thr3ads.net - Secure testing commits - [Secure-testing-commits] r14113

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Feb-16 21:14 UTC
[Secure-testing-commits] r14113 - data/CVE

Author: joeyh
Date: 2010-02-16 21:14:23 +0000 (Tue, 16 Feb 2010)
New Revision: 14113

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-02-16 21:13:20 UTC (rev 14112)
+++ data/CVE/list	2010-02-16 21:14:23 UTC (rev 14113)
@@ -1,3 +1,9 @@
+CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0
...)
+	TODO: check
+CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar
1.2.0 ...)
+	TODO: check
+CVE-2009-4643 (Stack-based buffer overflow in dsInstallerService.dll in the
Juniper ...)
+	TODO: check
 CVE-2010-XXXX [dillo improper restriction of path in cookies]
 	- dillo <undetermined>
 	NOTE: http://hg.dillo.org/dillo/file/tip/ChangeLog
@@ -181,14 +187,12 @@
 	- libapache-mod-security <unfixed> (bug #569658)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=563455
 	TODO: check
-CVE-2010-0623 [futex refcount leak]
-	RESERVED
+CVE-2010-0623 (The futex_lock_pi function in kernel/futex.c in the Linux kernel
...)
 	- linux-2.6 <unfixed>
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.28)
 	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
-CVE-2010-0622 [futex null ptr dereference]
-	RESERVED
+CVE-2010-0622 (The wake_futex_pi function in kernel/futex.c in the Linux kernel
...)
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <removed>
 CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in
...)
@@ -254,7 +258,7 @@
 	NOT-FOR-US: IBM Cognos Express
 CVE-2010-0556 [google chrome password manager issue]
 	RESERVED
-        - chromium-browser <itp> (low; bug #520334)
+	- chromium-browser <itp> (low; bug #520334)
 CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows
remote ...)
 	TODO: check
 CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows
remote ...)
@@ -1034,28 +1038,24 @@
 CVE-2010-0292 (The read_from_cmd_socket function in cmdmon.c in chronyd in
Chrony ...)
 	{DSA-1992-1}
 	- chrony 1.23-7 (medium)
-CVE-2010-0291
-	RESERVED
+CVE-2010-0291 (The Linux kernel before 2.6.32.4 allows local users to gain
privileges ...)
 	{DSA-1996-1}
 	- linux-2.6 2.6.32-6
 CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4
before ...)
 	- bind9 <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7
-CVE-2010-0289 [dokuwiki CSRF]
-	RESERVED
+CVE-2010-0289 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ACL ...)
 	{DSA-1976-1}
 	- dokuwiki 0.0.20090214b-3.1 (low)
 	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
 	NOTE: http://secunia.com/advisories/38205/
-CVE-2010-0288 [dokuwiki insufficient permissions checks, allowing attacker to
change ACLs]
-	RESERVED
+CVE-2010-0288 (A typo in the administrator permission check in the ACL Manager
plugin ...)
 	{DSA-1976-1}
 	- dokuwiki 0.0.20090214b-3.1 (medium; bug #565406)
 	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
 	NOTE: http://bugs.splitbrain.org/index.php?do=details&task_id=1847
 	NOTE: issue being exploited
-CVE-2010-0287 [dokuwiki directory structure information leak]
-	RESERVED
+CVE-2010-0287 (Directory traversal vulnerability in the ACL Manager plugin ...)
 	{DSA-1976-1}
 	- dokuwiki 0.0.20090214b-3.1 (low)
 	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
@@ -1329,11 +1329,9 @@
 	RESERVED
 CVE-2010-0188
 	RESERVED
-CVE-2010-0187
-	RESERVED
+CVE-2010-0187 (Adobe Flash Player before 10.0.45.2 and Adobe AIR before
1.5.3.9130 ...)
 	NOT-FOR-US: Adobe Flash plugin
-CVE-2010-0186
-	RESERVED
+CVE-2010-0186 (Cross-domain vulnerability in Adobe Flash Player before
10.0.45.2 and ...)
 	NOT-FOR-US: Adobe Flash plugin
 CVE-2010-0185 (The default configuration of Adobe ColdFusion 9.0 does not
restrict ...)
 	NOT-FOR-US: Adobe ColdFusion
@@ -3340,8 +3338,8 @@
 	NOT-FOR-US: 2wire Gateway
 CVE-2009-3961 (SQL injection vulnerability in user.php in Super Serious Stats
(aka ...)
 	NOT-FOR-US: Super Serious Stats
-CVE-2009-3960
-	RESERVED
+CVE-2009-3960 (Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in
...)
+	TODO: check
 CVE-2009-3959 (Integer overflow in the U3D implementation in Adobe Reader and
Acrobat ...)
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
 CVE-2009-3958 (Buffer overflow in the Download Manager in Adobe Reader and
Acrobat ...)
Secure testing commits - Feb 2010 - r14113 - data/CVE

[Secure-testing-commits] r14113 - data/CVE
