Author: jmm-guest
Date: 2010-10-10 11:06:14 +0000 (Sun, 10 Oct 2010)
New Revision: 15447
Modified:
data/CVE/list
Log:
- bind CVEfied
- python asyncore related issues CVEfied
- update freetype status in sid
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-10-10 10:54:10 UTC (rev 15446)
+++ data/CVE/list 2010-10-10 11:06:14 UTC (rev 15447)
@@ -155,7 +155,14 @@
CVE-2010-3763 (Cross-site scripting (XSS) vulnerability in core/summary_api.php
in ...)
TODO: check
CVE-2010-3762 (ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled,
does not ...)
- TODO: check
+ - bind9 <unfixed> (bug #599515)
+ NOTE:
http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
+ NOTE: ACL bypass claimed to only affect >=9.7.2:
https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
+ NOTE: The crash with multiple trust anchors affects 9.6 and is fixed in
9.6-ESV-R2.
+CVE-2010-XXXX [bind acl bypass]
+ - bind9 <not-affected> (Only affects 9.7.2, which is not yet in the
archive)
+ NOTE:
http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
+ NOTE: ACL bypass claimed to only affect >=9.7.2:
https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
CVE-2010-3761 (Unspecified vulnerability in IBM Tivoli Storage Manager (TSM)
FastBack ...)
NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3760 (FastBackMount.exe in the Mount service in IBM Tivoli Storage
Manager ...)
@@ -592,10 +599,17 @@
RESERVED
CVE-2010-3494
RESERVED
+ - python-pyftpdlib 0.5.2-1 (low)
+ NOTE: http://code.google.com/p/pyftpdlib/issues/detail?id=104
CVE-2010-3493
RESERVED
CVE-2010-3492
RESERVED
+ - python2.7 <unfixed> (unimportant)
+ - python3.1 <unfixed> (unimportant)
+ - python3.2 <unfixed> (unimportant)
+ NOTE: Unfixable design limitation, which needs to be coped with in
applications
+ NOTE: This CVE is about proper documentation
CVE-2010-3491
RESERVED
CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the
System ...)
@@ -1070,12 +1084,6 @@
NOT-FOR-US: UltraEdit
CVE-2010-3401
RESERVED
-CVE-2010-XXXX [python accept() implementation in async core is broken]
- - python2.7 <unfixed>
- - python3.1 <unfixed>
- - python3.2 <unfixed>
- TODO: check (I guess all python versions are affected)
- NOTE: see 4C88DB97.1060602 at redhat.com for details
CVE-2010-3400 (The js_InitRandom function in the JavaScript implementation in
Mozilla ...)
TODO: check
NOTE: These will likely be rejected, Mozilla people will clarify with MITRE
@@ -1316,8 +1324,8 @@
CVE-2010-3311 [freetype heap-based buffer overflow]
RESERVED
{DSA-2116-1}
- - freetype <unfixed>
- TODO: report
+ - freetype 2.4.0-1
+ NOTE: Only the 2.3.x series is affected
CVE-2010-3310 (Multiple integer signedness errors in net/rose/af_rose.c in the
Linux ...)
- linux-2.6 <unfixed>
CVE-2010-3309