Secure testing commits - Jun 2010 - r14885 - data/CVE

Author: joeyh
Date: 2010-06-18 21:14:21 +0000 (Fri, 18 Jun 2010)
New Revision: 14885

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-06-17 21:14:34 UTC (rev 14884)
+++ data/CVE/list	2010-06-18 21:14:21 UTC (rev 14885)
@@ -1,3 +1,19 @@
+CVE-2010-2320
+	RESERVED
+CVE-2010-2319 (SQL injection vulnerability in index.php in IDevSpot TextAds
2.08 ...)
+	TODO: check
+CVE-2010-2318 (Cross-site scripting (XSS) vulnerability in cms_data.php in ...)
+	TODO: check
+CVE-2010-2317 (Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier
allow ...)
+	TODO: check
+CVE-2010-2316 (Multiple cross-site scripting (XSS) vulnerabilities in
default.asp in ...)
+	TODO: check
+CVE-2010-2315 (PHP remote file inclusion vulnerability in picturelib.php in
...)
+	TODO: check
+CVE-2010-2314 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2010-2313 (Directory traversal vulnerability in index.php in Anodyne
Productions ...)
+	TODO: check
 CVE-2010-2312 (SQL injection vulnerability in index.php in HauntmAx Haunted
House ...)
 	TODO: check
 CVE-2010-2311 (Stack-based buffer overflow in Power Tab Editor 1.7 build 80
allows ...)
@@ -605,8 +621,7 @@
 	TODO: check
 CVE-2010-2064
 	RESERVED
-CVE-2010-2063 [samba arbitrary write on chained packet processing]
-	RESERVED
+CVE-2010-2063 (Buffer overflow in the SMB1 packet chaining implementation in
the ...)
 	{DSA-2061-1}
 	- samba 2:3.4.0~pre1-1 (high)
 	NOTE: the affected code has been completely rewritten since 3.4.x
@@ -845,8 +860,8 @@
 	RESERVED
 CVE-2010-1965
 	RESERVED
-CVE-2010-1964
-	RESERVED
+CVE-2010-1964 (Unspecified vulnerability in HP OpenView Network Node Manager
(OV NNM) ...)
+	TODO: check
 CVE-2010-1963 (Cross-site scripting (XSS) vulnerability in HP ServiceCenter
allows ...)
 	NOT-FOR-US: HP ServiceCenter
 CVE-2010-1962 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5
...)
@@ -1399,8 +1414,8 @@
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=27193
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38625
 	NOTE: http://trac.webkit.org/changeset/45941
-CVE-2010-1748
-	RESERVED
+CVE-2010-1748 (The web interface in CUPS in Apple Mac OS X 10.5.8, and 10.6
before ...)
+	TODO: check
 CVE-2010-1747
 	RESERVED
 CVE-2010-1746 (Multiple cross-site scripting (XSS) vulnerabilities in the Table
JX ...)
@@ -1639,8 +1654,7 @@
 	RESERVED
 CVE-2010-1643 (mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict
...)
 	- linux-2.6 2.6.28-1
-CVE-2010-1642
-	RESERVED
+CVE-2010-1642 (The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd
in ...)
 	- samba <unfixed> (unimportant)
 	NOTE: Only crashes a single connection, not the entire smbd
 CVE-2010-1641 (The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux
kernel ...)
@@ -1658,8 +1672,7 @@
 CVE-2010-1636 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs
...)
 	- linux-2.6 2.6.32-14 
 	[lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.32)
-CVE-2010-1635
-	RESERVED
+CVE-2010-1635 (The chain_reply function in process.c in smbd in Samba before
3.4.8 ...)
 	- samba <unfixed> (unimportant)
 	NOTE: Only crashes a single connection, not the entire smbd
 CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module in
...)
@@ -2371,8 +2384,7 @@
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=29635
 	NOTE: http://trac.webkit.org/changeset/57759
 	NOTE: http://trac.webkit.org/changeset/57817
-CVE-2010-1411 [tiff heap overflow]
-	RESERVED
+CVE-2010-1411 (Multiple integer overflows in ImageIO in Apple Mac OS X 10.5.8,
and ...)
