Author: geissert
Date: 2010-12-12 23:11:34 +0000 (Sun, 12 Dec 2010)
New Revision: 15689
Modified:
data/CVE/list
Log:
NFUs, linux, xar, webkit, tomcat
reminder: please be careful when marking $VENDOR entries as NFU
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-12-12 22:40:24 UTC (rev 15688)
+++ data/CVE/list 2010-12-12 23:11:34 UTC (rev 15689)
@@ -404,9 +404,9 @@
CVE-2010-4404 (SQL injection vulnerability in the Yannick Gaultier sh404SEF
component ...)
TODO: check
CVE-2010-4403 (The Register Plus plugin 3.5.1 and earlier for WordPress allows
remote ...)
- TODO: check
+ NOT-FOR-US: The Register Plus plugin for WordPress
CVE-2010-4402 (Multiple cross-site scripting (XSS) vulnerabilities in
wp-login.php in ...)
- TODO: check
+ NOT-FOR-US: The Register Plus plugin for WordPress
CVE-2010-4401 (languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to
obtain ...)
NOT-FOR-US: DynPG
CVE-2010-4400 (SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0
allows ...)
@@ -602,8 +602,9 @@
CVE-2010-4314
RESERVED
CVE-2010-4313 (Unrestricted file upload vulnerability in
fileman_file_upload.php in ...)
- TODO: check
+ NOT-FOR-US: Orbis CMS
CVE-2010-4312 (The default configuration of Apache Tomcat 6.x does not include
the ...)
+ - tomcat6 <unfixed>
TODO: check
CVE-2010-4311 (Free Simple Software 1.0 stores passwords in cleartext, which
allows ...)
NOT-FOR-US: Free Simple Software
@@ -875,7 +876,11 @@
CVE-2010-4211 (The PayPal app before 3.0.1 for iOS does not verify that the
server ...)
NOT-FOR-US: PayPal app for iOS
CVE-2010-4210 (The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE
and 8.x ...)
+ - kfreebsd-7 <undetermined>
+ [lenny] - kfreebsd-7 <no-dsa> (Not covered by security support in Lenny)
+ - kfreebsd-8 <undetermined>
TODO: check
+ NOTE: probably already fixed in squeeze
CVE-2010-4209 (Cross-site scripting (XSS) vulnerability in the Flash component
...)
- yui 2.8.2r1~squeeze-1 (bug #603513)
CVE-2010-4208 (Cross-site scripting (XSS) vulnerability in the Flash component
...)
@@ -956,7 +961,7 @@
- openssl 0.9.8o-4
NOTE: http://www.openssl.org/news/secadv_20101202.txt
CVE-2010-4179 (The installation documentation for Red Hat Enterprise Messaging,
...)
- TODO: check
+ NOT-FOR-US: RedHat documentation of MRG
CVE-2010-4178
RESERVED
- mysql-gui-tools <unfixed> (low; bug #605542)
@@ -1360,9 +1365,9 @@
CVE-2010-4013
RESERVED
CVE-2010-4012 (Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and
later ...)
- TODO: check
+ NOT-FOR-US: Apple iOS
CVE-2010-4011 (Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage
...)
- NOT-FOR-US: Dovecot in Apple Mac OS X
+ - dovecot <not-affected> (HT4452 claims it is Apple-specific and
doesn''t affect the OSS version)
CVE-2010-4010 (Integer signedness error in Apple Type Services (ATS) in Apple
Mac OS ...)
NOT-FOR-US: Apple Type Services
CVE-2010-4009 (Integer overflow in Apple QuickTime before 7.6.9 allows remote
...)
@@ -1836,7 +1841,8 @@
CVE-2010-3830 (Networking in Apple iOS before 4.2 accesses an invalid pointer
during ...)
NOT-FOR-US: Apple iOS
CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass
the ...)
- NOT-FOR-US: Apple iOS
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3828 (iAd Content Display in Apple iOS before 4.2 allows
man-in-the-middle ...)
NOT-FOR-US: Apple iOS
CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures
before ...)
@@ -1918,7 +1924,7 @@
CVE-2010-3799
RESERVED
CVE-2010-3798 (Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x
before ...)
- NOT-FOR-US: Apple Mac OS X
+ - xar <removed>
CVE-2010-3797 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple
Mac ...)
NOT-FOR-US: Apple Mac OS X
CVE-2010-3796 (Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5
does not ...)
@@ -3976,6 +3982,7 @@
{DSA-2126-1}
- linux-2.6 2.6.32-24
CVE-2010-3066 (The io_submit_one function in fs/aio.c in the Linux kernel
before ...)
+ - linux-2.6 <unfixed>
TODO: check
CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write
function in ...)
- php5 <unfixed> (unimportant)