[Secure-testing-commits] r15366 - data/CVE

Thu Sep 23 01:08:19 UTC 2010

Author: gilbert-guest
Date: 2010-09-23 01:08:13 +0000 (Thu, 23 Sep 2010)
New Revision: 15366

Modified:
   data/CVE/list
Log:
new kernel issues and some nfus

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-09-23 00:34:52 UTC (rev 15365)
+++ data/CVE/list	2010-09-23 01:08:13 UTC (rev 15366)
@@ -1,7 +1,7 @@
 CVE-2010-3478
 	RESERVED
 CVE-2010-3477 (The tcf_act_police_dump function in net/sched/act_police.c in the ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2010-3600
 	RESERVED
 CVE-2010-3599
@@ -554,7 +554,7 @@
 CVE-2010-3325
 	RESERVED
 CVE-2010-3324 (The toStaticHTML function in Microsoft Internet Explorer 8 allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-3323 (Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session ...)
 	NOT-FOR-US: Splunk
 CVE-2010-3322 (The XML parser in Splunk 4.0.0 through 4.1.4 allows remote ...)
@@ -676,7 +676,7 @@
 	RESERVED
 	- mailscanner <unfixed> (bug #596396; low)
 CVE-2010-3278 (Multiple buffer overflows in the Novell Client novfs module for the ...)
-	TODO: check
+	NOT-FOR-US: novfs kernel module (only included in SUSE it seems)
 CVE-2010-3277
 	RESERVED
 CVE-2010-3276
@@ -879,7 +879,7 @@
 CVE-2010-3201
 	RESERVED
 CVE-2010-3200 (MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Word
 CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 ...)
 	NOT-FOR-US: TortoiseSVN
 CVE-2010-3198 (ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows ...)
@@ -1272,7 +1272,7 @@
 CVE-2010-3068
 	RESERVED
 CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the Linux ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2010-3066
 	RESERVED
 CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...)
@@ -1389,9 +1389,9 @@
 CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 ...)
 	NOT-FOR-US: Pligg
 CVE-2010-3012 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
-	TODO: check
+	NOT-FOR-US: HP System Management Homepage
 CVE-2010-3011 (CRLF injection vulnerability in HP System Management Homepage (SMH) ...)
-	TODO: check
+	NOT-FOR-US: HP System Management Homepage
 CVE-2010-3010 (Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect ...)
 	NOT-FOR-US: HP 3Com OfficeConnect
 CVE-2010-3009 (Unspecified vulnerability in HP System Management Homepage (SMH) for ...)
@@ -1508,7 +1508,7 @@
 CVE-2010-2962
 	RESERVED
 CVE-2010-2961 (mountall.c in mountall before 2.15.2 uses 0666 permissions for the ...)
-	TODO: check
+	NOT-FOR-US: mountall
 CVE-2010-2960 (The keyctl_session_to_parent function in security/keys/keyctl.c in the ...)
 	- linux-2.6 2.6.32-23 
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.32)
@@ -4522,7 +4522,7 @@
 CVE-2010-1821
 	RESERVED
 CVE-2010-1820 (Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through ...)
-	TODO: check
+	NOT-FOR-US: Apple Filing Protocol Server
 CVE-2010-1819
 	RESERVED
 CVE-2010-1818 (The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple ...)
@@ -7780,7 +7780,7 @@
 CVE-2010-0782
 	RESERVED
 CVE-2010-0781 (Unspecified vulnerability in the administrative console in IBM ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-0780
 	RESERVED
 CVE-2010-0779 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
@@ -8753,7 +8753,6 @@
 CVE-2010-0435 (The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise ...)
 	- linux-2.6 <undetermined>
 	- kvm <removed>
-	TODO: check
 CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP ...)
 	{DSA-2035-1}
 	- apache2 2.2.15-1


