thr3ads.net - Secure testing commits - [Secure-testing-commits] r14373

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Apr-01 21:14 UTC
[Secure-testing-commits] r14373 - data/CVE

Author: joeyh
Date: 2010-04-01 21:14:34 +0000 (Thu, 01 Apr 2010)
New Revision: 14373

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-04-01 09:10:31 UTC (rev 14372)
+++ data/CVE/list	2010-04-01 21:14:34 UTC (rev 14373)
@@ -46,19 +46,17 @@
 	RESERVED
 CVE-2010-1196
 	RESERVED
-CVE-2010-1194
-	RESERVED
-CVE-2010-1191
-	RESERVED
+CVE-2010-1194 (The match_component function in smtp-tls.c in libESMTP 1.0.3.r1,
and ...)
+	TODO: check
+CVE-2010-1191 (Sahana disaster management system 0.6.2.2, and possibly other
...)
+	TODO: check
 CVE-2010-1186
 	RESERVED
 CVE-2009-4763 (Unspecified vulnerability in the ClickHeat plugin, as used in
...)
 	TODO: check
-CVE-2010-1188 [linux-2.6: ipv6 skb unexpectedly freed]
-	RESERVED
+CVE-2010-1188 (Use-after-free vulnerability in net/ipv4/tcp_input.c in the
Linux ...)
 	- linux-2.6 2.6.20-1
-CVE-2010-1187 [linux-2.6: ticp oops]
-	RESERVED
+CVE-2010-1187 (The Transparent Inter-Process Communication (TIPC) functionality
in ...)
 	- linux-2.6 <unfixed>
 CVE-2010-1185 (Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32,
and ...)
 	NOT-FOR-US: SAP MaxDB
@@ -429,8 +427,8 @@
 	RESERVED
 CVE-2010-1031
 	RESERVED
-CVE-2010-1030
-	RESERVED
+CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules
...)
+	TODO: check
 CVE-2010-1029 (Stack consumption vulnerability in the WebCore::CSSSelector
function ...)
 	TODO: check
 CVE-2010-1027 (SQL injection vulnerability in the Meet Travelmates (travelmate)
...)
@@ -624,8 +622,7 @@
 	NOT-FOR-US: dl Download Ticket Service
 CVE-2007-6733 (The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9
does ...)
 	- linux-2.6 2.6.10-1
-CVE-2010-1195 [ikiwiki htmlscrubber XSS via svg images]
-	RESERVED
+CVE-2010-1195 (Cross-site scripting (XSS) vulnerability in the htmlscrubber
component ...)
 	{DSA-2020-1}
 	- ikiwiki 3.20100312 (low)
 	[lenny] - ikwiki 2.53.5
@@ -758,14 +755,12 @@
 	{DSA-2021-1}
 	- spamass-milter 0.3.1-9 (bug #573228)
 	[lenny] - spamass-milter 0.3.1-8+lenny1
-CVE-2010-1189 [mediawiki CSS validation]
-	RESERVED
+CVE-2010-1189 (MediaWiki before 1.15.2 does not prevent wiki editors from
linking to ...)
 	{DSA-2022-1}
 	- mediawiki 1:1.15.2-1 (low)
 	NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
 	[lenny] - mediawiki 1:1.12.0-2lenny4
-CVE-2010-1190 [mediawiki data leak in thumb.php]
-	RESERVED
+CVE-2010-1190 (thumb.php in MediaWiki before 1.15.2, when used with ...)
 	{DSA-2022-1}
 	- mediawiki 1:1.15.2-1 (low)
 	[lenny] - mediawiki 1:1.12.0-2lenny4
@@ -1152,8 +1147,7 @@
 	- shibboleth-sp2 <unfixed> (low; bug #571631)
 	[lenny] - shibboleth-sp2 <no-dsa> (Minor issue)
 	- shibboleth-sp <not-affected> (Vulnerable code not present)
-CVE-2010-1192 [libesmtp doesn''t handle null bytes in commonname]
-	RESERVED
+CVE-2010-1192 (libESMTP, probably 1.0.4 and earlier, does not properly handle a
''\0'' ...)
 	- libesmtp <unfixed> (bug #572960)
 	NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6
 CVE-2010-1193 [libesmtp wildcard handling]
@@ -1210,12 +1204,12 @@
 	RESERVED
 CVE-2010-0808
 	RESERVED
-CVE-2010-0807
-	RESERVED
+CVE-2010-0807 (Microsoft Internet Explorer 7 does not properly handle objects
in ...)
+	TODO: check
 CVE-2010-0806 (Use-after-free vulnerability in the Peer Objects component (aka
...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2010-0805
-	RESERVED
+CVE-2010-0805 (The Tabular Data Control (TDC) ActiveX control in Microsoft
Internet ...)
+	TODO: check
 CVE-2010-0804 (Cross-site scripting (XSS) vulnerability in index.php in
iBoutique 4.0 ...)
 	NOT-FOR-US: iBoutique
 CVE-2010-0803 (SQL injection vulnerability in the jVideoDirect
