[Secure-testing-commits] r15826 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Jan 10 21:14:35 UTC 2011


Author: joeyh
Date: 2011-01-10 21:14:35 +0000 (Mon, 10 Jan 2011)
New Revision: 15826

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-10 17:31:36 UTC (rev 15825)
+++ data/CVE/list	2011-01-10 21:14:35 UTC (rev 15826)
@@ -1,3 +1,281 @@
+CVE-2011-0397
+	RESERVED
+CVE-2011-0396
+	RESERVED
+CVE-2011-0395
+	RESERVED
+CVE-2011-0394
+	RESERVED
+CVE-2011-0393
+	RESERVED
+CVE-2011-0392
+	RESERVED
+CVE-2011-0391
+	RESERVED
+CVE-2011-0390
+	RESERVED
+CVE-2011-0389
+	RESERVED
+CVE-2011-0388
+	RESERVED
+CVE-2011-0387
+	RESERVED
+CVE-2011-0386
+	RESERVED
+CVE-2011-0385
+	RESERVED
+CVE-2011-0384
+	RESERVED
+CVE-2011-0383
+	RESERVED
+CVE-2011-0382
+	RESERVED
+CVE-2011-0381
+	RESERVED
+CVE-2011-0380
+	RESERVED
+CVE-2011-0379
+	RESERVED
+CVE-2011-0378
+	RESERVED
+CVE-2011-0377
+	RESERVED
+CVE-2011-0376
+	RESERVED
+CVE-2011-0375
+	RESERVED
+CVE-2011-0374
+	RESERVED
+CVE-2011-0373
+	RESERVED
+CVE-2011-0372
+	RESERVED
+CVE-2011-0371
+	RESERVED
+CVE-2011-0370
+	RESERVED
+CVE-2011-0369
+	RESERVED
+CVE-2011-0368
+	RESERVED
+CVE-2011-0367
+	RESERVED
+CVE-2011-0366
+	RESERVED
+CVE-2011-0365
+	RESERVED
+CVE-2011-0364
+	RESERVED
+CVE-2011-0363
+	RESERVED
+CVE-2011-0362
+	RESERVED
+CVE-2011-0361
+	RESERVED
+CVE-2011-0360
+	RESERVED
+CVE-2011-0359
+	RESERVED
+CVE-2011-0358
+	RESERVED
+CVE-2011-0357
+	RESERVED
+CVE-2011-0356
+	RESERVED
+CVE-2011-0355
+	RESERVED
+CVE-2011-0354
+	RESERVED
+CVE-2011-0353
+	RESERVED
+CVE-2011-0352
+	RESERVED
+CVE-2011-0351
+	RESERVED
+CVE-2011-0350
+	RESERVED
+CVE-2011-0349
+	RESERVED
+CVE-2011-0348
+	RESERVED
+CVE-2011-0347 (Microsoft Internet Explorer on Windows XP allows remote attackers to ...)
+	TODO: check
+CVE-2011-0346 (Use-after-free vulnerability in the ReleaseInterface function in ...)
