[Secure-testing-commits] r15376 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Mon Sep 27 09:47:30 UTC 2010


Author: jmm-guest
Date: 2010-09-27 09:47:24 +0000 (Mon, 27 Sep 2010)
New Revision: 15376

Modified:
   data/CVE/list
   data/DSA/list
Log:
- egroupware finally CVEfied
- mingetty fixed
- upcoming kernel fixes


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-09-27 06:58:01 UTC (rev 15375)
+++ data/CVE/list	2010-09-27 09:47:24 UTC (rev 15376)
@@ -328,8 +328,9 @@
 	RESERVED
 CVE-2010-3433
 	RESERVED
-CVE-2010-3432
+CVE-2010-3432 [sctp: Do not reset the packet during sctp_packet_config()]
 	RESERVED
+	- linux-2.6 2.6.32-24
 CVE-2010-3431
 	RESERVED
 CVE-2010-3430
@@ -337,7 +338,7 @@
 CVE-2010-3429
 	RESERVED
 CVE-2010-XXXX [mingetty directory traversal]
-	- mingetty <unfixed> (medium; bug #597382)
+	- mingetty 1.07-2 (medium; bug #597382)
 CVE-2010-XXXX [config file world readable]
 	- sabnzbdplus 0.5.4-1 (low; bug #593829)
 CVE-2010-XXXX [pin shown locally in cleartext]
@@ -615,9 +616,11 @@
 CVE-2010-3315
 	RESERVED
 CVE-2010-3314 (Cross-site scripting (XSS) vulnerability in login.php in EGroupware ...)
-	- egroupware <removed>
+	- egroupware <removed> (high; bug #573279)
+	[lenny] - egroupware 1.4.004-2.dfsg-4.2
 CVE-2010-3313 (phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php ...)
-	- egroupware <removed>
+	- egroupware <removed> (high; bug #573279)
+	[lenny] - egroupware 1.4.004-2.dfsg-4.2
 CVE-2010-3312
 	RESERVED
 CVE-2010-3311
@@ -658,16 +661,13 @@
 	NOTE: http://usenix.org/events/woot10/tech/full_papers/Rizzo.pdf
 CVE-2010-3298 [net/usb/hso.c: reading uninitialized memory]
 	RESERVED
-	- linux-2.6 <unfixed>
-	NOTE: see RH's bugzilla
+	- linux-2.6 2.6.32-24
 CVE-2010-3297 [net/eql.c: reading uninitialized stack memory]
 	RESERVED
-	- linux-2.6 <unfixed>
-	NOTE: see RH's bugzilla
+	- linux-2.6 2.6.32-24
 CVE-2010-3296 [cxgb3/cxgb3_main.c reading uninitialized stack memory]
 	RESERVED
-	- linux-2.6 <unfixed>
-	NOTE: see RH's bugzilla
+	- linux-2.6 2.6.32-24
 CVE-2010-3295 [drivers/net/tulip/de4x5.c: reading uninitialized stack memory]
 	RESERVED
 	NOTE: assigned to linux-2.6, but claimed not a problem: http://www.openwall.com/lists/oss-security/2010/09/15/2
@@ -1270,7 +1270,6 @@
 	RESERVED
 	{DSA-2110-1}
 	- linux-2.6 2.6.32-23 (high)
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3081
 CVE-2010-3080 (Double free vulnerability in the snd_seq_oss_open function in ...)
 	{DSA-2110-1}
 	- linux-2.6 <unfixed>
@@ -1278,8 +1277,7 @@
 	RESERVED
 CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the ...)
 	{DSA-2110-1}
-	- linux-2.6 <unfixed>
-	NOTE: see RH's bugzilla
+	- linux-2.6 2.6.32-24
 CVE-2010-3077 [horde XSS in icon_browser.php]
 	RESERVED
 	- horde3 <unfixed>
@@ -1312,7 +1310,7 @@
 CVE-2010-3068
 	RESERVED
 CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the Linux ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-24
 CVE-2010-3066
 	RESERVED
 CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...)
@@ -7312,10 +7310,6 @@
 	- mediawiki 1:1.15.2-1 (low)
 	[lenny] - mediawiki 1:1.12.0-2lenny4
 	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
-CVE-2010-XXXX [egroupware issues]
-	- egroupware <removed> (high; bug #573279)
-	[lenny] - egroupware 1.4.004-2.dfsg-4.2
-	NOTE: DSA-2013
 CVE-2010-0946 (SQL injection vulnerability in the Keep It Simple Stupid (KISS) ...)
 	NOT-FOR-US: com_ksadvertiser component for Joomla!
 CVE-2010-0945 (SQL injection vulnerability in the HotBrackets Tournament Brackets ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2010-09-27 06:58:01 UTC (rev 15375)
+++ data/DSA/list	2010-09-27 09:47:24 UTC (rev 15376)
@@ -305,6 +305,7 @@
         {CVE-2010-0668 CVE-2010-0669 CVE-2010-0717}
 	[lenny] - moin 1.7.1-3+lenny3
 [11 Mar 2010] DSA-2013-1 egroupware - several vulnerabilities
+        {CVE-2010-3313 CVE-2010-3314}
 	[lenny] - egroupware 1.4.004-2.dfsg-4.2
 [11 Mar 2010] DSA-2012-1 linux-2.6 - several issues
 	{CVE-2009-3725 CVE-2010-0622}




More information about the Secure-testing-commits mailing list