thr3ads.net - Secure testing commits - [Secure-testing-commits] r14325

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Mar-26 09:14 UTC
[Secure-testing-commits] r14325 - data/CVE

Author: joeyh
Date: 2010-03-26 09:14:45 +0000 (Fri, 26 Mar 2010)
New Revision: 14325

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-03-25 21:50:25 UTC (rev 14324)
+++ data/CVE/list	2010-03-26 09:14:45 UTC (rev 14325)
@@ -1,3 +1,245 @@
+CVE-2010-1122 (Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8
...)
+	TODO: check
+CVE-2010-1121 (Unspecified vulnerability in Mozilla Firefox 3 on Windows 7
allows ...)
+	TODO: check
+CVE-2010-1120 (Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6
allows ...)
+	TODO: check
+CVE-2010-1119 (Unspecified vulnerability in Safari on Apple iPhone OS allows
remote ...)
+	TODO: check
+CVE-2010-1118 (Unspecified vulnerability in Internet Explorer 8 on Microsoft
Windows ...)
+	TODO: check
+CVE-2010-1117 (Heap-based buffer overflow in Internet Explorer 8 on Microsoft
Windows ...)
+	TODO: check
+CVE-2010-1116 (LookMer Music Portal stores sensitive information under the web
root ...)
+	TODO: check
+CVE-2010-1115 (Directory traversal vulnerability in news/include/customize.php
in Web ...)
+	TODO: check
+CVE-2010-1114 (Multiple PHP remote file inclusion vulnerabilities in Web Server
...)
+	TODO: check
+CVE-2010-1113 (Cross-site scripting (XSS) vulnerability in the forum page in
Web ...)
+	TODO: check
+CVE-2010-1112 (Cross-site scripting (XSS) vulnerability in cat.php in KloNews
2.0 ...)
+	TODO: check
+CVE-2010-1111 (Multiple cross-site scripting (XSS) vulnerabilities in Jokes
Complete ...)
+	TODO: check
+CVE-2010-1110 (Directory traversal vulnerability in index.php in phpMySport 1.4
...)
+	TODO: check
+CVE-2010-1109 (Multiple SQL injection vulnerabilities in index.php in
phpMySport 1.4, ...)
+	TODO: check
+CVE-2010-1108 (Cross-site scripting (XSS) vulnerability in the Control Panel
module ...)
+	TODO: check
+CVE-2010-1107 (Cross-site scripting (XSS) vulnerability in the Recent Comments
module ...)
+	TODO: check
+CVE-2010-1106 (PHP remote file inclusion vulnerability in cgi/index.php in ...)
+	TODO: check
+CVE-2010-1105 (Cross-site scripting (XSS) vulnerability in cgi/index.php in
...)
+	TODO: check
+CVE-2010-1104 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before
2.8.12, ...)
+	TODO: check
+CVE-2010-1103 (Integer overflow in Stainless allows remote attackers to bypass
...)
+	TODO: check
+CVE-2010-1102 (Integer overflow in OmniWeb allows remote attackers to bypass
intended ...)
+	TODO: check
+CVE-2010-1101 (Integer overflow in Alexander Clauss iCab allows remote
attackers to ...)
+	TODO: check
+CVE-2010-1100 (Integer overflow in Arora allows remote attackers to bypass
intended ...)
+	TODO: check
+CVE-2010-1099 (Integer overflow in Apple Safari allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2010-1098 (The ANI parser in Microsoft Windows before 7 on the x86
platform, as ...)
+	TODO: check
+CVE-2010-1097 (include/userlogin.class.php in DeDeCMS 5.5 GBK, when ...)
+	TODO: check
+CVE-2010-1096 (Multiple SQL injection vulnerabilities in searchmatch.php in
...)
+	TODO: check
+CVE-2010-1095 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2010-1094 (SQL injection vulnerability in news.php in DZ EROTIK
Auktionshaus ...)
+	TODO: check
+CVE-2010-1093 (SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when
...)
+	TODO: check
+CVE-2010-1092 (Multiple SQL injection vulnerabilities in login.php in
ScriptsFeed ...)
+	TODO: check
+CVE-2010-1091 (Multiple cross-site scripting (XSS) vulnerabilities in
contact.php in ...)
+	TODO: check
+CVE-2010-1090 (SQL injection vulnerability in index.php in phpMySite allows
remote ...)
+	TODO: check
+CVE-2010-1089 (SQL injection vulnerability in vedi_faq.php in PHP Trouble
Ticket 2.2 ...)
