thr3ads.net - Secure testing commits - [Secure-testing-commits] r14674

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2010-May-11 18:44 UTC
[Secure-testing-commits] r14674 - data/CVE

Author: jmm-guest
Date: 2010-05-11 18:44:29 +0000 (Tue, 11 May 2010)
New Revision: 14674

Modified:
   data/CVE/list
Log:
- abcm2ps, dvipng, samhain fixed
- base is in the archive
- kolab-webclient issue also affects horde3
- new serendipity issue
- new jboss issues
- tomcat issue unimportant


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-05-11 09:45:44 UTC (rev 14673)
+++ data/CVE/list	2010-05-11 18:44:29 UTC (rev 14674)
@@ -1,5 +1,8 @@
 CVE-2010-1850
 	RESERVED
+CVE-2010-XXXX [serendipity xinha issue]
+	- serendipity <unfixed>
+	[lenny] - serendipity <not-affected> (Only affects >= 1.4)
 CVE-2010-1849
 	RESERVED
 CVE-2010-1848
@@ -267,11 +270,11 @@
 CVE-2009-4840 (Heap-based buffer overflow in the IAManager ActiveX control in
...)
 	NOT-FOR-US: Roxio CinePlayer
 CVE-2009-4839 (Multiple cross-site scripting (XSS) vulnerabilities in Basic
Analysis ...)
-	NOT-FOR-US: Basic Analysis Security Engine (BASE)
+	- acidbase <undetermined>
 CVE-2009-4838 (SQL injection vulnerability in base_ag_common.php in Basic
Analysis ...)
-	NOT-FOR-US: Basic Analysis Security Engine (BASE)
+	- acidbase <undetermined>
 CVE-2009-4837 (Multiple cross-site scripting (XSS) vulnerabilities in Basic
Analysis ...)
-	NOT-FOR-US: Basic Analysis and Security Engine (BASE)
+	- acidbase <undetermined>
 CVE-2009-4836 (Eval injection vulnerability in system/services/init.php in
Movie PHP ...)
 	NOT-FOR-US: Movie PHP Script
 CVE-2009-4835 (The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4)
pcm_init, ...)
@@ -640,7 +643,9 @@
 	NOT-FOR-US: 8pixel.net Blog
 CVE-2009-4824 (Unspecified vulnerability in Kolab Webclient before 1.2.0 in
Kolab ...)
 	- kolab-webclient <undetermined>
+	- horde3 <unfixed>
 	NOTE: package only in experimental; claimed fixed in version 20091202, but not
enough info to check
+	NOTE:
http://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/server/patches/horde-webmail/1.2.0/tg/Attic/t_framework_H_JS_Form_FixFormSecurityForImageUploads.diff?rev=1.1.2.1&only_with_tag=kolab_2_2_branch
 CVE-2009-4823 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: cPanel
 CVE-2009-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
@@ -821,8 +826,7 @@
 CVE-2010-1491 (Directory traversal vulnerability in the MMS Blog (com_mmsblog)
...)
 	NOT-FOR-US: com_mmsblog component for joomla!
 CVE-2009-4810 (The Secure Remote Password (SRP) implementation in Samhain
before ...)
-	- samhain <undetermined>
-	TODO: check
+	- samhain 2.5.4-1
 CVE-2009-4809 (Directory traversal vulnerability in thumbnail.ghp in Easy File
...)
 	NOT-FOR-US: Easy File Sharing Web Server
 CVE-2009-4808 (admin.php in Graugon PHP Article Publisher 1.0 allows remote
attackers ...)
@@ -1075,11 +1079,11 @@
 CVE-2010-1430
 	RESERVED
 CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or
JBEAP) ...)
-	- jbossas4 <undetermined>
-	TODO: check
+	- jbossas4 <unfixed> (bug filed)
+	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
 CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss
...)
-	- jbossas4 <undetermined>
-	TODO: check
+	- jbossas4 <unfixed> (bug filed)
+	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
 CVE-2010-1427 (Cross-site scripting (XSS) vulnerability in the SearchHighlight
plugin ...)
 	NOT-FOR-US: MODx Evolution
 CVE-2010-1426 (SQL injection vulnerability in MODx Evolution before 1.0.3
allows ...)
@@ -1349,7 +1353,7 @@
 CVE-2010-1303 (Multiple cross-site scripting (XSS) vulnerabilities in the
Taxonomy ...)
 	NOT-FOR-US: Drupal module
 CVE-2010-XXXX [abcm2ps]
-	- abcm2ps <unfixed> (low; bug #577014)
+	- abcm2ps 5.9.13-0.1 (low; bug #577014)
 	[lenny] - abcm2ps <no-dsa> (Minor issue)
 CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the
DecryptWeb DW ...)
 	NOT-FOR-US: Joomla!
@@ -1747,8 +1751,9 @@
 CVE-2010-1158 (Integer overflow in the regular expression engine in Perl 5.8.x
allows ...)
 	- perl <not-affected> (re engine rewritten for 5.10 to address issues
such as this; and proof-of-concept not effective)
 CVE-2010-1157 (Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26
might ...)
-	- tomcat6 <undetermined>
-	TODO: check
+	- tomcat6 <unfixed> (unimportant)
+	TODO: File bug
+	NOTE: Negligable information disclosure
 CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers
to ...)
 	- irssi 0.8.15-1 (low)
 	[lenny] - irssi <no-dsa> (Minor issue)
@@ -2739,7 +2744,7 @@
 	RESERVED
 CVE-2010-0829
 	RESERVED
-	- dvipng <unfixed> (low; bug filed)
+	- dvipng 1.13-1 (low; bug filed)
 CVE-2010-0828 (Cross-site scripting (XSS) vulnerability in action/Despam.py in
the ...)
 	{DSA-2024-1}
 	- moin 1.9.2-3 (low; bug #575995)
@@ -3019,7 +3024,8 @@
 	- texlive-bin 2009-6 (low; bug #560668)
 	[lenny] - texlive-bin <no-dsa> (minor issue)
 CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss
Enterprise ...)
-	- jbossas4 <undetermined>
+	- jbossas4 <unfixed> (bug filed)
+	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
 CVE-2010-0737
 	RESERVED
 CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform
...)
@@ -14498,7 +14504,6 @@
 	TODO: VMware products
 CVE-2009-1563
 	REJECTED
-	NOTE: Tracked as CVE-2009-0689
 CVE-2009-1562
 	RESERVED
 CVE-2009-1561 (Cross-site request forgery (CSRF) vulnerability in
administration.cgi ...)
Secure testing commits - May 2010 - r14674 - data/CVE

[Secure-testing-commits] r14674 - data/CVE
