[Secure-testing-commits] r15392 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Sep 29 21:14:56 UTC 2010
Author: joeyh
Date: 2010-09-29 21:14:49 +0000 (Wed, 29 Sep 2010)
New Revision: 15392
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-09-29 21:08:41 UTC (rev 15391)
+++ data/CVE/list 2010-09-29 21:14:49 UTC (rev 15392)
@@ -1,34 +1,184 @@
+CVE-2010-3683
+ RESERVED
+CVE-2010-3682
+ RESERVED
+CVE-2010-3681
+ RESERVED
+CVE-2010-3680
+ RESERVED
+CVE-2010-3679
+ RESERVED
+CVE-2010-3678
+ RESERVED
+CVE-2010-3677
+ RESERVED
+CVE-2010-3676
+ RESERVED
+CVE-2010-3675
+ RESERVED
+CVE-2010-3658
+ RESERVED
+CVE-2010-3657
+ RESERVED
+CVE-2010-3656
+ RESERVED
+CVE-2010-3655
+ RESERVED
+CVE-2010-3654
+ RESERVED
+CVE-2010-3653
+ RESERVED
+CVE-2010-3652
+ RESERVED
+CVE-2010-3651
+ RESERVED
+CVE-2010-3650
+ RESERVED
+CVE-2010-3649
+ RESERVED
+CVE-2010-3648
+ RESERVED
+CVE-2010-3647
+ RESERVED
+CVE-2010-3646
+ RESERVED
+CVE-2010-3645
+ RESERVED
+CVE-2010-3644
+ RESERVED
+CVE-2010-3643
+ RESERVED
+CVE-2010-3642
+ RESERVED
+CVE-2010-3641
+ RESERVED
+CVE-2010-3640
+ RESERVED
+CVE-2010-3639
+ RESERVED
+CVE-2010-3638
+ RESERVED
+CVE-2010-3637
+ RESERVED
+CVE-2010-3636
+ RESERVED
+CVE-2010-3635
+ RESERVED
+CVE-2010-3634
+ RESERVED
+CVE-2010-3633
+ RESERVED
+CVE-2010-3632
+ RESERVED
+CVE-2010-3631
+ RESERVED
+CVE-2010-3630
+ RESERVED
+CVE-2010-3629
+ RESERVED
+CVE-2010-3628
+ RESERVED
+CVE-2010-3627
+ RESERVED
+CVE-2010-3626
+ RESERVED
+CVE-2010-3625
+ RESERVED
+CVE-2010-3624
+ RESERVED
+CVE-2010-3623
+ RESERVED
+CVE-2010-3622
+ RESERVED
+CVE-2010-3621
+ RESERVED
+CVE-2010-3620
+ RESERVED
+CVE-2010-3619
+ RESERVED
+CVE-2010-3618
+ RESERVED
+CVE-2010-3617
+ RESERVED
+CVE-2010-3616
+ RESERVED
+CVE-2010-3615
+ RESERVED
+CVE-2010-3614
+ RESERVED
+CVE-2010-3613
+ RESERVED
+CVE-2010-3612
+ RESERVED
+CVE-2010-3611
+ RESERVED
+CVE-2010-3610
+ RESERVED
+CVE-2010-3609
+ RESERVED
CVE-2010-3659 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3660 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3661 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3662 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3663 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3664 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3665 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3666 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3667 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3668 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3669 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3670 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3671 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3672 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3673 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3674 [Multiple security issues]
+ RESERVED
+ {DSA-2098-1}
- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-XXXX [poppler multiple issues]
- kdegraphics 4.0
@@ -72,8 +222,8 @@
RESERVED
CVE-2010-3491
RESERVED
-CVE-2010-3490
- RESERVED
+CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the System ...)
+ TODO: check
CVE-2010-3489 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: CMS Digital Workroom
CVE-2010-3488 (Directory traversal vulnerability in QuickShare 1.0 allows remote ...)
@@ -848,8 +998,8 @@
- mailscanner <unfixed> (bug #596396; low)
CVE-2010-3278 (Multiple buffer overflows in the Novell Client novfs module for the ...)
NOT-FOR-US: novfs kernel module (only included in SUSE it seems)
-CVE-2010-3277
- RESERVED
+CVE-2010-3277 (The installer in VMware Workstation 7.x before 7.1.2 build 301548 and ...)
+ TODO: check
CVE-2010-3276
RESERVED
CVE-2010-3275
@@ -1380,8 +1530,8 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id={631881,631859}
CVE-2010-3088
RESERVED
-CVE-2010-3087
- RESERVED
+CVE-2010-3087 (LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote ...)
