[Secure-testing-commits] r19183 - data/CVE

Henri Salo fgeek-guest at alioth.debian.org
Wed May 9 14:49:23 UTC 2012 

Author: fgeek-guest
Date: 2012-05-09 14:49:23 +0000 (Wed, 09 May 2012)
New Revision: 19183

Modified:
   data/CVE/list
Log:
First part of SilverStripe updates.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-05-09 14:28:48 UTC (rev 19182)
+++ data/CVE/list	2012-05-09 14:49:23 UTC (rev 19183)
@@ -317,24 +317,29 @@
     NOT-FOR-US: MyBB
     NOTE: http://osvdb.org/show/osvdb/70013
     NOTE: http://yehg.net/lab/pr0js/advisories/%5Bmybb1.6%5D_sql_injection
-CVE-2010-5095
+CVE-2010-5095 [SilverStripe escaping exploit]
 	RESERVED
-CVE-2010-5094
+    - silverstripe <itp> (bug #528461)
+CVE-2010-5094 [SilverStripe unauthenticated remote removal of index.php under certain conditions]
 	RESERVED
-CVE-2010-5093
+    - silverstripe <itp> (bug #528461)
+CVE-2010-5093 [SilverStripe privilege escalation exploit]
 	RESERVED
+    - silverstripe <itp> (bug #528461)
 CVE-2010-5092
 	RESERVED
 CVE-2010-5091
 	RESERVED
 CVE-2010-5090
 	RESERVED
-CVE-2010-5089
+CVE-2010-5089 [SilverStripe information disclosure]
 	RESERVED
+    - silverstripe <itp> (bug #528461)
 CVE-2010-5088
 	RESERVED
-CVE-2010-5087
+CVE-2010-5087 [SilverStripe CSRF protection bypassed when handling form action requests through controller]
 	RESERVED
+    - silverstripe <itp> (bug #528461)
 CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x ...)
 	- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
 	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
@@ -6246,12 +6251,15 @@
 	- tomcat7 7.0.26-1
 CVE-2011-4857 (Heap-based buffer overflow in the in_mod.dll plugin in Winamp before ...)
 	NOT-FOR-US: Winamp
-CVE-2010-5080
+CVE-2010-5080 [SilverStripe HTTP referer leakage on Security/changepassword]
 	RESERVED
-CVE-2010-5079
+    - silverstripe <itp> (bug #528461)
+CVE-2010-5079 [SilverStripe weak entropy in tokens for CSRF protection, autologin, "forgot password" emails and password salts]
 	RESERVED
-CVE-2010-5078
+    - silverstripe <itp> (bug #528461)
+CVE-2010-5078 [SilverStripe version number information disclosure]
 	RESERVED
+    - silverstripe <itp> (bug #528461)
 CVE-2010-5077 [quake3 reflective UDP denial of service]
 	RESERVED
 	{DSA-2442-1}
@@ -11882,12 +11890,15 @@
 	{DSA-2354-1}
 	- cups 1.5.0-8
 	NOTE: This ID is for an incomplete fix for CVE-2011-2896
-CVE-2010-4824
+CVE-2010-4824 [SilverStripe SQL injection with Translatable extension enabled]
 	RESERVED
-CVE-2010-4823
+    - silverstripe <itp> (bug #528461)
+CVE-2010-4823 [SilverStripe XSS in controller handling for missing actions]
 	RESERVED
-CVE-2010-4822
+    - silverstripe <itp> (bug #528461)
+CVE-2010-4822 [SilverStripe SQL information disclosure in MySQLDatabase]
 	RESERVED
+    - silverstripe <itp> (bug #528461)
 CVE-2010-4821
 	RESERVED
 	NOT-FOR-US: phpMyFAQ

More information about the Secure-testing-commits mailing list