Author: gilbert-guest
Date: 2010-06-06 03:42:45 +0000 (Sun, 06 Jun 2010)
New Revision: 14812
Modified:
data/CVE/list
Log:
new issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-06-06 01:10:03 UTC (rev 14811)
+++ data/CVE/list 2010-06-06 03:42:45 UTC (rev 14812)
@@ -323,10 +323,16 @@
- exim4 <unfixed> (low)
NOTE: Fixed in experimental, both seem no-dsa, but should be checked with
maintainers
CVE-2010-2022 (jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the
"-l -U ...)
+ - kfreebsd-6 <removed>
+ - kfreebsd-7 <undetermined>
+ - kfreebsd-8 <undetermined>
TODO: check
CVE-2010-2021
RESERVED
CVE-2010-2020 (sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in
FreeBSD ...)
+ - kfreebsd-6 <removed>
+ - kfreebsd-7 <undetermined>
+ - kfreebsd-8 <undetermined>
TODO: check
CVE-2010-2019 (SQL injection vulnerability in downlot.php in Lokomedia CMS
1.4.1, ...)
NOT-FOR-US: Lokomedia CMS
@@ -508,6 +514,7 @@
CVE-2010-1939 (Use-after-free vulnerability in Apple Safari 4.0.5 on Windows
allows ...)
TODO: check webkit, chromium, etc. once sufficient details are revealed
CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in
libopie ...)
+ - opie <undetermined>
TODO: check
CVE-2010-1937
RESERVED
@@ -1206,7 +1213,7 @@
CVE-2010-1644
RESERVED
CVE-2010-1643 (mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict
...)
- TODO: check
+ - linux-2.6 2.6.28-1
CVE-2010-1642
RESERVED
- samba <unfixed> (unimportant)
@@ -1232,7 +1239,11 @@
- samba <unfixed> (unimportant)
NOTE: Only crashes a single connection, not the entire smbd
CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module in
...)
- TODO: check
+ - python3.1 <undetermined>
+ - python2.7 <unfixed>
+ - python2.6 <unfixed>
+ - python2.5 <unfixed>
+ - python2.4 <removed>
CVE-2010-1633 (RSA verification recovery in the EVP_PKEY_verify_recover
function in ...)
- openssl <unfixed> (bug filed)
[lenny] - openssl <not-affected> (This bug is only present in OpenSSL
1.0.0)
@@ -1548,6 +1559,7 @@
CVE-2010-1514
RESERVED
CVE-2010-1513 (Multiple integer overflows in src/image.c in Ziproxy before
3.0.1 ...)
+ - ziproxy <undetermined>
TODO: check
CVE-2010-1512 (Directory traversal vulnerability in aria2 before 1.9.3 allows
remote ...)
{DSA-2047-1}
@@ -1777,6 +1789,7 @@
CVE-2010-1460 (The IBM BladeCenter with Advanced Management Module (AMM)
firmware ...)
NOT-FOR-US: IBM BladeCenter Management Module
CVE-2010-1459 (The default configuration of ASP.NET in Mono before 2.6.4 has a
value ...)
+ - mono <undetermined>
TODO: check
CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS
Zip ...)
NOT-FOR-US: TweakFS
@@ -1804,9 +1817,17 @@
{DSA-2053-1}
- linux-2.6 2.6.32-10
CVE-2010-1450 (Multiple buffer overflows in the RLE decoder in the rgbimg
module in ...)
- TODO: check
+ - python3.1 <not-affected> (rgbimgmodule no longer included in source)
+ - python2.7 <not-affected> (rgbimgmodule no longer included in source)
+ - python2.6 <not-affected> (rgbimgmodule no longer included in source)
+ - python2.5 <unfixed>
+ - python2.4 <removed>
CVE-2010-1449 (Integer overflow in rgbimgmodule.c in the rgbimg module in
Python 2.5 ...)
- TODO: check
+ - python3.1 <not-affected> (rgbimgmodule no longer included in source)
+ - python2.7 <not-affected> (rgbimgmodule no longer included in source)
+ - python2.6 <not-affected> (rgbimgmodule no longer included in source)
+ - python2.5 <unfixed>
+ - python2.4 <removed>
CVE-2010-1448 [lxr XSS on the search page]
RESERVED
- lxr-cvs <unfixed>
@@ -2153,7 +2174,7 @@
CVE-2010-1297
RESERVED
CVE-2010-1296 (Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2
allow ...)
- TODO: check
+ NOT-FOR-US: Adobe Photoshop CS4
CVE-2010-1295
RESERVED
CVE-2010-1294 (Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and
9.0 ...)
@@ -4213,17 +4234,17 @@
CVE-2010-0601 (The MGCP implementation on the Cisco PGW 2200 Softswitch with
software ...)
NOT-FOR-US: Cisco PGW
CVE-2010-0600 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2
before ...)
- TODO: check
+ NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0599 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2
before ...)
- TODO: check
+ NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0598 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2
before ...)
- TODO: check
+ NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0597 (Unspecified vulnerability in Cisco Mediator Framework 1.5.1
before ...)
- TODO: check
+ NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0596 (Unspecified vulnerability in Cisco Mediator Framework 2.2 before
...)
- TODO: check
+ NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0595 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2
before ...)
- TODO: check
+ NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0594 (Cross-site scripting (XSS) vulnerability in Cisco Router and
Security ...)
NOT-FOR-US: Cisco Router and Security Device Manager
CVE-2010-0593 (The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0,
...)
@@ -7127,7 +7148,11 @@
- coreutils <not-affected> (this issue only affects the coreutils build
process; bug #560898)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545439
CVE-2009-4134 (Buffer underflow in the rgbimg module in Python 2.5 allows
remote ...)
- TODO: check
+ - python3.1 <not-affected> (rgbimgmodule no longer included in source)
+ - python2.7 <not-affected> (rgbimgmodule no longer included in source)
+ - python2.6 <not-affected> (rgbimgmodule no longer included in source)
+ - python2.5 <unfixed>
+ - python2.4 <removed>
CVE-2009-4133 (Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG,
Grid for ...)
- condor <itp> (bug #233482)
CVE-2009-4132