thr3ads.net - Secure testing commits - [Secure-testing-commits] r13940

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Jan-27 21:14 UTC
[Secure-testing-commits] r13940 - data/CVE

Author: joeyh
Date: 2010-01-27 21:14:24 +0000 (Wed, 27 Jan 2010)
New Revision: 13940

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-01-27 21:03:02 UTC (rev 13939)
+++ data/CVE/list	2010-01-27 21:14:24 UTC (rev 13940)
@@ -1,3 +1,33 @@
+CVE-2010-0392 (Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec
VPN ...)
+	TODO: check
+CVE-2010-0391 (Multiple stack-based buffer overflows in Embarcadero
Technologies ...)
+	TODO: check
+CVE-2010-0390 (Unrestricted file upload vulnerability in
maxImageUpload/index.php in ...)
+	TODO: check
+CVE-2010-0389 (The admin server in Sun Java System Web Server 7.0 Update 6
allows ...)
+	TODO: check
+CVE-2010-0388 (Format string vulnerability in the WebDAV implementation in
webservd ...)
+	TODO: check
+CVE-2010-0387 (Multiple heap-based buffer overflows in (1) webservd and (2) the
admin ...)
+	TODO: check
+CVE-2010-0386 (The default configuration of Sun Java System Application Server
7 and ...)
+	TODO: check
+CVE-2010-0385 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when ...)
+	TODO: check
+CVE-2010-0384 (Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a
directory ...)
+	TODO: check
+CVE-2010-0383 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses
deprecated ...)
+	TODO: check
+CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before
...)
+	TODO: check
+CVE-2010-0381 (SQL injection vulnerability in modules/arcade/index.php in PHP
MySpace ...)
+	TODO: check
+CVE-2010-0380 (install.php in JCE-Tech PHP Calendars, downloaded 20100121,
allows ...)
+	TODO: check
+CVE-2008-7253 (The default configuration of the web server in IBM Lotus Domino
...)
+	TODO: check
+CVE-2005-4884 (Unspecified vulnerability in the Oracle OLAP component in Oracle
...)
+	TODO: check
 CVE-2010-XXXX [gmetad incorrect file permissions]
 	- gmetad <unfixed> (low; bug #567175)
 	TODO: check old/stable versions
@@ -282,6 +312,7 @@
 	RESERVED
 CVE-2010-0300 [ircd-ratbox: NULL pointer vulnerability]
 	RESERVED
+	{DSA-1980-1}
 	- ircd-ratbox <unfixed> (low; bug #567191)
 CVE-2010-0299
 	RESERVED
@@ -301,8 +332,7 @@
 	RESERVED
 CVE-2010-0291
 	RESERVED
-CVE-2010-0290 [bind: CVE-2009-4022 fix incomplete]
-	RESERVED
+CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4
before ...)
 	- bind9 <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7
 CVE-2010-0289 [dokuwiki CSRF]
@@ -439,16 +469,16 @@
 	RESERVED
 CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6
SP1, ...)
 	NOT-FOR-US: Microsoft
-CVE-2010-0248
-	RESERVED
-CVE-2010-0247
-	RESERVED
-CVE-2010-0246
-	RESERVED
-CVE-2010-0245
-	RESERVED
-CVE-2010-0244
-	RESERVED
+CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly
...)
+	TODO: check
+CVE-2010-0247 (Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not
properly ...)
+	TODO: check
+CVE-2010-0246 (Microsoft Internet Explorer 8 does not properly handle objects
in ...)
+	TODO: check
+CVE-2010-0245 (Microsoft Internet Explorer 8 does not properly handle objects
in ...)
+	TODO: check
+CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly
...)
+	TODO: check
 CVE-2010-0243
 	RESERVED
 CVE-2010-0242
@@ -475,8 +505,8 @@
 	TODO: check
 CVE-2010-0231
 	RESERVED
-CVE-2010-0230
-	RESERVED
+CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to
listen ...)
+	TODO: check
 CVE-2010-0229 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB
flash ...)
 	NOT-FOR-US: Verbatim Corporate Secure
 CVE-2010-0228 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB
flash ...)
@@ -866,8 +896,8 @@
 	RESERVED
 CVE-2010-0098
 	RESERVED
-CVE-2010-0097
-	RESERVED
+CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before
...)
+	TODO: check
 CVE-2010-0096
 	RESERVED
 CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux
kernel ...)
@@ -1531,8 +1561,8 @@
 	RESERVED
 CVE-2010-0028
 	RESERVED
-CVE-2010-0027
-	RESERVED
+CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer
7 and ...)
+	TODO: check
 CVE-2010-0026
 	RESERVED
 CVE-2010-0025
@@ -1590,8 +1620,7 @@
 CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the
...)
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <removed>
-CVE-2010-0006 [ipv6 null ptr dereference]
-	RESERVED
+CVE-2010-0006 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux
kernel ...)
 	- linux-2.6 <unfixed>
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.28)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
@@ -1604,8 +1633,7 @@
