Author: gilbert-guest
Date: 2010-03-04 03:26:12 +0000 (Thu, 04 Mar 2010)
New Revision: 14182
Modified:
data/CVE/list
Log:
new issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-03-04 02:37:08 UTC (rev 14181)
+++ data/CVE/list 2010-03-04 03:26:12 UTC (rev 14182)
@@ -197,10 +197,12 @@
CVE-2010-0727
RESERVED
CVE-2010-0726 (Cross-site scripting (XSS) vulnerability in the tb-send.rb
(TrackBack ...)
- TODO: check
+ - tdiary <unfixed> (bug #572417)
CVE-2010-0717 (The default configuration of cfg.packagepages_actions_excluded
in ...)
+ - moin <undetermined>
TODO: check
CVE-2009-4652 (The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in
...)
+ - ngircd <undetermined>
TODO: check
CVE-2003-1590 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server
6.0 SP3 ...)
NOT-FOR-US: Sun ONE Web Server
@@ -293,12 +295,14 @@
CVE-2010-0686
RESERVED
CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source
...)
+ - asterisk <undetermined>
TODO: check
CVE-2010-0684
RESERVED
CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO
Administrator ...)
NOT-FOR-US: TIBCO Administrator
CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to
read ...)
+ - wodpress <undetermined>
TODO: check
CVE-2010-XXXX [http://downloads.digium.com/pub/security/AST-2010-003.pdf]
- asterisk <unfixed>
@@ -330,10 +334,13 @@
CVE-2010-0670 (Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks)
...)
NOT-FOR-US: IP-Tech JQuarks (com_jquarks) Component
CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly
...)
+ - moin <undetermined>
TODO: check
CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x
...)
+ - moin <undetermined>
TODO: check
CVE-2010-0667 (MoinMoin 1.9 before 1.9.1 does not perform the expected clearing
of ...)
+ - moin <undetermined>
TODO: check
CVE-2010-0666 (Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5
Patch ...)
NOT-FOR-US: Novell eDirectory
@@ -356,11 +363,11 @@
CVE-2009-4644 (Accellion Secure File Transfer Appliance before 8_0_105 allows
remote ...)
NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2005-4886 (The selinux_parse_skb_ipv6 function in security/selinux/hooks.c
in the ...)
- TODO: check
+ - linux-2.6 2.6.12-1
+ - linux-2.6.24 <not-affected> (fixed before 2.6.24)
CVE-2010-XXXX [konversation DoS]
- konversation 1.2.3-1 (low)
NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
- TODO: check
CVE-2010-0664 (Stack consumption vulnerability in the ...)
- chromium-browser <itp> (bug #520334)
CVE-2010-0663 (The ParamTraits<SkBitmap>::Read function in ...)
@@ -437,6 +444,7 @@
CVE-2010-0640 (Cross-site scripting (XSS) vulnerability in CA eHealth
Performance ...)
NOT-FOR-US: CA eHealth Performance Manager
CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0
...)
+ - squid <undetermined>
TODO: check
CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar
1.2.0 ...)
- webcalendar <undetermined>
@@ -458,7 +466,6 @@
NOTE: http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7
CVE-2010-XXXX [pfribidi buffer overflow]
- pyfribidi 0.10.0-2 (bug #570068)
- TODO: check
CVE-2010-XXXX [phpbb3 weak captcha]
- phpbb3 <unfixed> (unimportant; bug #570011)
CVE-2010-XXXX [screensavers unlocked via enter key]
@@ -470,6 +477,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2010/02/12/2
NOTE: http://www.kde.org/info/security/advisory-2010-02-17-1.txt
CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator
(flex) ...)
+ - flex <undetermined>
TODO: check
CVE-2010-0629
RESERVED
@@ -481,8 +489,10 @@
NOTE:
http://mail-archives.apache.org/mod_mbox/couchdb-dev/201002.mbox/%3C87bpfz5t39.fsf
at mid.deneb.enyo.de%3E
NOTE: http://www.openwall.com/lists/oss-security/2010/02/15/5
CVE-2010-0637 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ - webcalendar <undetermined>
TODO: check, webcalendar is in the archive
CVE-2010-0636 (Multiple cross-site scripting (XSS) vulnerabilities in
WebCalendar ...)
+ - webcalendar <undetermined>
TODO: check, webcalendar is in the archive
CVE-2010-0635 (SQL injection vulnerability in the
plgSearchEventsearch::onSearch ...)
NOT-FOR-US: JEvents Search plugin for Joomla!
@@ -617,7 +627,9 @@
CVE-2010-0565 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive
Security ...)
NOT-FOR-US: Cisco
CVE-2009-4642 (gnome-screensaver 2.26.1 relies on the gnome-session D-Bus
interface ...)
- TODO: check
+ - gnome-screensaver 2.26.1-2
+ [lenny] - gnome-screensaver <not-affected> (vulnerability introduced in
2.26)
+ NOTE: only an issue under certain desktop environments such as xfce
CVE-2009-4641 (gnome-screensaver 2.28.0 does not resume adherence to its
activation ...)
- gnome-screensaver 2.28.0-2 (low; bug #569667)
[etch] - gnome-screensaver <not-affected> (Vulnerable code not present)
@@ -1017,7 +1029,7 @@
RESERVED
- apache2 <not-affected> (Windows only)
CVE-2010-0424 (The edit_cmd function in crontab.c in (1) cronie before 1.4.4
and (2) ...)
- TODO: check
+ NOT-FOR-US: cronie and vixie-cron
CVE-2010-0423 (gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to
cause a ...)
- pidgin 2.6.6-1 (low)
CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly
synchronize ...)
@@ -1046,6 +1058,7 @@
CVE-2010-0413
RESERVED
CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the
value of ...)
+ - systemtap <undetermined>
TODO: check
CVE-2010-0411 (Multiple integer signedness errors in the (1) __get_argv and (2)
...)
- systemtap <unfixed> (low; bug #568809)
@@ -1414,12 +1427,16 @@
- zendframework 1.9.7-1
NOTE: http://framework.zend.com/security/advisory/ZF2010-01 - ZF2010-06
CVE-2009-4612 (Multiple cross-site scripting (XSS) vulnerabilities in the
WebApp JSP ...)
+ - jetty <undetermined>
TODO: check
CVE-2009-4611 (Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without
sanitizing ...)
+ - jetty <undetermined>
TODO: check
CVE-2009-4610 (Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay
Jetty ...)
+ - jetty <undetermined>
TODO: check
CVE-2009-4609 (The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote
...)
+ - jetty <undetermined>
TODO: check
CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer
(PIT) ...)
{DSA-1996-1}
@@ -4079,7 +4096,10 @@
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE)
in Sun ...)
- TODO: check
+ - openjdk-6 6b17 (unimportant)
+ - sun-java6 6-17-1 (unimportant)
+ NOTE: a problem in their updater, which is irrelevant since debian
+ NOTE: updates are provided by the security team
CVE-2009-3863 (Buffer overflow in the gxmim1.dll ActiveX control in Novell
Groupwise ...)
NOT-FOR-US: ActiveX
CVE-2009-3862 (The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2
and ...)
@@ -42219,7 +42239,7 @@
CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers
to ...)
NOT-FOR-US: Snaps! Gallery
CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg
Akismet ...)
- TODO: check: - wordpress <unfixed>
+ - wordpress <undetermined>
CVE-2007-2713 (ifdate 2.x sends a redirect to the web browser but does not exit
when ...)
NOT-FOR-US: iFdate
CVE-2007-2712 (Unspecified vulnerability in MH Software Connect Daily before
3.3.3 ...)