Author: jmm-guest
Date: 2010-10-04 17:16:10 +0000 (Mon, 04 Oct 2010)
New Revision: 15417
Modified:
data/CVE/list
Log:
- correct tiff version number
- new svn issue (already fixed)
- mistelix and scilab fixed
- fix entries for previous mysql issues
- remove interchange CVE dupe, further cleanup on CVE-less issues
- cleanups on older gnome-power-manager non-issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-10-04 10:02:06 UTC (rev 15416)
+++ data/CVE/list 2010-10-04 17:16:10 UTC (rev 15417)
@@ -81,9 +81,9 @@
CVE-2010-3687 (Unspecified vulnerability in the powermail extension 1.5.3 and
earlier ...)
NOT-FOR-US: powermail extension 1.5.3 for typo3
CVE-2010-3686 (The OpenID module in Drupal 6.x before 6.18, and the OpenID
module 5.x ...)
- TODO: check
+ TODO: check, apparently bogus dupes, contact MITRE for rejection
CVE-2010-3685 (The OpenID module in Drupal 6.x before 6.18, and the OpenID
module 5.x ...)
- TODO: check
+ TODO: check, apparently bogus dupes, contact MITRE for rejection
CVE-2010-XXXX [bind9 two issues]
- bind9 <unfixed>
TODO: check
@@ -109,36 +109,36 @@
NOT-FOR-US: Synology Disk Station
CVE-2010-3683
RESERVED
- - mysql-5.1 <unfixed> (bug #598580)
- - mysql-dfsg-5.0 <unfixed>
+ - mysql-5.1 5.1.49-1 (bug #598580)
+ - mysql-dfsg-5.0 <removed>
CVE-2010-3682
RESERVED
- - mysql-5.1 <unfixed> (bug #598580)
- - mysql-dfsg-5.0 <unfixed>
+ - mysql-5.1 5.1.49-1 (bug #598580)
+ - mysql-dfsg-5.0 <removed>
CVE-2010-3681
RESERVED
- - mysql-5.1 <unfixed> (bug #598580)
- - mysql-dfsg-5.0 <unfixed>
+ - mysql-5.1 5.1.49-1 (bug #598580)
+ - mysql-dfsg-5.0 <removed>
CVE-2010-3680
RESERVED
- - mysql-5.1 <unfixed> (bug #598580)
- - mysql-dfsg-5.0 <unfixed>
+ - mysql-5.1 5.1.49-1 (bug #598580)
+ - mysql-dfsg-5.0 <removed>
CVE-2010-3679
RESERVED
- - mysql-5.1 <unfixed> (bug #598580)
- - mysql-dfsg-5.0 <unfixed>
+ - mysql-5.1 5.1.49-1 (bug #598580)
+ - mysql-dfsg-5.0 <removed>
CVE-2010-3678
RESERVED
- - mysql-5.1 <unfixed> (bug #598580)
- - mysql-dfsg-5.0 <unfixed>
+ - mysql-5.1 5.1.49-1 (bug #598580)
+ - mysql-dfsg-5.0 <removed>
CVE-2010-3677
RESERVED
- - mysql-5.1 <unfixed> (bug #598580)
- - mysql-dfsg-5.0 <unfixed>
+ - mysql-5.1 5.1.49-1 (bug #598580)
+ - mysql-dfsg-5.0 <removed>
CVE-2010-3676
RESERVED
- - mysql-5.1 <unfixed> (bug #598580)
- - mysql-dfsg-5.0 <unfixed>
+ - mysql-5.1 5.1.49-1 (bug #598580)
+ - mysql-dfsg-5.0 <removed>
CVE-2010-3675
RESERVED
CVE-2010-3658
@@ -673,7 +673,6 @@
CVE-2010-3442 [heap corruption in snd_ctl_new]
RESERVED
- linux-2.6 <unfixed>
- TODO: check
NOTE:
http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=5591bf07225523600450edd9e6ad258bb877b779
CVE-2010-3441
RESERVED
@@ -889,7 +888,7 @@
RESERVED
CVE-2010-3378
RESERVED
- - scilab <unfixed> (bug #598423; bug #598422)
+ - scilab 5.2.2-8 (bug #598423; bug #598422)
[lenny] - scilab <no-dsa> (Non-free not supported)
CVE-2010-3377
RESERVED
@@ -925,7 +924,7 @@
- mn-fit <unfixed> (bug #598298)
CVE-2010-3365
RESERVED
- - mistelix <unfixed> (bug #598297)
+ - mistelix 0.31-2 (low; bug #598297)
CVE-2010-3364
RESERVED
- vips <unfixed> (bug #598296)
@@ -1049,6 +1048,7 @@
NOTE: see 20100927201729.GB4485 at openwall.com
CVE-2010-3315
RESERVED
+ - subversion 1.6.12dfsg-2 (low)
CVE-2010-3314 (Cross-site scripting (XSS) vulnerability in login.php in
EGroupware ...)
