[Secure-testing-commits] r15935 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Jan 21 21:14:43 UTC 2011
Author: joeyh
Date: 2011-01-21 21:14:41 +0000 (Fri, 21 Jan 2011)
New Revision: 15935
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-01-20 21:14:58 UTC (rev 15934)
+++ data/CVE/list 2011-01-21 21:14:41 UTC (rev 15935)
@@ -1,5 +1,289 @@
-CVE-2011-0495
+CVE-2011-0634
RESERVED
+CVE-2011-0633
+ RESERVED
+CVE-2011-0632
+ RESERVED
+CVE-2011-0631
+ RESERVED
+CVE-2011-0630
+ RESERVED
+CVE-2011-0629
+ RESERVED
+CVE-2011-0628
+ RESERVED
+CVE-2011-0627
+ RESERVED
+CVE-2011-0626
+ RESERVED
+CVE-2011-0625
+ RESERVED
+CVE-2011-0624
+ RESERVED
+CVE-2011-0623
+ RESERVED
+CVE-2011-0622
+ RESERVED
+CVE-2011-0621
+ RESERVED
+CVE-2011-0620
+ RESERVED
+CVE-2011-0619
+ RESERVED
+CVE-2011-0618
+ RESERVED
+CVE-2011-0617
+ RESERVED
+CVE-2011-0616
+ RESERVED
+CVE-2011-0615
+ RESERVED
+CVE-2011-0614
+ RESERVED
+CVE-2011-0613
+ RESERVED
+CVE-2011-0612
+ RESERVED
+CVE-2011-0611
+ RESERVED
+CVE-2011-0610
+ RESERVED
+CVE-2011-0609
+ RESERVED
+CVE-2011-0608
+ RESERVED
+CVE-2011-0607
+ RESERVED
+CVE-2011-0606
+ RESERVED
+CVE-2011-0605
+ RESERVED
+CVE-2011-0604
+ RESERVED
+CVE-2011-0603
+ RESERVED
+CVE-2011-0602
+ RESERVED
+CVE-2011-0601
+ RESERVED
+CVE-2011-0600
+ RESERVED
+CVE-2011-0599
+ RESERVED
+CVE-2011-0598
+ RESERVED
+CVE-2011-0597
+ RESERVED
+CVE-2011-0596
+ RESERVED
+CVE-2011-0595
+ RESERVED
+CVE-2011-0594
+ RESERVED
+CVE-2011-0593
+ RESERVED
+CVE-2011-0592
+ RESERVED
+CVE-2011-0591
+ RESERVED
+CVE-2011-0590
+ RESERVED
+CVE-2011-0589
+ RESERVED
+CVE-2011-0588
+ RESERVED
+CVE-2011-0587
+ RESERVED
+CVE-2011-0586
+ RESERVED
+CVE-2011-0585
+ RESERVED
+CVE-2011-0584
+ RESERVED
+CVE-2011-0583
+ RESERVED
+CVE-2011-0582
+ RESERVED
+CVE-2011-0581
+ RESERVED
+CVE-2011-0580
+ RESERVED
+CVE-2011-0579
+ RESERVED
+CVE-2011-0578
+ RESERVED
+CVE-2011-0577
+ RESERVED
+CVE-2011-0576
+ RESERVED
+CVE-2011-0575
+ RESERVED
+CVE-2011-0574
+ RESERVED
+CVE-2011-0573
+ RESERVED
+CVE-2011-0572
+ RESERVED
+CVE-2011-0571
+ RESERVED
+CVE-2011-0570
+ RESERVED
+CVE-2011-0569
+ RESERVED
+CVE-2011-0568
+ RESERVED
+CVE-2011-0567
+ RESERVED
+CVE-2011-0566
+ RESERVED
+CVE-2011-0565
+ RESERVED
+CVE-2011-0564
+ RESERVED
+CVE-2011-0563
+ RESERVED
+CVE-2011-0562
+ RESERVED
+CVE-2011-0561
+ RESERVED
+CVE-2011-0560
+ RESERVED
+CVE-2011-0559
+ RESERVED
+CVE-2011-0558
+ RESERVED
+CVE-2011-0557
+ RESERVED
+CVE-2011-0556
+ RESERVED
+CVE-2011-0555
+ RESERVED
+CVE-2011-0554
+ RESERVED
+CVE-2011-0553
+ RESERVED
+CVE-2011-0552
+ RESERVED
+CVE-2011-0551
+ RESERVED
+CVE-2011-0550
+ RESERVED
+CVE-2011-0549
+ RESERVED
+CVE-2011-0548
+ RESERVED
+CVE-2011-0547
+ RESERVED
+CVE-2011-0546
+ RESERVED
+CVE-2011-0545
+ RESERVED
