[Secure-testing-commits] r15392 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Sep 29 21:14:56 UTC 2010


Author: joeyh
Date: 2010-09-29 21:14:49 +0000 (Wed, 29 Sep 2010)
New Revision: 15392

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-09-29 21:08:41 UTC (rev 15391)
+++ data/CVE/list	2010-09-29 21:14:49 UTC (rev 15392)
@@ -1,34 +1,184 @@
+CVE-2010-3683
+	RESERVED
+CVE-2010-3682
+	RESERVED
+CVE-2010-3681
+	RESERVED
+CVE-2010-3680
+	RESERVED
+CVE-2010-3679
+	RESERVED
+CVE-2010-3678
+	RESERVED
+CVE-2010-3677
+	RESERVED
+CVE-2010-3676
+	RESERVED
+CVE-2010-3675
+	RESERVED
+CVE-2010-3658
+	RESERVED
+CVE-2010-3657
+	RESERVED
+CVE-2010-3656
+	RESERVED
+CVE-2010-3655
+	RESERVED
+CVE-2010-3654
+	RESERVED
+CVE-2010-3653
+	RESERVED
+CVE-2010-3652
+	RESERVED
+CVE-2010-3651
+	RESERVED
+CVE-2010-3650
+	RESERVED
+CVE-2010-3649
+	RESERVED
+CVE-2010-3648
+	RESERVED
+CVE-2010-3647
+	RESERVED
+CVE-2010-3646
+	RESERVED
+CVE-2010-3645
+	RESERVED
+CVE-2010-3644
+	RESERVED
+CVE-2010-3643
+	RESERVED
+CVE-2010-3642
+	RESERVED
+CVE-2010-3641
+	RESERVED
+CVE-2010-3640
+	RESERVED
+CVE-2010-3639
+	RESERVED
+CVE-2010-3638
+	RESERVED
+CVE-2010-3637
+	RESERVED
+CVE-2010-3636
+	RESERVED
+CVE-2010-3635
+	RESERVED
+CVE-2010-3634
+	RESERVED
+CVE-2010-3633
+	RESERVED
+CVE-2010-3632
+	RESERVED
+CVE-2010-3631
+	RESERVED
+CVE-2010-3630
+	RESERVED
+CVE-2010-3629
+	RESERVED
+CVE-2010-3628
+	RESERVED
+CVE-2010-3627
+	RESERVED
+CVE-2010-3626
+	RESERVED
+CVE-2010-3625
+	RESERVED
+CVE-2010-3624
+	RESERVED
+CVE-2010-3623
+	RESERVED
+CVE-2010-3622
+	RESERVED
+CVE-2010-3621
+	RESERVED
+CVE-2010-3620
+	RESERVED
+CVE-2010-3619
+	RESERVED
+CVE-2010-3618
+	RESERVED
+CVE-2010-3617
+	RESERVED
+CVE-2010-3616
+	RESERVED
+CVE-2010-3615
+	RESERVED
+CVE-2010-3614
+	RESERVED
+CVE-2010-3613
+	RESERVED
+CVE-2010-3612
+	RESERVED
+CVE-2010-3611
+	RESERVED
+CVE-2010-3610
+	RESERVED
+CVE-2010-3609
+	RESERVED
 CVE-2010-3659 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3660 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3661 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3662 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3663 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3664 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3665 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3666 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3667 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3668 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3669 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3670 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3671 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3672 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3673 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3674 [Multiple security issues]
+	RESERVED
+	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-XXXX [poppler multiple issues]
 	- kdegraphics 4.0
@@ -72,8 +222,8 @@
 	RESERVED
 CVE-2010-3491
 	RESERVED
-CVE-2010-3490
-	RESERVED
+CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the System ...)
+	TODO: check
 CVE-2010-3489 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: CMS Digital Workroom
 CVE-2010-3488 (Directory traversal vulnerability in QuickShare 1.0 allows remote ...)
@@ -848,8 +998,8 @@
 	- mailscanner <unfixed> (bug #596396; low)
 CVE-2010-3278 (Multiple buffer overflows in the Novell Client novfs module for the ...)
 	NOT-FOR-US: novfs kernel module (only included in SUSE it seems)
-CVE-2010-3277
-	RESERVED
+CVE-2010-3277 (The installer in VMware Workstation 7.x before 7.1.2 build 301548 and ...)
+	TODO: check
 CVE-2010-3276
 	RESERVED
 CVE-2010-3275
@@ -1380,8 +1530,8 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id={631881,631859}
 CVE-2010-3088
 	RESERVED
-CVE-2010-3087
-	RESERVED
+CVE-2010-3087 (LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote ...)
+	TODO: check
 CVE-2010-3086
 	RESERVED
 CVE-2010-3085 [mednafen stack overflow in network play]