 	RESERVED
 	- viewvc <unfixed>
 	TODO: check
-CVE-2010-0003 [all kernel memory dumpable to userspace when
print-fatal-signals=1]
-	RESERVED
+CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux
kernel ...)
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <removed>
 CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash
package for ...)
@@ -1696,8 +1724,8 @@
 	RESERVED
 CVE-2009-4274
 	RESERVED
-CVE-2009-4273
-	RESERVED
+CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to
execute ...)
+	TODO: check
 CVE-2009-4272 [linux deadlock or null pointer dereference via routing hash
table''s emergency route flush]
 	RESERVED
 	- linux-2.6 <unfixed> (medium)
@@ -1819,8 +1847,8 @@
 	RESERVED
 CVE-2009-4258
 	RESERVED
-CVE-2009-4257
-	RESERVED
+CVE-2009-4257 (Heap-based buffer overflow in smlrender.dll in RealNetworks
RealPlayer ...)
+	TODO: check
 CVE-2009-4256 (Multiple SQL injection vulnerabilities in cource.php in
AlefMentor 2.0 ...)
 	NOT-FOR-US: AlefMentor
 CVE-2009-4255 (Cross-site scripting (XSS) vulnerability in the You!Hostit!
template ...)
@@ -1837,22 +1865,22 @@
 	NOT-FOR-US: CuteNews
 CVE-2009-4249 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP
...)
 	NOT-FOR-US: CuteNews
-CVE-2009-4248
-	RESERVED
-CVE-2009-4247
-	RESERVED
-CVE-2009-4246
-	RESERVED
-CVE-2009-4245
-	RESERVED
-CVE-2009-4244
-	RESERVED
-CVE-2009-4243
-	RESERVED
-CVE-2009-4242
-	RESERVED
-CVE-2009-4241
-	RESERVED
+CVE-2009-4248 (Buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5
...)
+	TODO: check
+CVE-2009-4247 (RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through
...)
+	TODO: check
+CVE-2009-4246 (Stack-based buffer overflow in RealNetworks RealPlayer 10,
RealPlayer ...)
+	TODO: check
+CVE-2009-4245 (Heap-based buffer overflow in RealNetworks RealPlayer 10,
RealPlayer ...)
+	TODO: check
+CVE-2009-4244 (Heap-based buffer overflow in RealNetworks RealPlayer 10;
RealPlayer ...)
+	TODO: check
+CVE-2009-4243 (RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through
...)
+	TODO: check
+CVE-2009-4242 (Heap-based buffer overflow in RealNetworks RealPlayer 10;
RealPlayer ...)
+	TODO: check
+CVE-2009-4241 (Heap-based buffer overflow in RealNetworks RealPlayer 10,
RealPlayer ...)
+	TODO: check
 CVE-2009-4240 (Multiple buffer overflows in unspecified setuid executables in
the ...)
 	NOT-FOR-US: IBM InfoSphere Information Server
 CVE-2009-4239 (Cross-site scripting (XSS) vulnerability in the Web console in
IBM ...)
@@ -2392,7 +2420,7 @@
 	- php-mail 1.1.14-2 (medium; bug #557121)
 	[lenny] - php-mail  1.1.14-1+lenny1
 	[etch] - php-mail 1.1.6-2+etch1
-CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5
before ...)
+CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4
before ...)
 	{DSA-1961-1}
 	- bind9 1:9.6.1.dfsg.P2-1 (medium)
 	NOTE: <https://www.isc.org/node/504>
@@ -2418,17 +2446,21 @@
 	NOT-FOR-US: Tftpd32
 CVE-2009-4016 [ircd integer underflow]
 	RESERVED
+	{DSA-1980-1}
 	- ircd-ratbox <unfixed> (medium; bug #567191)
 	- ircd-hybrid <unfixed> (medium; bug #567192)
 	- oftc-hybrid <unfixed> (medium; bug #567193)
 CVE-2009-4015
 	RESERVED
+	{DSA-1979-1}
 	- lintian 2.3.2 (medium)
 CVE-2009-4014
 	RESERVED
+	{DSA-1979-1}
 	- lintian 2.3.2 (medium)
 CVE-2009-4013
 	RESERVED
+	{DSA-1979-1}
 	- lintian 2.3.2 (medium)
 CVE-2009-4012 (Multiple integer overflows in LibThai before 0.1.13 might allow
...)
 	{DSA-1971-1}
@@ -14762,9 +14794,9 @@
 	NOT-FOR-US: Joomla
 CVE-2009-0377 (SQL injection vulnerability in the beamospetition
(com_beamospetition) ...)
 	NOT-FOR-US: Joomla
-CVE-2009-0376 (A DLL file in RealNetworks RealPlayer 11 allows remote attackers
to ...)
+CVE-2009-0376 (Heap-based buffer overflow in a DLL file in RealNetworks
RealPlayer ...)
 	NOT-FOR-US: RealPlayer
-CVE-2009-0375 (A DLL file in RealNetworks RealPlayer 11 allows remote attackers
to ...)
+CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10,
...)
 	NOT-FOR-US: RealPlayer
 CVE-2009-0374 (** DISPUTED ** ...)
 	- chromium-browser <itp> (bug #520324)
@@ -16480,7 +16512,7 @@
 CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2
and ...)
 	- classpath 2:0.98-1 (bug #512532; low)
 	- libgnucrypto-java <removed> (low; bug #559789)
-	 [lenny] - libgnucrypto-java <no-dsa> (Minor issue)
+	[lenny] - libgnucrypto-java <no-dsa> (Minor issue)
 CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3
allows ...)
 	- quassel 0.2~rc1-1.1 (bug #506550)
 CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin
for ...)
Secure testing commits - Jan 2010 - r13940 - data/CVE

[Secure-testing-commits] r13940 - data/CVE