+CVE-2011-0544
+ RESERVED
+CVE-2011-0543
+ RESERVED
+CVE-2011-0542
+ RESERVED
+CVE-2011-0541
+ RESERVED
+CVE-2011-0540
+ RESERVED
+CVE-2011-0539
+ RESERVED
+CVE-2011-0538
+ RESERVED
+CVE-2011-0537
+ RESERVED
+CVE-2011-0536
+ RESERVED
+CVE-2011-0535
+ RESERVED
+CVE-2011-0534
+ RESERVED
+CVE-2011-0533
+ RESERVED
+CVE-2011-0532
+ RESERVED
+CVE-2011-0531
+ RESERVED
+CVE-2011-0530
+ RESERVED
+CVE-2011-0529
+ RESERVED
+CVE-2011-0528
+ RESERVED
+CVE-2011-0527
+ RESERVED
+CVE-2011-0526
+ RESERVED
+CVE-2011-0525
+ RESERVED
+CVE-2011-0524
+ RESERVED
+CVE-2011-0523
+ RESERVED
+CVE-2011-0522
+ RESERVED
+CVE-2011-0521
+ RESERVED
+CVE-2011-0520
+ RESERVED
+CVE-2011-0519 (SQL injection vulnerability in gallery.php in Gallarific PHP Photo ...)
+ TODO: check
+CVE-2011-0518 (Directory traversal vulnerability in core/lib/router.php in LotusCMS ...)
+ TODO: check
+CVE-2011-0517 (Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and ...)
+ TODO: check
+CVE-2011-0516 (SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site ...)
+ TODO: check
+CVE-2011-0515 (KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 ...)
+ TODO: check
+CVE-2011-0514 (The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows ...)
+ TODO: check
+CVE-2011-0513 (DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows ...)
+ TODO: check
+CVE-2011-0512 (SQL injection vulnerability in team.php in the Teams Structure module ...)
+ TODO: check
+CVE-2011-0511 (SQL injection vulnerability in the allCineVid component ...)
+ TODO: check
+CVE-2011-0510 (SQL injection vulnerability in cart.php in Advanced Webhost Billing ...)
+ TODO: check
+CVE-2011-0509 (Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows ...)
+ TODO: check
+CVE-2011-0508 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2011-0507 (FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 ...)
+ TODO: check
+CVE-2011-0506 (Directory traversal vulnerability in modules/profile/user.php in Ax ...)
+ TODO: check
+CVE-2011-0505 (Directory traversal vulnerability in system/system.php in Zwii 2.1.1, ...)
+ TODO: check
+CVE-2011-0504 (Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, ...)
+ TODO: check
+CVE-2011-0503 (Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, ...)
+ TODO: check
+CVE-2011-0502 (Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly ...)
+ TODO: check
+CVE-2011-0501 (Stack-based buffer overflow in Music Animation Machine MIDI Player ...)
+ TODO: check
+CVE-2011-0500 (Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and ...)
+ TODO: check
+CVE-2011-0499 (Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier ...)
+ TODO: check
+CVE-2011-0498 (Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, ...)
