thr3ads.net - Secure testing commits - [Secure-testing-commits] r15285

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Sep-07 21:15 UTC
[Secure-testing-commits] r15285 - data/CVE

Author: joeyh
Date: 2010-09-07 21:15:43 +0000 (Tue, 07 Sep 2010)
New Revision: 15285

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-09-07 20:39:59 UTC (rev 15284)
+++ data/CVE/list	2010-09-07 21:15:43 UTC (rev 15285)
@@ -1,3 +1,85 @@
+CVE-2010-3243
+	RESERVED
+CVE-2010-3242
+	RESERVED
+CVE-2010-3241
+	RESERVED
+CVE-2010-3240
+	RESERVED
+CVE-2010-3239
+	RESERVED
+CVE-2010-3238
+	RESERVED
+CVE-2010-3237
+	RESERVED
+CVE-2010-3236
+	RESERVED
+CVE-2010-3235
+	RESERVED
+CVE-2010-3234
+	RESERVED
+CVE-2010-3233
+	RESERVED
+CVE-2010-3232
+	RESERVED
+CVE-2010-3231
+	RESERVED
+CVE-2010-3230
+	RESERVED
+CVE-2010-3229
+	RESERVED
+CVE-2010-3228
+	RESERVED
+CVE-2010-3227
+	RESERVED
+CVE-2010-3226
+	RESERVED
+CVE-2010-3225
+	RESERVED
+CVE-2010-3224
+	RESERVED
+CVE-2010-3223
+	RESERVED
+CVE-2010-3222
+	RESERVED
+CVE-2010-3221
+	RESERVED
+CVE-2010-3220
+	RESERVED
+CVE-2010-3219
+	RESERVED
+CVE-2010-3218
+	RESERVED
+CVE-2010-3217
+	RESERVED
+CVE-2010-3216
+	RESERVED
+CVE-2010-3215
+	RESERVED
+CVE-2010-3214
+	RESERVED
+CVE-2010-3213
+	RESERVED
+CVE-2010-3212 (SQL injection vulnerability in index.php in Seagull 0.6.7 and
earlier ...)
+	TODO: check
+CVE-2010-3211 (Multiple SQL injection vulnerabilities in the JE FAQ Pro ...)
+	TODO: check
+CVE-2010-3210 (Multiple PHP remote file inclusion vulnerabilities in
Multi-lingual ...)
+	TODO: check
+CVE-2010-3209 (Multiple PHP remote file inclusion vulnerabilities in Seagull
0.6.7 ...)
+	TODO: check
+CVE-2010-3208 (Cross-site scripting (XSS) vulnerability in ajax.php in Wiccle
Web ...)
+	TODO: check
+CVE-2010-3207 (SQL injection vulnerability in index.php in GaleriaSHQIP 1.0,
when ...)
+	TODO: check
+CVE-2010-3206 (Multiple PHP remote file inclusion vulnerabilities in DiY-CMS
1.0 ...)
+	TODO: check
+CVE-2010-3205 (PHP remote file inclusion vulnerability in index.php in
Textpattern ...)
+	TODO: check
+CVE-2010-3204 (Multiple PHP remote file inclusion vulnerabilities in Pecio CMS
2.0.5 ...)
+	TODO: check
+CVE-2010-3203 (Directory traversal vulnerability in the PicSell (com_picsell)
...)
+	TODO: check
 CVE-2010-XXXX [vlc stack overflow]
 	- vlc <undetermined> (low; bug #595686)
 	NOTE: poc didn''t work.  may be windows-only
@@ -98,7 +180,7 @@
 	RESERVED
 CVE-2010-3156
 	RESERVED
-CVE-2010-3133 (Untrusted search path vulnerability in Wireshark 1.2.10 and
earlier ...)
+CVE-2010-3133 (Untrusted search path vulnerability in Wireshark 0.8.4 through
1.0.15 ...)
 	- wireshark <not-affected> (Only affects Windows port)
 CVE-2010-3131 (Untrusted search path vulnerability in Mozilla Firefox 3.6.8 and
...)
 	- xulrunner <not-affected> (Only affects Windows port)
@@ -251,7 +333,7 @@
 CVE-2010-3112 (Google Chrome before 5.0.375.127 does not properly implement
file ...)
 	- webkit <not-affected> (chromium specific)
 	- chromium-browser 5.0.375.127~r55887-1
-CVE-2010-3111 (Google Chrome before 5.0.375.127 does not properly mitigate an
...)
+CVE-2010-3111 (Google Chrome before 6.0.472.53 does not properly mitigate an
...)
 	- chromium-browser 5.0.375.127~r55887-1
 	- webkit <not-affected> (chromium specific)
 CVE-2010-3110
@@ -332,6 +414,7 @@
 	RESERVED
 CVE-2010-3076 [smbind sql injection]
 	RESERVED
+	{DSA-2103-1}
 	- smbind 0.4.7-5 (high)
 	NOTE: http://packetstormsecurity.org/1009-exploits/smbind-sql.txt
 CVE-2010-3075
@@ -382,6 +465,7 @@
 CVE-2010-3054 (Unspecified vulnerability in FreeType 2.3.9, and other versions
before ...)
 	- freetype 2.4.2-1 (unimportant)
