Secure testing commits - Nov 2010 - r15550 - data/CVE

Author: joeyh
Date: 2010-11-01 21:15:05 +0000 (Mon, 01 Nov 2010)
New Revision: 15550

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-11-01 21:04:39 UTC (rev 15549)
+++ data/CVE/list	2010-11-01 21:15:05 UTC (rev 15550)
@@ -1,3 +1,43 @@
+CVE-2010-4141
+	RESERVED
+CVE-2010-4140
+	RESERVED
+CVE-2010-4139
+	RESERVED
+CVE-2010-4138
+	RESERVED
+CVE-2010-4137
+	RESERVED
+CVE-2010-4136
+	RESERVED
+CVE-2010-4135
+	RESERVED
+CVE-2010-4134
+	RESERVED
+CVE-2010-4133
+	RESERVED
+CVE-2010-4132
+	RESERVED
+CVE-2010-4131
+	RESERVED
+CVE-2010-4130
+	RESERVED
+CVE-2010-4129
+	RESERVED
+CVE-2010-4128
+	RESERVED
+CVE-2010-4127
+	RESERVED
+CVE-2010-4126
+	RESERVED
+CVE-2010-4125
+	RESERVED
+CVE-2010-4124
+	RESERVED
+CVE-2010-4123
+	RESERVED
+CVE-2010-4122
+	RESERVED
 CVE-2010-4121 (** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli
Provisioning ...)
 	NOT-FOR-US: IBM Tivoli
 CVE-2010-XXXX
@@ -60,20 +100,20 @@
 	RESERVED
 CVE-2010-4091
 	RESERVED
-CVE-2010-4090
-	RESERVED
-CVE-2010-4089
-	RESERVED
-CVE-2010-4088
-	RESERVED
-CVE-2010-4087
-	RESERVED
-CVE-2010-4086
-	RESERVED
-CVE-2010-4085
-	RESERVED
-CVE-2010-4084
-	RESERVED
+CVE-2010-4090 (Adobe Shockwave Player before 11.5.9.615 allows attackers to
execute ...)
+	TODO: check
+CVE-2010-4089 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows
attackers ...)
+	TODO: check
+CVE-2010-4088 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows
...)
+	TODO: check
+CVE-2010-4087 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows
attackers ...)
+	TODO: check
+CVE-2010-4086 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows
...)
+	TODO: check
+CVE-2010-4085 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows
...)
+	TODO: check
+CVE-2010-4084 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows
...)
+	TODO: check
 CVE-2010-4083
 	RESERVED
 	- linux-2.6 <unfixed> (low)
@@ -827,6 +867,7 @@
 CVE-2010-3766
 	RESERVED
 CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11,
when ...)
+	{DSA-2124-1}
 	- xulrunner <removed>
 	- iceweasel 3.5.15-1
 	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
@@ -999,8 +1040,8 @@
 	NOTE:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
 CVE-2010-3701 (lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2
allows ...)
 	NOT-FOR-US: Red Hat Enterprise MRG
-CVE-2010-3700
-	RESERVED
+CVE-2010-3700 (VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x
before ...)
+	TODO: check
 CVE-2010-3699
 	RESERVED
 CVE-2010-3698
@@ -1091,11 +1132,11 @@
 	NOT-FOR-US: Adobe Reader and Acrobat
 CVE-2010-3656 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before
9.4, ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2010-3655
-	RESERVED
-CVE-2010-3654
-	RESERVED
-CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave player
11.5.8.612, ...)
+CVE-2010-3655 (Stack-based buffer overflow in dirapi.dll in Adobe Shockwave
Player ...)
+	TODO: check
+CVE-2010-3654 (Adobe Flash Player 10.1.85.3 and earlier on Windows, Mac OS X,
Linux, ...)
+	TODO: check
+CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave Player
before ...)
 	NOT-FOR-US: Adobe Shockwave
 CVE-2010-3652
 	RESERVED
@@ -2325,6 +2366,7 @@
 CVE-2010-3184
 	RESERVED
 CVE-2010-3183 (The LookupGetterOrSetter function in Mozilla Firefox before
3.5.14 and ...)