+	TODO: check
+CVE-2010-1088
+	RESERVED
+CVE-2010-1087
+	RESERVED
+CVE-2010-1086
+	RESERVED
+CVE-2010-1085
+	RESERVED
+CVE-2010-1084
+	RESERVED
+CVE-2010-1083
+	RESERVED
+CVE-2010-1082 (Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0,
when ...)
+	TODO: check
+CVE-2010-1081 (Directory traversal vulnerability in the Community Polls ...)
+	TODO: check
+CVE-2010-1080 (Cross-site scripting (XSS) vulnerability in view.php in Pulse
CMS ...)
+	TODO: check
+CVE-2010-1079 (Cross-site scripting (XSS) vulnerability in Sawmill before
7.2.18 ...)
+	TODO: check
+CVE-2010-1078 (SQL injection vulnerability in archive.php in XlentProjects
SphereCMS ...)
+	TODO: check
+CVE-2010-1077 (Directory traversal vulnerability in vbseo.php in Crawlability
vBSEO ...)
+	TODO: check
+CVE-2010-1076 (Cross-site scripting (XSS) vulnerability in index.php in Entry
Level ...)
+	TODO: check
+CVE-2010-1075 (SQL injection vulnerability in index.php in Entry Level CMS (EL
CMS) ...)
+	TODO: check
+CVE-2010-1074 (Cross-site scripting (XSS) vulnerability in the Currency
Exchange ...)
+	TODO: check
+CVE-2010-1073 (SQL injection vulnerability in the jEmbed-Embed Anything
(com_jembed) ...)
+	TODO: check
+CVE-2010-1072 (Cross-site scripting (XSS) vulnerability in search.php in
Sniggabo CMS ...)
+	TODO: check
+CVE-2010-1071 (SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows
...)
+	TODO: check
+CVE-2010-1070 (SQL injection vulnerability in index.php in ImagoScripts Deviant
Art ...)
+	TODO: check
+CVE-2010-1069 (SQL injection vulnerability in games/game.php in ProArcadeScript
...)
+	TODO: check
+CVE-2010-1068 (Multiple cross-site scripting (XSS) vulnerabilities in
surgeftpmgr.cgi ...)
+	TODO: check
+CVE-2010-1067 (E-membres 1.0 stores sensitive information under the web root
with ...)
+	TODO: check
+CVE-2010-1066 (AR Web Content Manager (AWCM) 2.1 stores sensitive information
under ...)
+	TODO: check
+CVE-2010-1065 (Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive
information ...)
+	TODO: check
+CVE-2010-1064 (Erolife AjxGaleri VT stores sensitive information under the web
root ...)
+	TODO: check
+CVE-2010-1063 (Multiple directory traversal vulnerabilities in Phpkobo Free
Real ...)
+	TODO: check
+CVE-2010-1062 (Directory traversal vulnerability in codelib/sys/common.inc.php
in ...)
+	TODO: check
+CVE-2010-1061 (Multiple directory traversal vulnerabilities in Phpkobo Short
URL ...)
+	TODO: check
+CVE-2010-1060 (Directory traversal vulnerability in staff/app/common.inc.php in
...)
+	TODO: check
+CVE-2010-1059 (Directory traversal vulnerability in staff/app/common.inc.php in
...)
+	TODO: check
+CVE-2010-1058 (Directory traversal vulnerability in codelib/cfg/common.inc.php
in ...)
+	TODO: check
+CVE-2010-1057 (Multiple directory traversal vulnerabilities in Phpkobo AdFreely
(aka ...)
+	TODO: check
+CVE-2010-1056 (Directory traversal vulnerability in the RokDownloads ...)
+	TODO: check
+CVE-2010-1055 (Multiple PHP remote file inclusion vulnerabilities in osDate
2.1.9 and ...)
+	TODO: check
+CVE-2010-1054 (Multiple SQL injection vulnerabilities in ParsCMS allow remote
...)
+	TODO: check
+CVE-2010-1053 (Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2
and ...)
+	TODO: check
+CVE-2010-1052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2010-1051 (Multiple SQL injection vulnerabilities in index.php in AudiStat
1.3 ...)
+	TODO: check
+CVE-2010-1050 (SQL injection vulnerability in index.php in AudiStat 1.3 allows
remote ...)
+	TODO: check
+CVE-2010-1049 (Multiple SQL injection vulnerabilities in Uiga Business Portal
allow ...)
+	TODO: check
+CVE-2010-1048 (Cross-site scripting (XSS) vulnerability in blog/index.php in
Uiga ...)
