Author: jmm-guest Date: 2010-10-26 21:26:50 +0000 (Tue, 26 Oct 2010) New Revision: 15526 Modified: data/CVE/list Log: - tangerine fixed - gollem NMUd - filed bug for moodle/phpcas - new kernel info leaks (more to come) Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-10-26 21:14:36 UTC (rev 15525) +++ data/CVE/list 2010-10-26 21:26:50 UTC (rev 15526) @@ -40,8 +40,10 @@ RESERVED CVE-2010-4073 RESERVED + - linux-2.6 <unfixed> (low) CVE-2010-4072 RESERVED + - linux-2.6 <unfixed> (low) CVE-2010-4071 RESERVED CVE-2010-4070 (Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper ...) @@ -944,17 +946,17 @@ - libphp-cas <itp> (bug #495542) - glpi <unfixed> (unimportant) NOTE: Only supported behind an authenticated HTTP zone - - moodle <unfixed> + - moodle <unfixed> (bug #601384) CVE-2010-3691 (PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ...) - libphp-cas <itp> (bug #495542) - glpi <unfixed> (unimportant) NOTE: Only supported behind an authenticated HTTP zone - - moodle <unfixed> + - moodle <unfixed> (bug #601384) CVE-2010-3690 (Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before ...) - libphp-cas <itp> (bug #495542) - glpi <unfixed> (unimportant) NOTE: Only supported behind an authenticated HTTP zone - - moodle <unfixed> + - moodle <unfixed> (bug #601384) CVE-2010-3689 RESERVED CVE-2010-3687 (Unspecified vulnerability in the powermail extension 1.5.3 and earlier ...) @@ -1560,7 +1562,7 @@ NOTE: this is more of a hardware bug rather than a security issue CVE-2010-3447 [horde gollem XSS] RESERVED - - gollem <unfixed> (bug #598585) + - gollem 1.1.1+debian0-1.1 (bug #598585) NOTE: http://bugs.horde.org/ticket/9191 CVE-2010-3446 RESERVED @@ -1771,7 +1773,7 @@ CVE-2010-3382 (tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a ...) - tau 2.16.4-1.4 (bug #598303) CVE-2010-3381 (The (1) tangerine and (2) tangerine-properties scripts in Tangerine ...) - - tangerine <unfixed> (bug #598302) + - tangerine 0.3.2.2-6 (bug #598302) CVE-2010-3380 (The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before ...) - slurm-llnl <unfixed> NOTE: Debian package ships its own, also vulnerable, init script. NOT fixed in 2.1.14-1 @@ -3291,12 +3293,12 @@ - libphp-cas <itp> (bug #495542) - glpi <unfixed> (unimportant) NOTE: Only supported behind an authenticated HTTP zone - - moodle <unfixed> + - moodle <unfixed> (bug #601384) CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack ...) - libphp-cas <itp> (bug #495542) - glpi <unfixed> (unimportant) NOTE: Only supported behind an authenticated HTTP zone - - moodle <unfixed> + - moodle <unfixed> (bug #601384) CVE-2010-2794 (The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users ...) NOT-FOR-US: SPICE plugin for Firefox CVE-2010-2793