(com_jvideodirect) ...)
@@ -1984,26 +1978,26 @@
 	RESERVED
 CVE-2010-0537 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not
properly ...)
 	TODO: check
-CVE-2010-0536
-	RESERVED
+CVE-2010-0536 (Apple QuickTime before 7.6.6 on Windows allows remote attackers
to ...)
+	TODO: check
 CVE-2010-0535 (Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is
...)
 	TODO: check
 CVE-2010-0534 (Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not
enforce the ...)
 	TODO: check
 CVE-2010-0533 (Directory traversal vulnerability in AFP Server in Apple Mac OS
X ...)
 	TODO: check
-CVE-2010-0532
-	RESERVED
-CVE-2010-0531
-	RESERVED
+CVE-2010-0532 (Race condition in the installation package in Apple iTunes
before 9.1 ...)
+	TODO: check
+CVE-2010-0531 (Apple iTunes before 9.1 allows remote attackers to cause a
denial of ...)
+	TODO: check
 CVE-2010-0530
 	RESERVED
-CVE-2010-0529
-	RESERVED
-CVE-2010-0528
-	RESERVED
-CVE-2010-0527
-	RESERVED
+CVE-2010-0529 (Heap-based buffer overflow in Apple QuickTime before 7.6.6 on
Windows ...)
+	TODO: check
+CVE-2010-0528 (Apple QuickTime before 7.6.6 on Windows allows remote attackers
to ...)
+	TODO: check
+CVE-2010-0527 (Integer overflow in Apple QuickTime before 7.6.6 on Windows
allows ...)
+	TODO: check
 CVE-2010-0526 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before
...)
 	TODO: check
 CVE-2010-0525 (Mail in Apple Mac OS X before 10.6.3 does not properly enforce
the key ...)
@@ -2068,20 +2062,20 @@
 	NOT-FOR-US: Apple iPhone OS
 CVE-2010-0495
 	RESERVED
-CVE-2010-0494
-	RESERVED
+CVE-2010-0494 (Cross-domain vulnerability in Microsoft Internet Explorer 6, 6
SP1, 7, ...)
+	TODO: check
 CVE-2010-0493
 	RESERVED
-CVE-2010-0492
-	RESERVED
-CVE-2010-0491
-	RESERVED
-CVE-2010-0490
-	RESERVED
-CVE-2010-0489
-	RESERVED
-CVE-2010-0488
-	RESERVED
+CVE-2010-0492 (mstime.dll in Microsoft Internet Explorer 8 does not properly
handle ...)
+	TODO: check
+CVE-2010-0491 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01
SP4, ...)
+	TODO: check
+CVE-2010-0490 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly
...)
+	TODO: check
+CVE-2010-0489 (Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6
SP1, and ...)
+	TODO: check
+CVE-2010-0488 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not
...)
+	TODO: check
 CVE-2010-0487
 	RESERVED
 CVE-2010-0486
@@ -2170,12 +2164,12 @@
 	TODO: check
 CVE-2010-0451 (The installation process for NFS/ONCplus B.11.31_08 and earlier
on HP ...)
 	TODO: check
-CVE-2010-0450
-	RESERVED
-CVE-2010-0449
-	RESERVED
-CVE-2010-0448
-	RESERVED
+CVE-2010-0450 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and
6.64 ...)
+	TODO: check
+CVE-2010-0449 (Cross-site scripting (XSS) vulnerability in HP SOA Registry
Foundation ...)
+	TODO: check
+CVE-2010-0448 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and
6.64 ...)
+	TODO: check
 CVE-2010-0447 (The helpmanager servlet in the web server in HP OpenView
Performance ...)
 	NOT-FOR-US: HP OpenView Performance Insight
 CVE-2010-0446 (Unspecified vulnerability on the HP DreamScreen 100 and 130 with
...)
@@ -2813,8 +2807,8 @@
 	RESERVED
 CVE-2010-0268
 	RESERVED
-CVE-2010-0267
-	RESERVED
+CVE-2010-0267 (Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly
handle ...)
+	TODO: check
 CVE-2010-0266
 	RESERVED
 CVE-2010-0265 (Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and
6.0, ...)
@@ -3144,8 +3138,7 @@
 	RESERVED
 CVE-2010-0133
 	RESERVED
-CVE-2010-0132 [viewvc regular expression xss]
-	RESERVED
+CVE-2010-0132 (Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before
1.1.5 ...)
 	- viewvc <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2010/03/30/2
 	TODO: file bug
Secure testing commits - Apr 2010 - r14373 - data/CVE

[Secure-testing-commits] r14373 - data/CVE