+	TODO: check
+CVE-2010-1047 (SQL injection vulnerability in index.php in MASA2EL Music City
1.0 and ...)
+	TODO: check
+CVE-2010-1046 (Multiple SQL injection vulnerabilities in index.php in
Rostermain 1.1 ...)
+	TODO: check
+CVE-2010-1045 (SQL injection vulnerability in the Productbook (com_productbook)
...)
+	TODO: check
+CVE-2010-1044 (SQL injection vulnerability in Login.do in ManageEngine OpUtils
5.0 ...)
+	TODO: check
+CVE-2010-1043 (Directory traversal vulnerability in index.php in jaxCMS 1.0
allows ...)
+	TODO: check
+CVE-2010-1042 (Microsoft Windows Media Player 11 does not properly perform
colorspace ...)
+	TODO: check
+CVE-2010-1041 (Unspecified vulnerability in the single sign-on functionality in
the ...)
+	TODO: check
+CVE-2010-1040 (The &quot;IP address range limitation&quot; function in
OpenPNE 1.6 through 1.8, ...)
+	TODO: check
+CVE-2010-1039
+	RESERVED
+CVE-2010-1038
+	RESERVED
+CVE-2010-1037
+	RESERVED
+CVE-2010-1036
+	RESERVED
+CVE-2010-1035
+	RESERVED
+CVE-2010-1034
+	RESERVED
+CVE-2010-1033
+	RESERVED
+CVE-2010-1032
+	RESERVED
+CVE-2010-1031
+	RESERVED
+CVE-2010-1030
+	RESERVED
+CVE-2010-1029 (Stack consumption vulnerability in the WebCore::CSSSelector
function ...)
+	TODO: check
+CVE-2010-1027 (SQL injection vulnerability in the Meet Travelmates (travelmate)
...)
+	TODO: check
+CVE-2010-1026 (SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb)
...)
+	TODO: check
+CVE-2010-1025 (Cross-site scripting (XSS) vulnerability in the TGM-Newsletter
...)
+	TODO: check
+CVE-2010-1024 (SQL injection vulnerability in the TGM-Newsletter
(tgm_newsletter) ...)
+	TODO: check
+CVE-2010-1023 (Cross-site scripting (XSS) vulnerability in the UserTask Center,
...)
+	TODO: check
+CVE-2010-1022 (The TYPO3 Security - Salted user password hashes
(t3sec_saltedpw) ...)
+	TODO: check
+CVE-2010-1021 (Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer
...)
+	TODO: check
+CVE-2010-1020 (Cross-site scripting (XSS) vulnerability in the Simple Gallery
...)
+	TODO: check
+CVE-2010-1019 (SQL injection vulnerability in the Simple Gallery
(sk_simplegallery) ...)
+	TODO: check
+CVE-2010-1018 (SQL injection vulnerability in the Book Reviews (sk_bookreview)
...)
+	TODO: check
+CVE-2010-1017 (SQL injection vulnerability in the SAV Filter Months ...)
+	TODO: check
+CVE-2010-1016 (SQL injection vulnerability in the SAV Filter Selectors ...)
+	TODO: check
+CVE-2010-1015 (SQL injection vulnerability in the SAV Filter Alphabetic ...)
+	TODO: check
+CVE-2010-1014 (Cross-site scripting (XSS) vulnerability in the Reports Logfile
View ...)
+	TODO: check
+CVE-2010-1013 (SQL injection vulnerability in the Diocese of Portsmouth
Database ...)
+	TODO: check
+CVE-2010-1012 (SQL injection vulnerability in the CleanDB (nf_cleandb)
extension ...)
+	TODO: check
+CVE-2010-1011 (Cross-site scripting (XSS) vulnerability in the myDashboard ...)
+	TODO: check
+CVE-2010-1010 (SQL injection vulnerability in the MK Wastebasket
(mk_wastebasket) ...)
+	TODO: check
+CVE-2010-1009 (SQL injection vulnerability in the Educator extension 0.1.5 for
TYPO3 ...)
+	TODO: check
+CVE-2010-1008 (Cross-site scripting (XSS) vulnerability in the Sellector.com
Widget ...)
+	TODO: check
+CVE-2010-1007 (Unspecified vulnerability in the Power Extension Manager
(ch_lightem) ...)
+	TODO: check
+CVE-2010-1006 (SQL injection vulnerability in the Brainstorming extension 0.1.8
and ...)
