Author: jmm
Date: 2011-01-24 18:10:25 +0000 (Mon, 24 Jan 2011)
New Revision: 15951
Modified:
data/CVE/list
Log:
- "new" redmine issues
- new hplip issue (DSA pending)
- NFUs
- glibc regexp issues unimportant
- patch issue unimportant
- remove sudo entry, not a security issue
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-01-24 13:16:33 UTC (rev 15950)
+++ data/CVE/list 2011-01-24 18:10:25 UTC (rev 15951)
@@ -1,3 +1,6 @@
+CVE-2010-XXXX
+ - redmine 1.0.5-1 (bug #608397)
+ NOTE: http://www.redmine.org/news/49
CVE-2011-XXXX [shibboleth Single TransientID Mapped to Multiple Principals]
- shibboleth-sp2 <unfixed>
NOTE: http://shibboleth.internet2.edu/secadv/secadv_20110113.txt
@@ -901,7 +904,8 @@
RESERVED
CVE-2010-4651 [patch directory traversal]
RESERVED
- - patch <unfixed>
+ - patch <unfixed> (unimportant)
+ NOTE: Applying a patch blindly opens more severe security issues than only
directory traversal...
CVE-2010-4650
RESERVED
- linux-2.6 2.6.32-30
@@ -2468,7 +2472,7 @@
CVE-2010-4268 (SQL injection vulnerability in the Pulse Infotech Flip Wall ...)
NOT-FOR-US: Pulse Infotech
CVE-2010-4267 (Stack-based buffer overflow in the hpmud_get_pml function in
...)
- TODO: check
+ - hplip <unfixed> (bug #610960)
CVE-2010-4266
RESERVED
CVE-2010-4265 (The ...)
@@ -2985,11 +2989,17 @@
CVE-2010-4053 (Stack-based buffer overflow in an unspecified logging function
in ...)
NOT-FOR-US: IBM Informix Dynamic Server
CVE-2010-4052 (Stack consumption vulnerability in the regcomp implementation in
the ...)
- - glibc <removed>
- - eglibc <unfixed>
+ - glibc <removed> (unimportant)
+ - eglibc <unfixed> (unimportant)
+ NOTE: Deficiency in the regexp engine of glibc, while there implementations
which
+ NOTE: process such expressions more efficiently, imposing a limit lies within
+ NOTE: the application accepting it from user input
CVE-2010-4051 (The regcomp implementation in the GNU C Library (aka glibc or
libc6) ...)
- - glibc <removed>
- - eglibc <unfixed>
+ - glibc <removed> (unimportant)
+ - eglibc <unfixed> (unimportant)
+ NOTE: Deficiency in the regexp engine of glibc, while there implementations
which
+ NOTE: process such expressions more efficiently, imposing a limit lies within
+ NOTE: the application accepting it from user input
CVE-2010-XXXX [XSS vulnerability discovered -plugin-globalsearch]
- fusionforge 5.0.2-3
CVE-2010-XXXX [insecure usage of temporary files in flash-kernel]
@@ -3290,7 +3300,7 @@
CVE-2010-3929
RESERVED
CVE-2010-3928 (Ruby Version Manager (RVM) before 1.2.1 writes file contents to
a ...)
- TODO: check
+ NOT-FOR-US: Ruby Version Manager
CVE-2010-3927
RESERVED
CVE-2010-3926 (Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi
in ...)
@@ -4692,8 +4702,6 @@
CVE-2010-XXXX [numpy memory corruption]
- python-numpy 1:1.4.1-5 (bug #581058)
NOTE: http://projects.scipy.org/numpy/changeset/8364
-CVE-2010-XXXX [glob processing issue]
- - sudo 1.7.0-1 (low; bug #565223; bug #580342)
CVE-2010-XXXX [mediatomb directory traversal]
- mediatomb 0.12.0~svn2018-6.1 (medium; bug #580120)
CVE-2010-3428 (SQL injection vulnerability in modules/notes/json.php in
Intermesh ...)
@@ -15399,8 +15407,7 @@
{DSA-2080-1}
- ghostscript 8.70~dfsg-2.1 (medium; bug #562643)
CVE-2009-4269 (The password hash generation algorithm in the BUILTIN
authentication ...)
- - sun-java6 <undetermined>
- TODO: check
+ NOT-FOR-US: Apache Derby
CVE-2009-4268
RESERVED
CVE-2009-4267