[Secure-testing-commits] r15395 - data/CVE

Thu Sep 30 00:51:18 UTC 2010

Author: geissert
Date: 2010-09-30 00:51:14 +0000 (Thu, 30 Sep 2010)
New Revision: 15395

Modified:
   data/CVE/list
Log:
new issues: 8 mysql, 2 linux, 2 bind, cluster-agents, ffmpeg, gollem,
dimp1, imp4, horde3, libcloud


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-09-29 21:53:32 UTC (rev 15394)
+++ data/CVE/list	2010-09-30 00:51:14 UTC (rev 15395)
@@ -1,3 +1,28 @@
+CVE-2010-XXXX [bind9 two issues]
+	- bind9 <unfixed>
+	TODO: check
+	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
+	NOTE: ACL bypass claimed to only affect >9.7.2: https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
+CVE-2010-XXXX [horde3 XSS and CSRF]
+	- horde3 <unfixed>
+	TODO: check
+	NOTE: http://lists.horde.org/archives/announce/2010/000568.html
+CVE-2010-XXXX [horde dimp XSS]
+	- dimp1 <unfixed>
+	NOTE: http://lists.horde.org/archives/announce/2010/000561.html
+	TODO: report
+CVE-2010-XXXX [horde imp4 XSS]
+	- imp4 <unfixed>
+	NOTE: http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html
+	TODO: report
+CVE-2010-XXXX [libcloud doesn't verify SSL certificate]
+	- libcloud <unfixed> (bug #598463)
+	TODO: check
+	NOTE: other similar python code should be reviewed
+CVE-2010-XXXX [horde gollem XSS]
+	- gollem <unfixed>
+	NOTE: http://bugs.horde.org/ticket/9191
+	TODO: report
 CVE-2010-3688
 	NOT-FOR-US: NetArtMEDIA WebSiteAdmin
 CVE-2010-3684
@@ -4,20 +29,52 @@
 	NOT-FOR-US: Synology Disk Station
 CVE-2010-3683
 	RESERVED
+	- mysql-5.1 <unfixed>
+	- mysql-dfsg-5.0 <unfixed>
+	TODO: check
+	NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
 CVE-2010-3682
 	RESERVED
+	- mysql-5.1 <unfixed>
+	- mysql-dfsg-5.0 <unfixed>
+	TODO: check
+	NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
 CVE-2010-3681
 	RESERVED
+	- mysql-5.1 <unfixed>
+	- mysql-dfsg-5.0 <unfixed>
+	TODO: check
+	NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
 CVE-2010-3680
 	RESERVED
+	- mysql-5.1 <unfixed>
+	- mysql-dfsg-5.0 <unfixed>
+	TODO: check
+	NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
 CVE-2010-3679
 	RESERVED
+	- mysql-5.1 <unfixed>
+	- mysql-dfsg-5.0 <unfixed>
+	TODO: check
+	NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
 CVE-2010-3678
 	RESERVED
+	- mysql-5.1 <unfixed>
+	- mysql-dfsg-5.0 <unfixed>
+	TODO: check
+	NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
 CVE-2010-3677
 	RESERVED
+	- mysql-5.1 <unfixed>
+	- mysql-dfsg-5.0 <unfixed>
+	TODO: check
+	NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
 CVE-2010-3676
 	RESERVED
+	- mysql-5.1 <unfixed>
+	- mysql-dfsg-5.0 <unfixed>
+	TODO: check
+	NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
 CVE-2010-3675
 	RESERVED
 CVE-2010-3658
@@ -545,8 +602,11 @@
 	RESERVED
 	- quassel 0.7.1-1 (bug #597853)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/629774
-CVE-2010-3442
+CVE-2010-3442 [heap corruption in snd_ctl_new]
 	RESERVED
+	- linux-2.6 <unfixed>
+	TODO: check
+	NOTE: http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=5591bf07225523600450edd9e6ad258bb877b779
 CVE-2010-3441
 	RESERVED
 	- abcm2ps 5.9.13-0.1 (low; bug #577014)
@@ -562,8 +622,9 @@
 	RESERVED
 	- libpoe-component-irc-perl 6.32+dfsg-1
 	[lenny] - libpoe-component-irc-perl 6.32+dfsg-1 (bug #581194)
-CVE-2010-3437
+CVE-2010-3437 [linux pktcdvd ioctl dev_minor missing range check]
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2010-3436
 	RESERVED
 CVE-2010-3435
@@ -584,6 +645,9 @@
 	RESERVED
 CVE-2010-3429
 	RESERVED
+	- ffmpeg <unfixed>
+	TODO: check
+	NOTE: http://www.ocert.org/advisories/ocert-2010-004.html
 CVE-2010-XXXX [mingetty directory traversal]
 	- mingetty 1.07-2 (medium; bug #597382)
 CVE-2010-XXXX [config file world readable]
@@ -713,6 +777,7 @@
 	RESERVED
 CVE-2010-3389
 	RESERVED
+	- cluster-agents <unfixed> (bug #598549)
 CVE-2010-3388
 	RESERVED
 CVE-2010-3387


