Author: joeyh
Date: 2010-08-20 21:14:47 +0000 (Fri, 20 Aug 2010)
New Revision: 15179
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-08-20 13:23:16 UTC (rev 15178)
+++ data/CVE/list 2010-08-20 21:14:47 UTC (rev 15179)
@@ -1,7 +1,15 @@
+CVE-2010-3057
+ RESERVED
+CVE-2010-3054 (Unspecified vulnerability in FreeType 2.3.9, and other versions
before ...)
+ TODO: check
+CVE-2010-3053 (bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to
cause ...)
+ TODO: check
CVE-2010-3056 [phpmyadmin PMASA-2010-5 Several XSS vulnerabilities were found
in the code.]
+ RESERVED
- phpmyadmin 4:3.3.5.1-1
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php
CVE-2010-3055 [phpmyadmin PMASA-2010-4 Insufficient output sanitizing when
generating configuration file.]
+ RESERVED
- phpmyadmin <not-affected> (Affects only 2.x branch)
[lenny] - phpmyadmin <unfixed>
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php
@@ -242,9 +250,9 @@
RESERVED
CVE-2010-2945
RESERVED
-CVE-2010-2944 (Authentication problem in zope-ldapuser)
- - zope-ldapuserfolder <unfixed> (high; bug #593466)
+CVE-2010-2944
RESERVED
+ - zope-ldapuserfolder <unfixed> (high; bug #593466)
CVE-2010-2943 [xfs infoleak]
RESERVED
- linux-2.6 <unfixed>
@@ -573,8 +581,7 @@
TODO: check
CVE-2010-2814 (Unspecified vulnerability in the Transport Layer Security (TLS)
...)
TODO: check
-CVE-2010-2813 [squirrelmail denial of service with 8bit login characters]
- RESERVED
+CVE-2010-2813 (functions/imap_general.php in SquirrelMail before 1.4.21 does
not ...)
{DSA-2091-1}
- squirrelmail 2:1.4.21-1 (low)
[lenny] - squirrelmail <no-dsa> (low-risk issue)
@@ -584,19 +591,15 @@
RESERVED
CVE-2010-2810
RESERVED
-CVE-2010-2809
- RESERVED
-CVE-2010-2808
- RESERVED
+CVE-2010-2809 (The default configuration of the <Button2> binding
in Uzbl before ...)
+ TODO: check
+CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in ...)
- freetype 2.4.2-1
-CVE-2010-2807
- RESERVED
+CVE-2010-2807 (FreeType before 2.4.2 uses incorrect integer data types during
bounds ...)
- freetype 2.4.2-1
-CVE-2010-2806
- RESERVED
+CVE-2010-2806 (Array index error in the t42_parse_sfnts function in
type42/t42parse.c ...)
- freetype 2.4.2-1
-CVE-2010-2805
- RESERVED
+CVE-2010-2805 (The FT_Stream_EnterFrame function in base/ftstream.c in FreeType
...)
- freetype 2.4.2-1
CVE-2010-2804
RESERVED
@@ -1273,8 +1276,8 @@
CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in
...)
- git-core 1:1.7.1-1.1 (low; bug #590026)
[lenny] - git-core <no-dsa> (Minor issue)
-CVE-2010-2541
- RESERVED
+CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in
FreeType ...)
+ TODO: check
CVE-2010-2540 (mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before
5.6.4 ...)
{DSA-2079-1}
- mapserver 5.6.4-1
@@ -1311,8 +1314,7 @@
[lenny] - iputils <no-dsa> (Minor issue)
CVE-2010-2528 (The clientautoresp function in family_icbm.c in the oscar
protocol ...)
- pidgin 2.7.2-1
-CVE-2010-2527
- RESERVED
+CVE-2010-2527 (Multiple buffer overflows in demo programs in FreeType before
2.4.0 ...)
{DSA-2070-1}
- freetype 2.4.0-1
CVE-2010-2526 (The cluster logical volume manager daemon (clvmd) in
lvm2-cluster in ...)
@@ -1329,13 +1331,12 @@
CVE-2010-2521
RESERVED
{DSA-2094-1}
-CVE-2010-2520 [freetype]
- RESERVED
+CVE-2010-2520 (Heap-based buffer overflow in the Ins_IUP function in ...)
{DSA-2070-1}
- freetype 2.4.0-1
-CVE-2010-2519
- RESERVED
+CVE-2010-2519 (Heap-based buffer overflow in the Mac_Read_POST_Resource
function in ...)
{DSA-2070-1}
+ TODO: check
CVE-2010-2518 (Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1
before ...)
