thr3ads.net - Secure testing commits - [Secure-testing-commits] r15323

If this information is useful, please help other people find it:
Share via:

Raphael Geissert

2010-Sep-14 01:59 UTC

[Secure-testing-commits] r15323 - data/CVE

Author: geissert
Date: 2010-09-14 01:59:32 +0000 (Tue, 14 Sep 2010)
New Revision: 15323

Modified:
   data/CVE/list
Log:
drupal6 CVEified, new issues: piwigo, mailman, mailscanner


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-09-13 21:35:48 UTC (rev 15322)
+++ data/CVE/list	2010-09-14 01:59:32 UTC (rev 15323)
@@ -1,3 +1,12 @@
+CVE-2010-XXXX [piwigo multiple vulnerabilities]
+	- piwigo <unfixed>
+	TODO: check, secunia only reported the XSS one
+	NOTE: http://www.exploit-db.com/exploits/14973/
+CVE-2010-3293 [mailscanner virus updates DoS]
+	- mailscanner <unfixed> (bug #596397; low)
+	NOTE: or even unimportant, the script is not used by default
+CVE-2010-3292 [mailscanner may use spoofed data]
+	- mailscanner <unfixed> (bug #596396; low)
 CVE-2010-3278 (Multiple buffer overflows in the Novell Client novfs module for
the ...)
 	TODO: check
 CVE-2010-3277
@@ -26,10 +35,6 @@
 	RESERVED
 CVE-2010-3265
 	RESERVED
-CVE-2010-XXXX [several security issues in drupal6]
-	- drupal6 6.14-1 (low; bug #592716)
-	NOTE: CVE ids requested, maintainer provides packages
-	NOTE: DSA justified due to XSS, other issues are minor
 CVE-2010-3264 (The engine installer in Novell Identity Manager (aka IDM) 3.6.1
stores ...)
 	NOT-FOR-US: Novell Identity Manager
 CVE-2010-3263 (Cross-site scripting (XSS) vulnerability in
setup/frames/index.inc.php ...)
@@ -511,20 +516,27 @@
 	NOT-FOR-US: WinFrigate Frigate 3 FTP
 CVE-2010-3096 (Directory traversal vulnerability in SoftX FTP Client 3.3 and
possibly ...)
 	NOT-FOR-US: SoftX FTP Client 3.3
-CVE-2010-3095
+CVE-2010-3095 [mailscanner incomplete fix for CVE-2008-5313]
 	RESERVED
-CVE-2010-3094
+	- mailscanner <unfixed> (bug #596403)
+CVE-2010-3094 [drupal Actions cross site scripting]
 	RESERVED
-CVE-2010-3093
+	- drupal6 6.14-1 (low; bug #592716)
+CVE-2010-3093 [drupal Comment unpublishing bypass]
 	RESERVED
-CVE-2010-3092
+	- drupal6 6.14-1 (low; bug #592716)
+CVE-2010-3092 [drupal File download access bypass]
 	RESERVED
-CVE-2010-3091
+	- drupal6 6.14-1 (low; bug #592716)
+CVE-2010-3091 [drupal OpenID authentication bypass]
 	RESERVED
+	- drupal6 6.14-1 (low; bug #592716)
 CVE-2010-3090
 	RESERVED
-CVE-2010-3089
+CVE-2010-3089 [mailman XSS]
 	RESERVED
+	- mailman <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id={631881,631859}
 CVE-2010-3088
 	RESERVED
 CVE-2010-3087

Secure testing commits - Sep 2010 - r15323 - data/CVE

[Secure-testing-commits] r15323 - data/CVE