+	TODO: check
+CVE-2011-0345
+	RESERVED
+CVE-2011-0344
+	RESERVED
+CVE-2011-0342
+	RESERVED
+CVE-2011-0341
+	RESERVED
+CVE-2011-0340
+	RESERVED
+CVE-2011-0339
+	RESERVED
+CVE-2011-0338
+	RESERVED
+CVE-2011-0337
+	RESERVED
+CVE-2011-0336
+	RESERVED
+CVE-2011-0335
+	RESERVED
+CVE-2011-0334
+	RESERVED
+CVE-2011-0333
+	RESERVED
+CVE-2011-0332
+	RESERVED
+CVE-2011-0331
+	RESERVED
+CVE-2011-0330
+	RESERVED
+CVE-2011-0329
+	RESERVED
+CVE-2011-0328
+	RESERVED
+CVE-2011-0327
+	RESERVED
+CVE-2011-0326
+	RESERVED
+CVE-2011-0325
+	RESERVED
+CVE-2011-0324
+	RESERVED
+CVE-2011-0323
+	RESERVED
+CVE-2011-0322
+	RESERVED
+CVE-2011-0321
+	RESERVED
+CVE-2011-0320
+	RESERVED
+CVE-2011-0319
+	RESERVED
+CVE-2011-0318
+	RESERVED
+CVE-2011-0317
+	RESERVED
+CVE-2011-0316
+	RESERVED
+CVE-2011-0315
+	RESERVED
+CVE-2011-0314
+	RESERVED
+CVE-2011-0313
+	RESERVED
+CVE-2011-0312
+	RESERVED
+CVE-2011-0311
+	RESERVED
+CVE-2011-0310
+	RESERVED
+CVE-2011-0309
+	RESERVED
+CVE-2011-0308
+	RESERVED
+CVE-2011-0307
+	RESERVED
+CVE-2011-0306
+	RESERVED
+CVE-2011-0305
+	RESERVED
+CVE-2011-0304
+	RESERVED
+CVE-2011-0303
+	RESERVED
+CVE-2011-0302
+	RESERVED
+CVE-2011-0301
+	RESERVED
+CVE-2011-0300
+	RESERVED
+CVE-2011-0299
+	RESERVED
+CVE-2011-0298
+	RESERVED
+CVE-2011-0297
+	RESERVED
+CVE-2011-0296
+	RESERVED
+CVE-2011-0295
+	RESERVED
+CVE-2011-0294
+	RESERVED
+CVE-2011-0293
+	RESERVED
+CVE-2011-0292
+	RESERVED
+CVE-2011-0291
+	RESERVED
+CVE-2011-0290
+	RESERVED
+CVE-2011-0289
+	RESERVED
+CVE-2011-0288
+	RESERVED
+CVE-2011-0287
+	RESERVED
+CVE-2011-0286
+	RESERVED
+CVE-2010-4692 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
+	TODO: check
+CVE-2010-4691 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
+	TODO: check
+CVE-2010-4690 (The Mobile User Security (MUS) service on Cisco Adaptive Security ...)
+	TODO: check
+CVE-2010-4689 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
+	TODO: check
+CVE-2010-4688 (Unspecified vulnerability in the SIP inspection feature on Cisco ...)
+	TODO: check
+CVE-2010-4687 (STCAPP (aka the SCCP telephony control application) on Cisco IOS ...)
+	TODO: check
+CVE-2010-4686 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not ...)
+	TODO: check
+CVE-2010-4685 (Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a ...)
+	TODO: check
+CVE-2010-4684 (Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, ...)
+	TODO: check
+CVE-2010-4683 (Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote ...)
+	TODO: check
+CVE-2010-4682 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series ...)
+	TODO: check
+CVE-2010-4681 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
+	TODO: check
+CVE-2010-4680 (The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) ...)
+	TODO: check
+CVE-2010-4679 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
+	TODO: check
+CVE-2010-4678 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
+	TODO: check
+CVE-2010-4677 (emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices ...)
+	TODO: check
+CVE-2010-4676 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
+	TODO: check
+CVE-2010-4675 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
+	TODO: check
+CVE-2010-4674 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
+	TODO: check
+CVE-2010-4673 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
+	TODO: check
+CVE-2010-4672 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
+	TODO: check
+CVE-2010-4671 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
+	TODO: check
+CVE-2010-4670 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
+	TODO: check
+CVE-2010-4669 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
+	TODO: check
+CVE-2009-5040 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote ...)
+	TODO: check
+CVE-2009-5039 (Memory leak in the gk_circuit_info_do_in_acf function in the H.323 ...)
+	TODO: check
+CVE-2009-5038 (Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during ...)
