Moritz Muehlenhoff
2010-Sep-27 09:47 UTC
[Secure-testing-commits] r15376 - in data: CVE DSA
Author: jmm-guest
Date: 2010-09-27 09:47:24 +0000 (Mon, 27 Sep 2010)
New Revision: 15376
Modified:
data/CVE/list
data/DSA/list
Log:
- egroupware finally CVEfied
- mingetty fixed
- upcoming kernel fixes
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-09-27 06:58:01 UTC (rev 15375)
+++ data/CVE/list 2010-09-27 09:47:24 UTC (rev 15376)
@@ -328,8 +328,9 @@
RESERVED
CVE-2010-3433
RESERVED
-CVE-2010-3432
+CVE-2010-3432 [sctp: Do not reset the packet during sctp_packet_config()]
RESERVED
+ - linux-2.6 2.6.32-24
CVE-2010-3431
RESERVED
CVE-2010-3430
@@ -337,7 +338,7 @@
CVE-2010-3429
RESERVED
CVE-2010-XXXX [mingetty directory traversal]
- - mingetty <unfixed> (medium; bug #597382)
+ - mingetty 1.07-2 (medium; bug #597382)
CVE-2010-XXXX [config file world readable]
- sabnzbdplus 0.5.4-1 (low; bug #593829)
CVE-2010-XXXX [pin shown locally in cleartext]
@@ -615,9 +616,11 @@
CVE-2010-3315
RESERVED
CVE-2010-3314 (Cross-site scripting (XSS) vulnerability in login.php in
EGroupware ...)
- - egroupware <removed>
+ - egroupware <removed> (high; bug #573279)
+ [lenny] - egroupware 1.4.004-2.dfsg-4.2
CVE-2010-3313
(phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php
...)
- - egroupware <removed>
+ - egroupware <removed> (high; bug #573279)
+ [lenny] - egroupware 1.4.004-2.dfsg-4.2
CVE-2010-3312
RESERVED
CVE-2010-3311
@@ -658,16 +661,13 @@
NOTE: http://usenix.org/events/woot10/tech/full_papers/Rizzo.pdf
CVE-2010-3298 [net/usb/hso.c: reading uninitialized memory]
RESERVED
- - linux-2.6 <unfixed>
- NOTE: see RH''s bugzilla
+ - linux-2.6 2.6.32-24
CVE-2010-3297 [net/eql.c: reading uninitialized stack memory]
RESERVED
- - linux-2.6 <unfixed>
- NOTE: see RH''s bugzilla
+ - linux-2.6 2.6.32-24
CVE-2010-3296 [cxgb3/cxgb3_main.c reading uninitialized stack memory]
RESERVED
- - linux-2.6 <unfixed>
- NOTE: see RH''s bugzilla
+ - linux-2.6 2.6.32-24
CVE-2010-3295 [drivers/net/tulip/de4x5.c: reading uninitialized stack memory]
RESERVED
NOTE: assigned to linux-2.6, but claimed not a problem:
http://www.openwall.com/lists/oss-security/2010/09/15/2
@@ -1270,7 +1270,6 @@
RESERVED
{DSA-2110-1}
- linux-2.6 2.6.32-23 (high)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3081
CVE-2010-3080 (Double free vulnerability in the snd_seq_oss_open function in
...)
{DSA-2110-1}
- linux-2.6 <unfixed>
@@ -1278,8 +1277,7 @@
RESERVED
CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c
in the ...)
{DSA-2110-1}
- - linux-2.6 <unfixed>
- NOTE: see RH''s bugzilla
+ - linux-2.6 2.6.32-24
CVE-2010-3077 [horde XSS in icon_browser.php]
RESERVED
- horde3 <unfixed>
@@ -1312,7 +1310,7 @@
CVE-2010-3068
RESERVED
CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the
Linux ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-24
CVE-2010-3066
RESERVED
CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write
function in ...)
@@ -7312,10 +7310,6 @@
- mediawiki 1:1.15.2-1 (low)
[lenny] - mediawiki 1:1.12.0-2lenny4
NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
-CVE-2010-XXXX [egroupware issues]
- - egroupware <removed> (high; bug #573279)
- [lenny] - egroupware 1.4.004-2.dfsg-4.2
- NOTE: DSA-2013
CVE-2010-0946 (SQL injection vulnerability in the Keep It Simple Stupid (KISS)
...)
NOT-FOR-US: com_ksadvertiser component for Joomla!
CVE-2010-0945 (SQL injection vulnerability in the HotBrackets Tournament
Brackets ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2010-09-27 06:58:01 UTC (rev 15375)
+++ data/DSA/list 2010-09-27 09:47:24 UTC (rev 15376)
@@ -305,6 +305,7 @@
{CVE-2010-0668 CVE-2010-0669 CVE-2010-0717}
[lenny] - moin 1.7.1-3+lenny3
[11 Mar 2010] DSA-2013-1 egroupware - several vulnerabilities
+ {CVE-2010-3313 CVE-2010-3314}
[lenny] - egroupware 1.4.004-2.dfsg-4.2
[11 Mar 2010] DSA-2012-1 linux-2.6 - several issues
{CVE-2009-3725 CVE-2010-0622}