Secure testing commits - Oct 2010 - r15435 - data/CVE

Author: jmm-guest
Date: 2010-10-07 07:08:10 +0000 (Thu, 07 Oct 2010)
New Revision: 15435

Modified:
   data/CVE/list
Log:
horde CVE assignments


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-10-07 06:58:25 UTC (rev 15434)
+++ data/CVE/list	2010-10-07 07:08:10 UTC (rev 15435)
@@ -186,12 +186,18 @@
 	RESERVED
 CVE-2010-3696
 	RESERVED
-CVE-2010-3695
+CVE-2010-3695 [XSS vulnerability in the Fetchmail configuration]
 	RESERVED
-CVE-2010-3694
+	- imp4 <unfixed> (bug #598584)
+	NOTE: http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html
+CVE-2010-3694 [Protected preference forms against CSRF attacks]
 	RESERVED
-CVE-2010-3693
+	- horde3 <unfixed> (bug #598582)
+	NOTE: http://lists.horde.org/archives/announce/2010/000568.html
+CVE-2010-3693 [XSS vulnerability when showing mailbox names]
 	RESERVED
+	- dimp1 <unfixed> (bug #598583)
+	NOTE: http://lists.horde.org/archives/announce/2010/000561.html
 CVE-2010-3692
 	RESERVED
 CVE-2010-3691
@@ -212,15 +218,6 @@
 	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
 	NOTE: ACL bypass claimed to only affect >=9.7.2:
https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
 	NOTE: The crash with multiple trust anchors affects 9.6 and is fixed in
9.6-ESV-R2.
-CVE-2010-XXXX [horde3 XSS and CSRF]
-	- horde3 <unfixed> (bug #598582)
-	NOTE: http://lists.horde.org/archives/announce/2010/000568.html
-CVE-2010-XXXX [horde dimp XSS]
-	- dimp1 <unfixed> (bug #598583)
-	NOTE: http://lists.horde.org/archives/announce/2010/000561.html
-CVE-2010-XXXX [horde imp4 XSS]
-	- imp4 <unfixed> (bug #598584)
-	NOTE: http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html
 CVE-2010-XXXX [libcloud doesn''t verify SSL certificate]
 	- libcloud <unfixed> (bug #598463)
 	TODO: check
@@ -1821,7 +1818,7 @@
 	- linux-2.6 2.6.32-24
 CVE-2010-3077 [horde XSS in icon_browser.php]
 	RESERVED
-	- horde3 <unfixed>
+	- horde3 <unfixed> (bug #598582)
 	NOTE: http://seclists.org/fulldisclosure/2010/Sep/82
 CVE-2010-3076 [smbind sql injection]
 	RESERVED