Author: joeyh
Date: 2010-11-29 21:16:43 +0000 (Mon, 29 Nov 2010)
New Revision: 15628
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-11-29 17:45:12 UTC (rev 15627)
+++ data/CVE/list 2010-11-29 21:16:43 UTC (rev 15628)
@@ -1,3 +1,39 @@
+CVE-2010-4312 (The default configuration of Apache Tomcat 6.x does not include
the ...)
+ TODO: check
+CVE-2010-4311 (Free Simple Software 1.0 stores passwords in cleartext, which
allows ...)
+ TODO: check
+CVE-2010-4310
+ RESERVED
+CVE-2010-4309
+ RESERVED
+CVE-2010-4308
+ RESERVED
+CVE-2010-4307
+ RESERVED
+CVE-2010-4306
+ RESERVED
+CVE-2010-4305 (Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115,
and ...)
+ TODO: check
+CVE-2010-4304 (The web interface in Cisco Unified Videoconferencing (UVC)
System ...)
+ TODO: check
+CVE-2010-4303 (Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when
the ...)
+ TODO: check
+CVE-2010-4302 (/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco
Unified ...)
+ TODO: check
+CVE-2010-4299 (Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7
...)
+ TODO: check
+CVE-2010-4298 (SQL injection vulnerability in the download module in Free
Simple ...)
+ TODO: check
+CVE-2010-4297
+ RESERVED
+CVE-2010-4296
+ RESERVED
+CVE-2010-4295
+ RESERVED
+CVE-2010-4294
+ RESERVED
+CVE-2008-7266 (Cross-site scripting (XSS) vulnerability in an unspecified
Shockwave ...)
+ TODO: check
CVE-2010-XXXX [directory traversal]
- openacs 5.5.1+dfsg-2
- dotlrn 2.5.0+dfsg-2
@@ -30,9 +66,9 @@
- mmass 3.8.0-2 (low; bug #605150)
CVE-2010-XXXX [python path]
- guake 0.4.2-3 (low; bug #605163)
-CVE-2010-4301
+CVE-2010-4301 (epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in
...)
- wireshark <not-affected> (Only affects >= 1.4)
-CVE-2010-4300
+CVE-2010-4300 (Heap-based buffer overflow in the dissect_ldss_transfer function
...)
- wireshark 1.2.11-4
[lenny] - wireshark <not-affected> (Only affects >= 1.2)
CVE-2010-4293
@@ -210,8 +246,8 @@
NOT-FOR-US: USAA application for Android
CVE-2010-4211 (The PayPal app before 3.0.1 for iOS does not verify that the
server ...)
NOT-FOR-US: PayPal app for iOS
-CVE-2010-4210
- RESERVED
+CVE-2010-4210 (The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE
and 8.x ...)
+ TODO: check
CVE-2010-4209 (Cross-site scripting (XSS) vulnerability in the Flash component
...)
- yui <unfixed> (bug #603513)
CVE-2010-4208 (Cross-site scripting (XSS) vulnerability in the Flash component
...)
@@ -304,31 +340,30 @@
RESERVED
CVE-2010-4174
RESERVED
-CVE-2010-4173
- RESERVED
+CVE-2010-4173 (The default configuration of libsdp.conf in libsdp 1.1.104 and
earlier ...)
- libsdp <unfixed> (bug #603841)
-CVE-2010-4172
- RESERVED
+CVE-2010-4172 (Multiple cross-site scripting (XSS) vulnerabilities in the
Manager ...)
+ TODO: check
CVE-2010-4171
RESERVED
- systemtap 1.2-3 (bug #603946)
CVE-2010-4170
RESERVED
- systemtap 1.2-3 (bug #603946)
-CVE-2010-4169
- RESERVED
+CVE-2010-4169 (Use-after-free vulnerability in mm/mprotect.c in the Linux
kernel ...)
+ TODO: check
CVE-2010-4168 (Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before
1.0.5 ...)
- openttd 1.0.4-3 (bug #603752)
[lenny] - openttd <not-affected> (Introduced in 1.0)
-CVE-2010-4167
- RESERVED
+CVE-2010-4167 (Untrusted search path vulnerability in configure.c in
ImageMagick ...)
+ TODO: check
CVE-2010-4166
RESERVED
-CVE-2010-4165
- RESERVED
+CVE-2010-4165 (The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux
kernel ...)