+ TODO: check
+CVE-2011-0497 (Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ...)
+ TODO: check
+CVE-2011-0496 (Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ...)
+ TODO: check
+CVE-2010-4703 (SQL injection vulnerability in default.asp in HotWebScripts HotWeb ...)
+ TODO: check
+CVE-2010-4702 (SQL injection vulnerability in JRadio (com_jradio) component before ...)
+ TODO: check
+CVE-2010-4701 (Heap-based buffer overflow in the CDrawPoly::Serialize function in ...)
+ TODO: check
+CVE-2011-0495 (Stack-based buffer overflow in the ast_uri_encode function in ...)
+ TODO: check
CVE-2011-0494 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access ...)
TODO: check
CVE-2011-0489 (The server components in Objectivity/DB 10.0 do not require ...)
@@ -1218,7 +1502,7 @@
- chromium-browser 6.0.472.63~r59945-4
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/73432
-CVE-2010-4577 (Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do ...)
+CVE-2010-4577 (The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp ...)
- chromium-browser 6.0.472.63~r59945-4
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/72685
@@ -1554,8 +1838,7 @@
NOTE: http://www.sudo.ws/sudo/alerts/runas_group_pw.html
CVE-2011-0009
RESERVED
-CVE-2011-0008
- RESERVED
+CVE-2011-0008 (A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on ...)
- sudo <not-affected> (Fedora-specific issue)
CVE-2011-0007 (pimd 2.1.5 and possibly earlier versions allows user-assisted local ...)
{DSA-2147-1}
@@ -1920,8 +2203,7 @@
[lenny] - awstats <no-dsa> (Minor issue)
CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95 ...)
- awstats 6.9.5~dfsg-1 (unimportant)
-CVE-2010-4338 [ocrodjvu insecure temp files handling]
- RESERVED
+CVE-2010-4338 (ocrodjvu 0.4.6-1 on Debian GNU/Linux, when using Cuneiform as the OCR ...)
- ocrodjvu 0.4.6-2 (low; bug #598134)
CVE-2010-4339 (Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows ...)
- hypermail <removed> (low; bug #598743)
@@ -1969,8 +2251,7 @@
CVE-2010-4352 (Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 ...)
{DSA-2149-1}
- dbus 1.2.24-4
-CVE-2010-4351 [IcedTea JNLP SecurityManager bypass]
- RESERVED
+CVE-2010-4351 (The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 ...)
- openjdk-6 6b18-1.8.4-1
CVE-2010-4350 (Directory traversal vulnerability in admin/upgrade_unattended.php in ...)
- mantis <not-affected> (admin dir procected in Apache config, see #607159)
@@ -1999,8 +2280,8 @@
NOT-FOR-US: Pointter PHP Micro-Blogging Social Network
CVE-2010-4332 (Pointter PHP Content Management System 1.0 allows remote attackers to ...)
NOT-FOR-US: Pointter PHP Content Management System
-CVE-2010-4331
- RESERVED
+CVE-2010-4331 (Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 ...)
+ TODO: check
CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in Pulse ...)
NOT-FOR-US: Pulse CMS Basic
CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton ...)
@@ -2169,8 +2450,8 @@
NOT-FOR-US: Collabtive
CVE-2010-4268 (SQL injection vulnerability in the Pulse Infotech Flip Wall ...)
NOT-FOR-US: Pulse Infotech
-CVE-2010-4267
- RESERVED
+CVE-2010-4267 (Stack-based buffer overflow in the hpmud_get_pml function in ...)
+ TODO: check
CVE-2010-4266
RESERVED
CVE-2010-4265 (The ...)
@@ -2319,7 +2600,7 @@
- yui 2.8.2r1~squeeze-1 (bug #603513)
CVE-2010-4207 (Cross-site scripting (XSS) vulnerability in the Flash component ...)
- yui 2.8.2r1~squeeze-1 (bug #603513)
-CVE-2010-4206 (Google Chrome before 7.0.517.44 accesses memory at an out-of-bounds ...)
