Author: jmm-guest Date: 2010-11-15 18:36:33 +0000 (Mon, 15 Nov 2010) New Revision: 15584 Modified: data/CVE/list Log: - php5 fixed - vlc issue is windows-specific - new imagemagick issue (CVE requested on oss-sec) Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-11-15 03:49:25 UTC (rev 15583) +++ data/CVE/list 2010-11-15 18:36:33 UTC (rev 15584) @@ -1,5 +1,8 @@ CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets ...) - proftpd-dfsg 1.3.3a-5 (bug #603511; bug #602279) +CVE-2010-XXXX [imagemagick reads config files from cwd] + - imagemagick <unfixed> (low; bug #601824) + [lenny] - imagemagick <no-dsa> (Minor issue) CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated Solution ...) NOT-FOR-US: IBM WebSphere CVE-2010-4219 (Cross-site scripting (XSS) vulnerability in SemanticTagService.js in ...) @@ -1195,7 +1198,7 @@ - pidgin 2.7.4-1 [squeeze] - pidgin 2.7.3-1+squeeze1 CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in PHP ...) - - php5 <unfixed> (bug filed) + - php5 5.3.3-3 (bug filed) CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...) TODO: check CVE-2010-3708 @@ -2516,9 +2519,7 @@ CVE-2010-3203 (Directory traversal vulnerability in the PicSell (com_picsell) ...) NOT-FOR-US: PicSell CVE-2010-XXXX [vlc stack overflow] - - vlc <undetermined> (low; bug #595686) - NOTE: poc didn''t work. may be windows-only - TODO: check with upstream + - vlc <not-affected> (Windows-specific) CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 ...) NOT-FOR-US: flock CVE-2010-3201