thr3ads.net - Secure testing commits - [Secure-testing-commits] r14125

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Feb-18 21:14 UTC
[Secure-testing-commits] r14125 - data/CVE

Author: joeyh
Date: 2010-02-18 21:14:29 +0000 (Thu, 18 Feb 2010)
New Revision: 14125

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-02-18 20:52:00 UTC (rev 14124)
+++ data/CVE/list	2010-02-18 21:14:29 UTC (rev 14125)
@@ -1,3 +1,9 @@
+CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to
read the ...)
+	TODO: check
+CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2010-0640
+	RESERVED
 CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0
...)
 	TODO: check
 CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar
1.2.0 ...)
@@ -198,6 +204,7 @@
 CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in
...)
 	NOT-FOR-US: Trend Micro URL Filtering Engine
 CVE-2009-4640 (Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote
...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
@@ -206,34 +213,42 @@
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4638 (Integer overflow in FFmpeg 0.5 allows remote attackers to cause
a ...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4637 (FFmpeg 0.5 allows remote attackers to cause a denial of service
...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4636 (FFmpeg 0.5 allows remote attackers to cause a denial of service
(hang) ...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4635 (FFmpeg 0.5 allows remote attackers to cause a denial of service
and ...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4634 (Multiple integer underflows in FFmpeg 0.5 allow remote attackers
to ...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4633 (vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a
...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4632 (oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain
...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
 CVE-2009-4631 (Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows
...)
+	{DSA-2000-1}
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
 	TODO: check
@@ -571,7 +586,7 @@
 CVE-2010-0422 [another gnome-screensaver issue?]
 	RESERVED
 	- gnome-screensaver 2.28.3-1
-        TODO: Dupe? Is this different from CVE-2010-0414? 
+	TODO: Dupe? Is this different from CVE-2010-0414? 
 CVE-2010-0421
 	RESERVED
 CVE-2010-0420
@@ -584,8 +599,7 @@
 	RESERVED
 CVE-2010-0416
 	RESERVED
-CVE-2010-0415 [info leak in sys move pages]
-	RESERVED
+CVE-2010-0415 (The do_pages_move function in mm/migrate.c in the Linux kernel
before ...)
 	{DSA-1996-1}
 	- linux-2.6 2.6.32-8
 	- linux-2.6.24 <removed>
@@ -983,8 +997,7 @@
 	- squid <unfixed>
 	- squid3 <unfixed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2010_1.txt
-CVE-2010-0307 [denial-of-service on amd64]
-	RESERVED
+CVE-2010-0307 (The load_elf_binary function in fs/binfmt_elf.c in the Linux
kernel ...)
 	{DSA-1996-1}
 	- linux-2.6 2.6.32-8
 	- linux-2.6.24 <removed>
@@ -1385,6 +1398,7 @@
 	RESERVED
 CVE-2010-0162 [same-origin bypass]
 	RESERVED
+	{DSA-1999-1}
 	- xulrunner <unfixed>
 	[etch] - xulrunner <end-of-life>
 	- iceape <unfixed>
@@ -1392,12 +1406,14 @@
 	RESERVED
 CVE-2010-0160 [vulnerability in web workers]
 	RESERVED
+	{DSA-1999-1}
 	- xulrunner <unfixed>
 	[etch] - xulrunner <not-affected> (web workers introduced in firefox
3.5)
 	[lenny] - xulrunner <not-affected> (web workers introduced in firefox
3.5)
 	- iceape <unfixed>
 CVE-2010-0159 [several vulnerabilities]
 	RESERVED
+	{DSA-1999-1}
 	- xulrunner <unfixed>
 	[etch] - xulrunner <end-of-life>
 	- iceape <unfixed>
@@ -3257,6 +3273,7 @@
 	NOTE: http://www.bugzilla.org/security/3.0.10/
 CVE-2009-3988 [same-origin flaw in showModalDialog]
 	RESERVED
+	{DSA-1999-1}
 	- xulrunner <unfixed>
 	[etch] - xulrunner <end-of-life>
 	- iceape <unfixed>
@@ -10845,6 +10862,7 @@
 	- ipsec-tools 1:0.7.1-1.4 (medium; bug #527634)
 CVE-2009-1571 [memory incorrectly freed]
 	RESERVED
+	{DSA-1999-1}
 	- xulrunner <unfixed>
 	[etch] - xulrunner <end-of-life>
 	- iceape <unfixed>
@@ -14261,7 +14279,7 @@
 	[etch] - nspr <end-of-life> (Mozilla packages from oldstable no longer
covered by security support)
 	- kdelibs 4:3.5.10.dfsg.1-3 (medium; bug #559265)
 	- kde4libs 4:4.3.4-1 (medium; bug #559266)
-        [lenny] - kde4libs <no-dsa> (Only uses by a few packages in
Lenny, hardly any attack vector)
+	[lenny] - kde4libs <no-dsa> (Only uses by a few packages in Lenny,
hardly any attack vector)
 	TODO: Someone posted a long list of dtoa embedded to debian-devel some time
ago
 CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before
2.1.23 ...)
 	{DSA-1807-1 DTSA-200-1 DTSA-201-1}
Secure testing commits - Feb 2010 - r14125 - data/CVE

[Secure-testing-commits] r14125 - data/CVE
