[Secure-testing-commits] r15931 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Jan 19 21:15:45 UTC 2011
Author: joeyh
Date: 2011-01-19 21:15:29 +0000 (Wed, 19 Jan 2011)
New Revision: 15931
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-01-19 20:02:23 UTC (rev 15930)
+++ data/CVE/list 2011-01-19 21:15:29 UTC (rev 15931)
@@ -1,13 +1,35 @@
-CVE-2011-0493
+CVE-2011-0494 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access ...)
+ TODO: check
+CVE-2011-0489 (The server components in Objectivity/DB 10.0 do not require ...)
+ TODO: check
+CVE-2011-0488 (Stack-based buffer overflow in NTWebServer.exe in the test web service ...)
+ TODO: check
+CVE-2011-0487 (ICQ 7 does not verify the authenticity of updates, which allows ...)
+ TODO: check
+CVE-2011-0486 (Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 ...)
+ TODO: check
+CVE-2010-4700 (The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...)
+ TODO: check
+CVE-2010-4699 (The iconv_mime_decode_headers function in the Iconv extension in PHP ...)
+ TODO: check
+CVE-2010-4698 (Stack-based buffer overflow in the GD extension in PHP before 5.2.15 ...)
+ TODO: check
+CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 ...)
+ TODO: check
+CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...)
+ TODO: check
+CVE-2009-5051 (Hastymail2 before RC 8 does not set the secure flag for the session ...)
+ TODO: check
+CVE-2011-0493 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow ...)
{DSA-2148-1}
- tor 0.2.1.29-1
-CVE-2011-0492
+CVE-2011-0492 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote ...)
{DSA-2148-1}
- tor 0.2.1.29-1
-CVE-2011-0491
+CVE-2011-0491 (The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before ...)
{DSA-2148-1}
- tor 0.2.1.29-1
-CVE-2011-0490
+CVE-2011-0490 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to ...)
{DSA-2148-1}
- tor 0.2.1.29-1
CVE-2011-XXXX [multiple spip issues]
@@ -170,8 +192,7 @@
RESERVED
CVE-2011-0428
RESERVED
-CVE-2011-0427
- RESERVED
+CVE-2011-0427 (Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before ...)
{DSA-2148-1}
- tor 0.2.1.29-1
CVE-2011-0425
@@ -208,8 +229,8 @@
RESERVED
CVE-2011-0409
RESERVED
-CVE-2011-0408
- RESERVED
+CVE-2011-0408 (pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to ...)
+ TODO: check
CVE-2011-0407 (SQL injection vulnerability in the store function in ...)
NOT-FOR-US: Phenotype CMS
CVE-2011-0406 (Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView ...)
@@ -596,8 +617,8 @@
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
CVE-2010-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the Help ...)
- eclipse <unfixed>
-CVE-2010-4646
- RESERVED
+CVE-2010-4646 (Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 ...)
+ TODO: check
CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 ...)
- subversion 1.6.12dfsg-3 (bug #608989)
NOTE: http://www.openwall.com/lists/oss-security/2011/01/04/8
@@ -713,8 +734,8 @@
RESERVED
CVE-2011-0273
RESERVED
-CVE-2011-0272
- RESERVED
+CVE-2011-0272 (Unspecified vulnerability in HP LoadRunner 9.52 allows remote ...)
+ TODO: check
CVE-2011-0271 (The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and ...)
NOT-FOR-US: HP OpenView
CVE-2011-0270 (Format string vulnerability in nnmRptConfig.exe in HP OpenView Network ...)
@@ -1393,13 +1414,11 @@
CVE-2010-4532 [no SSL cert validation]
RESERVED
- offlineimap <unfixed> (bug #603450)
-CVE-2010-4531 [pcsc-lite buffer overflow]
- RESERVED
+CVE-2010-4531 (Stack-based buffer overflow in the ATRDecodeAtr function in the ...)
- pcsc-lite 1.6.6-1 (unimportant; bug #607781)
NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356
NOTE: Theoretical attack
-CVE-2010-4530 [ccid driver buffer overflow]
- RESERVED
+CVE-2010-4530 (Signedness error in ccid_serial.c in libccid in the USB Chip/Smart ...)
- ccid <unfixed> (unimportant; bug #607780)
NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356
NOTE: Theoretical attack
@@ -1511,12 +1530,10 @@
RESERVED
CVE-2011-0017
RESERVED
-CVE-2011-0016
- RESERVED
+CVE-2011-0016 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not ...)
{DSA-2148-1}
- tor 0.2.1.29-1
-CVE-2011-0015
- RESERVED
+CVE-2011-0015 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not ...)
{DSA-2148-1}
- tor 0.2.1.29-1
CVE-2011-0014
@@ -1530,8 +1547,7 @@
- qemu <unfixed>
- kvm <removed>
TODO: check
-CVE-2011-0010
- RESERVED
+CVE-2011-0010 (check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is ...)
- sudo 1.7.4p4-6 (bug #609641)
[lenny] - sudo <not-affected> (Only affects 1.7.x)
NOTE: http://www.sudo.ws/sudo/alerts/runas_group_pw.html
@@ -1807,8 +1823,7 @@
[squeeze] - collectd 4.10.1-1+squeeze2
CVE-2010-4337 (The configure script in gnash 0.8.8 allows local users to overwrite ...)
- gnash <unfixed> (unimportant; bug #605419)
-CVE-2006-7243 [php and NUL handling on file ops]
- RESERVED
+CVE-2006-7243 (PHP before 5.3.4 accepts the \0 character in a pathname, which might ...)
- php5 5.3.3-6 (low)
NOTE: old, known, issue -- partial protection by the suhosin extension
NOTE: http://svn.php.net/viewvc?view=revision&revision=305507
@@ -2160,8 +2175,7 @@
- jbossas4 <not-affected> (Red Hat issue, they didn't include the fix for CVE-2010-3862 in the update)
CVE-2010-4264
RESERVED
-CVE-2010-4263 [linux: igb panics when receiving tag vlan packet]
- RESERVED
+CVE-2010-4263 (The igb_receive_skb function in drivers/net/igb/igb_main.c in the ...)
- linux-2.6 2.6.32-30
CVE-2010-4262 (Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote ...)
- xfig 3.2.5.b-1.1 (bug #606257)
@@ -2413,8 +2427,8 @@
CVE-2010-4167 (Untrusted search path vulnerability in configure.c in ImageMagick ...)
- imagemagick 8:6.6.0.4-3 (low; bug #601824)
[lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4
-CVE-2010-4166
- RESERVED
+CVE-2010-4166 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...)
+ TODO: check
CVE-2010-4165 (The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel ...)
- linux-2.6 2.6.32-28
CVE-2010-4164 (Multiple integer underflows in the x25_parse_facilities function in ...)
More information about the Secure-testing-commits
mailing list