Author: geissert Date: 2010-04-06 05:23:45 +0000 (Tue, 06 Apr 2010) New Revision: 14414 Modified: data/CVE/list Log: multiple new issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-06 04:34:19 UTC (rev 14413) +++ data/CVE/list 2010-04-06 05:23:45 UTC (rev 14414) @@ -1,3 +1,32 @@ +CVE-2010-XXXX [tcpdf code execution via tcpdf tag] + - moodle <undetermined> + - phpmyadmin <undetermined> + - tcpdf <itp> (bug #495985) + TODO: check + NOTE: http://sourceforge.net/projects/tcpdf/files/CHANGELOG.TXT/view + NOTE: setting K_TCPDF_CALLS_IN_HTML to false mitigates the problem +CVE-2010-XXXX [linux r128 ioctl handlers null pointer deref] + - linux-2.6 <undetermined> + TODO: check + NOTE: http://git.kernel.org/linus/7dc482dfeeeefcfd000d4271c4626937406756d7 +CVE-2010-XXXX [xmail insecure temp files handling] + - xmail <undetermined> + TODO: check + NOTE: http://www.xmailserver.org/ChangeLog.html#feb_25__2010_v_1_27 +CVE-2010-XXXX [dovecot wrong Mail dir permissions] + - dovecot <undetermined> + TODO: check + NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html +CVE-2010-XXXX [Linux ThinkPad video output status local DoS] + - linux-2.6 <unfixed> (bug #565790) + NOTE: http://git.kernel.org/linus/b525c06cdbd8a3963f0173ccd23f9147d4c384b5 + TODO: check affected/fixed versions, Moritz? +CVE-2010-XXXX [aircrack-ng EAPOL buffer overflow] + - aircrack-ng <unfixed> (low) + [lenny] - aircrack-ng <no-dsa> (low) + [etch] - aircrack-ng <no-dsa> (low) + NOTE: http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py + TODO: file bug, request id CVE-2010-1244 (Cross-site request forgery (CSRF) vulnerability in ...) TODO: check CVE-2010-1243 (The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 ...) @@ -1445,7 +1474,7 @@ CVE-2010-0749 RESERVED - transmission 1.92-1 (unimportant; bug filed) -CVE-2010-0748 +CVE-2010-0748 [transmission magnet links parser buffer overflow] RESERVED - transmission 1.92-1 (medium; bug filed) [lenny] - transmission <not-affected> (Support for Magnet links not yet available) @@ -1455,11 +1484,12 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178 NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2 NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235 -CVE-2010-0745 [dovecot DoS] +CVE-2010-0745 [dovecot large header resource consumption/DoS] RESERVED - dovecot 1:1.2.11-1 (low) [lenny] - dovecot <not-affected> (Vulnerable code not present) [etch] - dovecot <not-affected> (Vulnerable code not present) + NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html CVE-2010-0744 [amsn SSL verification vuln] RESERVED - amsn <unfixed> (bug #572818)