+	TODO: check
+CVE-2010-1005 (Cross-site scripting (XSS) vulnerability in the Yet another
TYPO3 ...)
+	TODO: check
+CVE-2010-1004 (SQL injection vulnerability in the Yet another TYPO3 search
engine ...)
+	TODO: check
+CVE-2009-4738
+	RESERVED
+CVE-2009-4737
+	RESERVED
+CVE-2009-4736 (Cross-site scripting (XSS) vulnerability in search.php in
CommonSense ...)
+	TODO: check
 CVE-2010-XXXX [phpCAS XSS in final_uri; PHPCAS-52]
 	- glpi <unfixed> (bug #574760)
 	- moodle <unfixed> (bug #574757)
@@ -2,3 +244,3 @@
 	NOTE: http://www.ja-sig.org/issues/browse/PHPCAS-52
-CVE-2010-1028 [mfsa-2010-08]
+CVE-2010-1028 (Integer overflow in the decompression functionality in the Web
Open ...)
 	- xulrunner <not-affected> (vulnerability introduced in firefox 3.6)
@@ -13,8 +255,8 @@
 CVE-2010-XXXX [Fixes permission check in QueriesController]
 	- redmine 0.9.3-3
 	TODO: Check severity, Lenny status
-CVE-2010-1003
-	RESERVED
+CVE-2010-1003 (Directory traversal vulnerability in ...)
+	TODO: check
 CVE-2010-1002
 	RESERVED
 CVE-2010-1001
@@ -817,26 +1059,23 @@
 	RESERVED
 CVE-2010-0737
 	RESERVED
-CVE-2010-0736
-	RESERVED
+CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform
...)
+	TODO: check
 CVE-2010-0735
 	REJECTED
-CVE-2010-0734 [curl issue]
-	RESERVED
+CVE-2010-0734 (content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib
is ...)
 	- curl <undetermined>
 	NOTE: only affected when automatic decompression set, which is off by default
upstream
 	NOTE: http://www.openwall.com/lists/oss-security/2010/03/16/11
 	TODO: check
-CVE-2010-0733 [postgresql integer overflow]
-	RESERVED
+CVE-2010-0733 (Integer overflow in src/backend/executor/nodeHash.c in
PostgreSQL ...)
 	- postgresql-7.4 <undetermined>
 	- postgresql-8.1 <undetermined>
 	- postgresql-8.2 <undetermined>
 	- postgresql-8.3 <undetermined>
 	- postgresql-8.4 <undetermined>
 	TODO: check
-CVE-2010-0732 [gnome-screensaver always unlocks after five failed attempts]
-	RESERVED
+CVE-2010-0732 (gdk/gdkwindow.c in GTK+ before 2.18.5, as used in
gnome-screensaver ...)
 	- gtk+2.0 2.18.5-1
 	[lenny] - gtk+2.0 <not-affected> (issue only exposed by
gnome-screensaver 2.28)
 	[etch] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver
2.28)
@@ -948,8 +1187,8 @@
 	NOT-FOR-US: CommodityRentals Video Games Rentals
 CVE-2010-0689 (The ExecuteExe method in the DVBSExeCall Control ActiveX control
...)
 	NOT-FOR-US: ActiveX
-CVE-2010-0688
-	RESERVED
+CVE-2010-0688 (Stack-based buffer overflow in Orbital Viewer 1.04 allows ...)
+	TODO: check
 CVE-2010-0687
 	RESERVED
 CVE-2010-0686
@@ -1110,7 +1349,7 @@
 	NOT-FOR-US: Cisco Collaboration Server
 CVE-2010-0640 (Cross-site scripting (XSS) vulnerability in CA eHealth
Performance ...)
 	NOT-FOR-US: CA eHealth Performance Manager
-CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0
...)
+CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x before
...)
 	- squid 2.7.STABLE8-1 (bug #572553)
 	[lenny] - squid <no-dsa> (Minor issue, only affects non-default setup)
 	- squid3 <unfixed> (bug #572554)
@@ -1137,8 +1376,7 @@
 	- flex 2.5.35-1
 CVE-2010-0629
 	RESERVED
-CVE-2010-0628 [MITKRB5-SA-2010-002]
-	RESERVED
+CVE-2010-0628 (The spnego_gss_accept_sec_context function in ...)
 	- krb5 <unfixed>
 	[lenny] - krb5 <not-affected> (Only affects 1.7/1.8)
 CVE-2010-XXXX [CouchDB: browser interface has XSS, CSRF issues]
@@ -1176,10 +1414,10 @@
 	RESERVED
 CVE-2010-0620 (Directory traversal vulnerability in the SSL Service in EMC
HomeBase ...)
