thr3ads.net - Secure testing commits - [Secure-testing-commits] r15292

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Sep-08 21:14 UTC
[Secure-testing-commits] r15292 - data/CVE

Author: joeyh
Date: 2010-09-08 21:14:49 +0000 (Wed, 08 Sep 2010)
New Revision: 15292

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-09-08 19:19:34 UTC (rev 15291)
+++ data/CVE/list	2010-09-08 21:14:49 UTC (rev 15292)
@@ -1,3 +1,47 @@
+CVE-2010-3262
+	RESERVED
+CVE-2010-3261
+	RESERVED
+CVE-2010-3260
+	RESERVED
+CVE-2010-3259 (Google Chrome before 6.0.472.53 does not properly restrict read
access ...)
+	TODO: check
+CVE-2010-3258 (The sandbox implementation in Google Chrome before 6.0.472.53
does not ...)
+	TODO: check
+CVE-2010-3257 (Google Chrome before 6.0.472.53 does not properly perform focus
...)
+	TODO: check
+CVE-2010-3256 (Google Chrome before 6.0.472.53 does not properly limit the
number of ...)
+	TODO: check
+CVE-2010-3255 (Google Chrome before 6.0.472.53 does not properly handle counter
...)
+	TODO: check
+CVE-2010-3254 (The WebSockets implementation in Google Chrome before 6.0.472.53
does ...)
+	TODO: check
+CVE-2010-3253 (The implementation of notification permissions in Google Chrome
before ...)
+	TODO: check
+CVE-2010-3252 (Use-after-free vulnerability in the Notifications presenter in
Google ...)
+	TODO: check
+CVE-2010-3251 (The WebSockets implementation in Google Chrome before 6.0.472.53
...)
+	TODO: check
+CVE-2010-3250 (Unspecified vulnerability in Google Chrome before 6.0.472.53
allows ...)
+	TODO: check
+CVE-2010-3249 (Google Chrome before 6.0.472.53 does not properly implement SVG
...)
+	TODO: check
+CVE-2010-3248 (Google Chrome before 6.0.472.53 does not properly restrict
copying to ...)
+	TODO: check
+CVE-2010-3247 (Google Chrome before 6.0.472.53 does not properly restrict the
...)
+	TODO: check
+CVE-2010-3246 (Google Chrome before 6.0.472.53 does not properly handle the
_blank ...)
+	TODO: check
+CVE-2010-3245 (The automated-backup functionality in Blackboard Transact Suite
...)
+	TODO: check
+CVE-2010-3244 (BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly
...)
+	TODO: check
+CVE-2009-4997 (gnome-power-manager 2.27.92 does not properly implement the ...)
+	TODO: check
+CVE-2009-4996 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the ...)
+	TODO: check
 CVE-2010-XXXX [weborf directory traversal]
 	- weborf <unfixed>
 	NOTE: http://www.exploit-db.com/exploits/14925/
@@ -61,8 +105,8 @@
 	RESERVED
 CVE-2010-3214
 	RESERVED
-CVE-2010-3213
-	RESERVED
+CVE-2010-3213 (Cross-site request forgery (CSRF) vulnerability in Microsoft
Outlook ...)
+	TODO: check
 CVE-2010-3212 (SQL injection vulnerability in index.php in Seagull 0.6.7 and
earlier ...)
 	TODO: check
 CVE-2010-3211 (Multiple SQL injection vulnerabilities in the JE FAQ Pro ...)
@@ -157,18 +201,21 @@
 	RESERVED
 CVE-2010-3169 [Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)]
 	RESERVED
+	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3168 [XUL tree removal crash and remote code execution]
 	RESERVED
+	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3167 [Dangling pointer vulnerability in nsTreeContentView]
 	RESERVED
+	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
@@ -920,8 +967,8 @@
 	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2875 (Integer signedness error in Adobe Shockwave Player before