+CVE-2010-4206 (Array index error in the FEBlend::apply function in ...)
- webkit 1.2.6-1
- chromium-browser 6.0.472.63~r59945-2
NOTE: http://trac.webkit.org/changeset/70652
@@ -2328,7 +2609,7 @@
- chromium-browser 6.0.472.63~r59945-2
NOTE: https://bugs.webkit.org/show_bug.cgi?id=48159
NOTE: http://trac.webkit.org/changeset/70550
-CVE-2010-4204 (Google Chrome before 7.0.517.44 accesses a frame object after this ...)
+CVE-2010-4204 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before ...)
- webkit 1.2.6-1
- chromium-browser 6.0.472.63~r59945-2
NOTE: https://bugs.webkit.org/show_bug.cgi?id=48281
@@ -2348,12 +2629,12 @@
- webkit <undetermined>
- chromium-browser 6.0.472.63~r59945-2
NOTE: http://trac.webkit.org/changeset/69936
-CVE-2010-4198 (Google Chrome before 7.0.517.44 does not properly handle large text ...)
+CVE-2010-4198 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before ...)
- webkit 1.2.6-1
- chromium-browser 6.0.472.63~r59945-2
NOTE: http://trac.webkit.org/changeset/69735
NOTE: style fix change set: http://trac.webkit.org/changeset/69801
-CVE-2010-4197 (Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows ...)
+CVE-2010-4197 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...)
- webkit 1.2.6-1
- chromium-browser 6.0.472.63~r59945-2
NOTE: http://trac.webkit.org/changeset/70594
@@ -2644,8 +2925,7 @@
CVE-2010-4072 (The copy_shmid_to_user function in ipc/shm.c in the Linux kernel ...)
{DSA-2126-1}
- linux-2.6 2.6.32-29 (low)
-CVE-2010-4071
- RESERVED
+CVE-2010-4071 (Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS ...)
- otrs2 2.4.9+dfsg1-1
CVE-2010-4070 (Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper ...)
NOT-FOR-US: portmap.exe
@@ -2985,15 +3265,15 @@
CVE-2010-3933 (Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested ...)
- rails <not-affected> (Only affects >= 2.3.9, which is not yet in the archive)
CVE-2010-3932
- RESERVED
-CVE-2010-3931
- RESERVED
+ REJECTED
+CVE-2010-3931 (Cross-site scripting (XSS) vulnerability in multiple Rocomotion ...)
+ TODO: check
CVE-2010-3930
RESERVED
CVE-2010-3929
RESERVED
-CVE-2010-3928
- RESERVED
+CVE-2010-3928 (Ruby Version Manager (RVM) before 1.2.1 writes file contents to a ...)
+ TODO: check
CVE-2010-3927
RESERVED
CVE-2010-3926 (Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in ...)
@@ -3307,10 +3587,10 @@
RESERVED
CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in ...)
- freetype 2.4.2-2.1 (bug #602221)
-CVE-2010-3813 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
+CVE-2010-3813 (The WebCore::HTMLLinkElement::process function in ...)
- webkit 1.2.6-1
- chromium-browser <undetermined>
-CVE-2010-3812 (Integer overflow in the wholeText method in WebKit in Apple Safari ...)
+CVE-2010-3812 (Integer overflow in the Text::wholeText method in dom/Text.cpp in ...)
- webkit 1.2.6-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <undetermined>
@@ -6333,8 +6613,8 @@
NOT-FOR-US: Microsoft Windows Media Player
CVE-2010-2744 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows ...)
NOT-FOR-US: Microsoft Windows
-CVE-2010-2743
- RESERVED
+CVE-2010-2743 (The kernel-mode drivers in Microsoft Windows XP SP3 do not properly ...)
+ TODO: check
CVE-2010-2742 (The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-2741 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and ...)
More information about the Secure-testing-commits
mailing list