[Secure-testing-commits] r15831 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Jan 11 21:16:08 UTC 2011 

Author: joeyh
Date: 2011-01-11 21:16:08 +0000 (Tue, 11 Jan 2011)
New Revision: 15831

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-11 19:52:40 UTC (rev 15830)
+++ data/CVE/list	2011-01-11 21:16:08 UTC (rev 15831)
@@ -1,3 +1,25 @@
+CVE-2011-0407 (SQL injection vulnerability in the store function in ...)
+	TODO: check
+CVE-2011-0406 (Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView ...)
+	TODO: check
+CVE-2011-0405 (Directory traversal vulnerability in module.php in PhpGedView 4.2.3 ...)
+	TODO: check
+CVE-2011-0404 (Stack-based buffer overflow in NetSupport Manager Agent for Linux ...)
+	TODO: check
+CVE-2011-0403 (Untrusted search path vulnerability in ImgBurn.exe in [VENDOR] ImgBurn ...)
+	TODO: check
+CVE-2011-0402 (dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted ...)
+	TODO: check
+CVE-2011-0401 (Piwik before 1.1 does not properly limit the number of files stored ...)
+	TODO: check
+CVE-2011-0400 (Cookie.php in Piwik before 1.1 does not set the secure flag for the ...)
+	TODO: check
+CVE-2011-0399 (Piwik before 1.1 does not prevent the rendering of the login form ...)
+	TODO: check
+CVE-2011-0398 (The Piwik_Common::getIP function in Piwik before 1.1 does not properly ...)
+	TODO: check
+CVE-2010-4693 (Multiple cross-site scripting (XSS) vulnerabilities in Coppermine ...)
+	TODO: check
 CVE-2011-0397
 	RESERVED
 CVE-2011-0396
@@ -279,8 +301,7 @@
 CVE-2011-XXXX
 	- xdigger <removed> (bug #609096)
 	[lenny] - xdigger <no-dsa> (Minor issue)
-CVE-2010-4645 [php5 DoS via strtod hitting x87 unit bug]
-	RESERVED
+CVE-2010-4645 (strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ...)
 	- php5 5.3.3-7 (high)
 	[lenny] - php5 <unfixed> (high)
 	NOTE: lenny9 doesn't appear to be affected, for a reason still unknown
@@ -1142,13 +1163,11 @@
 	- egroupware <removed>
 	TODO: check
 	NOTE: http://wordpress.org/news/2010/12/3-0-4-update/
-CVE-2010-4535
-	RESERVED
+CVE-2010-4535 (The password reset functionality in django.contrib.auth in Django ...)
 	- python-django 1.2.4-1
 	[squeeze] - python-django 1.2.3-3
 	NOTE: http://www.djangoproject.com/weblog/2010/dec/22/security/
-CVE-2010-4534
-	RESERVED
+CVE-2010-4534 (The administrative interface in django.contrib.admin in Django before ...)
 	- python-django 1.2.4-1
 	[squeeze] - python-django 1.2.3-3
 	NOTE: http://www.djangoproject.com/weblog/2010/dec/22/security/
@@ -1176,11 +1195,9 @@
 CVE-2010-4527
 	RESERVED
 	- linux-2.6 <unfixed>
-CVE-2010-4526 [sctp: a race between ICMP protocol unreachable and connect()]
-	RESERVED
+CVE-2010-4526 (Race condition in the Linux kernel 2.6.11-rc2 through 2.6.33 allows ...)
 	- linux-2.6 2.6.32-30
-CVE-2010-4525
-	RESERVED
+CVE-2010-4525 (Linux kernel 2.6.33 and 2.6.34.y does not initialize the ...)
 	- linux-2.6 2.6.35-1
 	[squeeze] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34)
 	[lenny] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34)
@@ -1292,19 +1309,17 @@
 	RESERVED
 CVE-2011-0008
 	RESERVED
-CVE-2011-0007
-	RESERVED
+CVE-2011-0007 (pimd 2.1.5 and possibly earlier versions allows user-assisted local ...)
 	- pimd 2.1.6-1 (bug #609304)
 CVE-2011-0006
 	RESERVED
 	- linux-2.6 2.6.32-30
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
-CVE-2011-0005
-	RESERVED
-CVE-2011-0004
-	RESERVED
-CVE-2011-0003 [MediaWiki clickjacking]
-	RESERVED
+CVE-2011-0005 (Cross-site scripting (XSS) vulnerability in the com_search module for ...)
+	TODO: check
+CVE-2011-0004 (Multiple cross-site scripting (XSS) vulnerabilities in Piwik before ...)
