Secure testing commits - Feb 2010 - r13991 - data/CVE

Author: joeyh
Date: 2010-02-01 21:14:52 +0000 (Mon, 01 Feb 2010)
New Revision: 13991

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-02-01 18:20:14 UTC (rev 13990)
+++ data/CVE/list	2010-02-01 21:14:52 UTC (rev 13991)
@@ -1,3 +1,163 @@
+CVE-2010-0466
+	RESERVED
+CVE-2010-0465
+	RESERVED
+CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web
browser ...)
+	TODO: check
+CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web
browser ...)
+	TODO: check
+CVE-2010-0462 (Heap-based buffer overflow in IBM DB2 9.7 and 9.7.1 on Linux
allows ...)
+	TODO: check
+CVE-2010-0461 (SQL injection vulnerability in the casino (com_casino) component
1.0 ...)
+	TODO: check
+CVE-2010-0460 (Multiple cross-site scripting (XSS) vulnerabilities in
staff/index.php ...)
+	TODO: check
+CVE-2010-0459 (SQL injection vulnerability in the Mochigames (com_mochigames)
...)
+	TODO: check
+CVE-2010-0458 (Multiple SQL injection vulnerabilities in NetArt Media Blog
System 1.5 ...)
+	TODO: check
+CVE-2010-0457 (SQL injection vulnerability in home.php in magic-portal 2.1
allows ...)
+	TODO: check
+CVE-2010-0456 (SQL injection vulnerability in the indianpulse Game Server ...)
+	TODO: check
+CVE-2010-0455 (Cross-site scripting (XSS) vulnerability in forum/viewtopic.php
in ...)
+	TODO: check
+CVE-2010-0454 (SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in
...)
+	TODO: check
+CVE-2010-0453
+	RESERVED
+CVE-2010-0452
+	RESERVED
+CVE-2010-0451
+	RESERVED
+CVE-2010-0450
+	RESERVED
+CVE-2010-0449
+	RESERVED
+CVE-2010-0448
+	RESERVED
+CVE-2010-0447
+	RESERVED
+CVE-2010-0446
+	RESERVED
+CVE-2010-0445
+	RESERVED
+CVE-2010-0444
+	RESERVED
+CVE-2010-0443
+	RESERVED
+CVE-2010-0441
+	RESERVED
+CVE-2010-0440
+	RESERVED
+CVE-2010-0439
+	RESERVED
+CVE-2010-0438
+	RESERVED
+CVE-2010-0437
+	RESERVED
+CVE-2010-0436
+	RESERVED
+CVE-2010-0435
+	RESERVED
+CVE-2010-0434
+	RESERVED
+CVE-2010-0433
+	RESERVED
+CVE-2010-0432
+	RESERVED
+CVE-2010-0431
+	RESERVED
+CVE-2010-0430
+	RESERVED
+CVE-2010-0429
+	RESERVED
+CVE-2010-0428
+	RESERVED
+CVE-2010-0427
+	RESERVED
+CVE-2010-0426
+	RESERVED
+CVE-2010-0425
+	RESERVED
+CVE-2010-0424
+	RESERVED
+CVE-2010-0423
+	RESERVED
+CVE-2010-0422
+	RESERVED
+CVE-2010-0421
+	RESERVED
+CVE-2010-0420
+	RESERVED
+CVE-2010-0419
+	RESERVED
+CVE-2010-0418
+	RESERVED
+CVE-2010-0417
+	RESERVED
+CVE-2010-0416
+	RESERVED
+CVE-2010-0415
+	RESERVED
+CVE-2010-0414
+	RESERVED
+CVE-2010-0413
+	RESERVED
+CVE-2010-0412
+	RESERVED
+CVE-2010-0411
+	RESERVED
+CVE-2010-0410
+	RESERVED
+CVE-2010-0409
+	RESERVED
+CVE-2010-0408
+	RESERVED
+CVE-2010-0407
+	RESERVED
+CVE-2010-0406
+	RESERVED
+CVE-2010-0405
+	RESERVED
+CVE-2010-0404
+	RESERVED
+CVE-2010-0403
+	RESERVED
+CVE-2010-0402
+	RESERVED
+CVE-2010-0401
+	RESERVED
+CVE-2010-0400
+	RESERVED
+CVE-2010-0399
+	RESERVED
+CVE-2010-0398
+	RESERVED
+CVE-2010-0397
+	RESERVED
+CVE-2010-0396
+	RESERVED
+CVE-2010-0395
+	RESERVED
+CVE-2010-0394
+	RESERVED
+CVE-2010-0393
+	RESERVED
+CVE-2009-4630 (Mozilla Necko, as used in Firefox, SeaMonkey, and other
applications, ...)