- linux-2.6 2.6.32-28
CVE-2010-4164
RESERVED
+ {DSA-2126-1}
- linux-2.6 2.6.32-28
CVE-2010-4163
RESERVED
@@ -509,6 +544,7 @@
NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4083
RESERVED
+ {DSA-2126-1}
- linux-2.6 <unfixed> (low)
CVE-2010-4082
RESERVED
@@ -516,15 +552,19 @@
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-4081
RESERVED
+ {DSA-2126-1}
- linux-2.6 2.6.32-27 (low)
CVE-2010-4080
RESERVED
+ {DSA-2126-1}
- linux-2.6 2.6.32-27 (low)
CVE-2010-4079
RESERVED
+ {DSA-2126-1}
- linux-2.6 <unfixed> (low)
CVE-2010-4078
RESERVED
+ {DSA-2126-1}
- linux-2.6 2.6.32-24 (low)
CVE-2010-4077
RESERVED
@@ -537,12 +577,15 @@
- linux-2.6 <unfixed> (low)
CVE-2010-4074
RESERVED
+ {DSA-2126-1}
- linux-2.6 2.6.32-24 (low)
CVE-2010-4073
RESERVED
+ {DSA-2126-1}
- linux-2.6 <unfixed> (low)
CVE-2010-4072
RESERVED
+ {DSA-2126-1}
- linux-2.6 <unfixed> (low)
CVE-2010-4071
RESERVED
@@ -920,12 +963,12 @@
NOT-FOR-US: TransWARE Active! mail
CVE-2010-3912
RESERVED
-CVE-2010-3911
- RESERVED
-CVE-2010-3910
- RESERVED
-CVE-2010-3909
- RESERVED
+CVE-2010-3911 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger
CRM ...)
+ TODO: check
+CVE-2010-3910 (Multiple directory traversal vulnerabilities in the ...)
+ TODO: check
+CVE-2010-3909 (Incomplete blacklist vulnerability in config.template.php in
vtiger ...)
+ TODO: check
CVE-2010-3908
RESERVED
CVE-2010-3907
@@ -989,6 +1032,7 @@
- linux-2.6 <unfixed> (low)
CVE-2010-3880
RESERVED
+ {DSA-2126-1}
- linux-2.6 <unfixed> (low)
CVE-2010-3879
RESERVED
@@ -996,21 +1040,26 @@
RESERVED
CVE-2010-3877
RESERVED
+ {DSA-2126-1}
- linux-2.6 <unfixed> (low)
CVE-2010-3876
RESERVED
+ {DSA-2126-1}
- linux-2.6 <unfixed> (low)
CVE-2010-3875
RESERVED
+ {DSA-2126-1}
- linux-2.6 <unfixed> (low)
CVE-2010-3874
RESERVED
+ {DSA-2126-1}
- linux-2.6 <unfixed> (unimportant)
CVE-2010-3873
RESERVED
+ {DSA-2126-1}
- linux-2.6 2.6.32-28 (low)
-CVE-2010-3872
- RESERVED
+CVE-2010-3872 (The apr_status_t fcgid_header_bucket_read function in
fcgid_bucket.c ...)
+ TODO: check
CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in ...)
- mahara <not-affected> (Vulnerable feature introduced in 1.3)
CVE-2010-3870 (The utf8_decode function in PHP before 5.3.4 does not properly
handle ...)
@@ -1029,6 +1078,7 @@
- linux-2.6 <unfixed>
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
CVE-2010-3864 (Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f
through ...)
+ {DSA-2125-1}
- openssl 0.9.8o-3
CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not
canonicalize ...)
NOT-FOR-US: Apache Shiro / JSecurity
@@ -1043,8 +1093,10 @@
- openjdk-6 6b18-1.8.3-1
CVE-2010-3859
RESERVED
+ {DSA-2126-1}
CVE-2010-3858
RESERVED
+ {DSA-2126-1}
- linux-2.6 2.6.32-27
CVE-2010-3857
RESERVED
@@ -1054,8 +1106,7 @@
- glibc <removed>
- eglibc <unfixed> (bug #600667)
[squeeze] - eglibc 2.11.2-6+squeeze1
-CVE-2010-3855
- RESERVED
+CVE-2010-3855 (Buffer overflow in the ft_var_readpackedpoints function in ...)