{DSA-2013-1}
- egroupware <removed> (high; bug #573279)
@@ -1111,7 +1111,6 @@
RESERVED
NOTE: assigned to linux-2.6, but claimed not a problem:
http://www.openwall.com/lists/oss-security/2010/09/15/2
NOTE: will probably get rejected
- TODO: check
CVE-2010-3291
RESERVED
CVE-2010-3290
@@ -1251,13 +1250,11 @@
CVE-2010-3244 (BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly
...)
NOT-FOR-US: Blackboard Transact Suite
CVE-2009-4997 (gnome-power-manager 2.27.92 does not properly implement the ...)
- - gnome-power-manager <unfixed>
- TODO: check
+ - gnome-power-manager 2.28.0-1 (unimportant)
CVE-2009-4996 (** DISPUTED ** ...)
- TODO: check
+ NOTE: Disputed non-issue
CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the ...)
- - gnome-power-manager <unfixed>
- TODO: check
+ - gnome-power-manager 2.28.0-1 (unimportant)
CVE-2010-3306 (Directory traversal vulnerability in the modURL function in
instance.c ...)
- weborf 0.12.3-1 (bug #596112)
CVE-2010-3243
@@ -3294,7 +3291,7 @@
CVE-2010-2484 (The strrchr function in PHP 5.2 before 5.2.14 allows
context-dependent ...)
- php5 5.3.3-1 (unimportant)
CVE-2010-2483 (The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote
attackers ...)
- - tiff 3.9.4-1 (unimportant)
+ - tiff 3.9.4-4 (unimportant)
CVE-2010-2482 (LibTIFF 3.9.4 and earlier does not properly handle an invalid
...)
- tiff 3.9.4-1 (unimportant)
CVE-2010-2481 (The TIFFExtractData macro in LibTIFF before 3.9.4 does not
properly ...)
@@ -16298,7 +16295,7 @@
CVE-2008-6946 (Cross-site scripting (XSS) vulnerability in manageproject.php in
...)
NOT-FOR-US: Collabtive
CVE-2008-6945 (Multiple cross-site scripting (XSS) vulnerabilities in
Interchange 5.7 ...)
- - interchange 5.6.1-1 (low)
+ - interchange 5.6.1-1 (low; bug #505732)
CVE-2008-6944 (Unrestricted file upload vulnerability in ScriptsFeed Auto
Classifieds ...)
NOT-FOR-US: ScriptsFeed Auto Classifieds
CVE-2008-6943 (Unrestricted file upload vulnerability in ScriptsFeed Recipes
Listing ...)
@@ -16494,9 +16491,6 @@
[etch] - groff <not-affected> (pdfroff not yet present)
[lenny] - groff <not-affected> (pdfroff not yet present)
NOTE: requested CVE ids
-CVE-2009-XXXX [apache2: only first 8 characters used to validate password]
- - apache2 <unfixed> (unimportant; bug #539246)
- NOTE: Standard behaviour of crypt, enhancement bug for stronger method
CVE-2009-XXXX [xscreensaver: local screen lock bypassable via low resolution
video devices]
- xscreensaver 5.05-3+nmu1 (low; bug #539699)
[etch] - xscreensaver <not-affected> (vulnerable code not present)
@@ -18496,10 +18490,6 @@
NOT-FOR-US: Sun Solaris
CVE-2009-2028 (Multiple unspecified vulnerabilities in Adobe Reader 7 and
Acrobat 7 ...)
NOT-FOR-US: Adobe
-CVE-2009-XXXX [adtool leaks password in environment]
- - adtool 1.3.2-1 (unimportant)
- NOTE: adtool has safe means to specify the password, so this boils
- NOTE: down to potential insecure usage
CVE-2009-2027 (The Installer in Apple Safari before 4.0 on Windows allows local
users ...)
NOT-FOR-US: Apple Safari
CVE-2009-2026 (Stack-based buffer overflow in a token searching function in the
...)
@@ -28061,9 +28051,6 @@
NOT-FOR-US: Novell eDirectory
CVE-2008-5037 (SQL injection vulnerability in view.php in ElkaGroup Image
Gallery 1.0 ...)
NOT-FOR-US: ElkaGroup Image Gallery
-CVE-2008-XXXX [interchange Cross-Site Scripting Vulnerabilities]
- - interchange 5.6.1-1 (bug #505732)
- NOTE: this is SA32658
CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend]
- typo3-src 4.2.3-1 (bug #505326)
[etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not
affected)