Author: geissert
Date: 2010-12-08 04:52:33 +0000 (Wed, 08 Dec 2010)
New Revision: 15660
Modified:
data/CVE/list
Log:
some issues CVEIfied
new clamav and openssh issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-12-07 21:48:42 UTC (rev 15659)
+++ data/CVE/list 2010-12-08 04:52:33 UTC (rev 15660)
@@ -2,8 +2,11 @@
REJECTED
TODO: check
CVE-2010-4479 (Unspecified vulnerability in pdf.c in libclamav in ClamAV before
...)
+ - clamav <undetermined>
+ [lenny] - clamav <end-of-life>
TODO: check
CVE-2010-4478 (OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not
properly ...)
+ - openssh <unfixed>
TODO: check
CVE-2010-4477
RESERVED
@@ -138,21 +141,24 @@
CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2
beta ...)
TODO: check
CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows
remote ...)
+ - libcgi-pm-perl <unfixed>
TODO: check
CVE-2010-4410 (CRLF injection vulnerability in the header function in (1)
CGI.pm ...)
+ - libcgi-pm-perl <unfixed>
TODO: check
CVE-2010-4408 (Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through
...)
TODO: check
CVE-2008-7270 (OpenSSL before 0.9.8j, when
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...)
+ - openssl <unfixed>
TODO: check
-CVE-2010-XXXX [IO::Socket::SSL verify peer mode ignored if no cert supplied]
+CVE-2010-4334 [IO::Socket::SSL verify peer mode ignored if no cert supplied]
- libio-socket-ssl-perl <unfixed> (bug #606058)
-CVE-2010-XXXX [cakephp controller/component/security.php unsafe unserialize]
+CVE-2010-4335 [cakephp controller/component/security.php unsafe unserialize]
- cakephp <unfixed>
NOTE:
https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
-CVE-2010-XXXX [collectd: DoS in RRDtool and RRDCacheD plugins]
+CVE-2010-4336 [collectd: DoS in RRDtool and RRDCacheD plugins]
- collectd <unfixed> (bug #605092)
-CVE-2010-XXXX [gnash: insecure temp files handling in configure script]
+CVE-2010-4337 [gnash: insecure temp files handling in configure script]
- gnash <unfixed> (unimportant; bug #605419)
CVE-2010-XXXX [php and NUL handling on file ops]
- php5 5.3.3-6 (low)
@@ -247,9 +253,9 @@
- awstats <unfixed> (bug #606263)
CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95
...)
- awstats 6.9.5~dfsg-1
-CVE-2010-XXXX [ocrodjvu insecure temp files handling]
+CVE-2010-4338 [ocrodjvu insecure temp files handling]
- ocrodjvu 0.4.6-2 (low; bug #598134)
-CVE-2010-XXXX [hypermail XSS]
+CVE-2010-4339 [hypermail XSS]
- hypermail <removed> (low; bug #598743)
CVE-2010-4366 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
TODO: check
@@ -316,20 +322,6 @@
RESERVED
CVE-2010-4341
RESERVED
-CVE-2010-4340
- RESERVED
-CVE-2010-4339
- RESERVED
-CVE-2010-4338
- RESERVED
-CVE-2010-4337
- RESERVED
-CVE-2010-4336
- RESERVED
-CVE-2010-4335
- RESERVED
-CVE-2010-4334
- RESERVED
CVE-2010-4333
RESERVED
CVE-2010-4332
@@ -1977,7 +1969,7 @@
CVE-2010-3685 (The OpenID module in Drupal 6.x before 6.18, and the OpenID
module 5.x ...)
{DSA-2113-1}
- drupal6 6.18-1 (low; bug #592716)
-CVE-2010-XXXX [libcloud doesn''t verify SSL certificate]
+CVE-2010-4340 [libcloud doesn''t verify SSL certificate]
- libcloud <unfixed> (bug #598463)
CVE-2010-3688 (Directory traversal vulnerability in ADMIN/login.php in
NetArtMEDIA ...)
NOT-FOR-US: NetArtMEDIA WebSiteAdmin