 	NOT-FOR-US: EMC HomeBase Server
-CVE-2010-0619
-	RESERVED
-CVE-2010-0618
-	RESERVED
+CVE-2010-0619 (Stack-based buffer overflow in the base, IPDS DLE, Forms DLE,
Barcode ...)
+	TODO: check
+CVE-2010-0618 (The flood-protection feature in the base, IPDS DLE, Forms DLE,
Barcode ...)
+	TODO: check
 CVE-2010-0617 (Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI
...)
 	NOT-FOR-US: evalSMSI
 CVE-2010-0616 (evalSMSI 2.1.03 stores passwords in cleartext in the database,
which ...)
@@ -1242,28 +1480,28 @@
 	NOT-FOR-US: Cisco Unified Communications Manager
 CVE-2010-0587 (Cisco Unified Communications Manager (aka CUCM, formerly
CallManager) ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2010-0586
-	RESERVED
-CVE-2010-0585
-	RESERVED
-CVE-2010-0584
-	RESERVED
-CVE-2010-0583
-	RESERVED
-CVE-2010-0582
-	RESERVED
-CVE-2010-0581
-	RESERVED
-CVE-2010-0580
-	RESERVED
-CVE-2010-0579
-	RESERVED
-CVE-2010-0578
-	RESERVED
-CVE-2010-0577
-	RESERVED
-CVE-2010-0576
-	RESERVED
+CVE-2010-0586 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications
Manager ...)
+	TODO: check
+CVE-2010-0585 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications
Manager ...)
+	TODO: check
+CVE-2010-0584 (Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP ...)
+	TODO: check
+CVE-2010-0583 (Memory leak in the H.323 implementation in Cisco IOS 12.1
through ...)
+	TODO: check
+CVE-2010-0582 (Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows
remote ...)
+	TODO: check
+CVE-2010-0581 (Unspecified vulnerability in the SIP implementation in Cisco IOS
12.3 ...)
+	TODO: check
+CVE-2010-0580 (Unspecified vulnerability in the SIP implementation in Cisco IOS
12.3 ...)
+	TODO: check
+CVE-2010-0579 (The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote
...)
+	TODO: check
+CVE-2010-0578 (The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco
7200 ...)
+	TODO: check
+CVE-2010-0577 (Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or
window-size ...)
+	TODO: check
+CVE-2010-0576 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE
2.1.x ...)
+	TODO: check
 CVE-2010-0575
 	RESERVED
 CVE-2010-0574
@@ -1595,8 +1833,8 @@
 	- kde4libs <unfixed> (unimportant)
 CVE-2010-0466
 	RESERVED
-CVE-2010-0465
-	RESERVED
+CVE-2010-0465 (Cross-site scripting (XSS) vulnerability in the online Documents
...)
+	TODO: check
 CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web
browser ...)
 	- roundcube 0.3.1-3 (bug #569660)
 CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web
browser ...)
@@ -1656,8 +1894,8 @@
 	[etch] - otrs2 <not-affected> (vulnerable code not present)
 	- otrs2 2.4.7-1 (medium)
 	NOTE: http://otrs.org/advisory/OSA-2010-01-en/
-CVE-2010-0437
-	RESERVED
+CVE-2010-0437 (The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the
Linux ...)
+	TODO: check
 CVE-2010-0436
 	RESERVED
 CVE-2010-0435
@@ -2495,34 +2733,34 @@
 	RESERVED
 CVE-2010-0173
 	RESERVED
-CVE-2010-0172
-	RESERVED
-CVE-2010-0171
-	RESERVED
-CVE-2010-0170
-	RESERVED
-CVE-2010-0169
-	RESERVED
-CVE-2010-0168
-	RESERVED
-CVE-2010-0167
-	RESERVED
-CVE-2010-0166
-	RESERVED
-CVE-2010-0165
-	RESERVED
-CVE-2010-0164
-	RESERVED
-CVE-2010-0163
-	RESERVED
+CVE-2010-0172 (toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in
the ...)
+	TODO: check
+CVE-2010-0171 (Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and
3.6.x ...)
+	TODO: check
+CVE-2010-0170 (Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the
expected ...)
+	TODO: check
+CVE-2010-0169 (The CSSLoaderImpl::DoSheetComplete function in ...)
+	TODO: check
+CVE-2010-0168 (The nsDocument::MaybePreLoadImage function in ...)