+	TODO: check
+CVE-2009-4629 (Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and
other ...)
+	TODO: check
+CVE-2005-4885 (Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130)
...)
+	TODO: check
+CVE-2004-2766 (Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging
Server ...)
+	TODO: check
+CVE-2004-2765 (Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE
...)
+	TODO: check
+CVE-2003-1576 (Buffer overflow in pamverifier in Change Manager (CM) 1.0 for
Sun ...)
+	TODO: check
+CVE-2003-1575 (VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1
Rolling ...)
+	TODO: check
 CVE-2010-0392 (Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec
VPN ...)
 	NOT-FOR-US: TheGreenBow IPSec VPN Client
 CVE-2010-0391 (Multiple stack-based buffer overflows in Embarcadero
Technologies ...)
@@ -36,6 +196,7 @@
 	- gmetad <unfixed> (low; bug #567175)
 	TODO: check old/stable versions
 CVE-2010-0442 [postgres bitsubstr overflow]
+	RESERVED
 	- postgresql-7.4 <removed>
 	- postgresql-8.1 <removed>
 	- postgresql-8.2 <removed>
@@ -343,7 +504,7 @@
 	RESERVED
 CVE-2010-0291
 	RESERVED
-        - linux-2.6 2.6.32-6
+	- linux-2.6 2.6.32-6
 CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4
before ...)
 	- bind9 <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7
@@ -725,14 +886,14 @@
 	RESERVED
 CVE-2010-0143
 	RESERVED
-CVE-2010-0142
-	RESERVED
-CVE-2010-0141
-	RESERVED
-CVE-2010-0140
-	RESERVED
-CVE-2010-0139
-	RESERVED
+CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and
possibly ...)
+	TODO: check
+CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and
possibly ...)
+	TODO: check
+CVE-2010-0140 (Multiple unspecified vulnerabilities in the web server in Cisco
...)
+	TODO: check
+CVE-2010-0139 (Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before
...)
+	TODO: check
 CVE-2010-0138 (Buffer overflow in Cisco CiscoWorks Internetwork Performance
Monitor ...)
 	NOT-FOR-US: Cisco CiscoWorks Internetwork Performance Monitor
 CVE-2010-0137 (Unspecified vulnerability in the sshd_child_handler process in
the SSH ...)
@@ -913,14 +1074,14 @@
 CVE-2010-0096
 	RESERVED
 CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux
kernel ...)
-        - linux-2.6 2.6.32-6 (low; bug #564114)
+	- linux-2.6 2.6.32-6 (low; bug #564114)
 	- linux-2.6.24 <removed> (low)
 	NOTE: just like CVE-2009-4536 but was reported later
 CVE-2009-4537 (drivers/net/r8169.c in the r8169 driver in the Linux kernel
2.6.32.3 ...)
 	- linux-2.6 <unfixed> (medium; bug #564110)
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux
kernel ...)
-        - linux-2.6 2.6.32-6 (low; bug #564114)
+	- linux-2.6 2.6.32-6 (low; bug #564114)
 	- linux-2.6.24 <removed> (low)
 CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the
...)
 	NOT-FOR-US: Mongoose
@@ -1631,28 +1792,25 @@
 CVE-2010-0008
 	RESERVED
 CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the
...)
-        - linux-2.6 2.6.32-6
+	- linux-2.6 2.6.32-6
 	- linux-2.6.24 <removed>
 CVE-2010-0006 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux
kernel ...)
-        - linux-2.6 2.6.32-6
+	- linux-2.6 2.6.32-6
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.28)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
 	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
-CVE-2010-0005 [viewvc: query.py issue]
-	RESERVED
+CVE-2010-0005 (query.py in the query interface in ViewVC before 1.1.3 does not
reject ...)
 	- viewvc <unfixed>
 	TODO: check
-CVE-2010-0004 [viewvc: root listing issue]
-	RESERVED
+CVE-2010-0004 (ViewVC before 1.1.3 composes the root listing view without using
the ...)
 	- viewvc <unfixed>
 	TODO: check
 CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux
kernel ...)