+	TODO: check
+CVE-2009-5037 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
+	TODO: check
 CVE-2011-XXXX
 	- xdigger <removed> (bug #609096)
 	[lenny] - xdigger <no-dsa> (Minor issue)
@@ -16,6 +294,7 @@
 	- zhcon <unfixed> (bug #608981)
 	TODO: check
 CVE-2011-0343 [syslog-ng log permissions]
+	RESERVED
 	- syslog-ng 3.1.3-2 (bug #608491)
 	[lenny] - syslog-ng <not-affected> (Freebsd-specific, which is not supported in Lenny)
 CVE-2010-XXXX [XSS in ftpls]
@@ -85,8 +364,7 @@
 	RESERVED
 CVE-2010-4646
 	RESERVED
-CVE-2010-4644 [fix server-side memory leaks triggered by 'blame -g']
-	RESERVED
+CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 ...)
 	- subversion 1.6.12dfsg-3 (bug #608989)
 	NOTE: http://www.openwall.com/lists/oss-security/2011/01/04/8
 CVE-2010-4643
@@ -137,17 +415,13 @@
 	RESERVED
 CVE-2010-4620
 	RESERVED
-CVE-2010-4543 [heap overflow read_channel_data() in file-psp.c]
-	RESERVED
+CVE-2010-4543 (Heap-based buffer overflow in the read_channel_data function in ...)
 	- gimp <unfixed> (bug #608497)
-CVE-2010-4542 [GFIG plugin stack buffer overflow]
-	RESERVED
+CVE-2010-4542 (Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11 allows ...)
 	- gimp <unfixed> (bug #608497)
-CVE-2010-4541 [SPHERE DESIGNER plugin stack buffer overflow]
-	RESERVED
+CVE-2010-4541 (Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP ...)
 	- gimp <unfixed> (bug #608497)
-CVE-2010-4540 [LIGHTING EFFECTS > LIGHT plugin stack buffer overflow]
-	RESERVED
+CVE-2010-4540 (Stack-based buffer overflow in the &quot;LIGHTING EFFECTS &gt; LIGHT&quot; plugin ...)
 	- gimp <unfixed> (bug #608497)
 CVE-2010-4619 (SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka ...)
 	NOT-FOR-US: Mafya Oyun Scrpti
@@ -768,8 +1042,7 @@
 	NOT-FOR-US: Invensys Wonderware InBatch
 CVE-2010-4556 (Stack-based buffer overflow in the SapThemeRepository ActiveX control ...)
 	NOT-FOR-US: SAP NetWeaver Business Client
-CVE-2010-4523
-	RESERVED
+CVE-2010-4523 (Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 ...)
 	- opensc 0.11.13-1.1 (low; bug #607427)
 	[lenny] - opensc <no-dsa> (Minor issue)
 CVE-2010-4555
@@ -856,12 +1129,10 @@
 	- wordpress 3.0.3-1 (bug #606657)
 	[lenny] - wordpress <not-affected> (vulnerable code not present)
 	NOTE: http://core.trac.wordpress.org/changeset/16803
-CVE-2010-4539 [crash in mod_dav_svn when using SVNParentPath]
-	RESERVED
+CVE-2010-4539 (The walk function in repos.c in the mod_dav_svn module for the Apache ...)
 	- subversion 1.6.12dfsg-4 (bug #608989)
 	NOTE: http://www.openwall.com/lists/oss-security/2011/01/04/8
-CVE-2010-4538 [ENTTEC dissector overflow]
-	RESERVED
+CVE-2010-4538 (Buffer overflow in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 ...)
 	- wireshark <unfixed> (bug #608990)
 CVE-2010-4537
 	RESERVED
@@ -900,8 +1171,7 @@
 CVE-2010-4529
 	RESERVED
 	- linux-2.6 2.6.32-30
-CVE-2010-4528 [pidgin msn issue]
-	RESERVED
+CVE-2010-4528 (directconn.c in the MSN protocol plugin in libpurple 2.7.6 through ...)
 	- pidgin 2.7.9-1 (bug #608331; medium)
 CVE-2010-4527
 	RESERVED
@@ -1042,17 +1312,17 @@
 	RESERVED
 CVE-2011-0001
 	RESERVED
-CVE-2010-4499
-	RESERVED
-CVE-2010-4498
-	RESERVED
-CVE-2010-4497
-	RESERVED
-CVE-2010-4496
-	RESERVED
+CVE-2010-4499 (Session fixation vulnerability in Collaborative Information Manager ...)
