thr3ads.net - Secure testing commits - [Secure-testing-commits] r14833

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Jun-08 21:14 UTC
[Secure-testing-commits] r14833 - data/CVE

Author: joeyh
Date: 2010-06-08 21:14:16 +0000 (Tue, 08 Jun 2010)
New Revision: 14833

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-06-08 13:50:10 UTC (rev 14832)
+++ data/CVE/list	2010-06-08 21:14:16 UTC (rev 14833)
@@ -1,7 +1,84 @@
-CVE-2010-2157
+CVE-2010-2196
 	RESERVED
-CVE-2010-2156 [unspecified "fencepost error on zero-length
identifier"]
+CVE-2010-2195
 	RESERVED
+CVE-2010-2194
+	RESERVED
+CVE-2010-2193
+	RESERVED
+CVE-2010-2192
+	RESERVED
+CVE-2010-2191 (The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack
functions; ...)
+	TODO: check
+CVE-2010-2190 (The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace
functions ...)
+	TODO: check
+CVE-2010-2189
+	RESERVED
+CVE-2010-2188
+	RESERVED
+CVE-2010-2187
+	RESERVED
+CVE-2010-2186
+	RESERVED
+CVE-2010-2185
+	RESERVED
+CVE-2010-2184
+	RESERVED
+CVE-2010-2183
+	RESERVED
+CVE-2010-2182
+	RESERVED
+CVE-2010-2181
+	RESERVED
+CVE-2010-2180
+	RESERVED
+CVE-2010-2179
+	RESERVED
+CVE-2010-2178
+	RESERVED
+CVE-2010-2177
+	RESERVED
+CVE-2010-2176
+	RESERVED
+CVE-2010-2175
+	RESERVED
+CVE-2010-2174
+	RESERVED
+CVE-2010-2173
+	RESERVED
+CVE-2010-2172
+	RESERVED
+CVE-2010-2171
+	RESERVED
+CVE-2010-2170
+	RESERVED
+CVE-2010-2169
+	RESERVED
+CVE-2010-2168
+	RESERVED
+CVE-2010-2167
+	RESERVED
+CVE-2010-2166
+	RESERVED
+CVE-2010-2165
+	RESERVED
+CVE-2010-2164
+	RESERVED
+CVE-2010-2163
+	RESERVED
+CVE-2010-2162
+	RESERVED
+CVE-2010-2161
+	RESERVED
+CVE-2010-2160
+	RESERVED
+CVE-2010-2159 (Dameng DM Database Server allows remote authenticated users to
cause a ...)
+	TODO: check
+CVE-2010-2158 (Multiple cross-site scripting (XSS) vulnerabilities in the Storm
...)
+	TODO: check
+CVE-2010-2157 (Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0
SP2, ...)
+	TODO: check
+CVE-2010-2156 (ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows
remote ...)
 	- isc-dhcp 4.1.1-P1-1
 	- dhcp3 <not-affected> (Only affects DHCP 4.x)
 	- dhcp <not-affected> (Only affects DHCP 4.x)
@@ -247,12 +324,11 @@
 	NOTE: DSA-2043 and DSA-2044
 CVE-2010-2061
 	RESERVED
-CVE-2010-2060
-	RESERVED
+CVE-2010-2060 (The put command functionality in beanstalkd 1.4.5 and earlier
allows ...)
+	TODO: check
 CVE-2010-2059
 	RESERVED
-CVE-2010-2058 [Insecure permissions on prewikka conf] 
-	RESERVED
+CVE-2010-2058 (setup.py in Prewikka 0.9.14 installs prewikka.conf with
world-readable ...)
 	- prewikka <unfixed> (bug #584469)
 CVE-2010-2057
 	RESERVED
@@ -262,10 +338,10 @@
 	RESERVED
 CVE-2010-2054
 	RESERVED
-CVE-2010-2053
-	RESERVED
+CVE-2010-2053 (emesenelib/ProfileManager.py in emesene before 1.6.2 allows
local ...)
+	TODO: check
 CVE-2010-2052
-	RESERVED
+	REJECTED
 CVE-2010-2051 (SQL injection vulnerability in article.php in Debliteck DBCart
allows ...)
 	NOT-FOR-US: Debliteck DBCart
 CVE-2010-2050 (Directory traversal vulnerability in the Moron Solutions MS
Comment ...)
@@ -320,12 +396,10 @@
 	NOT-FOR-US: Cisco
 CVE-2010-2025 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the web ...)
 	NOT-FOR-US: Cisco
-CVE-2010-2024
-	RESERVED
+CVE-2010-2024 (transports/appendfile.c in Exim before 4.72, when MBX locking is
...)
 	- exim4 <unfixed> (low)
 	NOTE: Fixed in experimental, both seem no-dsa, but should be checked with
maintainers
-CVE-2010-2023
-	RESERVED
+CVE-2010-2023 (transports/appendfile.c in Exim before 4.72, when a
world-writable ...)
 	- exim4 <unfixed> (low)
 	NOTE: Fixed in experimental, both seem no-dsa, but should be checked with
