[Secure-testing-commits] r15395 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Thu Sep 30 00:51:18 UTC 2010
Author: geissert
Date: 2010-09-30 00:51:14 +0000 (Thu, 30 Sep 2010)
New Revision: 15395
Modified:
data/CVE/list
Log:
new issues: 8 mysql, 2 linux, 2 bind, cluster-agents, ffmpeg, gollem,
dimp1, imp4, horde3, libcloud
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-09-29 21:53:32 UTC (rev 15394)
+++ data/CVE/list 2010-09-30 00:51:14 UTC (rev 15395)
@@ -1,3 +1,28 @@
+CVE-2010-XXXX [bind9 two issues]
+ - bind9 <unfixed>
+ TODO: check
+ NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
+ NOTE: ACL bypass claimed to only affect >9.7.2: https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
+CVE-2010-XXXX [horde3 XSS and CSRF]
+ - horde3 <unfixed>
+ TODO: check
+ NOTE: http://lists.horde.org/archives/announce/2010/000568.html
+CVE-2010-XXXX [horde dimp XSS]
+ - dimp1 <unfixed>
+ NOTE: http://lists.horde.org/archives/announce/2010/000561.html
+ TODO: report
+CVE-2010-XXXX [horde imp4 XSS]
+ - imp4 <unfixed>
+ NOTE: http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html
+ TODO: report
+CVE-2010-XXXX [libcloud doesn't verify SSL certificate]
+ - libcloud <unfixed> (bug #598463)
+ TODO: check
+ NOTE: other similar python code should be reviewed
+CVE-2010-XXXX [horde gollem XSS]
+ - gollem <unfixed>
+ NOTE: http://bugs.horde.org/ticket/9191
+ TODO: report
CVE-2010-3688
NOT-FOR-US: NetArtMEDIA WebSiteAdmin
CVE-2010-3684
@@ -4,20 +29,52 @@
NOT-FOR-US: Synology Disk Station
CVE-2010-3683
RESERVED
+ - mysql-5.1 <unfixed>
+ - mysql-dfsg-5.0 <unfixed>
+ TODO: check
+ NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
CVE-2010-3682
RESERVED
+ - mysql-5.1 <unfixed>
+ - mysql-dfsg-5.0 <unfixed>
+ TODO: check
+ NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
CVE-2010-3681
RESERVED
+ - mysql-5.1 <unfixed>
+ - mysql-dfsg-5.0 <unfixed>
+ TODO: check
+ NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
CVE-2010-3680
RESERVED
+ - mysql-5.1 <unfixed>
+ - mysql-dfsg-5.0 <unfixed>
+ TODO: check
+ NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
CVE-2010-3679
RESERVED
+ - mysql-5.1 <unfixed>
+ - mysql-dfsg-5.0 <unfixed>
+ TODO: check
+ NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
CVE-2010-3678
RESERVED
+ - mysql-5.1 <unfixed>
+ - mysql-dfsg-5.0 <unfixed>
+ TODO: check
+ NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
CVE-2010-3677
RESERVED
+ - mysql-5.1 <unfixed>
+ - mysql-dfsg-5.0 <unfixed>
+ TODO: check
+ NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
CVE-2010-3676
RESERVED
+ - mysql-5.1 <unfixed>
+ - mysql-dfsg-5.0 <unfixed>
+ TODO: check
+ NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org
CVE-2010-3675
RESERVED
CVE-2010-3658
@@ -545,8 +602,11 @@
RESERVED
- quassel 0.7.1-1 (bug #597853)
NOTE: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/629774
-CVE-2010-3442
+CVE-2010-3442 [heap corruption in snd_ctl_new]
RESERVED
+ - linux-2.6 <unfixed>
+ TODO: check
+ NOTE: http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=5591bf07225523600450edd9e6ad258bb877b779
CVE-2010-3441
RESERVED
- abcm2ps 5.9.13-0.1 (low; bug #577014)
@@ -562,8 +622,9 @@
RESERVED
- libpoe-component-irc-perl 6.32+dfsg-1
[lenny] - libpoe-component-irc-perl 6.32+dfsg-1 (bug #581194)
-CVE-2010-3437
+CVE-2010-3437 [linux pktcdvd ioctl dev_minor missing range check]
RESERVED
+ - linux-2.6 <unfixed>
CVE-2010-3436
RESERVED
CVE-2010-3435
@@ -584,6 +645,9 @@
RESERVED
CVE-2010-3429
RESERVED
+ - ffmpeg <unfixed>
+ TODO: check
+ NOTE: http://www.ocert.org/advisories/ocert-2010-004.html
CVE-2010-XXXX [mingetty directory traversal]
- mingetty 1.07-2 (medium; bug #597382)
CVE-2010-XXXX [config file world readable]
@@ -713,6 +777,7 @@
RESERVED
CVE-2010-3389
RESERVED
+ - cluster-agents <unfixed> (bug #598549)
CVE-2010-3388
RESERVED
CVE-2010-3387
More information about the Secure-testing-commits
mailing list