+	TODO: check
+CVE-2010-0167 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x
...)
+	TODO: check
+CVE-2010-0166 (The gfxTextRun::SanitizeGlyphRuns function in ...)
+	TODO: check
+CVE-2010-0165 (The TraceRecorder::traverseScopeChain function in
js/src/jstracer.cpp ...)
+	TODO: check
+CVE-2010-0164 (Use-after-free vulnerability in the ...)
+	TODO: check
+CVE-2010-0163 (Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19
...)
+	TODO: check
 CVE-2010-0162 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and
...)
 	{DSA-1999-1}
 	- xulrunner 1.9.1.8-1
 	[etch] - xulrunner <end-of-life>
 	- iceape 2.0.3-1
 	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
-CVE-2010-0161
-	RESERVED
+CVE-2010-0161 (The nsAuthSSPI::Unwrap function in
extensions/auth/nsAuthSSPI.cpp in ...)
+	TODO: check
 CVE-2010-0160 (The Web Worker functionality in Mozilla Firefox 3.0.x before
3.0.18 ...)
 	- xulrunner 1.9.1.8-1
 	[etch] - xulrunner <not-affected> (web workers introduced in gecko
1.9.1)
@@ -2936,7 +3174,7 @@
 	NOT-FOR-US: Active Business Directory
 CVE-2009-4463 (** DISPUTED ** ...)
 	NOT-FOR-US: Intellicom NetBiter WebSCADA
-CVE-2009-4462 (Stack-based buffer overflow in NetBiterConfig.exe 1.3.0 in
Intellicom ...)
+CVE-2009-4462 (Stack-based buffer overflow in the NetBiterConfig utility ...)
 	NOT-FOR-US: Intellicom NetBiter WebSCADA
 CVE-2009-4461 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress
0.909 ...)
 	- flatpress <itp> (bug #466297)
@@ -3502,8 +3740,7 @@
 	NOTE: proxy situations, the backend server is usually trusted, anyway.
 CVE-2010-0009
 	RESERVED
-CVE-2010-0008 [linux-2.6 sctp remote denial-of-service]
-	RESERVED
+CVE-2010-0008 (The SCTP implementation in the Linux kernel before 2.6.23 allows
...)
 	- linux-2.6 2.6.23-1
 CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the
...)
 	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
@@ -3628,8 +3865,7 @@
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
 	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.27)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545411
-CVE-2009-4271 [linux-2.6: 32-bit processes on 64-bit system kernel panic]
-	RESERVED
+CVE-2009-4271 (The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64
...)
 	- linux-2.6 2.6.18-1
 CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in
base/gsmisc.c ...)
 	- ghostscript 8.70~dfsg-2.1 (medium; bug #562643)
@@ -6218,8 +6454,8 @@
 CVE-2009-3386 (Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through
3.5.1 ...)
 	- bugzilla <not-affected> (Only 3.3 onwards are affected)
 	TODO: recheck, once a more recent (3.3.x or 3.4.x) version has been uploaded
-CVE-2009-3385
-	RESERVED
+CVE-2009-3385 (The mail component in Mozilla SeaMonkey before 1.1.19 does not
...)
+	TODO: check
 CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari
before ...)
 	- webkit 1.1.17-2 (medium; bug #559759)
 	- qt4-x11 <undetermined> (bug #561760)
@@ -8000,8 +8236,8 @@
 	- linux-2.6 2.6.31-1 (medium)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.19)
 	- linux-2.6.24 <removed> (medium)
-CVE-2009-2907
-	RESERVED
+CVE-2009-2907 (Multiple cross-site scripting (XSS) vulnerabilities in
SpringSource tc ...)
+	TODO: check
 CVE-2009-2906 (smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before
3.3.8, ...)
 	{DSA-1908-1}
 	- samba 2:3.4.2-1 (low; bug #550423)
@@ -9535,7 +9771,7 @@
 	{DSA-1840-1}
 	- xulrunner 1.9.0.12-1
 	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by
security support)
-CVE-2009-2463 (Integer overflow in a base64 decoding function in Mozilla
Firefox ...)
+CVE-2009-2463 (Multiple integer overflows in the (1) PL_Base64Decode and (2)
...)
 	{DSA-1931-1}
 	- nspr 4.8.2-1
 	[etch] - nspr <end-of-life> (Mozilla packages from oldstable no longer
covered by security support)
Secure testing commits - Mar 2010 - r14325 - data/CVE

[Secure-testing-commits] r14325 - data/CVE