11.5.8.612 ...)
 	NOT-FOR-US: Adobe Shockwave Player
-CVE-2010-2874
-	RESERVED
+CVE-2010-2874 (Unspecified vulnerability in Adobe Shockwave Player before
11.5.8.612 ...)
+	TODO: check
 CVE-2010-2873 (Adobe Shockwave Player before 11.5.8.612 does not properly
validate ...)
 	NOT-FOR-US: Adobe Shockwave Player
 CVE-2010-2872 (Adobe Shockwave Player before 11.5.8.612 does not properly
validate an ...)
@@ -1111,8 +1158,7 @@
 	RESERVED
 	{DSA-2094-1}
 	- linux-2.6 2.6.32-22
-CVE-2010-2802 [mantis attachment XSS]
-	RESERVED
+CVE-2010-2802 (Cross-site scripting (XSS) vulnerability in MantisBT before
1.2.2 ...)
 	- mantis <not-affected> (vulnerable code introduced in 1.2.x)
 	TODO: confirm 1.1.x is not affected
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=11952
@@ -1260,30 +1306,35 @@
 	- iceape <not-affected> (The vulnerability is MacOS-specific)
 CVE-2010-2769 [Copy-and-paste or drag-and-drop into designMode document allows
XSS]
 	RESERVED
+	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-2768 [UTF-7 XSS by overriding document charset using <object>
type attribute]
 	RESERVED
+	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-2767 [Dangling pointer vulnerability using DOM plugin array]
 	RESERVED
+	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-2766 [Crash and remote code execution in normalizeDocument]
 	RESERVED
+	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-2765 [Frameset integer overflow vulnerability]
 	RESERVED
+	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
@@ -1298,6 +1349,7 @@
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-2763 [XSS using SJOW scripted function]
 	RESERVED
+	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
@@ -1309,6 +1361,7 @@
 	RESERVED
 CVE-2010-2760 [Dangling pointer vulnerability in nsTreeSelection]
 	RESERVED
+	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
@@ -1368,8 +1421,8 @@
 	RESERVED
 CVE-2010-2740
 	RESERVED
-CVE-2010-2739
-	RESERVED
+CVE-2010-2739 (Buffer overflow in the CreateDIBPalette function in win32k.sys
in ...)
+	TODO: check
 CVE-2010-2738
 	RESERVED
 CVE-2010-2737
@@ -1894,8 +1947,7 @@
 	NOT-FOR-US: UMIP
 CVE-2010-2522 (The mipv6 daemon in UMIP 0.4 does not verify that netlink
messages ...)
 	NOT-FOR-US: UMIP
-CVE-2010-2521
-	RESERVED
+CVE-2010-2521 (Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR ...)
 	{DSA-2094-1}
 	- linux-2.6 2.6.32-13
 CVE-2010-2520 (Heap-based buffer overflow in the Ins_IUP function in ...)
@@ -2458,8 +2510,8 @@
 	RESERVED
 CVE-2009-4899
 	RESERVED
-CVE-2009-4898
-	RESERVED
+CVE-2009-4898 (Cross-site request forgery (CSRF) vulnerability in TWiki before
4.3.2 ...)
+	TODO: check
 CVE-2009-4897 (Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and
earlier ...)
 	{DSA-2093-1}
 	- ghostscript 8.70~dfsg-1
@@ -2601,8 +2653,7 @@
 	- libpng 1.2.44-1 (low; bug #587670)
 	- tuxonice-userui 1.0-1 (unimportant)
 	NOTE: tuxonice-userui 1.0-1 was binNMUed
-CVE-2010-2248 [os/2 smb issue]
-	RESERVED
+CVE-2010-2248 (fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel
...)
 	{DSA-2094-1}
 	- linux-2.6 2.6.32-12 (low)
 CVE-2010-2247 [makepasswd: insecure passwords generated with default settings]
Secure testing commits - Sep 2010 - r15292 - data/CVE

[Secure-testing-commits] r15292 - data/CVE
