Author: gilbert-guest
Date: 2010-09-04 17:40:06 +0000 (Sat, 04 Sep 2010)
New Revision: 15264
Modified:
data/CVE/list
data/DSA/list
Log:
new issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-09-04 04:37:24 UTC (rev 15263)
+++ data/CVE/list 2010-09-04 17:40:06 UTC (rev 15264)
@@ -1479,7 +1479,7 @@
CVE-2010-2629 (The Cisco Content Services Switch (CSS) 11500 with software
8.20.4.02 ...)
NOT-FOR-US: Cisco
CVE-2010-2628 (The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before
4.4.1 ...)
- TODO: check
+ - strongswan 4.4.1-1
CVE-2010-2627 (Multiple directory traversal vulnerabilities in the Refractor 2
...)
NOT-FOR-US: Refractor 2
CVE-2010-2626 (index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote
attackers to ...)
@@ -1596,7 +1596,7 @@
[lenny] - kdegraphics <not-affected> (Lenny''s kdegraphics
doesn''t yet contain Okular)
NOTE: http://www.kde.org/info/security/advisory-20100825-1.txt
CVE-2010-2574 (Cross-site scripting (XSS) vulnerability in
manage_proj_cat_add.php in ...)
- TODO: check
+ - mantis <undetermined> (bug #595510)
CVE-2010-2598 (LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64
platforms, as ...)
- tiff <unfixed> (unimportant)
CVE-2010-2597 (The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and
3.9.2 ...)
@@ -1664,11 +1664,11 @@
{DSA-2081-1}
- libmikmod 3.1.11-6.3
CVE-2010-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti
before ...)
- TODO: check
+ - cacti 0.8.7g-1
CVE-2010-2544 (Cross-site scripting (XSS) vulnerability in utilities.php in
Cacti ...)
- TODO: check
+ - cacti 0.8.7g-1
CVE-2010-2543 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ - cacti 0.8.7g-1
CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in
...)
- git-core 1:1.7.1-1.1 (low; bug #590026)
[lenny] - git-core <no-dsa> (Minor issue)
@@ -1813,7 +1813,7 @@
CVE-2010-2496
RESERVED
CVE-2010-2493 (The default configuration of the deployment descriptor (aka
web.xml) ...)
- TODO: check
+ NOT-FOR-US: JBoss Enterprise SOA Platform
CVE-2010-2492
RESERVED
CVE-2010-2491 [roundup XSS]
@@ -2102,9 +2102,9 @@
CVE-2010-2366
RESERVED
CVE-2010-2365 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2
...)
- TODO: check
+ NOT-FOR-US: Free CGI Moo moobbs2
CVE-2010-2364 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs
before ...)
- TODO: check
+ NOT-FOR-US: Free CGI Moo moobbs2
CVE-2010-2363 (The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on
the ...)
NOT-FOR-US: SEIL/X1, SEIL/X2, and SEIL/B1 routers
CVE-2010-2362 (Winny 2.0b7.1 and earlier does not properly process node
information, ...)
@@ -3343,7 +3343,7 @@
CVE-2010-1871 (JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise
Application ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in
Struts ...)
- TODO: check
+ NOT-FOR-US: struts2
CVE-2010-1869 (Stack-based buffer overflow in the parser function in
GhostScript 8.70 ...)
{DSA-2080-1}
- ghostscript 8.71~dfsg-4
@@ -3996,9 +3996,9 @@
{DSA-2062-1}
- sudo 1.7.2p7-1 (bug #585394)
CVE-2010-1645 (Cacti before 0.8.7f, as used in Red Hat High Performance
Computing ...)
- TODO: check
+ - cacti 0.8.7g-1
CVE-2010-1644 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti
before ...)
- TODO: check
+ - cacti 0.8.7g-1
CVE-2010-1643 (mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict
...)
- linux-2.6 2.6.28-1
CVE-2010-1642 (The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd
in ...)
@@ -6503,7 +6503,7 @@
CVE-2010-0835 (Unspecified vulnerability in the Wireless component in Oracle
Fusion ...)
NOT-FOR-US: Oracle
CVE-2010-0834 (The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and
before ...)
- TODO: check
+ - base-files <not-affected> (ubuntu-specific fix for their default OEM
configuration on the Dell Latitude 2110, which permitted installation of
unsigned packages)
CVE-2010-0833 (The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before
build ...)
NOT-FOR-US: Likewise
CVE-2010-0832 (pam_motd (aka the MOTD module) in libpam-modules before ...)
@@ -7671,6 +7671,8 @@
NOTE: The binary package kdm was built from kdebase in Lenny and from
kdebase-workspace
NOTE: in KDE 4.x, i.e. Squeeze onwards
CVE-2010-0435 (The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise ...)
+ - linux-2.6 <undetermined>
+ - kvm <removed>
TODO: check
CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache
HTTP ...)
{DSA-2035-1}
@@ -8681,7 +8683,7 @@
CVE-2010-0121
RESERVED
CVE-2010-0120 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0
through ...)
- TODO: check
+ NOT-FOR-US: RealPlayer
CVE-2010-0119 (Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used,
...)
NOT-FOR-US: Bournal
CVE-2010-0118 (Bournal before 1.4.1 allows local users to overwrite arbitrary
files ...)
@@ -9722,6 +9724,7 @@
{DSA-2080-1}
- ghostscript 8.70~dfsg-2.1 (medium; bug #562643)
CVE-2009-4269 (The password hash generation algorithm in the BUILTIN
authentication ...)
+ - sun-java6 <undetermined>
TODO: check
CVE-2009-4268
RESERVED
@@ -11172,7 +11175,7 @@
CVE-2009-3744 (rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows
remote ...)
NOT-FOR-US: EMC RepliStor
CVE-2009-3743 (Off-by-one error in the TrueType bytecode interpreter in
Ghostscript ...)
- TODO: check
+ - ghostscript 8.71~dfsg-1
CVE-2009-3742 (Cross-site scripting (XSS) vulnerability in Liferay Portal
before ...)
NOT-FOR-US: Liferay Portal
CVE-2009-3741
Modified: data/DSA/list
==================================================================---
data/DSA/list 2010-09-04 04:37:24 UTC (rev 15263)
+++ data/DSA/list 2010-09-04 17:40:06 UTC (rev 15264)
@@ -1,4 +1,4 @@
-[03 Sep 2010] DSA-2102-1 - arbitrary code execution
+[03 Sep 2010] DSA-2102-1 barnowl - arbitrary code execution
{CVE-2010-2725}
[lenny] - barnowl 1.0.1-4+lenny2
[31 Aug 2010] DSA-2101-1 wireshark - several vulnerabilities