+	{DSA-2124-1}
 	- xulrunner <removed>
 	- iceweasel 3.5.14-1
 	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
@@ -2338,6 +2380,7 @@
 CVE-2010-3181 (Untrusted search path vulnerability in Mozilla Firefox before
3.5.14 ...)
 	- iceweasel <not-affected> (Windows-specific)
 CVE-2010-3180 (Use-after-free vulnerability in the nsBarProp function in
Mozilla ...)
+	{DSA-2124-1}
 	- xulrunner <removed>
 	- icedove 3.0.9-1
 	- iceweasel 3.5.14-1
@@ -2345,6 +2388,7 @@
 	- iceape 2.0.9-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3179 (Stack-based buffer overflow in the text-rendering functionality
in ...)
+	{DSA-2124-1}
 	- xulrunner <removed>
 	- icedove 3.0.9-1
 	- iceweasel 3.5.14-1
@@ -2352,6 +2396,7 @@
 	- iceape 2.0.9-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3178 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11,
Thunderbird ...)
+	{DSA-2124-1}
 	- xulrunner <removed>
 	- icedove 3.0.9-1
 	- iceweasel 3.5.14-1
@@ -2359,12 +2404,14 @@
 	- iceape 2.0.9-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3177 (Multiple cross-site scripting (XSS) vulnerabilities in the
Gopher ...)
+	{DSA-2124-1}
 	- xulrunner <removed>
 	- iceweasel 3.5.14-1
 	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.9-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3176 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
+	{DSA-2124-1}
 	- xulrunner <removed>
 	- iceweasel 3.5.14-1
 	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
@@ -2373,6 +2420,7 @@
 CVE-2010-3175 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
 	- iceweasel <not-affected> (Only affects Firefox 3.6, which is only in
experimental)
 CVE-2010-3174 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
+	{DSA-2124-1}
 	- xulrunner <removed>
 	- icedove 3.0.9-1
 	- iceweasel 3.5.14-1
@@ -2380,12 +2428,14 @@
 	- iceape 2.0.9-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3173 (The SSL implementation in Mozilla Firefox before 3.5.14 and
3.6.x ...)
+	{DSA-2123-1}
 	- nss 3.12.8-1
 CVE-2010-3172
 	RESERVED
 CVE-2010-3171 (The Math.random function in the JavaScript implementation in
Mozilla ...)
 	NOTE: Will likely be rejected by MITRE
 CVE-2010-3170 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11,
Thunderbird ...)
+	{DSA-2123-1}
 	- nss 3.12.8-1
 CVE-2010-3169 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
 	{DSA-2106-1}
@@ -2782,8 +2832,8 @@
 	RESERVED
 CVE-2010-3037
 	RESERVED
-CVE-2010-3036
-	RESERVED
+CVE-2010-3036 (Multiple buffer overflows in the authentication functionality in
the ...)
+	TODO: check
 CVE-2010-3035 (Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not
...)
 	NOT-FOR-US: Cisco IOS XR
 CVE-2010-3034 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or
...)
@@ -3488,7 +3538,7 @@
 	- iceweasel <not-affected> (The vulnerability is MacOS-specific)
 	- iceape <not-affected> (The vulnerability is MacOS-specific)
 CVE-2010-2769 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
-	{DSA-2106-1}
+	{DSA-2124-1 DSA-2106-1}
 	- xulrunner <removed>
 	- iceweasel 3.5.12-1
 	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
@@ -3996,10 +4046,10 @@
 	NOT-FOR-US: RealPage Module ActiveX Controls
 CVE-2010-2583
 	RESERVED
-CVE-2010-2582
-	RESERVED
-CVE-2010-2581
-	RESERVED
+CVE-2010-2582 (Heap-based buffer overflow in Adobe Shockwave Player before
11.5.9.615 ...)
+	TODO: check
+CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows
...)
+	TODO: check
 CVE-2010-2580 (The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does
not ...)
 	NOT-FOR-US: MailEnable
 CVE-2010-2579
@@ -9544,7 +9594,7 @@
 	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <not-affected> (chrome-specific issue)
 CVE-2010-0654 (Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, ...)
-	{DSA-2075-1}
+	{DSA-2124-1 DSA-2075-1}
 	- xulrunner 1.9.1.11-1 (bug #570743)
 	- iceweasel 3.5.11-2
 	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against
xulrunner)