Author: geissert Date: 2010-09-30 00:51:14 +0000 (Thu, 30 Sep 2010) New Revision: 15395 Modified: data/CVE/list Log: new issues: 8 mysql, 2 linux, 2 bind, cluster-agents, ffmpeg, gollem, dimp1, imp4, horde3, libcloud Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-09-29 21:53:32 UTC (rev 15394) +++ data/CVE/list 2010-09-30 00:51:14 UTC (rev 15395) @@ -1,3 +1,28 @@ +CVE-2010-XXXX [bind9 two issues] + - bind9 <unfixed> + TODO: check + NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html + NOTE: ACL bypass claimed to only affect >9.7.2: https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html +CVE-2010-XXXX [horde3 XSS and CSRF] + - horde3 <unfixed> + TODO: check + NOTE: http://lists.horde.org/archives/announce/2010/000568.html +CVE-2010-XXXX [horde dimp XSS] + - dimp1 <unfixed> + NOTE: http://lists.horde.org/archives/announce/2010/000561.html + TODO: report +CVE-2010-XXXX [horde imp4 XSS] + - imp4 <unfixed> + NOTE: http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html + TODO: report +CVE-2010-XXXX [libcloud doesn''t verify SSL certificate] + - libcloud <unfixed> (bug #598463) + TODO: check + NOTE: other similar python code should be reviewed +CVE-2010-XXXX [horde gollem XSS] + - gollem <unfixed> + NOTE: http://bugs.horde.org/ticket/9191 + TODO: report CVE-2010-3688 NOT-FOR-US: NetArtMEDIA WebSiteAdmin CVE-2010-3684 @@ -4,20 +29,52 @@ NOT-FOR-US: Synology Disk Station CVE-2010-3683 RESERVED + - mysql-5.1 <unfixed> + - mysql-dfsg-5.0 <unfixed> + TODO: check + NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org CVE-2010-3682 RESERVED + - mysql-5.1 <unfixed> + - mysql-dfsg-5.0 <unfixed> + TODO: check + NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org CVE-2010-3681 RESERVED + - mysql-5.1 <unfixed> + - mysql-dfsg-5.0 <unfixed> + TODO: check + NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org CVE-2010-3680 RESERVED + - mysql-5.1 <unfixed> + - mysql-dfsg-5.0 <unfixed> + TODO: check + NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org CVE-2010-3679 RESERVED + - mysql-5.1 <unfixed> + - mysql-dfsg-5.0 <unfixed> + TODO: check + NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org CVE-2010-3678 RESERVED + - mysql-5.1 <unfixed> + - mysql-dfsg-5.0 <unfixed> + TODO: check + NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org CVE-2010-3677 RESERVED + - mysql-5.1 <unfixed> + - mysql-dfsg-5.0 <unfixed> + TODO: check + NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org CVE-2010-3676 RESERVED + - mysql-5.1 <unfixed> + - mysql-dfsg-5.0 <unfixed> + TODO: check + NOTE: see Pine.GSO.4.64.1009281803250.24337 at faron.mitre.org CVE-2010-3675 RESERVED CVE-2010-3658 @@ -545,8 +602,11 @@ RESERVED - quassel 0.7.1-1 (bug #597853) NOTE: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/629774 -CVE-2010-3442 +CVE-2010-3442 [heap corruption in snd_ctl_new] RESERVED + - linux-2.6 <unfixed> + TODO: check + NOTE: http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=5591bf07225523600450edd9e6ad258bb877b779 CVE-2010-3441 RESERVED - abcm2ps 5.9.13-0.1 (low; bug #577014) @@ -562,8 +622,9 @@ RESERVED - libpoe-component-irc-perl 6.32+dfsg-1 [lenny] - libpoe-component-irc-perl 6.32+dfsg-1 (bug #581194) -CVE-2010-3437 +CVE-2010-3437 [linux pktcdvd ioctl dev_minor missing range check] RESERVED + - linux-2.6 <unfixed> CVE-2010-3436 RESERVED CVE-2010-3435 @@ -584,6 +645,9 @@ RESERVED CVE-2010-3429 RESERVED + - ffmpeg <unfixed> + TODO: check + NOTE: http://www.ocert.org/advisories/ocert-2010-004.html CVE-2010-XXXX [mingetty directory traversal] - mingetty 1.07-2 (medium; bug #597382) CVE-2010-XXXX [config file world readable] @@ -713,6 +777,7 @@ RESERVED CVE-2010-3389 RESERVED + - cluster-agents <unfixed> (bug #598549) CVE-2010-3388 RESERVED CVE-2010-3387