maintainers
 CVE-2010-2022 (jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the
&quot;-l -U ...)
@@ -467,10 +541,10 @@
 	RESERVED
 CVE-2010-1964
 	RESERVED
-CVE-2010-1963
-	RESERVED
-CVE-2010-1962
-	RESERVED
+CVE-2010-1963 (Cross-site scripting (XSS) vulnerability in HP ServiceCenter
allows ...)
+	TODO: check
+CVE-2010-1962 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5
...)
+	TODO: check
 CVE-2010-1961
 	RESERVED
 CVE-2010-1960
@@ -576,8 +650,8 @@
 	NOT-FOR-US: Consona
 CVE-2010-1905 (Multiple cross-site scripting (XSS) vulnerabilities in Consona
Live ...)
 	NOT-FOR-US: Consona
-CVE-2010-1904
-	RESERVED
+CVE-2010-1904 (SQL injection vulnerability in EMC RSA Key Manager Client 1.5.x
allows ...)
+	TODO: check
 CVE-2010-1903
 	RESERVED
 CVE-2010-1902
@@ -763,20 +837,17 @@
 	NOT-FOR-US: ToutVirtual VirtualIQ Pro
 CVE-2009-4842 (Multiple cross-site scripting (XSS) vulnerabilities in
ToutVirtual ...)
 	NOT-FOR-US: ToutVirtual VirtualIQ Pro
-CVE-2010-1850 [table name buffer overflow]
-	RESERVED
+CVE-2010-1850 (Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before
5.1.47 ...)
 	{DSA-2057-1}
 	- mysql-5.1 5.1.47-1 (bug #582526)
 	- mysql-dfsg-5.0 <removed>
 CVE-2010-XXXX [wicd changes permissions of resolv.conf]
 	- wicd 1.7.0+ds1-3 (low; bug #582798)
-CVE-2010-1849 [DoS through oversized packets]
-	RESERVED
+CVE-2010-1849 (The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0
through ...)
 	{DSA-2057-1}
 	- mysql-5.1 5.1.47-1 (bug #582526)
 	- mysql-dfsg-5.0 <removed>
-CVE-2010-1848 [incomplete table name checks]
-	RESERVED
+CVE-2010-1848 (Directory traversal vulnerability in MySQL 5.0 through 5.0.91
and 5.1 ...)
 	{DSA-2057-1}
 	- mysql-5.1 5.1.47-1 (bug #582526)
 	- mysql-dfsg-5.0 <removed>
@@ -1203,18 +1274,16 @@
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-1650 (IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41,
6.1.x ...)
 	NOT-FOR-US: IBM WebSphere Application Server
-CVE-2010-1649
-	RESERVED
-CVE-2010-1648 [Mediawiki CSRF in login page]
-	RESERVED
+CVE-2010-1649 (Multiple cross-site scripting (XSS) vulnerabilities in the back
end in ...)
+	TODO: check
+CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login
interface ...)
 	- mediawiki <unfixed>
 	NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
-CVE-2010-1647 [Mediawiki IE-specific XSS]
-	RESERVED
+CVE-2010-1647 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.15
before ...)
 	- mediawiki <unfixed>
 	NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
-CVE-2010-1646
-	RESERVED
+CVE-2010-1646 (The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22
and ...)
+	TODO: check
 CVE-2010-1645
 	RESERVED
 CVE-2010-1644
@@ -1237,8 +1306,7 @@
 	RESERVED
 CVE-2010-1637
 	RESERVED
-CVE-2010-1636 [btrfs issue]
-	RESERVED
+CVE-2010-1636 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs
...)
 	- linux-2.6 2.6.32-14 
 	[lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.32)
 CVE-2010-1635
@@ -1871,8 +1939,8 @@
 CVE-2010-1440 (Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX
Live ...)
 	- texlive-bin 2009-6 (low; bug #580668)
 	[lenny] - texlive-bin <no-dsa> (minor issue)
-CVE-2010-1439
-	RESERVED
+CVE-2010-1439 (yum-rhn-plugin in Red Hat Network Client Tools (aka
rhn-client-tools) ...)
+	TODO: check
 CVE-2010-1438 (Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed
pathnames ...)
 	- wafp <itp> (bug #562949)
 CVE-2010-1437 (Race condition in the find_keyring_by_name function in ...)
Secure testing commits - Jun 2010 - r14833 - data/CVE

[Secure-testing-commits] r14833 - data/CVE
