[Secure-testing-commits] r15931 - data/CVE

Wed Jan 19 21:15:45 UTC 2011

Author: joeyh
Date: 2011-01-19 21:15:29 +0000 (Wed, 19 Jan 2011)
New Revision: 15931

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2011-01-19 20:02:23 UTC (rev 15930)
+++ data/CVE/list	2011-01-19 21:15:29 UTC (rev 15931)
@@ -1,13 +1,35 @@
-CVE-2011-0493
+CVE-2011-0494 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access ...)
+	TODO: check
+CVE-2011-0489 (The server components in Objectivity/DB 10.0 do not require ...)
+	TODO: check
+CVE-2011-0488 (Stack-based buffer overflow in NTWebServer.exe in the test web service ...)
+	TODO: check
+CVE-2011-0487 (ICQ 7 does not verify the authenticity of updates, which allows ...)
+	TODO: check
+CVE-2011-0486 (Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 ...)
+	TODO: check
+CVE-2010-4700 (The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...)
+	TODO: check
+CVE-2010-4699 (The iconv_mime_decode_headers function in the Iconv extension in PHP ...)
+	TODO: check
+CVE-2010-4698 (Stack-based buffer overflow in the GD extension in PHP before 5.2.15 ...)
+	TODO: check
+CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 ...)
+	TODO: check
+CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...)
+	TODO: check
+CVE-2009-5051 (Hastymail2 before RC 8 does not set the secure flag for the session ...)
+	TODO: check
+CVE-2011-0493 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow ...)
 	{DSA-2148-1}
 	- tor 0.2.1.29-1
-CVE-2011-0492
+CVE-2011-0492 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote ...)
 	{DSA-2148-1}
 	- tor 0.2.1.29-1
-CVE-2011-0491
+CVE-2011-0491 (The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before ...)
 	{DSA-2148-1}
 	- tor 0.2.1.29-1
-CVE-2011-0490
+CVE-2011-0490 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to ...)
 	{DSA-2148-1}
 	- tor 0.2.1.29-1
 CVE-2011-XXXX [multiple spip issues]
@@ -170,8 +192,7 @@
 	RESERVED
 CVE-2011-0428
 	RESERVED
-CVE-2011-0427
-	RESERVED
+CVE-2011-0427 (Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before ...)
 	{DSA-2148-1}
 	- tor 0.2.1.29-1
 CVE-2011-0425
@@ -208,8 +229,8 @@
 	RESERVED
 CVE-2011-0409
 	RESERVED
-CVE-2011-0408
-	RESERVED
+CVE-2011-0408 (pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to ...)
+	TODO: check
 CVE-2011-0407 (SQL injection vulnerability in the store function in ...)
 	NOT-FOR-US: Phenotype CMS
 CVE-2011-0406 (Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView ...)
@@ -596,8 +617,8 @@
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
 CVE-2010-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the Help ...)
 	- eclipse <unfixed>
-CVE-2010-4646
-	RESERVED
+CVE-2010-4646 (Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 ...)
+	TODO: check
 CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 ...)
 	- subversion 1.6.12dfsg-3 (bug #608989)
 	NOTE: http://www.openwall.com/lists/oss-security/2011/01/04/8
@@ -713,8 +734,8 @@
 	RESERVED
 CVE-2011-0273
 	RESERVED
-CVE-2011-0272
-	RESERVED
+CVE-2011-0272 (Unspecified vulnerability in HP LoadRunner 9.52 allows remote ...)
+	TODO: check
 CVE-2011-0271 (The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and ...)
 	NOT-FOR-US: HP OpenView
 CVE-2011-0270 (Format string vulnerability in nnmRptConfig.exe in HP OpenView Network ...)
@@ -1393,13 +1414,11 @@
 CVE-2010-4532 [no SSL cert validation]
 	RESERVED
 	- offlineimap <unfixed> (bug #603450)
-CVE-2010-4531 [pcsc-lite buffer overflow]
-	RESERVED
+CVE-2010-4531 (Stack-based buffer overflow in the ATRDecodeAtr function in the ...)
 	- pcsc-lite 1.6.6-1 (unimportant; bug #607781)
 	NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356
 	NOTE: Theoretical attack
-CVE-2010-4530 [ccid driver buffer overflow]
-	RESERVED
+CVE-2010-4530 (Signedness error in ccid_serial.c in libccid in the USB Chip/Smart ...)
 	- ccid <unfixed> (unimportant; bug #607780)
 	NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356
 	NOTE: Theoretical attack
@@ -1511,12 +1530,10 @@
 	RESERVED
 CVE-2011-0017
 	RESERVED
-CVE-2011-0016
-	RESERVED
+CVE-2011-0016 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not ...)
 	{DSA-2148-1}
 	- tor 0.2.1.29-1
-CVE-2011-0015
-	RESERVED
+CVE-2011-0015 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not ...)
 	{DSA-2148-1}
 	- tor 0.2.1.29-1
 CVE-2011-0014
@@ -1530,8 +1547,7 @@
 	- qemu <unfixed>
 	- kvm <removed>
 	TODO: check
-CVE-2011-0010
-	RESERVED
+CVE-2011-0010 (check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is ...)
 	- sudo 1.7.4p4-6 (bug #609641)
 	[lenny] - sudo <not-affected> (Only affects 1.7.x)
 	NOTE: http://www.sudo.ws/sudo/alerts/runas_group_pw.html
@@ -1807,8 +1823,7 @@
 	[squeeze] - collectd 4.10.1-1+squeeze2
 CVE-2010-4337 (The configure script in gnash 0.8.8 allows local users to overwrite ...)
 	- gnash <unfixed> (unimportant; bug #605419)
-CVE-2006-7243 [php and NUL handling on file ops]
-	RESERVED
+CVE-2006-7243 (PHP before 5.3.4 accepts the \0 character in a pathname, which might ...)
 	- php5 5.3.3-6 (low)
 	NOTE: old, known, issue -- partial protection by the suhosin extension
 	NOTE: http://svn.php.net/viewvc?view=revision&revision=305507
@@ -2160,8 +2175,7 @@
 	- jbossas4 <not-affected> (Red Hat issue, they didn't include the fix for CVE-2010-3862 in the update)
 CVE-2010-4264
 	RESERVED
-CVE-2010-4263 [linux: igb panics when receiving tag vlan packet]
-	RESERVED
+CVE-2010-4263 (The igb_receive_skb function in drivers/net/igb/igb_main.c in the ...)
 	- linux-2.6 2.6.32-30
 CVE-2010-4262 (Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote ...)
 	- xfig 3.2.5.b-1.1 (bug #606257)
@@ -2413,8 +2427,8 @@
 CVE-2010-4167 (Untrusted search path vulnerability in configure.c in ImageMagick ...)
 	- imagemagick 8:6.6.0.4-3 (low; bug #601824)
 	[lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4
-CVE-2010-4166
-	RESERVED
+CVE-2010-4166 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...)
+	TODO: check
 CVE-2010-4165 (The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel ...)
 	- linux-2.6 2.6.32-28
 CVE-2010-4164 (Multiple integer underflows in the x25_parse_facilities function in ...)


