Author: gilbert-guest
Date: 2010-03-07 00:03:05 +0000 (Sun, 07 Mar 2010)
New Revision: 14203
Modified:
data/CVE/list
Log:
more new issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-03-06 22:38:20 UTC (rev 14202)
+++ data/CVE/list 2010-03-07 00:03:05 UTC (rev 14203)
@@ -265,6 +265,31 @@
NOT-FOR-US: Xerver
CVE-2009-4656 (Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2
including ...)
NOT-FOR-US: E-Soft DJ Studio Pro
+CVE-2010-XXXX [sudo weakness]
+ - sudo <unfixed> (low; bug #567614)
+CVE-2010-XXXX [esmtp: world-readable config file]
+ - esmtp 1.2-3 (low; bug #568925)
+CVE-2010-XXXX [irssi emote leak]
+ - irssi-plugin-otr <unfixed> (unimportant; bug #569506)
+CVE-2010-XXXX [shibboleth-sp2: world-readable key]
+ - shibboleth-sp2 <unfixed> (low; bug #571631)
+CVE-2010-XXXX [libesmtp doesn''t handle null bytes in commonname]
+ - libesmtp <unfixed>
+ NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6
+ TODO: check
+CVE-2010-XXXX [argyll unsafe udev rules]
+ - argyll <not-affected> (issue with redhat-specific changes to the
package)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=560050
+CVE-2010-XXXX [warzone2100 stack overflow]
+ - warzone2100 <undetermined> (low)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/warzone2100/+bug/520432
+ NOTE: supposedly fixed in version 2.3
+ TODO: check
+CVE-2010-XXXX [drupal sa-core-2010-001]
+ - drupal-6 <undetermined>
+ - drupal-5 <undetermined>
+ NOTE: http://drupal.org/node/731710
+ TODO: check
CVE-2010-XXXX [linux-ftpd: null ptr dereference]
- linux-ftpd <unfixed>
CVE-2010-XXXX [openssl power supply fluctuation fault-based key disclosure]
@@ -336,12 +361,21 @@
RESERVED
CVE-2010-0793
RESERVED
-CVE-2010-0792
+CVE-2010-0792 [fcron info disclosure]
RESERVED
-CVE-2010-0791
+ - fcron <undetermined>
+ NOTE: http://seclists.org/fulldisclosure/2010/Mar/97
+ TODO: check
+CVE-2010-0791 [ncpfs denial-of-service]
RESERVED
-CVE-2010-0790
+ - ncpfs <undetermined>
+ NOTE: http://seclists.org/fulldisclosure/2010/Mar/122
+ TODO: check
+CVE-2010-0790 [ncpmount info disclosure]
RESERVED
+ - ncpfs <undetermined>
+ NOTE: http://seclists.org/fulldisclosure/2010/Mar/122
+ TODO: check
CVE-2010-0789 (fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows
local ...)
{DSA-1989-1}
- fuse 2.8.1-1.2 (bug #567633)
@@ -1280,8 +1314,11 @@
RESERVED
CVE-2010-0434
RESERVED
-CVE-2010-0433
+CVE-2010-0433 [openssl remote crash]
RESERVED
+ - openssl <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/5
+ TODO: check
CVE-2010-0432
RESERVED
CVE-2010-0431
@@ -1745,8 +1782,11 @@
CVE-2010-0303 (mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services)
1.9.2 ...)
{DSA-1982-1}
- hybserv 1.9.2-4.1 (low; bug #550389)
-CVE-2010-0302
+CVE-2010-0302 [cups denial-of-service]
RESERVED
+ - cups <undetermined>
+ NOTE: http://www.ubuntu.com/usn/USN-906-1
+ TODO: check
CVE-2010-0301 (main.C in maildrop 2.3.0 and earlier, when run by root with the
-d ...)
{DSA-1981-1}
- maildrop 2.2.0-3.1 (low; bug #564601)
@@ -1941,8 +1981,11 @@
NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1,
and ...)
NOT-FOR-US: Microsoft Windows Vista Gold
-CVE-2010-0238
+CVE-2010-0238 [krb5 denial-of-service]
RESERVED
+ - krb5 <undetermined> (low)
+ NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt
+ TODO: check
CVE-2010-0237
RESERVED
CVE-2010-0236
@@ -2148,6 +2191,7 @@
[etch] - xulrunner <end-of-life>
- iceape 2.0.3-1
[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
+ - icedove 3.0.2-1
CVE-2010-0158 (** DISPUTED ** ...)
NOT-FOR-US: JoomlaBamboo (JB) Simpla Admin template
CVE-2010-0157 (Directory traversal vulnerability in the Bible Study
(com_biblestudy) ...)
@@ -3198,7 +3242,7 @@
CVE-2009-4274 (Stack-based buffer overflow in converter/ppm/xpmtoppm.c in
netpbm ...)
- netpbm-free <unfixed> (medium; bug #569060)
CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to
execute ...)
- - systemtap 1.1-1
+ - systemtap 1.1-1 (bug #568865)
[lenny] - systemtap <not-affected> (Server component not yet present)
[etch] - systemtap <not-affected> (Server component not yet present)
CVE-2009-4272 (A certain Red Hat patch for net/ipv4/route.c in the Linux kernel
...)
@@ -11601,6 +11645,7 @@
[etch] - xulrunner <end-of-life>
- iceape 2.0.3-1
[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
+ - icedove 3.0.2-1
CVE-2009-1570 (Integer overflow in the ReadImage function in ...)
- gimp 2.6.7-1.1 (medium; bug #555929)
CVE-2009-1569 (Multiple stack-based buffer overflows in Novell iPrint Client
4.38, ...)
@@ -12479,6 +12524,7 @@
CVE-2009-1297 (iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1
and ...)
- open-iscsi 2.0.871-1 (low; bug #547011)
[lenny] - open-iscsi <no-dsa> (Minor issue)
+ TODO: next lenny spu [- open-iscsi 2.0.870~rc3-0.4.1]
[etch] - open-iscsi <not-affected> (Vulnerable script not yet present)
CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on
...)
- ecryptfs-utils 75-2 (unimportant; bug #532372)