thr3ads.net - Secure testing commits - [Secure-testing-commits] r15132

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Aug-04 09:14 UTC
[Secure-testing-commits] r15132 - data/CVE

Author: joeyh
Date: 2010-08-04 09:14:34 +0000 (Wed, 04 Aug 2010)
New Revision: 15132

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-08-04 04:27:52 UTC (rev 15131)
+++ data/CVE/list	2010-08-04 09:14:34 UTC (rev 15132)
@@ -1,3 +1,15 @@
+CVE-2010-2930 (Multiple stack-based buffer overflows in hsolinkcontrol in
hsolink ...)
+	TODO: check
+CVE-2010-2929 (hsolinkcontrol in hsolink 1.0.118 allows local users to gain
...)
+	TODO: check
+CVE-2010-2928
+	RESERVED
+CVE-2010-2927 (The slapi_printmessage function in IBM Tivoli Directory Server
(ITDS) ...)
+	TODO: check
+CVE-2009-4976 (Cross-site scripting (XSS) vulnerability in webkitpart.cpp in
...)
+	TODO: check
+CVE-2009-4975 (Cross-site scripting (XSS) vulnerability in webview.cpp in ...)
+	TODO: check
 CVE-2010-XXXX [Insufficient stripping of CR/LF allows arbitrary IRC command
execution]
 	- libpoe-component-irc-perl 6.32+dfsg-1
 	[lenny] - libpoe-component-irc-perl <no-dsa> (#581194)
@@ -180,7 +192,7 @@
 	NOT-FOR-US: Lanai Core
 CVE-2009-4959 (SQL injection vulnerability in the T3M E-Mail Marketing Tool
(t3m) ...)
 	NOT-FOR-US: T3M E-Mail Marketing Tool
-CVE-2009-4958 (SQL injection vulnerability in video.php in EMO Breader Manager
allows ...)
+CVE-2009-4958 (SQL injection vulnerability in video.php in EMO Breeder Manager
(aka ...)
 	NOT-FOR-US: EMO Breader Manager
 CVE-2010-XXXX [dovecot Maildir ACL issue]
 	- dovecot 1.2.13-1
@@ -306,6 +318,7 @@
 	RESERVED
 CVE-2010-2801 [Integer wrap-around (crash) by processing certain *.cab files in
test archive mode]
 	RESERVED
+	{DSA-2087-1}
 	- cabextract 1.3-1 (bug #591552)
 CVE-2010-2800 [Infinite loop in MS-ZIP and Quantum decoders]
 	RESERVED
@@ -350,11 +363,11 @@
 	- mediawiki 1:1.15.5-1 (bug #590660; low)
 	[lenny] - mediawiki <no-dsa> (Minor issue)
 	NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
-CVE-2010-2786
-	RESERVED
-CVE-2010-2785
-	RESERVED
+CVE-2010-2786 (Directory traversal vulnerability in Piwik 0.6 through 0.6.3
allows ...)
+	TODO: check
+CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693
does not ...)
 	{DSA-2078-1}
+	TODO: check
 CVE-2010-2784
 	RESERVED
 CVE-2010-2783
@@ -769,8 +782,8 @@
 	RESERVED
 CVE-2010-2634
 	RESERVED
-CVE-2010-2633
-	RESERVED
+CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before
3.2.7, ...)
+	TODO: check
 CVE-2010-2632
 	RESERVED
 CVE-2010-2631 (LibTIFF 3.9.0 ignores tags in certain situations during the
first ...)
@@ -974,12 +987,12 @@
 	[lenny] - git-core <no-dsa> (Minor issue)
 CVE-2010-2541
 	RESERVED
-CVE-2010-2540
-	RESERVED
+CVE-2010-2540 (mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before
5.6.4 ...)
 	{DSA-2079-1}
-CVE-2010-2539
-	RESERVED
+	TODO: check
+CVE-2010-2539 (Buffer overflow in the msTmpFile function in maputil.c in
mapserv in ...)
 	{DSA-2079-1}
+	TODO: check
 CVE-2010-2538 [btrfs issue]
 	RESERVED
 	- linux-2.6 <unfixed>
@@ -988,8 +1001,8 @@
 	RESERVED
 	- linux-2.6 <unfixed>
 	[lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.29)
-CVE-2010-2536
-	RESERVED
+CVE-2010-2536 (Multiple cross-site scripting (XSS) vulnerabilities in rekonq
0.5 and ...)
+	TODO: check
 CVE-2010-2535
 	RESERVED
 CVE-2010-2534 (The NetworkSyncCommandQueue function in
network/network_command.cpp in ...)
@@ -1287,6 +1300,7 @@
 CVE-2010-2420 (Multiple unspecified vulnerabilities in Fenrir Inc.
ActiveGeckoBrowser ...)
 	NOT-FOR-US: Sleipnir
 CVE-2008-7258 [ssmtp buffer overflow]
+	RESERVED
