Secure testing commits - Oct 2010 - r15446 - data/CVE

Author: jmm-guest
Date: 2010-10-10 10:54:10 +0000 (Sun, 10 Oct 2010)
New Revision: 15446

Modified:
   data/CVE/list
Log:
update phpcas status
record old icedove fixes


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-10-09 13:53:45 UTC (rev 15445)
+++ data/CVE/list	2010-10-10 10:54:10 UTC (rev 15446)
@@ -327,11 +327,20 @@
 	- dimp1 <unfixed> (bug #598583)
 	NOTE: http://lists.horde.org/archives/announce/2010/000561.html
 CVE-2010-3692 (Directory traversal vulnerability in the callback function in
...)
-	NOT-FOR-US: phpCAS
+	- libphp-cas <itp> (bug #495542)
+	- glpi <unfixed> (unimportant)
+	NOTE: Only supported behind an authenticated HTTP zone
+	- moodle <unfixed>
 CVE-2010-3691 (PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode
is ...)
-	NOT-FOR-US: phpCAS
+	- libphp-cas <itp> (bug #495542)
+	- glpi <unfixed> (unimportant)
+	NOTE: Only supported behind an authenticated HTTP zone
+	- moodle <unfixed>
 CVE-2010-3690 (Multiple cross-site scripting (XSS) vulnerabilities in phpCAS
before ...)
-	NOT-FOR-US: phpCAS
+	- libphp-cas <itp> (bug #495542)
+	- glpi <unfixed> (unimportant)
+	NOTE: Only supported behind an authenticated HTTP zone
+	- moodle <unfixed>
 CVE-2010-3689
 	RESERVED
 CVE-2010-3687 (Unspecified vulnerability in the powermail extension 1.5.3 and
earlier ...)
@@ -2632,13 +2641,11 @@
 	- glpi <unfixed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
 	- moodle <unfixed>
-	TODO: check embedders
 CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack
...)
 	- libphp-cas <itp> (bug #495542)
 	- glpi <unfixed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
 	- moodle <unfixed>
-	TODO: check embedders
 CVE-2010-2794 (The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local
users ...)
 	NOT-FOR-US: SPICE plugin for Firefox
 CVE-2010-2793
@@ -17008,7 +17015,7 @@
 CVE-2009-2408 (Mozilla Network Security Services (NSS) before 3.12.3, Firefox
before ...)
 	{DSA-2025-1 DSA-1874-1}
 	- nss 3.12.3-1 (medium; bug #539934)  
-	- icedove <unfixed> (medium)
+	- icedove 2.0.0.24-1 (medium)
 CVE-2009-2651 (main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows
remote ...)
 	- asterisk 1:1.6.2.0~dfsg~rc1-1 (low; bug #539473)
 	[etch] - asterisk <not-affected> (Vulnerable code not present)
@@ -17736,7 +17743,7 @@
 CVE-2009-2404 (Heap-based buffer overflow in a regular-expression parser in
Mozilla ...)
 	{DSA-2025-1 DSA-1874-1}
 	- nss 3.12.3-1 (low; bug #539934) 
-	- icedove <unfixed> (low)
+	- icedove 2.0.0.24-1 (low)
 CVE-2009-2403 (Heap-based buffer overflow in SCMPX 1.5.1 allows remote
attackers to ...)
 	NOT-FOR-US: SCMPX
 CVE-2009-2402 (SQL injection vulnerability in index.php in the forum module in
...)