
+++ data/CVE/list	2010-09-16 23:58:08 UTC (rev 15339)
@@ -1,3 +1,9 @@
+CVE-2010-XXXX [python accept() implementation in async core is broken]
+	- python2.7 <unfixed>
+	- python3.1 <unfixed>
+	- python3.2 <unfixed>
+	TODO: check (I guess all python versions are affected)
+	NOTE: see 4C88DB97.1060602 at redhat.com for details
 CVE-2010-3400 (The js_InitRandom function in the JavaScript implementation in Mozilla ...)
 	TODO: check
 CVE-2010-3399 (The js_InitRandom function in the JavaScript implementation in Mozilla ...)
@@ -190,24 +196,43 @@
 	RESERVED
 CVE-2010-3305
 	RESERVED
-CVE-2010-3304
+CVE-2010-3304 [dovecot Maildir ACL]
 	RESERVED
-CVE-2010-3303
+	- dovecot <unfixed>
+	[lenny] - dovecot <not-affected> (said to only affect 1.2.x)
+	TODO: check
+	NOTE: http://www.dovecot.org/list/dovecot-news/2010-July/000163.html
+CVE-2010-3303 [mantis multiple XSS']
 	RESERVED
+	- mantis <unfixed>
+	TODO: check
+	NOTE: http://www.mantisbt.org/bugs/changelog_page.php?version_id=111
 CVE-2010-3302
 	RESERVED
-CVE-2010-3301
+CVE-2010-3301 [IA32 System Call Entry Point Vulnerability]
 	RESERVED
+	- linux-2.6 <unfixed>
+	NOTE: see RH's bugzilla
+	TODO: check
 CVE-2010-3300
 	RESERVED
-CVE-2010-3299
+CVE-2010-3299 [ruby on rails: padding oracle attack]
 	RESERVED
-CVE-2010-3298
+	- rails <unfixed>
+	TODO: check
+	NOTE: http://usenix.org/events/woot10/tech/full_papers/Rizzo.pdf
+CVE-2010-3298 [net/usb/hso.c: reading uninitialized memory]
 	RESERVED
-CVE-2010-3297
+	- linux-2.6 <unfixed>
+	NOTE: see RH's bugzilla
+CVE-2010-3297 [net/eql.c: reading uninitialized stack memory]
 	RESERVED
-CVE-2010-3296
+	- linux-2.6 <unfixed>
+	NOTE: see RH's bugzilla
+CVE-2010-3296 [cxgb3/cxgb3_main.c reading uninitialized stack memory]
 	RESERVED
+	- linux-2.6 <unfixed>
+	NOTE: see RH's bugzilla
 CVE-2010-3295
 	RESERVED
 CVE-2010-3291
@@ -354,10 +379,12 @@
 CVE-2010-3244 (BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly ...)
 	NOT-FOR-US: Blackboard Transact Suite
 CVE-2009-4997 (gnome-power-manager 2.27.92 does not properly implement the ...)
+	- gnome-power-manager <unfixed>
 	TODO: check
 CVE-2009-4996 (** DISPUTED ** ...)
 	TODO: check
 CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the ...)
+	- gnome-power-manager <unfixed>
 	TODO: check
 CVE-2010-XXXX [weborf directory traversal]
 	- weborf 0.12.3-1
@@ -791,8 +818,11 @@
 	RESERVED
 	- mednafen 0.8.D-1 (unimportant)
 	NOTE: Extremely obscure attack vector, marking as unimportant
-CVE-2010-3084
+CVE-2010-3084 [kernel: niu buffer overflow for ETHTOOL_GRXCLSRLALL]
 	RESERVED
+	- linux-2.6 <unfixed>
+	TODO: check
+	NOTE: see RH's bugzilla
 CVE-2010-3083
 	RESERVED
 CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 ...)
@@ -806,10 +836,14 @@
 	RESERVED
 CVE-2010-3079
 	RESERVED
-CVE-2010-3078
+CVE-2010-3078 [linux: xfs: XFS_IOC_FSGETXATTR ioctl memory leak]
 	RESERVED
-CVE-2010-3077
+	- linux-2.6 <unfixed>
+	NOTE: see RH's bugzilla
+CVE-2010-3077 [horde XSS in icon_browser.php]
 	RESERVED
+	- horde3 <unfixed>
+	NOTE: http://seclists.org/fulldisclosure/2010/Sep/82
 CVE-2010-3076 [smbind sql injection]
 	RESERVED
 	{DSA-2103-1}
@@ -962,15 +996,15 @@
 CVE-2010-3011
 	RESERVED
 CVE-2010-3010 (Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect ...)
-	TODO: check
+	NOT-FOR-US: HP 3Com OfficeConnect
 CVE-2010-3009 (Unspecified vulnerability in HP System Management Homepage (SMH) for ...)
-	TODO: check
+	NOT-FOR-US: HP System Management Homepage
 CVE-2010-3008 (Unspecified vulnerability in HP Data Protector Express, and Data ...)
-	TODO: check
+	NOT-FOR-US: HP Data Protector Express
 CVE-2010-3007 (Unspecified vulnerability in HP Data Protector Express, and Data ...)
-	TODO: check
+	NOT-FOR-US: HP Data Protector Express
 CVE-2010-3006 (Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote ...)
-	TODO: check
+	NOT-FOR-US: HP ProLiant G6 Lights-Out
 CVE-2010-3005 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on ...)
 	NOT-FOR-US: HP Operations Agents
 CVE-2010-3004 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on ...)
@@ -1281,7 +1315,7 @@
 CVE-2010-2885
 	RESERVED
 CVE-2010-2884 (Unspecified vulnerability in Adobe Flash Player 10.1.82.76 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Player
 CVE-2010-2883 (Stack-based buffer overflow in CoolType.dll in Adobe Reader and ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2010-2882 (DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not ...)

More information about the Secure-testing-commits mailing list