+ TODO: check
CVE-2010-3086
RESERVED
CVE-2010-3085 [mednafen stack overflow in network play]
@@ -1430,8 +1580,7 @@
RESERVED
- bip 0.8.6-1 (low; bug #595409)
[lenny] - bip <not-affected> (vulnerable code ('LINK(lc)->name') not in 0.7.4-2)
-CVE-2010-3070 [nusoap xss]
- RESERVED
+CVE-2010-3070 (Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in ...)
- nusoap 0.7.3-4 (low; bug #595248)
CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse ...)
{DSA-2109-1}
@@ -1704,8 +1853,7 @@
- squid3 <unfixed>
[lenny] - squid3 <not-affected> (vulnerable code introduced in 3.1.6)
NOTE: http://marc.info/?l=squid-users&m=128263555724981&w=2
-CVE-2010-2950 [phar string format]
- RESERVED
+CVE-2010-2950 (Format string vulnerability in stream.c in the phar extension in PHP ...)
- php5 <unfixed> (low)
[lenny] - php5 <not-affected> (phar extension introduced in 5.3)
CVE-2010-2947 (Heap-based buffer overflow in the HX_split function in string.c in ...)
@@ -3637,12 +3785,16 @@
CVE-2010-2232
RESERVED
CVE-2010-2231 (Cross-site request forgery (CSRF) vulnerability in ...)
+ {DSA-2115-1}
- moodle 1.9.9-1 (bug #586280)
CVE-2010-2230 (The KSES text cleaning filter in lib/weblib.php in Moodle before ...)
+ {DSA-2115-1}
- moodle 1.9.9-1 (bug #586280)
CVE-2010-2229 (Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php ...)
+ {DSA-2115-1}
- moodle 1.9.9-1 (bug #586280)
CVE-2010-2228 (Cross-site scripting (XSS) vulnerability in the MNET access-control ...)
+ {DSA-2115-1}
- moodle 1.9.9-1 (bug #586280)
CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 ...)
- tomcat5.5 <removed>
@@ -5328,24 +5480,31 @@
CVE-2009-4831 (Cerulean Studios Trillian 3.1 Basic does not check SSL certificates ...)
NOT-FOR-US: Cerulean Studios Trillian
CVE-2010-1619 (Cross-site scripting (XSS) vulnerability in the ...)
+ {DSA-2115-1}
- moodle 1.9.8-1 (low; bug #585425)
CVE-2010-1618 (Cross-site scripting (XSS) vulnerability in the phpCAS client library ...)
+ {DSA-2115-1}
- libphp-cas <itp> (bug #495542)
- moodle 1.9.8-1 (low; bug #574757)
- glpi <unfixed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
CVE-2010-1617 (user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 ...)
+ {DSA-2115-1}
- moodle 1.9.8-1 (unimportant; bug #585427)
NOTE: i have a hard time seeing the security impact, moodle is a course management
NOTE: system and the real names of your colleagues are probably not a secret, since
NOTE: a patch exists I filed a bug anyway
CVE-2010-1616 (Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when ...)
+ {DSA-2115-1}
- moodle 1.9.8-1
CVE-2010-1615 (Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 ...)
+ {DSA-2115-1}
- moodle 1.9.8-1
CVE-2010-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x ...)
+ {DSA-2115-1}
- moodle 1.9.8-1
CVE-2010-1613 (Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate ...)
+ {DSA-2115-1}
- moodle 1.9.8-1
CVE-2010-1596 (Support Incident Tracker before 3.51, when using LDAP authentication ...)
NOT-FOR-US: Support Incident Tracker
@@ -8983,8 +9142,7 @@
CVE-2010-0406 (OpenTTD before 1.0.1 allows remote attackers to cause a denial of ...)
- openttd 1.0.1-1
[lenny] - openttd 0.6.2-1+lenny2
-CVE-2010-0405
- RESERVED
+CVE-2010-0405 (Integer overflow in the BZ2_decompress function in decompress.c in ...)
{DSA-2112-1}
- bzip2 1.0.5-6
- clamav 0.96.3+dfsg-1
@@ -11048,6 +11206,7 @@
- moodle 1.8.2.dfsg-6 (medium; bug #559531)
NOTE: MSA-09-0031
CVE-2009-4304 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random ...)
+ {DSA-2115-1}
- moodle 1.9.8-1 (bug #559531)
[lenny] - moodle <no-dsa> (Minor issue)
[etch] - moodle <no-dsa> (Minor issue)
@@ -11065,6 +11224,7 @@
- moodle 1.8.2.dfsg-6 (bug #559531)
NOTE: MSA-09-0026
CVE-2009-4300 (Multiple unspecified authentication plugins in Moodle 1.8 before ...)
+ {DSA-2115-1}
- moodle 1.9.8-1 (bug #559531)
[lenny] - moodle <no-dsa> (Minor issue)
[etch] - moodle <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list