thr3ads.net - Secure testing commits - [Secure-testing-commits] r15681

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Dec-10 21:14 UTC
[Secure-testing-commits] r15681 - data/CVE

Author: joeyh
Date: 2010-12-10 21:14:53 +0000 (Fri, 10 Dec 2010)
New Revision: 15681

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-12-10 20:28:20 UTC (rev 15680)
+++ data/CVE/list	2010-12-10 21:14:53 UTC (rev 15681)
@@ -1,3 +1,95 @@
+CVE-2010-4543
+	RESERVED
+CVE-2010-4542
+	RESERVED
+CVE-2010-4541
+	RESERVED
+CVE-2010-4540
+	RESERVED
+CVE-2010-4539
+	RESERVED
+CVE-2010-4538
+	RESERVED
+CVE-2010-4537
+	RESERVED
+CVE-2010-4536
+	RESERVED
+CVE-2010-4535
+	RESERVED
+CVE-2010-4534
+	RESERVED
+CVE-2010-4533
+	RESERVED
+CVE-2010-4532
+	RESERVED
+CVE-2010-4531
+	RESERVED
+CVE-2010-4530
+	RESERVED
+CVE-2010-4529
+	RESERVED
+CVE-2010-4528
+	RESERVED
+CVE-2010-4527
+	RESERVED
+CVE-2010-4526
+	RESERVED
+CVE-2010-4525
+	RESERVED
+CVE-2010-4524
+	RESERVED
+CVE-2010-4523
+	RESERVED
+CVE-2010-4522
+	RESERVED
+CVE-2010-4521
+	RESERVED
+CVE-2010-4520
+	RESERVED
+CVE-2010-4519
+	RESERVED
+CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto
(com_jeauto) ...)
+	TODO: check
+CVE-2010-4516 (Multiple cross-site scripting (XSS) vulnerabilities in the
JXtended ...)
+	TODO: check
+CVE-2010-4515 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface
5.0, ...)
+	TODO: check
+CVE-2010-4514 (Cross-site scripting (XSS) vulnerability in
Install/InstallWizard.aspx ...)
+	TODO: check
+CVE-2010-4513 (Multiple cross-site scripting (XSS) vulnerabilities in Zimplit
CMS ...)
+	TODO: check
+CVE-2010-4512 (Cobbler before 2.0.4 uses an incorrect umask value, which allows
local ...)
+	TODO: check
+CVE-2010-4511 (Unspecified vulnerability in Movable Type 4.x before 4.35 and
5.x ...)
+	TODO: check
+CVE-2010-4509 (Multiple unspecified vulnerabilities in Movable Type 4.x before
4.35 ...)
+	TODO: check
+CVE-2010-4508 (The WebSockets implementation in Mozilla Firefox 4 through 4.0
Beta 7 ...)
+	TODO: check
+CVE-2009-5031
+	RESERVED
+CVE-2009-5030
+	RESERVED
+CVE-2009-5029
+	RESERVED
+CVE-2009-5028
+	RESERVED
+CVE-2009-5027
+	RESERVED
+CVE-2009-5026
+	RESERVED
+CVE-2009-5025
+	RESERVED
+CVE-2009-5024
+	RESERVED
+CVE-2009-5023
+	RESERVED
+CVE-2009-5022
+	RESERVED
+CVE-2009-5021 (Cobbler before 1.6.1 does not properly determine whether an ...)
+	TODO: check
 CVE-2010-4507
 	RESERVED
 CVE-2010-4506
@@ -286,6 +378,7 @@
 	RESERVED
 	- gnash <unfixed> (unimportant; bug #605419)
 CVE-2006-7243 [php and NUL handling on file ops]
+	RESERVED
 	- php5 5.3.3-6 (low)
 	NOTE: old, known, issue -- partial protection by the suhosin extension
 	NOTE: http://svn.php.net/viewvc?view=revision&revision=305507
@@ -444,6 +537,7 @@
 	- exim4 <unfixed>
 CVE-2010-4344
 	RESERVED
+	{DSA-2131-1}
 	- exim4 4.70-1
 CVE-2010-4343 [linux: bfa driver sysfs crash]
 	RESERVED
@@ -1259,8 +1353,8 @@
 	NOT-FOR-US: Dovecot in Apple Mac OS X
 CVE-2010-4010 (Integer signedness error in Apple Type Services (ATS) in Apple
Mac OS ...)
 	NOT-FOR-US: Apple Type Services
-CVE-2010-4009
-	RESERVED
+CVE-2010-4009 (Integer overflow in Apple QuickTime before 7.6.9 allows remote
...)
+	TODO: check
 CVE-2010-4008 (libxml2 before 2.7.8, as used in Google Chrome before
7.0.517.44, ...)
 	{DSA-2128-1}
 	- libxml2 2.7.8.dfsg-1 (bug #602609)
@@ -1464,10 +1558,10 @@
 	RESERVED
 CVE-2010-3923
 	RESERVED
-CVE-2010-3922
-	RESERVED
-CVE-2010-3921