+	TODO: check
+CVE-2010-4498 (Unspecified vulnerability in Collaborative Information Manager server, ...)
+	TODO: check
+CVE-2010-4497 (Cross-site scripting (XSS) vulnerability in Collaborative Information ...)
+	TODO: check
+CVE-2010-4496 (Multiple SQL injection vulnerabilities in Collaborative Information ...)
+	TODO: check
 CVE-2010-4495 (Unspecified vulnerability in the ActiveMatrix Runtime component in ...)
 	NOT-FOR-US: TIBCO ActiveMatrix
-CVE-2010-4494 (Double free vulnerability in Google Chrome before 8.0.552.215 allows ...)
+CVE-2010-4494 (Double free vulnerability in libxml2 2.7.8 and other versions, as used ...)
 	{DSA-2137-1}
 	- libxml2 2.7.8.dfsg-2 (bug #607922) 
 	- chromium-browser 5.0.375.29~r46008-1 
@@ -1465,12 +1735,12 @@
 	RESERVED
 CVE-2010-4325
 	RESERVED
-CVE-2010-4324
-	RESERVED
+CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form in the ...)
+	TODO: check
 CVE-2010-4323
 	RESERVED
-CVE-2010-4322
-	RESERVED
+CVE-2010-4322 (Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell ...)
+	TODO: check
 CVE-2010-4321 (Stack-based buffer overflow in an ActiveX control in ienipp.ocx in ...)
 	NOT-FOR-US: Novell iPrint client
 CVE-2010-4320
@@ -1926,8 +2196,7 @@
 	[lenny] - proftpd-dfsg <no-dsa> (Minor issue)
 CVE-2010-4203 (WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google ...)
 	- libvpx 0.9.1-2 (bug #602693)
-CVE-2010-4160
-	RESERVED
+CVE-2010-4160 (Multiple integer overflows in the (1) pppol2tp_sendmsg function in ...)
 	- linux-2.6 <unfixed> (low)
 CVE-2010-4158 (The sk_run_filter function in net/core/filter.c in the Linux kernel ...)
 	- linux-2.6 2.6.32-29 (low)
@@ -2009,7 +2278,7 @@
 	NOT-FOR-US: HP StorageWorks
 CVE-2010-4114 (Cross-site scripting (XSS) vulnerability in HP Discovery &amp; Dependency ...)
 	NOT-FOR-US: HP DDMI
-CVE-2010-4113 (Unspecified vulnerability in HP Power Manager (HPPM) before 4.3.2 ...)
+CVE-2010-4113 (Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 ...)
 	NOT-FOR-US: HP HPPM
 CVE-2010-4112 (HP Insight Management Agents before 8.6 allows remote attackers to ...)
 	NOT-FOR-US: HP Insight Management Agents
@@ -2339,8 +2608,8 @@
 	NOT-FOR-US: HP VCEM
 CVE-2010-3985 (Cross-site scripting (XSS) vulnerability in HP Operations ...)
 	NOT-FOR-US: HP Operations Orchestration
-CVE-2010-3984
-	RESERVED
+CVE-2010-3984 (Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 ...)
+	TODO: check
 CVE-2010-3983 (CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote ...)
 	NOT-FOR-US: SAP BusinessObjects Enterprise
 CVE-2010-3982 (SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to ...)
@@ -2367,7 +2636,7 @@
 	NOT-FOR-US: Microsoft Internet Information Services
 CVE-2010-3971 (Use-after-free vulnerability in the CSharedStyleSheet::Notify function ...)
 	NOT-FOR-US: Microsoft Internet Explorer 7 and 8
-CVE-2010-3970 (Unspecified vulnerability in Microsoft Windows has unknown impact and ...)
+CVE-2010-3970 (Stack-based buffer overflow in the CreateSizedDIBSECTION function in ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-3969
 	RESERVED
@@ -2617,8 +2886,7 @@
 	- linux-2.6 2.6.32-27
 CVE-2010-3857
 	RESERVED
-CVE-2010-3856
-	RESERVED
+CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and ...)
