[Secure-testing-commits] r15971 - data/CVE

[Raphael Geissert]

Author: geissert
Date: 2011-01-26 08:42:44 +0000 (Wed, 26 Jan 2011)
New Revision: 15971

Modified:
   data/CVE/list
Log:
new bugzilla issues (inc. account compromise)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-26 08:12:56 UTC (rev 15970)
+++ data/CVE/list	2011-01-26 08:42:44 UTC (rev 15971)
@@ -1559,12 +1559,18 @@
 	RESERVED
 CVE-2011-0049
 	RESERVED
-CVE-2011-0048
+CVE-2011-0048 [XSS]
 	RESERVED
+	- bugzilla <unfixed>
+	TODO: check
+	NOTE: http://www.bugzilla.org/security/3.2.9/
 CVE-2011-0047
 	RESERVED
-CVE-2011-0046
+CVE-2011-0046 [CSRF]
 	RESERVED
+	- bugzilla <unfixed>
+	TODO: check
+	NOTE: http://www.bugzilla.org/security/3.2.9/
 CVE-2010-4578 (Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do ...)
 	- chromium-browser 6.0.472.63~r59945-4
 	- webkit <undetermined>
@@ -1588,16 +1594,29 @@
 	NOT-FOR-US: VMware ESXi
 CVE-2010-4572
 	RESERVED
+	- perl <undetermined>
+	- libcgi-pm-perl <undetermined>
+	- libcgi-simple-perl <undetermined>
+	- bugzilla <unfixed>
+	TODO: check
+	NOTE: http://www.bugzilla.org/security/3.2.9/
 CVE-2010-4571
 	RESERVED
-CVE-2010-4570
+CVE-2010-4570 [XSS in dups detection]
 	RESERVED
-CVE-2010-4569
+	- bugzilla <not-affected> (vulnerable code introduced in 3.7)
+CVE-2010-4569 [XSS in username autocomplete]
 	RESERVED
-CVE-2010-4568
+	- bugzilla <not-affected> (vulnerable code introduced in 3.7)
+CVE-2010-4568 [account compromise]
 	RESERVED
-CVE-2010-4567
+	- bugzilla <unfixed> (high)
+	NOTE: http://www.bugzilla.org/security/3.2.9/
+CVE-2010-4567 [XSS]
 	RESERVED
+	- bugzilla <unfixed>
+	TODO: check
+	NOTE: http://www.bugzilla.org/security/3.2.9/
 CVE-2010-4566 (Unspecified vulnerability in the NT4 authentication component in ...)
 	NOT-FOR-US: Citrix Acces Gateway
 CVE-2010-4565 (The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) ...)