 	- tiff <undetermined>
 	TODO: check
 CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6
and ...)
@@ -2495,26 +2507,26 @@
 	- webkit <undetermined>
 CVE-2010-1383
 	RESERVED
-CVE-2010-1382
-	RESERVED
-CVE-2010-1381
-	RESERVED
-CVE-2010-1380
-	RESERVED
-CVE-2010-1379
-	RESERVED
+CVE-2010-1382 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple
Mac ...)
+	TODO: check
+CVE-2010-1381 (The default configuration of SMB File Server in Apple Mac OS X
10.5.8, ...)
+	TODO: check
+CVE-2010-1380 (Integer overflow in the cgtexttops CUPS filter in Printing in
Apple ...)
+	TODO: check
+CVE-2010-1379 (Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not
properly ...)
+	TODO: check
 CVE-2010-1378
 	RESERVED
-CVE-2010-1377
-	RESERVED
-CVE-2010-1376
-	RESERVED
-CVE-2010-1375
-	RESERVED
-CVE-2010-1374
-	RESERVED
-CVE-2010-1373
-	RESERVED
+CVE-2010-1377 (Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an
...)
+	TODO: check
+CVE-2010-1376 (Multiple format string vulnerabilities in Network Authorization
in ...)
+	TODO: check
+CVE-2010-1375 (NetAuthSysAgent in Network Authorization in Apple Mac OS X
10.5.8 does ...)
+	TODO: check
+CVE-2010-1374 (Directory traversal vulnerability in iChat in Apple Mac OS X
10.5.8, ...)
+	TODO: check
+CVE-2010-1373 (Cross-site scripting (XSS) vulnerability in Help Viewer in Apple
Mac ...)
+	TODO: check
 CVE-2010-1423 (Argument injection vulnerability in the URI handler in (a) Java
NPAPI ...)
 	- sun-java6 6.20-1 (high)
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
@@ -4962,23 +4974,23 @@
 CVE-2010-0547 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and
earlier ...)
 	{DSA-2004-1}
 	- samba 2:3.4.5~dfsg-2 (bug #568942; medium)
-CVE-2010-0546
-	RESERVED
-CVE-2010-0545
-	RESERVED
+CVE-2010-0546 (Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4,
...)
+	TODO: check
+CVE-2010-0545 (The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6
...)
+	TODO: check
 CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit <undetermined>
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37662
 	NOTE: http://trac.webkit.org/changeset/58792
 	NOTE: http://trac.webkit.org/changeset/58796
-CVE-2010-0543
-	RESERVED
+CVE-2010-0543 (ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows
...)
+	TODO: check
 CVE-2010-0542
 	RESERVED
-CVE-2010-0541
-	RESERVED
-CVE-2010-0540
-	RESERVED
+CVE-2010-0541 (Cross-site scripting (XSS) vulnerability in the WEBrick HTTP
server in ...)
+	TODO: check
+CVE-2010-0540 (Cross-site request forgery (CSRF) vulnerability in the web
interface ...)
+	TODO: check
 CVE-2010-0539 (Integer signedness error in the window drawing implementation in
Apple ...)
 	NOT-FOR-US: Apple Java
 CVE-2010-0538 (Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS
X ...)
@@ -25532,8 +25544,8 @@
 	NOT-FOR-US: Cisco Linksys WVC54GC
 CVE-2008-4390 (The Cisco Linksys WVC54GC wireless video camera before firmware
1.25 ...)
 	NOT-FOR-US: Cisco Linksys WVC54GC
-CVE-2008-4389
-	RESERVED
+CVE-2008-4389 (Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS)
6.1.x ...)
+	TODO: check
 CVE-2008-4388 (The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll
in ...)
 	NOT-FOR-US: LaunchObj ActiveX
 CVE-2008-4387 (Unspecified vulnerability in the Simba MDrmSap ActiveX control
in ...)