[Secure-testing-commits] r15379 - data/CVE

[Raphael Geissert]

Author: geissert
Date: 2010-09-27 21:50:21 +0000 (Mon, 27 Sep 2010)
New Revision: 15379

Modified:
   data/CVE/list
Log:
new issues: wireshark, quassel, poppler, slurm


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-09-27 21:14:47 UTC (rev 15378)
+++ data/CVE/list	2010-09-27 21:50:21 UTC (rev 15379)
@@ -1,3 +1,14 @@
+CVE-2010-XXXX [wireshark: BER dissector]
+	- wireshark <unfixed>
+	TODO: check
+	NOTE: http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
+CVE-2010-XXXX [poppler multiple issues]
+	- poppler <unfixed>
+	TODO: check poppler and embedders
+	NOTE: http://secunia.com/advisories/41596/
+CVE-2010-XXXX [quassel CTCP DoS]
+	- quassel 0.7.1-1 (bug #597853)
+	NOTE: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/629774
 CVE-2010-3608 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote ...)
 	TODO: check
 CVE-2010-3607 (Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt ...)
@@ -514,8 +525,11 @@
 	RESERVED
 CVE-2010-3381
 	RESERVED
-CVE-2010-3380
+CVE-2010-3380 [slurm: insecure library loading]
 	RESERVED
+	- slurm-llnl <unfixed>
+	NOTE: Debian package ships its own, also vulnerable, init script. NOT fixed in 2.1.14-1
+	NOTE: http://sourceforge.net/projects/slurm/files//slurm/version_2.1/2.1.14/RELEASE_NOTES_2.1.14/view
 CVE-2010-3379
 	RESERVED
 CVE-2010-3378