[Secure-testing-commits] r15343 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Fri Sep 17 18:55:53 UTC 2010


Author: geissert
Date: 2010-09-17 18:55:47 +0000 (Fri, 17 Sep 2010)
New Revision: 15343

Modified:
   data/CVE/list
Log:
some issues CVEified


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-09-17 15:45:42 UTC (rev 15342)
+++ data/CVE/list	2010-09-17 18:55:47 UTC (rev 15343)
@@ -1,11 +1,3 @@
-CVE-2010-XXXX [pixelpost CSRF]
-	- pixelpost <unfixed>
-	TODO: check
-	NOTE: http://www.exploit-db.com/exploits/15014/
-	NOTE: an XSS is also mentioned, but it is via POST data
-CVE-2009-XXXX [pixelpost SQL injection and XSS]
-	- pixelpost <unfixed>
-	NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
 CVE-2010-XXXX [python accept() implementation in async core is broken]
 	- python2.7 <unfixed>
 	- python3.1 <unfixed>
@@ -200,10 +192,9 @@
 	RESERVED
 CVE-2010-3307
 	RESERVED
-CVE-2010-3306
+CVE-2010-3305 [pixel CSRF]
 	RESERVED
-CVE-2010-3305
-	RESERVED
+	- pixelpost <unfixed>
 CVE-2010-3304 [dovecot Maildir ACL]
 	RESERVED
 	- dovecot <unfixed>
@@ -395,7 +386,7 @@
 CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the ...)
 	- gnome-power-manager <unfixed>
 	TODO: check
-CVE-2010-XXXX [weborf directory traversal]
+CVE-2010-3306 [weborf directory traversal]
 	- weborf 0.12.3-1
 	NOTE: http://www.exploit-db.com/exploits/14925/
 CVE-2010-3243
@@ -2895,10 +2886,14 @@
 	- webkit 1.2.1-3 
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: http://trac.webkit.org/changeset/58829
-CVE-2009-4900
+CVE-2009-4900 [pixelpost XSS]
 	RESERVED
-CVE-2009-4899
+	- pixelpost <unfixed>
+	NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
+CVE-2009-4899 [pixelpost SQL injection]
 	RESERVED
+	- pixelpost <unfixed>
+	NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
 CVE-2009-4898 (Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 ...)
 	NOT-FOR-US: TWiki
 CVE-2009-4897 (Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier ...)
@@ -10920,7 +10915,7 @@
 CVE-2009-4099 (SQL injection vulnerability in the Google Calendar GCalendar ...)
 	NOT-FOR-US: Joomla! Component
 CVE-2009-4098 (Unrestricted file upload vulnerability in banner-edit.php in OpenX ...)
-	NOT-FOR-US: OpenX adserver
+	- openx <itp> (bug #513771)
 CVE-2009-4097 (Stack-based buffer overflow in the MplayInputFile function in Serenity ...)
 	NOT-FOR-US: Serenity Audio Player
 CVE-2009-4096 (RADIO istek scripti 2.5 stores sensitive information under the web ...)
@@ -22880,7 +22875,7 @@
 CVE-2008-6164 (Cross-site scripting (XSS) vulnerability in index.php in DreamCost ...)
 	NOT-FOR-US: DreamCost HostAdmin
 CVE-2008-6163 (SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 ...)
-	NOT-FOR-US: OpenX
+	- openx <itp> (bug #513771)
 CVE-2008-6162 (Bux.to Clone script allows remote attackers to bypass authentication ...)
 	NOT-FOR-US: Bux.to Clone script
 CVE-2008-6161 (Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) ...)
@@ -24134,7 +24129,7 @@
 CVE-2009-0292 (SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows ...)
 	NOT-FOR-US: SHOP-INET
 CVE-2009-0291 (Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows ...)
-	NOT-FOR-US: OpenX
+	- openx <itp> (bug #513771)
 CVE-2009-0290 (Directory traversal vulnerability in common.php in SIR GNUBoard ...)
 	NOT-FOR-US: GNUBoard
 CVE-2009-0289 (k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to ...)




More information about the Secure-testing-commits mailing list