Author: jmm-guest Date: 2010-10-11 17:32:51 +0000 (Mon, 11 Oct 2010) New Revision: 15455 Modified: data/CVE/list Log: - ike fixed - new typo3 issues (also fixed) - remove old bind temp entry - vnc4 not affected by expat issues - python loadpath/py2.5 no-dsa - update padding oracle attack in rails issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-10-10 21:14:47 UTC (rev 15454) +++ data/CVE/list 2010-10-11 17:32:51 UTC (rev 15455) @@ -1,5 +1,7 @@ CVE-2010-3840 RESERVED +CVE-2010-XXXX [typo3-src TYPO3-SA-2010-020] + - typo3-src 4.3.7-1 CVE-2010-3839 RESERVED CVE-2010-3838 @@ -356,12 +358,6 @@ TODO: check, apparently bogus dupes, contact MITRE for rejection CVE-2010-3685 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...) TODO: check, apparently bogus dupes, contact MITRE for rejection -CVE-2010-XXXX [bind9 two issues] - - bind9 <unfixed> - TODO: check - NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html - NOTE: ACL bypass claimed to only affect >=9.7.2: https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html - NOTE: The crash with multiple trust anchors affects 9.6 and is fixed in 9.6-ESV-R2. CVE-2010-XXXX [libcloud doesn''t verify SSL certificate] - libcloud <unfixed> (bug #598463) TODO: check @@ -1200,7 +1196,7 @@ [lenny] - lastfm <no-dsa> (Minor issue) CVE-2010-3361 RESERVED - - ike <unfixed> (low; bug #598292) + - ike 2.1.5+dfsg-2 (low; bug #598292; bug #598292) [lenny] - ike <no-dsa> (Minor issue) CVE-2010-3360 RESERVED @@ -1358,8 +1354,9 @@ RESERVED CVE-2010-3299 [ruby on rails: padding oracle attack] RESERVED - - rails <unfixed> - TODO: check + - rails <unfixed> (unimportant) + NOTE: http://seclists.org/oss-sec/2010/q3/415 + NOTE: http://seclists.org/oss-sec/2010/q3/413 NOTE: http://usenix.org/events/woot10/tech/full_papers/Rizzo.pdf CVE-2010-3298 (The hso_get_count function in drivers/net/usb/hso.c in the Linux ...) - linux-2.6 2.6.32-24 @@ -13717,9 +13714,7 @@ - vxl 1.13.0-2 (low; bug #560945) - xulrunner <unfixed> (unimportant; bug #560946) - texlive-bin <not-affected> (Files are not compiled in, see #560948) - - vnc4 <unfixed> (low; bug #560949) - [etch] - vnc4 <no-dsa> (minor issue) - [lenny] - vnc4 <no-dsa> (minor issue) + - vnc4 <not-affected> (Not affected, see bug #560949) - xotcl <not-affected> (Vulnerable code not present in embedded Expat copy) CVE-2009-3559 (** DISPUTED ** ...) - php5 <unfixed> (unimportant) @@ -25273,6 +25268,7 @@ - python2.5 <unfixed> (low) [etch] - python2.5 <no-dsa> (Minor issue) [lenny] - python2.5 <no-dsa> (Minor issue) + [squeeze] - python2.5 <no-dsa> (Minor issue) - python2.4 <unfixed> (low) [etch] - python2.4 <no-dsa> (Minor issue) [lenny] - python2.4 <no-dsa> (Minor issue)