Author: jmm-guest
Date: 2010-06-04 10:24:42 +0000 (Fri, 04 Jun 2010)
New Revision: 14793
Modified:
data/CVE/list
Log:
- clamav fixed
- new prewikka issue
- NFUs
- remove the [lenny] unfixed entry for glibc, this is done implicitly
by the glibc <removed> entry
- two further "issues" in glibc. I don''t think we need to
treat them
as security problems, since attacker-controllable format strings
cannot be handled securely anyway. I''ve marked them as unimportant.
Aurelien, if you disgree simply adjust the severity.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-06-04 09:11:26 UTC (rev 14792)
+++ data/CVE/list 2010-06-04 10:24:42 UTC (rev 14793)
@@ -25,16 +25,18 @@
CVE-2010-2117 (Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers
to ...)
- xulrunner <unfixed> (unimportant)
CVE-2009-4881 (Integer overflow in the __vstrfmon_l function in
stdlib/strfmon_l.c in ...)
- TODO: check
+ - eglibc 2.10.1-1 (unimportant)
+ - glibc <removed>
CVE-2009-4880 (Multiple integer overflows in the strfmon implementation in the
GNU C ...)
- TODO: check
+ - eglibc 2.11.1-1 (unimportant)
+ - glibc <removed>
CVE-2010-XXXX [rpm setuid handling]
- rpm <unfixed> (bug #584257; unimportant)
NOTE: Marking as unimportant since rpm isn''t used as a package
manager
CVE-2010-2116 (The web interface in McAfee Email Gateway (formerly IronMail)
6.7.1 ...)
TODO: check
CVE-2010-2115 (SolarWinds TFTP Server 10.4.0.10 allows remote attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: SolarWinds TFTP Server
CVE-2010-2114 (Cross-site request forgery (CSRF) vulnerability in pbx/gate in
Brekeke ...)
TODO: check
CVE-2010-2113 (Multiple cross-site request forgery (CSRF) vulnerabilities in
The ...)
@@ -166,8 +168,9 @@
RESERVED
CVE-2010-2059
RESERVED
-CVE-2010-2058
+CVE-2010-2058 [Insecure permissions on prewikka conf]
RESERVED
+ - prewikka <unfixed> (bug #584469)
CVE-2010-2057
RESERVED
CVE-2010-2056
@@ -467,7 +470,7 @@
CVE-2010-1929
RESERVED
CVE-2010-1919 (Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1
...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2010-1913 (The default configuration of pluginlicense.ini for the ...)
NOT-FOR-US: Consona
CVE-2010-1912 (The SdcWebSecureBase interface in tgctlcm.dll in Consona Live
...)
@@ -1130,10 +1133,10 @@
CVE-2010-1641 (The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux
kernel ...)
- linux-2.6 <unfixed>
CVE-2010-1640 (Off-by-one error in the parseicon function in
libclamav/pe_icons.c in ...)
- - clamav <unfixed> (bug #584183)
+ - clamav 0.96.1+dfsg-1 (bug #584183)
[lenny] - clamav <end-of-life>
CVE-2010-1639 (The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1
allows ...)
- - clamav <unfixed> (bug #584183)
+ - clamav 0.96.1+dfsg-1 (bug #584183)
[lenny] - clamav <end-of-life>
CVE-2010-1638
RESERVED
@@ -3447,7 +3450,6 @@
CVE-2010-0831
RESERVED
CVE-2010-0830 (Integer signedness error in the elf_get_dynamic_info function in
...)
- [lenny] - glibc <unfixed> (low)
- glibc <removed>
- eglibc 2.11-1
NOTE:
http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5
@@ -5079,8 +5081,7 @@
- kvm <removed> (low)
[lenny] - kvm <no-dsa> (minor issue)
CVE-2010-0296 (The encode_name macro in misc/mntent_r.c in the GNU C Library
(aka ...)
- [lenny] - glibc <unfixed> (bug #583908)
- - glibc <removed>
+ - glibc <removed> (bug #583908)
- eglibc 2.11-1
NOTE:
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ab00f4eac8f4932211259ff87be83144f5211540
CVE-2010-0295 (lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each
read ...)