- freetype 2.4.2-2.1 (bug #602221)
CVE-2010-3854
RESERVED
@@ -1067,12 +1118,15 @@
NOT-FOR-US: libguestfs
CVE-2010-3850
RESERVED
+ {DSA-2126-1}
- linux-2.6 2.6.32-28
CVE-2010-3849
RESERVED
+ {DSA-2126-1}
- linux-2.6 2.6.32-28
CVE-2010-3848
RESERVED
+ {DSA-2126-1}
- linux-2.6 2.6.32-28
CVE-2010-3847
RESERVED
@@ -1147,70 +1201,68 @@
RESERVED
- mysql-5.1 <unfixed> (bug #599937)
- mysql-dfsg-5.0 <removed>
-CVE-2010-3832
- RESERVED
-CVE-2010-3831
- RESERVED
-CVE-2010-3830
- RESERVED
-CVE-2010-3829
- RESERVED
-CVE-2010-3828
- RESERVED
-CVE-2010-3827
- RESERVED
-CVE-2010-3826
- RESERVED
+CVE-2010-3832 (Heap-based buffer overflow in the GSM mobility management ...)
+ TODO: check
+CVE-2010-3831 (Photos in Apple iOS before 4.2 enables support for HTTP Basic
...)
+ TODO: check
+CVE-2010-3830 (Networking in Apple iOS before 4.2 accesses an invalid pointer
during ...)
+ TODO: check
+CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass
the ...)
+ TODO: check
+CVE-2010-3828 (iAd Content Display in Apple iOS before 4.2 allows
man-in-the-middle ...)
+ TODO: check
+CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures
before ...)
+ TODO: check
+CVE-2010-3826 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
+ TODO: check
CVE-2010-3825
RESERVED
-CVE-2010-3824
- RESERVED
-CVE-2010-3823
- RESERVED
-CVE-2010-3822
- RESERVED
-CVE-2010-3821
- RESERVED
-CVE-2010-3820
- RESERVED
-CVE-2010-3819
- RESERVED
-CVE-2010-3818
- RESERVED
-CVE-2010-3817
- RESERVED
-CVE-2010-3816
- RESERVED
+CVE-2010-3824 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
+ TODO: check
+CVE-2010-3823 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
+ TODO: check
+CVE-2010-3822 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
+ TODO: check
+CVE-2010-3821 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
+ TODO: check
+CVE-2010-3820 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
+ TODO: check
+CVE-2010-3819 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
+ TODO: check
+CVE-2010-3818 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
+ TODO: check
+CVE-2010-3817 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
+ TODO: check
+CVE-2010-3816 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
+ TODO: check
CVE-2010-3815
RESERVED
-CVE-2010-3814
- RESERVED
+CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c
in ...)
- freetype 2.4.2-2.1 (bug #602221)
-CVE-2010-3813
- RESERVED
-CVE-2010-3812
- RESERVED
+CVE-2010-3813 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
+ TODO: check
+CVE-2010-3812 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac
OS X ...)
- webkit <unfixed>
- chromium-browser <undetermined>
NOTE: http://www.zerodayinitiative.com/advisories/ZDI-10-257
-CVE-2010-3811
- RESERVED
-CVE-2010-3810
- RESERVED
-CVE-2010-3809
- RESERVED
-CVE-2010-3808
- RESERVED
+CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
+ TODO: check
+CVE-2010-3810 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
+ TODO: check
+CVE-2010-3809 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
+ TODO: check
+CVE-2010-3808 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
+ TODO: check
CVE-2010-3807
RESERVED
CVE-2010-3806
RESERVED
-CVE-2010-3805
- RESERVED
-CVE-2010-3804
- RESERVED
-CVE-2010-3803
- RESERVED
+CVE-2010-3805 (Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac
OS X ...)
+ TODO: check
+CVE-2010-3804 (The JavaScript implementation in WebKit in Apple Safari before
5.0.3 ...)
+ TODO: check
+CVE-2010-3803 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac
OS X ...)
+ TODO: check
CVE-2010-3802
RESERVED
CVE-2010-3801
@@ -1434,8 +1486,8 @@
CVE-2010-3706 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15
and ...)
- dovecot 1.2.15-1
[lenny] - dovecot <not-affected> (Only affects 1.2.x)
-CVE-2010-3705 [sctp out-of-bounds issue]
- RESERVED
+CVE-2010-3705 (The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the
Linux ...)
+ {DSA-2126-1}
- linux-2.6 2.6.32-25
CVE-2010-3704 (The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF
parser ...)
{DSA-2119-1}
@@ -1463,8 +1515,7 @@
NOT-FOR-US: VMware SpringSource Spring Security
CVE-2010-3699
RESERVED
-CVE-2010-3698
- RESERVED
+CVE-2010-3698 (The KVM implementation in the Linux kernel before 2.6.36 does
not ...)