 	{DSA-2122-1}
 	- glibc <removed>
 	- eglibc <unfixed> (bug #600667)
@@ -2643,8 +2911,7 @@
 CVE-2010-3848 (Stack-based buffer overflow in the econet_sendmsg function in ...)
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-28
-CVE-2010-3847
-	RESERVED
+CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) ...)
 	{DSA-2122-1}
 	- eglibc 2.11.2-7 (bug #600667)
 	- glibc <removed>
@@ -4141,8 +4408,7 @@
 CVE-2010-3312 (Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, ...)
 	- epiphany-browser 2.29.91-1 (bug #564690)
 	[lenny] - epiphany-browser <not-affected> (Introduced with the switch to webkit after Lenny release)
-CVE-2010-3311 [freetype heap-based buffer overflow]
-	RESERVED
+CVE-2010-3311 (Integer overflow in base/ftstream.c in libXft (aka the X FreeType ...)
 	{DSA-2116-1}
 	- freetype 2.4.0-1
 	NOTE: Only the 2.3.x series is affected
@@ -4401,7 +4667,7 @@
 	NOT-FOR-US: Microsoft Word
 CVE-2010-3218 (Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote ...)
 	NOT-FOR-US: Microsoft Word
-CVE-2010-3217 (Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary ...)
+CVE-2010-3217 (Double free vulnerability in Microsoft Word 2002 SP3 allows remote ...)
 	NOT-FOR-US: Microsoft Word
 CVE-2010-3216 (Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers ...)
 	NOT-FOR-US: Microsoft Word
@@ -4435,8 +4701,8 @@
 	- vlc <not-affected> (Windows-specific)
 CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 ...)
 	NOT-FOR-US: flock
-CVE-2010-3201
-	RESERVED
+CVE-2010-3201 (Cross-site scripting (XSS) vulnerability in NetWin Surgemail before ...)
+	TODO: check
 CVE-2010-3200 (MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote ...)
 	NOT-FOR-US: Microsoft Word
 CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 ...)
@@ -4473,7 +4739,7 @@
 	RESERVED
 CVE-2010-3184
 	RESERVED
-CVE-2010-3183 (The LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and ...)
+CVE-2010-3183 (The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox ...)
 	{DSA-2124-1}
 	- xulrunner <removed>
 	- iceweasel 3.5.14-1
@@ -6045,17 +6311,13 @@
 	NOTE: http://trac.webkit.org/changeset/58957
 CVE-2010-2644 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 ...)
 	NOT-FOR-US: IBM WebSphere Service Registry and Repository
-CVE-2010-2643
-	RESERVED
+CVE-2010-2643 (Integer overflow in the TFM font parser in the dvi-backend component ...)
 	- evince <unfixed> (bug #609534)
-CVE-2010-2642
-	RESERVED
+CVE-2010-2642 (Heap-based buffer overflow in the AFM font parser in the dvi-backend ...)
 	- evince <unfixed> (bug #609534)
-CVE-2010-2641
-	RESERVED
+CVE-2010-2641 (Array index error in the VF font parser in the dvi-backend component ...)
 	- evince <unfixed> (bug #609534)
-CVE-2010-2640
-	RESERVED
+CVE-2010-2640 (Array index error in the PK font parser in the dvi-backend component ...)
 	- evince <unfixed> (bug #609534)
 CVE-2010-2639 (IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote ...)
 	NOT-FOR-US: IBM WebSphere Commerce Enterprise 7.0
@@ -13178,8 +13440,8 @@
 	RESERVED
 CVE-2010-0216
 	RESERVED
-CVE-2010-0215
-	RESERVED
+CVE-2010-0215 (ActiveCollab before 2.3.2 allows remote authenticated users to bypass ...)
+	TODO: check
 CVE-2010-0214
 	RESERVED
 CVE-2010-0213 (BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a ...)




More information about the Secure-testing-commits mailing list