 CVE-2010-3053 (bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to
cause ...)
+	{DSA-2105-1}
 	- freetype 2.4.2-1
 CVE-2010-3056 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
 	{DSA-2097-1}
@@ -612,8 +696,7 @@
 CVE-2010-2955 [infoleak in wireless extensions]
 	RESERVED
 	- linux-2.6 <unfixed>
-CVE-2010-2954 [irda null ptr dereference]
-	RESERVED
+CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel
...)
 	- linux-2.6 <unfixed>
 CVE-2010-2953 [CouchDB insecure library loading]
 	RESERVED
@@ -989,12 +1072,16 @@
 CVE-2010-2809 (The default configuration of the &lt;Button2&gt; binding
in Uzbl before ...)
 	- uzbl 0.0.0~git.20100403-3 (bug #594301)
 CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in ...)
+	{DSA-2105-1}
 	- freetype 2.4.2-1
 CVE-2010-2807 (FreeType before 2.4.2 uses incorrect integer data types during
bounds ...)
+	{DSA-2105-1}
 	- freetype 2.4.2-1
 CVE-2010-2806 (Array index error in the t42_parse_sfnts function in
type42/t42parse.c ...)
+	{DSA-2105-1}
 	- freetype 2.4.2-1
 CVE-2010-2805 (The FT_Stream_EnterFrame function in base/ftstream.c in FreeType
...)
+	{DSA-2105-1}
 	- freetype 2.4.2-1
 CVE-2010-2804
 	RESERVED
@@ -1696,6 +1783,7 @@
 	- git-core 1:1.7.1-1.1 (low; bug #590026)
 	[lenny] - git-core <no-dsa> (Minor issue)
 CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in
FreeType ...)
+	{DSA-2105-1}
 	- freetype 2.4.2-1 (low)
 CVE-2010-2540 (mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before
5.6.4 ...)
 	{DSA-2079-1}
@@ -1721,8 +1809,7 @@
 	NOTE: http://bugs.openttd.org/task/3909
 CVE-2010-2533
 	REJECTED
-CVE-2010-2532
-	RESERVED
+CVE-2010-2532 (** DISPUTED ** ...)
 	- lxsession 0.4.4-3 (bug #591409)
 CVE-2010-2531 (The var_export function in PHP 5.2 before 5.2.14 and 5.3 before
5.3.3 ...)
 	- php5 <unfixed> (low)
@@ -2480,8 +2567,7 @@
 	[lenny] - libvirt <no-dsa> (Minor issue)
 CVE-2010-2241 (The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for
Red ...)
 	NOT-FOR-US: Red Hat Directory Server
-CVE-2010-2240 [mm: keep a guard page below a grow-down stack segment]
-	RESERVED
+CVE-2010-2240 (The do_anonymous_page function in mm/memory.c in the Linux
kernel ...)
 	{DSA-2094-1}
 	- linux-2.6 2.6.32-21
 CVE-2010-2239 (Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new
images ...)
@@ -2514,8 +2600,7 @@
 	- tomcat5.5 <removed>
 	- tomcat6 6.0.28-1 (bug #588813)
 	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
-CVE-2010-2226 [xfs SWAPEXT ioctl permissions bypass]
-	RESERVED
+CVE-2010-2226 (The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux
kernel ...)
 	{DSA-2094-1}
 	- linux-2.6 2.6.32-19
 CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage
unserializer in ...)
@@ -3592,6 +3677,7 @@
 CVE-2010-1798
 	RESERVED
 CVE-2010-1797 (Multiple stack-based buffer overflows in the ...)
+	{DSA-2105-1}
 	- freetype 2.4.2-1
 CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X
10.5 ...)
 	- webkit <undetermined>
@@ -4422,8 +4508,8 @@
 	NOT-FOR-US: IrfanView
 CVE-2010-1508
 	RESERVED
-CVE-2010-1507
-	RESERVED
+CVE-2010-1507 (WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on
the ...)
+	TODO: check
 CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059
allow ...)
 	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <not-affected> (doesn''t use v8 bindings yet)
@@ -5088,8 +5174,8 @@
 	RESERVED
 	- cvsnt <unfixed> (medium; bug #593884)
 	NOTE: http://march-hare.com/cvspro/vuln.htm
-CVE-2010-1325
-	RESERVED
+CVE-2010-1325 (Cross-site request forgery (CSRF) vulnerability in the
apache2-slms ...)
+	TODO: check
 CVE-2010-1324
 	RESERVED
 CVE-2010-1323
Secure testing commits - Sep 2010 - r15285 - data/CVE

[Secure-testing-commits] r15285 - data/CVE