-	RESERVED
+CVE-2010-3922 (SQL injection vulnerability in Movable Type 4.x before 4.35 and
5.x ...)
+	TODO: check
+CVE-2010-3921 (Cross-site scripting (XSS) vulnerability in Movable Type 4.x
before ...)
+	TODO: check
 CVE-2010-3920 (The Seiko Epson printer driver installers for LP-S9000 before
4.1.11 ...)
 	TODO: check
 CVE-2010-3919
@@ -1801,12 +1895,12 @@
 CVE-2010-3803 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac
OS X ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-CVE-2010-3802
-	RESERVED
-CVE-2010-3801
-	RESERVED
-CVE-2010-3800
-	RESERVED
+CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows
remote ...)
+	TODO: check
+CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute
...)
+	TODO: check
+CVE-2010-3800 (Apple QuickTime before 7.6.9 allows remote attackers to execute
...)
+	TODO: check
 CVE-2010-3799
 	RESERVED
 CVE-2010-3798 (Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x
before ...)
@@ -1954,6 +2048,7 @@
 	- mantis 1.1.8+dfsg-9 (bug #601618)
 	[lenny] - mantis 1.1.6+dfsg-2lenny4
 CVE-2010-3762 (ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled,
does not ...)
+	{DSA-2130-1}
 	- bind9 1:9.7.2.dfsg.P2-1 (bug #599515)
 	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
 	NOTE: ACL bypass claimed to only affect >=9.7.2:
https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
@@ -2290,9 +2385,11 @@
 	- bind9 1:9.7.2.dfsg.P3-1 (bug #605876)
 	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html
 CVE-2010-3614 (named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3,
9.4-ESV ...)
+	{DSA-2130-1}
 	- bind9 1:9.7.2.dfsg.P3-1 (bug #605876)
 	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html
 CVE-2010-3613 (named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before
9.6-ESV-R3, ...)
+	{DSA-2130-1}
 	- bind9 1:9.7.2.dfsg.P3-1 (bug #605876)
 	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html
 CVE-2010-3612
@@ -6026,8 +6123,8 @@
 	[lenny] - libvirt <not-affected> (only affects >= 0.6.1)
 CVE-2010-2236
 	RESERVED
-CVE-2010-2235
-	RESERVED
+CVE-2010-2235 (template_api.py in Cobbler before 2.0.7, as used in Red Hat
Network ...)
+	TODO: check
 CVE-2010-2233 (tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms,
as used ...)
 	- tiff 3.9.4-2
 	[lenny] - tiff <not-affected> (Only affects 3.9.x)
@@ -7998,8 +8095,8 @@
 	NOT-FOR-US: IrfanView
 CVE-2010-1509 (IrfanView before 4.27 does not properly handle an unspecified
integer ...)
 	NOT-FOR-US: IrfanView
-CVE-2010-1508
-	RESERVED
+CVE-2010-1508 (Heap-based buffer overflow in Apple QuickTime before 7.6.9 on
Windows ...)
+	TODO: check
 CVE-2010-1507 (WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on
the ...)
 	NOT-FOR-US: YAST
 CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059
allow ...)
@@ -11087,8 +11184,8 @@
 	NOT-FOR-US: Apple itunes
 CVE-2010-0531 (Apple iTunes before 9.1 allows remote attackers to cause a
denial of ...)
 	NOT-FOR-US: Apple iTunes
-CVE-2010-0530
-	RESERVED
+CVE-2010-0530 (Apple QuickTime before 7.6.9 on Windows sets weak permissions
for the ...)
+	TODO: check
 CVE-2010-0529 (Heap-based buffer overflow in QuickTime.qts in Apple QuickTime
before ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2010-0528 (Apple QuickTime before 7.6.6 on Windows allows remote attackers
to ...)
Secure testing commits - Dec 2010 - r15681 - data/CVE

[Secure-testing-commits] r15681 - data/CVE