@@ -1430,8 +1580,7 @@
 	RESERVED
 	- bip 0.8.6-1 (low; bug #595409)
 	[lenny] - bip <not-affected> (vulnerable code ('LINK(lc)->name') not in 0.7.4-2)
-CVE-2010-3070 [nusoap xss]
-	RESERVED
+CVE-2010-3070 (Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in ...)
 	- nusoap 0.7.3-4 (low; bug #595248)
 CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse ...)
 	{DSA-2109-1}
@@ -1704,8 +1853,7 @@
 	- squid3 <unfixed>
 	[lenny] - squid3 <not-affected> (vulnerable code introduced in 3.1.6)
 	NOTE: http://marc.info/?l=squid-users&m=128263555724981&w=2
-CVE-2010-2950 [phar string format]
-	RESERVED
+CVE-2010-2950 (Format string vulnerability in stream.c in the phar extension in PHP ...)
 	- php5 <unfixed> (low)
 	[lenny] - php5 <not-affected> (phar extension introduced in 5.3)
 CVE-2010-2947 (Heap-based buffer overflow in the HX_split function in string.c in ...)
@@ -3637,12 +3785,16 @@
 CVE-2010-2232
 	RESERVED
 CVE-2010-2231 (Cross-site request forgery (CSRF) vulnerability in ...)
+	{DSA-2115-1}
 	- moodle 1.9.9-1 (bug #586280)
 CVE-2010-2230 (The KSES text cleaning filter in lib/weblib.php in Moodle before ...)
+	{DSA-2115-1}
 	- moodle 1.9.9-1 (bug #586280)
 CVE-2010-2229 (Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php ...)
+	{DSA-2115-1}
 	- moodle 1.9.9-1 (bug #586280)
 CVE-2010-2228 (Cross-site scripting (XSS) vulnerability in the MNET access-control ...)
+	{DSA-2115-1}
 	- moodle 1.9.9-1 (bug #586280)
 CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 ...)
 	- tomcat5.5 <removed>
@@ -5328,24 +5480,31 @@
 CVE-2009-4831 (Cerulean Studios Trillian 3.1 Basic does not check SSL certificates ...)
 	NOT-FOR-US: Cerulean Studios Trillian
 CVE-2010-1619 (Cross-site scripting (XSS) vulnerability in the ...)
+	{DSA-2115-1}
 	- moodle 1.9.8-1 (low; bug #585425)
 CVE-2010-1618 (Cross-site scripting (XSS) vulnerability in the phpCAS client library ...)
+	{DSA-2115-1}
 	- libphp-cas <itp> (bug #495542)
 	- moodle 1.9.8-1 (low; bug #574757)
 	- glpi <unfixed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2010-1617 (user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 ...)
+	{DSA-2115-1}
 	- moodle 1.9.8-1 (unimportant; bug #585427)
 	NOTE: i have a hard time seeing the security impact, moodle is a course management
 	NOTE: system and the real names of your colleagues are probably not a secret, since
 	NOTE: a patch exists I filed a bug anyway
 CVE-2010-1616 (Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when ...)
+	{DSA-2115-1}
 	- moodle 1.9.8-1 
 CVE-2010-1615 (Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 ...)
+	{DSA-2115-1}
 	- moodle 1.9.8-1 
 CVE-2010-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x ...)
+	{DSA-2115-1}
 	- moodle 1.9.8-1 
 CVE-2010-1613 (Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the &quot;Regenerate ...)
+	{DSA-2115-1}
 	- moodle 1.9.8-1 
 CVE-2010-1596 (Support Incident Tracker before 3.51, when using LDAP authentication ...)
 	NOT-FOR-US: Support Incident Tracker
@@ -8983,8 +9142,7 @@
 CVE-2010-0406 (OpenTTD before 1.0.1 allows remote attackers to cause a denial of ...)
 	- openttd 1.0.1-1
 	[lenny] - openttd 0.6.2-1+lenny2
-CVE-2010-0405
-	RESERVED
+CVE-2010-0405 (Integer overflow in the BZ2_decompress function in decompress.c in ...)
 	{DSA-2112-1}
 	- bzip2 1.0.5-6
 	- clamav 0.96.3+dfsg-1
@@ -11048,6 +11206,7 @@
 	- moodle 1.8.2.dfsg-6 (medium; bug #559531)
 	NOTE: MSA-09-0031
 CVE-2009-4304 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random ...)
+	{DSA-2115-1}
 	- moodle 1.9.8-1 (bug #559531)
 	[lenny] - moodle <no-dsa> (Minor issue)
 	[etch] - moodle <no-dsa> (Minor issue)
@@ -11065,6 +11224,7 @@
 	- moodle 1.8.2.dfsg-6 (bug #559531)
 	NOTE: MSA-09-0026
 CVE-2009-4300 (Multiple unspecified authentication plugins in Moodle 1.8 before ...)
+	{DSA-2115-1}
 	- moodle 1.9.8-1 (bug #559531)
 	[lenny] - moodle <no-dsa> (Minor issue)
 	[etch] - moodle <no-dsa> (Minor issue)




More information about the Secure-testing-commits mailing list