Author: jmm-guest Date: 2010-12-07 21:07:47 +0000 (Tue, 07 Dec 2010) New Revision: 15656 Modified: data/CVE/list Log: - pythonpath fixed in distcc, gquilt and dlr-languages - fontforge, openssl fixed - NFUs - one awstats issue windows-specific Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-12-07 01:59:18 UTC (rev 15655) +++ data/CVE/list 2010-12-07 21:07:47 UTC (rev 15656) @@ -82,20 +82,20 @@ CVE-2010-4375 RESERVED CVE-2010-4374 (The in_mkv plugin in Winamp before 5.6 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Winamp CVE-2010-4373 (The in_mp4 plugin in Winamp before 5.6 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Winamp CVE-2010-4372 (Integer overflow in the in_nsv plugin in Winamp before 5.6 allows ...) - TODO: check + NOT-FOR-US: Winamp CVE-2010-4371 (Buffer overflow in the in_mod plugin in Winamp before 5.6 allows ...) - TODO: check + NOT-FOR-US: Winamp CVE-2010-4370 (Multiple integer overflows in the in_midi plugin in Winamp before 5.6 ...) - TODO: check + NOT-FOR-US: Winamp CVE-2010-4369 (Directory traversal vulnerability in AWStats before 7.0 allows remote ...) - awstats <unfixed> TODO: check CVE-2010-4368 (awstats.cgi in AWStats before 7.0 on Windows accepts a configdir ...) - - awstats <unfixed> (unimportant) + - awstats <not-affected> (Windows-specific issue) NOTE: looks like it''s the same as CVE-2010-4367 CVE-2010-4367 (awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the ...) - awstats <unfixed> @@ -281,13 +281,13 @@ - calendarserver <unfixed> (low; bug #605157) [lenny] - calendarserver <no-dsa> (Minor issue) CVE-2010-XXXX [python path] - - gquilt <unfixed> (low; bug #605152) + - gquilt 0.22-1.1 (low; bug #605152) [lenny] - gquilt <no-dsa> (Minor issue) CVE-2010-XXXX [python path] - snappea <unfixed> (low; bug #605151) [lenny] - snappea <no-dsa> (Minor issue) CVE-2010-XXXX [python path] - - ironpython <removed> (low; bug #605158) + - dlr-languages 20090805+git.e6b28d27+dfsg-3 (low; bug #605158) [lenny] - ironpython <no-dsa> (Minor issue) CVE-2010-XXXX [python path] - gnome-schedule <unfixed> (low; bug #605169) @@ -296,7 +296,7 @@ - gnumed-client <unfixed> (low; bug #605159) [lenny] - gnumed-client <no-dsa> (Minor issue) CVE-2010-XXXX [python path] - - distcc <unfixed> (low; bug #605168) + - distcc 3.1-3.2 (low; bug #605168) [lenny] - distcc <not-affected> (Vulnerable code not present) CVE-2010-XXXX [python path] - mmass 3.8.0-2 (low; bug #605150) @@ -329,17 +329,17 @@ CVE-2010-4284 RESERVED CVE-2010-4283 (PHP remote file inclusion vulnerability in extras/pandora_diag.php in ...) - TODO: check + NOT-FOR-US: Pandora FMS CVE-2010-4282 (Multiple directory traversal vulnerabilities in Pandora FMS before ...) - TODO: check + NOT-FOR-US: Pandora FMS CVE-2010-4281 (Incomplete blacklist vulnerability in the safe_url_extraclean function ...) - TODO: check + NOT-FOR-US: Pandora FMS CVE-2010-4280 (Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 ...) - TODO: check + NOT-FOR-US: Pandora FMS CVE-2010-4279 (The default configuration of Pandora FMS 3.1 and earlier specifies an ...) - TODO: check + NOT-FOR-US: Pandora FMS CVE-2010-4278 (operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows ...) - TODO: check + NOT-FOR-US: Pandora FMS CVE-2010-4277 RESERVED CVE-2010-4276 @@ -388,7 +388,7 @@ TODO: check CVE-2010-4259 [fontforge BDF files buffer overflow] RESERVED - - fontforge <unfixed> (bug #605537) + - fontforge 0.0.20100501-4 (bug #605537) CVE-2010-4258 [linux failure to revert address limit override in OOPS error path] RESERVED - linux-2.6 <unfixed> @@ -591,7 +591,7 @@ - yaws <not-affected> (Only affects Windows) CVE-2010-4180 [OpenSSL Ciphersuite Downgrade Attack] RESERVED - - openssl <unfixed> + - openssl 0.9.8o-4 NOTE: http://www.openssl.org/news/secadv_20101202.txt CVE-2010-4179 RESERVED @@ -2930,9 +2930,9 @@ CVE-2010-3268 RESERVED CVE-2010-3267 (Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 ...) - TODO: check + NOT-FOR-US: BugTracker.NET CVE-2010-3266 (Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET ...) - TODO: check + NOT-FOR-US: BugTracker.NET CVE-2010-3265 RESERVED CVE-2010-3264 (The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores ...)