thr3ads.net - Secure testing commits - [Secure-testing-commits] r15657

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Dec-07 21:16 UTC
[Secure-testing-commits] r15657 - data/CVE

Author: joeyh
Date: 2010-12-07 21:16:04 +0000 (Tue, 07 Dec 2010)
New Revision: 15657

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-12-07 21:07:47 UTC (rev 15656)
+++ data/CVE/list	2010-12-07 21:16:04 UTC (rev 15657)
@@ -1,3 +1,150 @@
+CVE-2010-4510
+	REJECTED
+	TODO: check
+CVE-2010-4479 (Unspecified vulnerability in pdf.c in libclamav in ClamAV before
...)
+	TODO: check
+CVE-2010-4478 (OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not
properly ...)
+	TODO: check
+CVE-2010-4477
+	RESERVED
+CVE-2010-4476
+	RESERVED
+CVE-2010-4475
+	RESERVED
+CVE-2010-4474
+	RESERVED
+CVE-2010-4473
+	RESERVED
+CVE-2010-4472
+	RESERVED
+CVE-2010-4471
+	RESERVED
+CVE-2010-4470
+	RESERVED
+CVE-2010-4469
+	RESERVED
+CVE-2010-4468
+	RESERVED
+CVE-2010-4467
+	RESERVED
+CVE-2010-4466
+	RESERVED
+CVE-2010-4465
+	RESERVED
+CVE-2010-4464
+	RESERVED
+CVE-2010-4463
+	RESERVED
+CVE-2010-4462
+	RESERVED
+CVE-2010-4461
+	RESERVED
+CVE-2010-4460
+	RESERVED
+CVE-2010-4459
+	RESERVED
+CVE-2010-4458
+	RESERVED
+CVE-2010-4457
+	RESERVED
+CVE-2010-4456
+	RESERVED
+CVE-2010-4455
+	RESERVED
+CVE-2010-4454
+	RESERVED
+CVE-2010-4453
+	RESERVED
+CVE-2010-4452
+	RESERVED
+CVE-2010-4451
+	RESERVED
+CVE-2010-4450
+	RESERVED
+CVE-2010-4449
+	RESERVED
+CVE-2010-4448
+	RESERVED
+CVE-2010-4447
+	RESERVED
+CVE-2010-4446
+	RESERVED
+CVE-2010-4445
+	RESERVED
+CVE-2010-4444
+	RESERVED
+CVE-2010-4443
+	RESERVED
+CVE-2010-4442
+	RESERVED
+CVE-2010-4441
+	RESERVED
+CVE-2010-4440
+	RESERVED
+CVE-2010-4439
+	RESERVED
+CVE-2010-4438
+	RESERVED
+CVE-2010-4437
+	RESERVED
+CVE-2010-4436
+	RESERVED
+CVE-2010-4435
+	RESERVED
+CVE-2010-4434
+	RESERVED
+CVE-2010-4433
+	RESERVED
+CVE-2010-4432
+	RESERVED
+CVE-2010-4431
+	RESERVED
+CVE-2010-4430
+	RESERVED
+CVE-2010-4429
+	RESERVED
+CVE-2010-4428
+	RESERVED
+CVE-2010-4427
+	RESERVED
+CVE-2010-4426
+	RESERVED
+CVE-2010-4425
+	RESERVED
+CVE-2010-4424
+	RESERVED
+CVE-2010-4423
+	RESERVED
+CVE-2010-4422
+	RESERVED
+CVE-2010-4421
+	RESERVED
+CVE-2010-4420
+	RESERVED
+CVE-2010-4419
+	RESERVED
+CVE-2010-4418
+	RESERVED
+CVE-2010-4417
+	RESERVED
+CVE-2010-4416
+	RESERVED
+CVE-2010-4415
+	RESERVED
+CVE-2010-4414
+	RESERVED
+CVE-2010-4413
+	RESERVED
+CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2
beta ...)
+	TODO: check
+CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows
remote ...)
+	TODO: check
+CVE-2010-4410 (CRLF injection vulnerability in the header function in (1)
CGI.pm ...)
+	TODO: check
+CVE-2010-4408 (Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through
...)
+	TODO: check
+CVE-2008-7270 (OpenSSL before 0.9.8j, when
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...)
+	TODO: check
 CVE-2010-XXXX [IO::Socket::SSL verify peer mode ignored if no cert supplied]
 	- libio-socket-ssl-perl <unfixed> (bug #606058)
 CVE-2010-XXXX [cakephp controller/component/security.php unsafe unserialize]
@@ -11,7 +158,7 @@
 	- php5 <unfixed> (low)
 	NOTE: old, known, issue -- Pierre already requested an id
 	NOTE: http://svn.php.net/viewvc?view=revision&revision=305507
-CVE-2010-4409 [php getSymbol() DoS]
+CVE-2010-4409 (Integer overflow in the NumberFormatter::getSymbol (aka ...)
 	- php5 <unfixed>
 	[lenny] - php5 <not-affected> (intl extension included since 5.3)
 	NOTE: http://www.kb.cert.org/vuls/id/479900
@@ -196,8 +343,8 @@
 	RESERVED
 CVE-2010-4331
 	RESERVED
-CVE-2010-4330
-	RESERVED
+CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in
Pulse ...)
+	TODO: check
 CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton
...)
 	- phpmyadmin 4:3.3.7-2
 CVE-2010-4328
@@ -258,14 +405,14 @@
 	NOT-FOR-US: Novell Zenworks
 CVE-2010-4298 (SQL injection vulnerability in the download module in Free
Simple ...)
 	NOT-FOR-US: Free Simple Software
-CVE-2010-4297
-	RESERVED
-CVE-2010-4296
-	RESERVED
-CVE-2010-4295
-	RESERVED
-CVE-2010-4294
-	RESERVED
+CVE-2010-4297 (The VMware Tools update functionality in VMware Workstation
6.5.x ...)
+	TODO: check
+CVE-2010-4296 (vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548
on ...)
+	TODO: check
+CVE-2010-4295 (Race condition in the mounting process in vmware-mount in VMware
...)
+	TODO: check
