Author: geissert Date: 2010-12-07 00:47:21 +0000 (Tue, 07 Dec 2010) New Revision: 15654 Modified: data/CVE/list Log: 2 openssl issues tomcat, cakephp, collectd, gnash issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-12-07 00:14:31 UTC (rev 15653) +++ data/CVE/list 2010-12-07 00:47:21 UTC (rev 15654) @@ -1,3 +1,10 @@ +CVE-2010-XXXX [cakephp controller/component/security.php unsafe unserialize] + - cakephp <unfixed> + NOTE: https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb +CVE-2010-XXXX [collectd: DoS in RRDtool and RRDCacheD plugins] + - collectd <unfixed> (bug #605092) +CVE-2010-XXXX [gnash: insecure temp files handling in configure script] + - gnash <unfixed> (unimportant; bug #605419) CVE-2010-XXXX [php and NUL handling on file ops] - php5 <unfixed> (low) NOTE: old, known, issue -- Pierre already requested an id @@ -399,8 +406,10 @@ NOTE: 201011251552.17678.thomas at suse.de CVE-2010-4253 RESERVED -CVE-2010-4252 +CVE-2010-4252 [OpenSSL JPAKE validation error] RESERVED + - openssl <unfixed> + NOTE: http://www.openssl.org/news/secadv_20101202.txt CVE-2010-4251 RESERVED CVE-2010-4250 [linux inotify memory leak] @@ -578,8 +587,10 @@ NOT-FOR-US: Microsoft Windows CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote attackers ...) - yaws <not-affected> (Only affects Windows) -CVE-2010-4180 +CVE-2010-4180 [OpenSSL Ciphersuite Downgrade Attack] RESERVED + - openssl <unfixed> + NOTE: http://www.openssl.org/news/secadv_20101202.txt CVE-2010-4179 RESERVED CVE-2010-4178 @@ -603,6 +614,7 @@ CVE-2010-4173 (The default configuration of libsdp.conf in libsdp 1.1.104 and earlier ...) - libsdp 1.1.99-2.1 (bug #603841) CVE-2010-4172 (Multiple cross-site scripting (XSS) vulnerabilities in the Manager ...) + - tomcat6 <unfixed> TODO: check CVE-2010-4171 RESERVED