 	- ssmtp <unfixed> (bug #591515)
 CVE-2008-7257 (CRLF injection vulnerability in +webvpn+/index.html in WebVPN on
Cisco ...)
 	NOT-FOR-US: Cisco Adaptive Security Appliances
@@ -1507,8 +1521,7 @@
 	- pcsc-lite <not-affected> (Covered by initial CVE-2010-0407 fix)
 	NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=596426#c20 for an
explanation
 	NOTE: of the weird CVE assignments on this one
-CVE-2010-2320 [information disclosure: existing vs non-existing users]
-	RESERVED
+CVE-2010-2320 (bozotic HTTP server (aka bozohttpd) before 20100621 allows
remote ...)
 	- bozohttpd 20100621-1 (low; bug #590298)
 	[lenny] - bozohttpd <no-dsa> (Minor information leak)
 CVE-2010-2319 (SQL injection vulnerability in index.php in IDevSpot TextAds
2.08 ...)
@@ -1598,8 +1611,7 @@
 	RESERVED
 CVE-2009-4897 (Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and
earlier ...)
 	- ghostscript 8.70~dfsg-1
-CVE-2009-4896
-	RESERVED
+CVE-2009-4896 (Multiple directory traversal vulnerabilities in the
mlmmj-php-admin ...)
 	{DSA-2073-1}
 	- mlmmj 1.2.17-1.1 (bug #588038)
 CVE-2010-2294 (Cross-site request forgery (CSRF) vulnerability in Plume CMS
1.2.4 and ...)
@@ -1724,6 +1736,7 @@
 CVE-2010-2252 (GNU Wget 1.12 and earlier uses a server-provided filename
instead of ...)
 	- wget <unfixed> (low; bug #590296)
 CVE-2010-2251 (The get1 command, as used by lftpget, in LFTP before 4.0.6 does
not ...)
+	{DSA-2085-1}
 	- lftp 4.0.6-1 (low)
 	[lenny] - lftp <no-dsa> (Minor issue)
 	NOTE: http://www.ocert.org/advisories/ocert-2010-001.html
@@ -1746,6 +1759,7 @@
 CVE-2010-2245
 	RESERVED
 CVE-2010-2244 (The AvahiDnsPacket function in avahi-core/socket.c in
avahi-daemon in ...)
+	{DSA-2086-1}
 	- avahi 0.6.26-1
 CVE-2010-2243 [timekeeping oops]
 	RESERVED
@@ -1864,8 +1878,7 @@
 	- dpkg 1.10.19 (bug #225692)
 CVE-2010-2196
 	RESERVED
-CVE-2010-2195 [bozohttpd DoS through code miscompilation]
-	RESERVED
+CVE-2010-2195 (bozotic HTTP server (aka bozohttpd) 20090522 through 20100512
allows ...)
 	- bozohttpd 20100621-1 (low; bug #590298)
 	[lenny] - bozohttpd <not-affected> (Only affects 20090522 to 20100512)
 CVE-2010-2194
@@ -2871,8 +2884,8 @@
 	- chromium-browser <undetermined>
 CVE-2010-1795
 	RESERVED
-CVE-2010-1794
-	RESERVED
+CVE-2010-1794 (The webdav_mount function in webdav_vfsops.c in the WebDAV
kernel ...)
+	TODO: check
 CVE-2010-1793 (Multiple use-after-free vulnerabilities in WebKit in Apple
Safari ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
@@ -3227,8 +3240,7 @@
 	RESERVED
 CVE-2010-1672
 	RESERVED
-CVE-2010-1671 [hsolink local root exploit]
-	RESERVED
+CVE-2010-1671 (hsolinkcontrol in hsolink 1.0.118 allows local users to gain
...)
 	- hsolink <removed> (bug #590670)
 CVE-2010-1670 (Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5
has ...)
 	{DSA-2067-1}
@@ -3637,10 +3649,10 @@
 	NOT-FOR-US: TaskFreak! Original multi user
 CVE-2010-1519
 	RESERVED
-CVE-2010-1518
-	RESERVED
-CVE-2010-1517
-	RESERVED
+CVE-2010-1518 (Array index error in the SetDLInfo method in the GIGABYTE Dldrv2
...)
+	TODO: check
+CVE-2010-1517 (The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote
attackers ...)
+	TODO: check
 CVE-2010-1516
 	RESERVED
 CVE-2010-1515 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
@@ -20612,6 +20624,7 @@
 	{DSA-1735-1}
 	- znc 0.066-1 (bug #516950)
 CVE-2009-0758 (The originates_from_local_legacy_unicast_socket function in ...)
+	{DSA-2086-1}
 	- avahi 0.6.24-3 (low; bug #517683)
 	[etch] - avahi <no-dsa> (Minor issue)
 	NOTE: reflector is off by default
Secure testing commits - Aug 2010 - r15132 - data/CVE

[Secure-testing-commits] r15132 - data/CVE