+CVE-2010-4294 (The frame decompression functionality in the VMnc media codec in
...)
+	TODO: check
 CVE-2008-7266 (Cross-site scripting (XSS) vulnerability in an unspecified
Shockwave ...)
 	NOT-FOR-US: RSA Adaptive Authentication
 CVE-2010-XXXX [directory traversal]
@@ -376,24 +523,20 @@
 	- xfig <unfixed>
 	TODO: check
 	NOTE: details and patch at https://bugzilla.redhat.com/659676
-CVE-2010-4261 [clamav icon_cb memory corruption]
-	RESERVED
+CVE-2010-4261 (Off-by-one error in the icon_cb function in pe_icons.c in
libclamav in ...)
 	- clamav <unfixed>
 	[lenny] - clamav <end-of-life>
 	TODO: check
-CVE-2010-4260 [clamav PDF DoS]
-	RESERVED
+CVE-2010-4260 (Multiple unspecified vulnerabilities in pdf.c in libclamav in
ClamAV ...)
 	- clamav <unfixed>
 	[lenny] - clamav <end-of-life>
 	TODO: check
-CVE-2010-4259 [fontforge BDF files buffer overflow]
-	RESERVED
+CVE-2010-4259 (Stack-based buffer overflow in FontForge 20100501 allows remote
...)
 	- fontforge 0.0.20100501-4 (bug #605537)
 CVE-2010-4258 [linux failure to revert address limit override in OOPS error
path]
 	RESERVED
 	- linux-2.6 <unfixed>
-CVE-2010-4257 [wordpress trackback SQL injection]
-	RESERVED
+CVE-2010-4257 (SQL injection vulnerability in the do_trackbacks function in
...)
 	- wordpress <unfixed>
 	TODO: check
 CVE-2010-4256 [linux: pipe_fcntl local DoS]
@@ -408,8 +551,7 @@
 	NOTE: 201011251552.17678.thomas at suse.de
 CVE-2010-4253
 	RESERVED
-CVE-2010-4252 [OpenSSL JPAKE validation error]
-	RESERVED
+CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly
...)
 	- openssl <unfixed>
 	NOTE: http://www.openssl.org/news/secadv_20101202.txt
 CVE-2010-4251
@@ -426,8 +568,8 @@
 	- linux-2.6 <unfixed>
 	TODO: check
 	NOTE: 4CEB7F72.2020202 at redhat.com
-CVE-2010-4246
-	RESERVED
+CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php
in ...)
+	TODO: check
 CVE-2010-4245
 	RESERVED
 CVE-2010-4244
@@ -589,8 +731,7 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote
attackers ...)
 	- yaws <not-affected> (Only affects Windows)
-CVE-2010-4180 [OpenSSL Ciphersuite Downgrade Attack]
-	RESERVED
+CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when ...)
 	- openssl 0.9.8o-4
 	NOTE: http://www.openssl.org/news/secadv_20101202.txt
 CVE-2010-4179
@@ -1246,8 +1387,7 @@
 	RESERVED
 CVE-2010-3905
 	RESERVED
-CVE-2010-3904
-	RESERVED
+CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the
Reliable ...)
 	- linux-2.6 2.6.32-26
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in
2.6.30)
 CVE-2010-3903 (Unspecified vulnerability in OpenConnect before 2.23 allows
remote ...)
@@ -2443,8 +2583,8 @@
 	RESERVED
 CVE-2010-3450
 	RESERVED
-CVE-2010-3449
-	RESERVED
+CVE-2010-3449 (Cross-site request forgery (CSRF) vulnerability in Redback
before ...)
+	TODO: check
 CVE-2010-3448 [Linux ThinkPad video output status local DoS]
 	RESERVED
 	{DSA-2126-1}
@@ -3542,8 +3682,8 @@
 CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the
Linux ...)
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-24
-CVE-2010-3066
-	RESERVED
+CVE-2010-3066 (The io_submit_one function in fs/aio.c in the Linux kernel
before ...)
+	TODO: check
 CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write
function in ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: mysqlnd not used in squeeze/sid
@@ -4374,8 +4514,7 @@
 CVE-2010-2762 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka
SJOW) ...)
 	- xulrunner <not-affected> (Only affects 3.6, only in experimental)
 	- iceweasel <not-affected> (Only affects 3.6, only in experimental)
-CVE-2010-2761 [CGI.pm incorrect handling of newlines embedded in headers]
-	RESERVED
+CVE-2010-2761 (The multipart_init function in (1) CGI.pm before 3.50 and (2)
...)
 	- libcgi-pm-perl <unfixed>
 	NOTE: 4CF685D7.4070208 at redhat.com
 CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in
...)
@@ -4705,8 +4844,8 @@
 	RESERVED
 CVE-2010-2640
 	RESERVED
-CVE-2010-2639
-	RESERVED
+CVE-2010-2639 (IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows
remote ...)
+	TODO: check
 CVE-2010-2638 (Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5
...)
 	NOT-FOR-US: IBM WebSphere MQ
 CVE-2010-2637 (IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does
not ...)
Secure testing commits - Dec 2010 - r15657 - data/CVE

[Secure-testing-commits] r15657 - data/CVE
