[Secure-testing-commits] r15932 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Jan 19 22:09:40 UTC 2011
Author: jmm
Date: 2011-01-19 22:09:39 +0000 (Wed, 19 Jan 2011)
New Revision: 15932
Modified:
data/CVE/list
Log:
- new php5 issues
- one of the php issues is probably an issue in libgd2,
but our copy and the impact needs to be verified
- there'll be a DSA for pcsc-lite
- bip not affected
- bugnum for gif2png
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-01-19 21:15:29 UTC (rev 15931)
+++ data/CVE/list 2011-01-19 22:09:39 UTC (rev 15932)
@@ -9,13 +9,13 @@
CVE-2011-0486 (Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 ...)
TODO: check
CVE-2010-4700 (The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...)
- TODO: check
+ - php5 <unfixed>
CVE-2010-4699 (The iconv_mime_decode_headers function in the Iconv extension in PHP ...)
- TODO: check
+ - php5 <unfixed>
CVE-2010-4698 (Stack-based buffer overflow in the GD extension in PHP before 5.2.15 ...)
- TODO: check
+ - libgd2 <undetermined>
CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 ...)
- TODO: check
+ - php5 <unfixed>
CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...)
TODO: check
CVE-2009-5051 (Hastymail2 before RC 8 does not set the secure flag for the session ...)
@@ -144,11 +144,11 @@
CVE-2011-0446
RESERVED
CVE-2010-4695 (A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as ...)
- - gif2png <unfixed> (low; bug filed)
+ - gif2png <unfixed> (low; bug #610479)
[lenny] - gif2png <no-dsa> (Minor issue)
[squeeze] - gif2png <no-dsa> (Minor issue)
CVE-2010-4694 (Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow ...)
- - gif2png <unfixed> (low; bug filed)
+ - gif2png <unfixed> (low; bug #610479)
[lenny] - gif2png <no-dsa> (Minor issue)
[squeeze] - gif2png <no-dsa> (Minor issue)
CVE-2008-7271 (Multiple cross-site scripting (XSS) vulnerabilities in the Help ...)
@@ -1415,9 +1415,7 @@
RESERVED
- offlineimap <unfixed> (bug #603450)
CVE-2010-4531 (Stack-based buffer overflow in the ATRDecodeAtr function in the ...)
- - pcsc-lite 1.6.6-1 (unimportant; bug #607781)
- NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356
- NOTE: Theoretical attack
+ - pcsc-lite 1.6.6-1 (low; bug #607781)
CVE-2010-4530 (Signedness error in ccid_serial.c in libccid in the USB Chip/Smart ...)
- ccid <unfixed> (unimportant; bug #607780)
NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356
@@ -1425,6 +1423,7 @@
CVE-2011-XXXX [unspecified denial of service]
- bip 0.8.7-1
[squeeze] - bip 0.8.2-1squeeze3
+ [lenny] - bip <not-affected> (Vulnerable code not present)
CVE-2010-4529 (Integer underflow in the irda_getsockopt function in ...)
- linux-2.6 2.6.32-30
CVE-2010-4528 (directconn.c in the MSN protocol plugin in libpurple 2.7.6 through ...)
More information about the Secure-testing-commits
mailing list