+	TODO: check
+CVE-2011-0003 (MediaWiki before 1.16.1, when user or site JavaScript or CSS is ...)
 	{DTSA-207-1}
 	- mediawiki <unfixed>
 	[lenny] - mediawiki <no-dsa> (Fixed in next point update)
@@ -1943,8 +1958,7 @@
 	- linux-2.6 <unfixed>
 CVE-2010-4248 (Race condition in the __exit_signal function in kernel/exit.c in the ...)
 	- linux-2.6 2.6.32-29 
-CVE-2010-4247 [linux xen: request-processing loop is unbounded in blkback]
-	RESERVED
+CVE-2010-4247 (The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and ...)
 	- linux-2.6 <unfixed>
 CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php in ...)
 	NOT-FOR-US: pfSense
@@ -1957,8 +1971,7 @@
 CVE-2010-4243 [linux: mem allocated invisible to oom_kill() when not attached to any threads]
 	RESERVED
 	- linux-2.6 <unfixed>
-CVE-2010-4242 [linux: missing tty ops write function presence check in hci_uart_tty_open()]
-	RESERVED
+CVE-2010-4242 (The hci_uart_tty_open function in the HCI UART driver ...)
 	- linux-2.6 2.6.32-28 
 CVE-2010-4241
 	RESERVED
@@ -1995,8 +2008,7 @@
 	RESERVED
 CVE-2010-4226
 	RESERVED
-CVE-2010-4225
-	RESERVED
+CVE-2010-4225 (Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x ...)
 	- mono <unfixed>  (bug #608288)
 CVE-2010-4224
 	RESERVED
@@ -2134,8 +2146,7 @@
 CVE-2010-4176 (plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 ...)
 	- dracut <not-affected> (vulnerable script not shipped)
 	- udev <not-affected> (vulnerable script not shipped; fedora-specific issue)
-CVE-2010-4175 [linux: integer overflow in RDS]
-	RESERVED
+CVE-2010-4175 (Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) ...)
 	- linux-2.6 2.6.32-28 
 CVE-2010-4174
 	RESERVED
@@ -2519,8 +2530,8 @@
 	RESERVED
 CVE-2010-4014
 	RESERVED
-CVE-2010-4013
-	RESERVED
+CVE-2010-4013 (Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x ...)
+	TODO: check
 CVE-2010-4012 (Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later ...)
 	NOT-FOR-US: Apple iOS
 CVE-2010-4011 (Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage ...)
@@ -2862,8 +2873,7 @@
 	[lenny] - proftpd-dfsg <no-dsa> (Minor issue)
 CVE-2010-3866
 	REJECTED
-CVE-2010-3865
-	RESERVED
+CVE-2010-3865 (Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in ...)
 	- linux-2.6 <unfixed>
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
 CVE-2010-3864 (Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through ...)
@@ -2887,7 +2897,7 @@
 CVE-2010-3857
 	RESERVED
 CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and ...)
-	{DSA-2122-1}
+	{DSA-2122-2 DSA-2122-1}
 	- glibc <removed>
 	- eglibc <unfixed> (bug #600667)
 	[squeeze] - eglibc 2.11.2-6+squeeze1
@@ -2912,7 +2922,7 @@
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-28
 CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) ...)
-	{DSA-2122-1}
+	{DSA-2122-2 DSA-2122-1}
 	- eglibc 2.11.2-7 (bug #600667)
 	- glibc <removed>
 	[squeeze] - eglibc 2.11.2-6+squeeze1
@@ -4051,8 +4061,7 @@
 	{DSA-2127-1}
 	- wireshark 1.2.11-3 (low)
 	NOTE: http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
-CVE-2010-3444 [pfribidi buffer overflow]
-	RESERVED
+CVE-2010-3444 (Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU ...)
 	- pyfribidi 0.10.0-2 (bug #570068)
 	[lenny] - pyfribidi <not-affected> (fribidi 0.19.1 or higher needs to be installed to trigger this)
 CVE-2010-3443 [quassel CTCP DoS]
@@ -8866,8 +8875,7 @@
 	NOT-FOR-US: Microsoft Office Visio
 CVE-2010-1680
 	RESERVED
-CVE-2010-1679
-	RESERVED
+CVE-2010-1679 (Directory traversal vulnerability in dpkg-source in dpkg before ...)
 	{DSA-2142-1}
 	- dpkg 1.15.8.8
 CVE-2010-1678

More information about the Secure-testing-commits mailing list