Author: jmm-guest
Date: 2010-06-24 17:18:39 +0000 (Thu, 24 Jun 2010)
New Revision: 14901
Modified:
data/CVE/list
Log:
CVE assignments
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-06-24 17:12:43 UTC (rev 14900)
+++ data/CVE/list 2010-06-24 17:18:39 UTC (rev 14901)
@@ -2160,7 +2160,10 @@
NOT-FOR-US: Wolfram Research webMathematica
CVE-2009-4811 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the
VMware ...)
NOT-FOR-US: VMware
-CVE-2010-XXXX [gitolite two weaknesses]
+CVE-2010-2447 [gitolite "not filtering src/ or hooks/ from
pathnames"]
+ - gitolite 1.4.2-1 (low)
+ NOTE: http://secunia.com/advisories/39587/
+CVE-2010-2448 [gitolite os command injection]
- gitolite 1.4.2-1 (medium)
NOTE: http://secunia.com/advisories/39587/
CVE-2010-1558 (Unspecified vulnerability in HP Multifunction Peripheral (MFP)
Digital ...)
@@ -2784,7 +2787,7 @@
CVE-2010-1423 (Argument injection vulnerability in the URI handler in (a) Java
NPAPI ...)
- sun-java6 6.20-1 (high)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2010-XXXX [gource: predictable log file located in /tmp]
+CVE-2010-2449 [gource: predictable log file located in /tmp]
- gource 0.26-2 (low; bug #577958)
CVE-2010-XXXX [webkit: lots of dns lookups]
- webkit <unfixed> (unimportant; bug #578019)
@@ -3504,11 +3507,11 @@
NOT-FOR-US: ws_ecard extension for typo3
CVE-2009-4739 (PHP remote file inclusion vulnerability in index.php in SkaDate
Dating ...)
NOT-FOR-US: SkaDate Dating
-CVE-2010-XXXX [freeciv lua]
+CVE-2010-2445 [freeciv lua]
- freeciv <unfixed> (low; bug #584589)
[lenny] - freeciv <no-dsa> (Minor issue)
NOTE: http://gna.org/bugs/?15624
-CVE-2010-XXXX [Rbot Owner Reaction Command Execution]
+CVE-2010-2446 [Rbot Owner Reaction Command Execution]
- rbot 0.9.14-2 (bug #575286)
[lenny] - rbot <not-affected> ("reaction" plugin not present
in 0.9.10)
[etch] - rbot <not-affected> ("reaction" plugin not present in
0.9.10)
@@ -4426,7 +4429,7 @@
NOTE: Documentation advises against adding password data to the respective
config file
CVE-2010-XXXX [irssi emote leak]
- irssi-plugin-otr <unfixed> (unimportant; bug #569506)
-CVE-2010-XXXX [shibboleth-sp2: world-readable key]
+CVE-2010-2450 [shibboleth-sp2: world-readable key]
- shibboleth-sp2 2.3.1+dfsg-2 (low; bug #571631)
[lenny] - shibboleth-sp2 <no-dsa> (Minor issue)
- shibboleth-sp <not-affected> (Vulnerable code not present)
@@ -5709,7 +5712,7 @@
- bozohttpd 20090522-2 (low; bug #566325)
[lenny] - bozohttpd <no-dsa> (Minor issue)
[etch] - bozohttpd <no-dsa> (Minor issue)
-CVE-2010-XXXX [maradns null pointer dereference]
+CVE-2010-2444 [maradns null pointer dereference]
- maradns <unfixed> (low; bug #584587)
[lenny] - maradns <no-dsa> (minor issue)
[etch] - maradns <not-affected> (vulnerable code introduced in 1.3.03)