- linux-2.6 2.6.32-28
CVE-2010-3697 (The wait_for_child_to_die function in main/event.c in FreeRADIUS
2.1.x ...)
- freeradius 2.1.10+dfsg-1 (bug #600176)
@@ -1627,8 +1678,8 @@
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3619 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on
...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2010-3618
- RESERVED
+CVE-2010-3618 (PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0
SP1 does ...)
+ TODO: check
CVE-2010-3617
RESERVED
CVE-2010-3616
@@ -1783,6 +1834,7 @@
CVE-2010-3478
RESERVED
CVE-2010-3477 (The tcf_act_police_dump function in net/sched/act_police.c in
the ...)
+ {DSA-2126-1}
- linux-2.6 2.6.32-25
CVE-2010-3600
RESERVED
@@ -2103,6 +2155,7 @@
RESERVED
CVE-2010-3448 [Linux ThinkPad video output status local DoS]
RESERVED
+ {DSA-2126-1}
- linux-2.6 2.6.32-12 (bug #565790; unimportant)
NOTE: this is more of a hardware bug rather than a security issue
CVE-2010-3447 [horde gollem XSS]
@@ -2111,8 +2164,8 @@
NOTE: http://bugs.horde.org/ticket/9191
CVE-2010-3446
RESERVED
-CVE-2010-3445 [wireshark: BER dissector]
- RESERVED
+CVE-2010-3445 (Stack consumption vulnerability in the dissect_ber_unknown
function in ...)
+ {DSA-2127-1}
- wireshark 1.2.11-3 (low)
NOTE: http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
CVE-2010-3444 [pfribidi buffer overflow]
@@ -2125,6 +2178,7 @@
[squeeze] - quassel 0.6.3-1
NOTE: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/629774
CVE-2010-3442 (Multiple integer overflows in the snd_ctl_new function in ...)
+ {DSA-2126-1}
- linux-2.6 2.6.32-25
NOTE:
http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=5591bf07225523600450edd9e6ad258bb877b779
CVE-2010-3441
@@ -2143,6 +2197,7 @@
- libpoe-component-irc-perl 6.32+dfsg-1
[lenny] - libpoe-component-irc-perl 5.84+dfsg-1+lenny1 (bug #581194)
CVE-2010-3437 (Integer signedness error in the pkt_find_dev_from_minor function
in ...)
+ {DSA-2126-1}
- linux-2.6 2.6.32-25
CVE-2010-3436 (fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote
...)
- php5 5.3.3-4 (unimportant)
@@ -2162,8 +2217,8 @@
- postgresql-8.4 8.4.5-1
[squeeze] - postgresql-8.4 8.4.5-0squeeze1
- postgresql-8.3 <removed>
-CVE-2010-3432 [sctp: Do not reset the packet during sctp_packet_config()]
- RESERVED
+CVE-2010-3432 (The sctp_packet_config function in net/sctp/output.c in the
Linux ...)
+ {DSA-2126-1}
- linux-2.6 2.6.32-24
CVE-2010-3431
RESERVED
@@ -2352,7 +2407,7 @@
[lenny] - roaraudio <no-dsa> (Minor issue)
CVE-2010-3362 (lastfm 1.5.4 places a zero-length directory name in the ...)
- lastfm 1:1.5.4.26862+dfsg-5 (low; bug #598294)
- [lenny] - lastfm 1:1.5.1.31879.dfsg-1+lenny1
+ [lenny] - lastfm 1:1.5.1.31879.dfsg-1+lenny1
CVE-2010-3361 (The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE
2.1.5 ...)
- ike 2.1.5+dfsg-2 (low; bug #598292)
[lenny] - ike <no-dsa> (Minor issue)
@@ -2473,6 +2528,7 @@
- freetype 2.4.0-1
NOTE: Only the 2.3.x series is affected
CVE-2010-3310 (Multiple integer signedness errors in net/rose/af_rose.c in the
Linux ...)
+ {DSA-2126-1}
- linux-2.6 2.6.32-25
CVE-2010-3309
RESERVED
@@ -2508,8 +2564,10 @@
- linux-2.6 2.6.32-24
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
CVE-2010-3297 (The eql_g_master_cfg function in drivers/net/eql.c in the Linux
kernel ...)
+ {DSA-2126-1}
- linux-2.6 2.6.32-24
CVE-2010-3296 (The cxgb_extension_ioctl function in
drivers/net/cxgb3/cxgb3_main.c in ...)
