Author: joeyh
Date: 2010-05-24 21:15:09 +0000 (Mon, 24 May 2010)
New Revision: 14743
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-05-24 19:58:26 UTC (rev 14742)
+++ data/CVE/list 2010-05-24 21:15:09 UTC (rev 14743)
@@ -1,3 +1,11 @@
+CVE-2010-2011 (Microsoft Dynamics GP uses a substitution cipher to encrypt the
system ...)
+ TODO: check
+CVE-2010-2010 (Multiple cross-site scripting (XSS) vulnerabilities in the Chaos
Tool ...)
+ TODO: check
+CVE-2010-2009 (Stack-based buffer overflow in the media library in BS.Global
...)
+ TODO: check
+CVE-2010-2008
+ RESERVED
CVE-2010-2007 (Multiple cross-site request forgery (CSRF) vulnerabilities in
LetoDMS ...)
- mydms <unfixed> (bug #582587; medium)
NOTE: seems to have changed name to letoDMS
@@ -79,6 +87,7 @@
CVE-2010-1976 (Cross-site scripting (XSS) vulnerability in the Taxonomy
Breadcrumb ...)
NOT-FOR-US: Taxonomy Breadcrumb module for Drupal
CVE-2010-1975 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before
8.1.21, ...)
+ {DSA-2051-1}
- postgresql-8.4 8.4.4-1 (low)
- postgresql-8.3 <removed> (low)
CVE-2010-1974 (Multiple unspecified vulnerabilities in the Safe (aka Safe.pm)
module ...)
@@ -876,8 +885,7 @@
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=691295
CVE-2010-1627 (feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check
...)
- phpbb3 3.0.7-PL1-1
-CVE-2010-1626
- RESERVED
+CVE-2010-1626 (MySQL before 5.1.46 allows local users to delete the data and
index ...)
- mysql-dfsg-5.1 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648
TODO: File bug
@@ -1101,12 +1109,12 @@
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1549 (Unspecified vulnerability in the Agent in HP LoadRunner before
9.50 ...)
NOT-FOR-US: HP LoadRunner
-CVE-2010-1548
- RESERVED
-CVE-2010-1547
- RESERVED
-CVE-2010-1546
- RESERVED
+CVE-2010-1548 (The auto-complete functionality in the Chaos Tool Suite (aka
CTools) ...)
+ TODO: check
+CVE-2010-1547 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
+CVE-2010-1546 (Multiple eval injection vulnerabilities in the import
functionality in ...)
+ TODO: check
CVE-2010-1545
RESERVED
CVE-2010-1544 (micro_httpd on the RCA DCM425 cable modem allows remote
attackers to ...)
@@ -1440,8 +1448,7 @@
- postgresql-8.4 <undetermined>
- postgresql-8.3 <undetermined>
TODO: check
-CVE-2010-1446 [kgbd issue]
- RESERVED
+CVE-2010-1446 (arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel
2.6.30 and ...)
- linux-2.6 2.6.32-12 (unimportant)
NOTE: KGDB is not currently enabled in debian builds
CVE-2010-1445
@@ -1473,8 +1480,7 @@
- wafp <itp> (bug #562949)
CVE-2010-1437 (Race condition in the find_keyring_by_name function in ...)
- linux-2.6 2.6.32-13
-CVE-2010-1436 [gfs2 issue]
- RESERVED
+CVE-2010-1436 (gfs2 in the Linux kernel 2.6.18, and possibly other versions,
does not ...)
- linux-2.6 <unfixed>
CVE-2010-1435
RESERVED
@@ -1716,6 +1722,7 @@
CVE-2010-1322
RESERVED
CVE-2010-1321 (The kg_accept_krb5 function in krb5/accept_sec_context.c in the
...)
+ {DSA-2052-1}
- krb5 1.8.1+dfsg-3 (low; bug #582261)
NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt
CVE-2010-1320 (Double free vulnerability in do_tgs_req.c in the Key
Distribution ...)
@@ -2126,9 +2133,11 @@
CVE-2010-1171
RESERVED
CVE-2010-1170 (The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0
before ...)
+ {DSA-2051-1}
- postgresql-8.4 8.4.4-1 (low)
- postgresql-8.3 <removed>
CVE-2010-1169 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before
8.1.21, ...)
