Secure testing commits - Dec 2010 - r15652 - data/CVE

Author: geissert
Date: 2010-12-06 22:06:20 +0000 (Mon, 06 Dec 2010)
New Revision: 15652

Modified:
   data/CVE/list
Log:
3 php5 issues, 4 awstats issues


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-12-06 21:24:19 UTC (rev 15651)
+++ data/CVE/list	2010-12-06 22:06:20 UTC (rev 15652)
@@ -1,3 +1,11 @@
+CVE-2010-XXXX [php and NUL handling on file ops]
+	- php5 <unfixed> (low)
+	NOTE: old, known, issue -- Pierre already requested an id
+	NOTE: http://svn.php.net/viewvc?view=revision&revision=305507
+CVE-2010-4409 [php getSymbol() DoS]
+	- php5 <unfixed>
+	[lenny] - php5 <not-affected> (intl extension included since 5.3)
+	NOTE: http://www.kb.cert.org/vuls/id/479900
 CVE-2010-4407 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
 	TODO: check
 CVE-2010-4406 (Directory traversal vulnerability in gallery.php in Brunetton
...)
@@ -17,7 +25,7 @@
 CVE-2010-4399 (Directory traversal vulnerability in languages.inc.php in DynPG
CMS ...)
 	TODO: check
 CVE-2010-4398 (Stack-based buffer overflow in the RtlQueryRegistryValues
function in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-4397
 	RESERVED
 CVE-2010-4396
@@ -75,12 +83,16 @@
 CVE-2010-4370 (Multiple integer overflows in the in_midi plugin in Winamp
before 5.6 ...)
 	TODO: check
 CVE-2010-4369 (Directory traversal vulnerability in AWStats before 7.0 allows
remote ...)
+	- awstats <unfixed>
 	TODO: check
 CVE-2010-4368 (awstats.cgi in AWStats before 7.0 on Windows accepts a configdir
...)
-	TODO: check
+	- awstats <unfixed> (unimportant)
+	NOTE: looks like it''s the same as CVE-2010-4367
 CVE-2010-4367 (awstats.cgi in AWStats before 7.0 accepts a configdir parameter
in the ...)
+	- awstats <unfixed>
 	TODO: check
 CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95
...)
+	- awstats <unfixed>
 	TODO: check
 CVE-2010-XXXX [ocrodjvu insecure temp files handling]
 	- ocrodjvu 0.4.6-2 (low; bug #598134)
@@ -432,7 +444,9 @@
 CVE-2009-5017 (Mozilla Firefox before 3.6 Beta 3 does not properly handle
overlong ...)
 	TODO: check
 CVE-2009-5016 (Integer overflow in the xml_utf8_decode function in
ext/xml/xml.c in ...)
+	- php5 <unfixed>
 	TODO: check
+	NOTE: probably already fixed in squeeze/sid, have to check
 CVE-2010-4221 (Multiple stack-based buffer overflows in the
pr_netio_telnet_gets ...)
 	- proftpd-dfsg 1.3.3a-5 (bug #603511; bug #602279)
 	[lenny] - proftpd-dfsg <not-affected> (Introduced in 1.3.2rc3)
@@ -2560,6 +2574,7 @@
 	RESERVED
 CVE-2010-3394 (The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4
place ...)
 	- texmacs 1:1.0.7.7-1.1 (bug #598424)
+	[squeeze] - texmacs 1:1.0.7.4-3.1
 CVE-2010-3393 (magics-config in Magics++ 2.10.0 places a zero-length directory
name ...)
 	- magics++ 2.10.0.dfsg-5.1 (bug #598418)
 CVE-2010-3392