Author: jmm-guest
Date: 2010-10-27 20:40:36 +0000 (Wed, 27 Oct 2010)
New Revision: 15533
Modified:
data/CVE/list
Log:
- unimportant ghostscrip crasher
- new mantis and php5 issues: bug filed
- cleanup old REJECTED entries
- NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-10-27 20:18:52 UTC (rev 15532)
+++ data/CVE/list 2010-10-27 20:40:36 UTC (rev 15533)
@@ -93,7 +93,7 @@
CVE-2010-4055 (Stack consumption vulnerability in solid.exe in IBM solidDB
6.5.0.3 ...)
TODO: check
CVE-2010-4054 (The gs_type2_interpret function in Ghostscript allows remote
attackers ...)
- TODO: check
+ - ghostscript <unfixed> (unimportant)
CVE-2010-4053 (Stack-based buffer overflow in an unspecified logging function
in ...)
TODO: check
CVE-2010-4052
@@ -580,7 +580,7 @@
RESERVED
- curl <not-affected> (Doesn''t affect POSIX systems)
CVE-2010-3841 (Multiple cross-site scripting (XSS) vulnerabilities in
lib/TWiki.pm in ...)
- TODO: check
+ NOT-FOR-US: TWiki
CVE-2009-5009 (Double free vulnerability in OpenConnect before 1.40 might allow
...)
- openconnect 1.40-1
CVE-2009-5008 (Cisco Secure Desktop (CSD), when used in conjunction with an
...)
@@ -588,9 +588,9 @@
CVE-2009-5007 (The Cisco trial client on Linux for Cisco AnyConnect SSL VPN
allows ...)
NOT-FOR-US: Cisco AnyConnect SSL VPN trial client
CVE-2009-5006 (The SessionAdapter::ExchangeHandlerImpl::checkAlternate function
in ...)
- TODO: check
+ NOT-FOR-US: Apache Qpid
CVE-2009-5005 (The Cluster::deliveredEvent function in cluster/Cluster.cpp in
Apache ...)
- TODO: check
+ NOT-FOR-US: Apache Qpid
CVE-2009-5004
RESERVED
CVE-2010-3845
@@ -770,7 +770,7 @@
CVE-2010-3764
RESERVED
CVE-2010-3763 (Cross-site scripting (XSS) vulnerability in core/summary_api.php
in ...)
- TODO: check
+ - mantis <unfixed> (bug filed)
CVE-2010-3762 (ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled,
does not ...)
- bind9 <unfixed> (bug #599515)
NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
@@ -893,7 +893,7 @@
- pidgin 2.7.4-1
[squeeze] - pidgin 2.7.3-1+squeeze1
CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in
PHP ...)
- TODO: check
+ - php5 <unfixed> (bug filed)
CVE-2010-3709
RESERVED
CVE-2010-3708
@@ -1707,22 +1707,10 @@
- chromium-browser 6.0.472.59~r59126-1
CVE-2010-3410
REJECTED
- - webkit <undetermined>
- - chromium-browser 6.0.472.59~r59126-1
- NOTE: https://bugs.webkit.org/show_bug.cgi?id=43587
- NOTE: http://trac.webkit.org/changeset/66847
CVE-2010-3409
REJECTED
- - webkit <undetermined>
- - chromium-browser 6.0.472.59~r59126-1
- NOTE: https://bugs.webkit.org/show_bug.cgi?id=43260
- NOTE: http://trac.webkit.org/changeset/66795
CVE-2010-3408
REJECTED
- - webkit <undetermined>
- - chromium-browser 6.0.472.59~r59126-1
- NOTE: https://bugs.webkit.org/show_bug.cgi?id=43055
- NOTE: http://trac.webkit.org/changeset/65692
CVE-2010-3407 (Stack-based buffer overflow in the MailCheck821Address function
in ...)
NOT-FOR-US: IBM Lotus Domino
CVE-2010-3406 (Unspecified vulnerability in sa_snap in the bos.esagent fileset
in IBM ...)
@@ -1999,11 +1987,11 @@
CVE-2010-3291 (Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x
...)
NOT-FOR-US: HP AssetCenter
CVE-2010-3290 (Unspecified vulnerability in HP Systems Insight Manager (SIM)
before ...)
- TODO: check
+ NOT-FOR-US: HP Systems Insight Manager
CVE-2010-3289 (Cross-site scripting (XSS) vulnerability in HP Systems Insight
Manager ...)
- TODO: check
+ NOT-FOR-US: HP Systems Insight Manager
CVE-2010-3288 (Cross-site request forgery (CSRF) vulnerability in HP Systems
Insight ...)
- TODO: check
+ NOT-FOR-US: HP Systems Insight Manager
CVE-2010-3287 (Unspecified vulnerability on HP ProCurve Access Points, Access
...)
NOT-FOR-US: HP ProCurve
CVE-2010-3286 (Unspecified vulnerability in HP Systems Insight Manager (SIM)
6.0 and ...)
@@ -2609,7 +2597,7 @@
CVE-2010-3084 (Buffer overflow in the niu_get_ethtool_tcam_all function in ...)
- linux-2.6 2.6.32-25
CVE-2010-3083 (sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red
Hat ...)
- TODO: check
+ NOT-FOR-US: Apache Qpid
CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before
1.2.2 ...)
- python-django 1.2.3-1 (low; bug #596205)
NOTE: http://www.djangoproject.com/weblog/2010/sep/08/security-release/
@@ -4601,16 +4589,9 @@
NOT-FOR-US: Symantec Sygate Personal Firewall
CVE-2010-2304
REJECTED
- - webkit 1.2.1-3 (medium; bug #586547)
- - chromium-browser 5.0.375.70~r48679-1
- NOTE: http://trac.webkit.org/changeset/59950
- NOTE: duplicate of cve-2010-1773
CVE-2010-2303
REJECTED
- - webkit 1.2.1-3
- - chromium-browser 5.0.375.70~r48679-1
- NOTE: http://trac.webkit.org/changeset/59859
- NOTE: duplicate of cve-2010-1772
+
CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google
Chrome ...)
- webkit 1.2.1-3
- chromium-browser 5.0.375.70~r48679-1
@@ -6834,13 +6815,6 @@
- webkit <not-affected> (chromium-specific directory traversal)
CVE-2010-1501
REJECTED
- - chromium-browser 5.0.375.29~r46008-1
- - webkit 1.2.2-1
- [lenny] - webkit <not-affected> (introduced in r47291)
- - qt4-x11 <undetermined>
- - kdelibs <undetermined>
- - kde4libs <undetermined>
- NOTE: http://trac.webkit.org/changeset/57041
CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support
forms, ...)
- chromium-browser 5.0.375.29~r46008-1
- webkit <not-affected> (proof-of-concept not effective;
chromium-specific issue)
@@ -11450,7 +11424,6 @@
NOT-FOR-US: TVersity
CVE-2009-4481
REJECTED
- NOTE: dup of CVE-2009-3111
CVE-2009-4480 (Buffer overflow in the web service in AzeoTech DAQFactory 5.77
might ...)
NOT-FOR-US: AzeoTech DAQFactory
CVE-2009-4479 (LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a
denial ...)
@@ -15260,7 +15233,6 @@
NOT-FOR-US: module for XOOPS
CVE-2009-3239
REJECTED
- NOTE: dup of CVE-2009-2139 and CVE-2009-2140
CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the
Linux ...)
{DSA-1929-1 DSA-1928-1 DSA-1927-1}
- linux-2.6 2.6.30-1 (low)