NOT-FOR-US: P8 Content Search Engine
CVE-2010-2517 (Multiple unspecified vulnerabilities in IBM Rational ClearQuest
before ...)
@@ -1400,20 +1401,16 @@
NOT-FOR-US: Splunk
CVE-2010-2501
RESERVED
-CVE-2010-2500 [freetype]
- RESERVED
+CVE-2010-2500 (Integer overflow in the gray_render_span function in
smooth/ftgrays.c ...)
{DSA-2070-1}
- freetype 2.4.0-1
-CVE-2010-2499 [freetype]
- RESERVED
+CVE-2010-2499 (Buffer overflow in the Mac_Read_POST_Resource function in ...)
{DSA-2070-1}
- freetype 2.4.0-1
-CVE-2010-2498 [freetype]
- RESERVED
+CVE-2010-2498 (The psh_glyph_find_strong_points function in pshinter/pshalgo.c
in ...)
{DSA-2070-1}
- freetype 2.4.0-1
-CVE-2010-2497 [freetype]
- RESERVED
+CVE-2010-2497 (Integer underflow in glyph handling in FreeType before 2.4.0
allows ...)
{DSA-2070-1}
- freetype 2.4.0-1
CVE-2010-2496
@@ -2057,8 +2054,7 @@
CVE-2010-2243 [timekeeping oops]
RESERVED
- linux-2.6 2.6.32-11
-CVE-2010-2242 [libvirt privilege scalation because of improperly mapped source
privileged ports]
- RESERVED
+CVE-2010-2242 (Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with
...)
- libvirt 0.8.3-1 (low)
[lenny] - libvirt <no-dsa> (Minor issue)
CVE-2010-2241 (The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for
Red ...)
@@ -2067,24 +2063,21 @@
RESERVED
{DSA-2094-1}
- linux-2.6 2.6.32-21
-CVE-2010-2239 [libvirt not setting user defined backing store format]
- RESERVED
+CVE-2010-2239 (Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new
images ...)
- libvirt 0.8.3-1 (low)
[lenny] - libvirt <not-affected> (only affects >= 0.6.0)
-CVE-2010-2238 [libvirt: ignoring defined disk backing store format when
recursing into disk image backing stores]
- RESERVED
+CVE-2010-2238 (Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into
...)
- libvirt 0.8.3-1
[lenny] - libvirt <not-affected> (only affects >= 0.7.2)
-CVE-2010-2237 [libvirt: ignoring defined main disk format when looking up disk
backing stores]
- RESERVED
+CVE-2010-2237 (Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk
backing ...)
- libvirt 0.8.3-1
[lenny] - libvirt <not-affected> (only affects >= 0.6.1)
CVE-2010-2236
RESERVED
CVE-2010-2235
RESERVED
-CVE-2010-2234
- RESERVED
+CVE-2010-2234 (Cross-site request forgery (CSRF) vulnerability in Apache
CouchDB ...)
+ TODO: check
CVE-2010-2233 (tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms,
as used ...)
- tiff 3.9.1-1
[lenny] - tiff <not-affected> (Only affects 3.9.x)
@@ -2473,8 +2466,8 @@
NOT-FOR-US: DataTrack System
CVE-2010-2077
REJECTED
-CVE-2010-2076
- RESERVED
+CVE-2010-2076 (Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x
before ...)
+ TODO: check
CVE-2010-2075 (UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from
...)
- unrealircd <itp> (bug #515130)
CVE-2010-2074 (istream.c in w3m 0.5.2 and possibly other versions, when ...)
@@ -3176,7 +3169,7 @@
TODO: check
CVE-2010-1798
RESERVED
-CVE-2010-1797 (Stack-based buffer overflow in FreeType in Apple iOS before
4.0.2 on ...)
+CVE-2010-1797 (Multiple stack-based buffer overflows in the ...)
- freetype 2.4.2-1
CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X
10.5 ...)
- webkit <undetermined>
@@ -3312,8 +3305,7 @@
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37760
NOTE: http://trac.webkit.org/changeset/59263
-CVE-2010-1760
- RESERVED
+CVE-2010-1760 (loader/DocumentThreadableLoader.cpp in the XMLHttpRequest ...)
- webkit 1.2.2-1
- chromium-browser 5.0.375.99~r51029-2
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37781
@@ -4500,8 +4492,7 @@
NOTE: http://trac.webkit.org/changeset/54129
NOTE: http://trac.webkit.org/changeset/54141
NOTE: http://trac.webkit.org/changeset/54265
-CVE-2010-1386
- RESERVED
+CVE-2010-1386 (page/Geolocation.cpp in WebCore in WebKit before r56188 does not
...)
- webkit 1.2.2-1
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36255