-        - linux-2.6 2.6.32-6
+	- linux-2.6 2.6.32-6
 	- linux-2.6.24 <removed>
 CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash
package for ...)
 	- bash <not-affected> (mandriva-specific packaging issue)
-CVE-2010-0001 [gzip: integer underflow via LZW compressed gzip archive]
-	RESERVED
+CVE-2010-0001 (Integer underflow in the unlzw function in unlzw.c in gzip
before 1.4 ...)
 	{DSA-1974-1}
 	- gzip 1.3.12-9 (medium; bug #566002)
 CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method
in ...)
@@ -1742,8 +1900,7 @@
 	- systemtap 1.1-1
 	[lenny] - systemtap <not-affected> (Server component not yet present)
 	[etch] - systemtap <not-affected> (Server component not yet present)
-CVE-2009-4272 [linux deadlock or null pointer dereference via routing hash
table''s emergency route flush]
-	RESERVED
+CVE-2009-4272 (A certain Red Hat patch for net/ipv4/route.c in the Linux kernel
...)
 	- linux-2.6 <unfixed> (medium)
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.27)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
@@ -2016,8 +2173,8 @@
 	RESERVED
 CVE-2009-4184
 	RESERVED
-CVE-2009-4183
-	RESERVED
+CVE-2009-4183 (Unspecified vulnerability in HP OpenView Storage Data Protector
6.00 ...)
+	TODO: check
 CVE-2009-4182 (Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2,
when a ...)
 	NOT-FOR-US: HP Web Jetadmin
 CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView
Network ...)
@@ -2106,7 +2263,7 @@
 CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not
properly ...)
 	- php5 5.2.12.dfsg.1-1 (medium)
 CVE-2009-4141 (Use-after-free vulnerability in the fasync_helper function in
...)
-        - linux-2.6 2.6.32-6
+	- linux-2.6 2.6.32-6
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.28)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
 	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
@@ -2676,7 +2833,7 @@
 CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM
VirtualBox ...)
 	- virtualbox-guest-additions 3.0.10-1
 CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux
kernel ...)
-        - linux-2.6 2.6.32-6 (low)
+	- linux-2.6 2.6.32-6 (low)
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 	- linux-2.6.24 <removed> (low)
 CVE-2009-4004 (Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in
...)
@@ -3889,8 +4046,7 @@
 CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12
and ...)
 	- php5 5.2.12.dfsg.1-1 (unimportant)
 	NOTE: safe_mode bypass
-CVE-2009-3556 [world-writable vport_(create|delete) in the qla2xxx driver]
-	RESERVED
+CVE-2009-3556 (A certain Red Hat configuration step for the qla2xxx driver in
the ...)
 	TODO: check
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3556
 	NOTE: said to be RH-specific
@@ -6119,14 +6275,12 @@
 	{DSA-1928-1 DSA-1915-1}
 	- linux-2.6 2.6.31-1 (low)
 	- linux-2.6.24 <removed> (low)
-CVE-2009-2902 [tomcat directory traversal via WAR file names]
-	RESERVED
+CVE-2009-2902 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through
...)
 	- tomcat6 <unfixed>
 	- tomcat5 <removed>
 	TODO: check
 	NOTE: tomcat 5.0 (in etch) is unsupported by upstream and may also be affected
-CVE-2009-2901 [tomcat insecure partial deploy after failed undeploy]
-	RESERVED
+CVE-2009-2901 (The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28
and ...)
 	- tomcat6 <unfixed>
 	- tomcat5 <removed>
 	TODO: check
@@ -6942,8 +7096,7 @@
 	- pidgin 2.5.9-1 (medium; bug #542486)
 	[lenny] - gaim <not-affected> (Only a transitional package)
 	- gaim <removed>
-CVE-2009-2693 [tomcat directory traversal via WAR files]
-	RESERVED
+CVE-2009-2693 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through
...)
 	- tomcat6 <unfixed>
 	- tomcat5 <removed>
 	TODO: check
@@ -7226,8 +7379,7 @@
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
 	- libxerces2-java 2.9.1-4.1 (bug #548358)
-CVE-2009-2624 [gzip: missing input sanitation related to dynamic Huffman codes]
-	RESERVED
+CVE-2009-2624 (The huft_build function in inflate.c in gzip before 1.3.13
creates a ...)
 	{DSA-1974-1}
 	- gzip 1.3.12-8 (medium; bug #507263)
 CVE-2009-2623