+ {DSA-2126-1}
- linux-2.6 2.6.32-24
CVE-2010-3295 [drivers/net/tulip/de4x5.c: reading uninitialized stack memory]
RESERVED
@@ -2592,7 +2650,7 @@
NOT-FOR-US: RSA Authentication Agent 7.0 for Web
CVE-2010-3260
RESERVED
-CVE-2010-3259 (Google Chrome before 6.0.472.53 does not properly restrict read
access ...)
+CVE-2010-3259 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before
5.0.3 ...)
- chromium-browser 6.0.472.53~r57914-1
- webkit 1.2.5-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=44399
@@ -2601,7 +2659,7 @@
- chromium-browser 6.0.472.53~r57914-1
- webkit <not-affected>
NOTE: chromium specific
-CVE-2010-3257 (Google Chrome before 6.0.472.53 does not properly perform focus
...)
+CVE-2010-3257 (Use-after-free vulnerability in WebKit, as used in Apple Safari
before ...)
- chromium-browser 6.0.472.53~r57914-1
- webkit 1.2.5-1
NOTE: http://trac.webkit.org/changeset/65748
https://bugs.webkit.org/show_bug.cgi?id=44226
@@ -3042,7 +3100,7 @@
CVE-2010-3117 (Google Chrome before 5.0.375.127 does not properly implement the
...)
- chromium-browser 5.0.375.127~r55887-1
- webkit <not-affected> (chromium specific)
-CVE-2010-3116 (Google Chrome before 5.0.375.127 does not properly process MIME
types, ...)
+CVE-2010-3116 (Multiple use-after-free vulnerabilities in WebKit, as used in
Apple ...)
- webkit 1.2.5-1
- chromium-browser 5.0.375.127~r55887-1
NOTE: http://trac.webkit.org/changeset/64293
@@ -3186,6 +3244,7 @@
CVE-2010-3068
RESERVED
CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the
Linux ...)
+ {DSA-2126-1}
- linux-2.6 2.6.32-24
CVE-2010-3066
RESERVED
@@ -3252,10 +3311,10 @@
NOT-FOR-US: Cisco Intelligent Contact Manager
CVE-2010-3039 (/usr/local/cm/bin/pktCap_protectData in Cisco Unified
Communications ...)
NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2010-3038
- RESERVED
-CVE-2010-3037
- RESERVED
+CVE-2010-3038 (Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when
the ...)
+ TODO: check
+CVE-2010-3037 (goform/websXMLAdminRequestCgi.cgi in Cisco Unified
Videoconferencing ...)
+ TODO: check
CVE-2010-3036 (Multiple buffer overflows in the authentication functionality in
the ...)
NOT-FOR-US: Cisco
CVE-2010-3035 (Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not
...)
@@ -3413,11 +3472,10 @@
NOT-FOR-US: vxworks
CVE-2010-2964
RESERVED
-CVE-2010-2963
- RESERVED
+CVE-2010-2963 (drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux
(V4L) ...)
+ {DSA-2126-1}
- linux-2.6 2.6.32-26
-CVE-2010-2962
- RESERVED
+CVE-2010-2962 (drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution
Manager ...)
- linux-2.6 2.6.32-25
CVE-2010-2961 (mountall.c in mountall before 2.15.2 uses 0666 permissions for
the ...)
NOT-FOR-US: mountall
@@ -6414,7 +6472,7 @@
- chromium-browser 6.0.472.59~r59126-1
NOTE: http://trac.webkit.org/changeset/65958
TODO: recheck chromium, was wrong commit
-CVE-2010-1822 (WebKit, as used in Google Chrome before 6.0.472.62, does not
properly ...)
+CVE-2010-1822 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before
5.0.3 ...)
- webkit <not-affected> (rendererIsNeeded function not present in 1.2.x
series)
- chromium-browser 6.0.472.62~r59676-1
CVE-2010-1821
@@ -12742,6 +12800,7 @@
NOTE: the code in etch''s version is more different but it seems to be
affected
NOTE:
http://git.gnome.org/browse/gnome-screensaver/commit/?id=284c9924969a49dbf2d5fae1d680d3310c4df4a3
CVE-2009-5018 [gif2png multiple buffer overflows parsing CLI arguments]
+ RESERVED
- gif2png 2.5.2-1 (low; bug #550978)
[etch] - gif2png <no-dsa> (minor issue)
[lenny] - gif2png <no-dsa> (minor issue)