+ {DSA-2051-1}
- postgresql-8.4 8.4.4-1 (low)
- postgresql-8.3 <removed>
CVE-2010-1168
@@ -2477,7 +2486,7 @@
NOT-FOR-US: IBM DB2 Content Manager Toolkit
CVE-2010-1040 (The "IP address range limitation" function in
OpenPNE 1.6 through 1.8, ...)
NOT-FOR-US: OpenPNE
-CVE-2010-1039 (Unspecified vulnerability in NFS/ONCplus B.11.31_09 and earlier
on HP ...)
+CVE-2010-1039 (Integer overflow in an unspecified log function in rpc.pcnfsd in
IBM ...)
NOT-FOR-US: HP-UX
CVE-2010-1038 (Unspecified vulnerability in HP System Insight Manager before
6.0 ...)
NOT-FOR-US: HP System Insight Manager
@@ -4049,10 +4058,10 @@
RESERVED
CVE-2010-0540
RESERVED
-CVE-2010-0539
- RESERVED
-CVE-2010-0538
- RESERVED
+CVE-2010-0539 (Integer signedness error in the window drawing implementation in
Apple ...)
+ TODO: check
+CVE-2010-0538 (Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS
X ...)
+ TODO: check
CVE-2010-0537 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not
properly ...)
NOT-FOR-US: Apple DesktopServices
CVE-2010-0536 (Apple QuickTime before 7.6.6 on Windows allows remote attackers
to ...)
@@ -4480,6 +4489,7 @@
CVE-2010-XXXX [gmetad incorrect file permissions]
- ganglia 3.1.2-3 (low; bug #567175)
CVE-2010-0442 (The bitsubstr function in backend/utils/adt/varbit.c in
PostgreSQL ...)
+ {DSA-2051-1}
- postgresql-7.4 <removed>
- postgresql-8.1 <removed>
- postgresql-8.2 <removed>
@@ -8305,13 +8315,13 @@
CVE-2009-3611 (common/snapshots.py in Back In Time (aka backintime) 0.9.26
changes ...)
- backintime 0.9.26-3 (bug #543785)
CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in
Stream.cc ...)
- {DSA-2028-1 DSA-1941-1}
+ {DSA-2050-1 DSA-2028-1 DSA-1941-1}
- xpdf 3.02-2 (medium; bug #551287)
- poppler 0.12.2-1 (medium; bug #551289)
- kdegraphics 4:4.0 (medium; bug #551290)
- swftools <removed> (medium; bug #551291)
CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in
XRef.cc ...)
- {DSA-2028-1 DSA-1941-1}
+ {DSA-2050-1 DSA-2028-1 DSA-1941-1}
- xpdf 3.02-2 (medium; bug #551287)
- poppler 0.12.2-1 (medium; bug #551289)
- kdegraphics 4:4.0 (medium; bug #551290)
@@ -8320,7 +8330,7 @@
{DSA-1941-1}
- poppler 0.12.2-1 (medium; bug #551289)
CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in
Xpdf ...)
- {DSA-2028-1 DSA-1941-1}
+ {DSA-2050-1 DSA-2028-1 DSA-1941-1}
- xpdf 3.02-2 (medium; bug #551287)
- poppler 0.12.2-1 (medium; bug #551289)
- kdegraphics 4:4.0 (medium; bug #551290)
@@ -8329,13 +8339,13 @@
{DSA-1941-1}
- poppler 0.12.2-1 (medium; bug #551289)
CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x
before ...)
- {DSA-2028-1 DSA-1941-1}
+ {DSA-2050-1 DSA-2028-1 DSA-1941-1}
- xpdf 3.02-2 (medium; bug #551287)
- poppler 0.12.2-1 (medium; bug #551289)
- kdegraphics 4:4.0 (medium; bug #551290)
- swftools <removed> (medium; bug #551291)
CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in
Xpdf ...)
- {DSA-2028-1 DSA-1941-1}
+ {DSA-2050-1 DSA-2028-1 DSA-1941-1}
- xpdf 3.02-2 (medium; bug #551287)
- poppler 0.12.2-1 (medium; bug #551289)
- kdegraphics 4:4.0 (medium; bug #551290)
@@ -16391,7 +16401,7 @@
NOTE: remote signature spoofing possible, and this was supposed to be
NOTE: originally fixed with the updates for CVE-2008-3834
CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the ...)
- {DSA-2028-1}
+ {DSA-2050-1 DSA-2028-1}
- poppler 0.10.6-1 (medium; bug #524806)
[etch] - poppler <not-affected> (SplashBitmap code not present)
[lenny] - poppler <no-dsa> (Will be fixed through a point update)