Author: geissert
Date: 2010-12-14 19:08:50 +0000 (Tue, 14 Dec 2010)
New Revision: 15707
Modified:
data/CVE/list
Log:
two xpdf issues, fuse, linux, phpmyadmin, spice (itp), NFUs
are the spice browser plugins also part of the itp?
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-12-14 18:07:20 UTC (rev 15706)
+++ data/CVE/list 2010-12-14 19:08:50 UTC (rev 15707)
@@ -256,8 +256,10 @@
CVE-2010-4482 (Unspecified vulnerability in Google Chrome before 8.0.552.215
allows ...)
- chromium-browser <undetermined>
- webkit <undetermined>
-CVE-2010-4481
+CVE-2010-4481 [information disclosure flaw (PMASA-2010-10)]
RESERVED
+ - phpmyadmin <unfixed>
+ TODO: check
CVE-2010-4480 (error.php in PhpMyAdmin 3.3.8.1 and earlier allows remote
attackers to ...)
- phpmyadmin <unfixed>
TODO: check
@@ -855,8 +857,10 @@
CVE-2010-4239
RESERVED
NOT-FOR-US: TikiWiki
-CVE-2010-4238
+CVE-2010-4238 [linux: Xen Dom0 crash with Windows 2008 R2 64bit DomU + GPLPV]
RESERVED
+ - linux-2.6 <unfixed>
+ TODO: check
CVE-2010-4236 (Untrusted search path vulnerability in estaskwrapper in IBM
OmniFind ...)
NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-4235
@@ -1707,8 +1711,10 @@
CVE-2010-3880 (net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does
not ...)
{DSA-2126-1}
- linux-2.6 <unfixed> (low)
-CVE-2010-3879
+CVE-2010-3879 [fuse: unprivileged user can unmount arbitrary locations via
symlink attack]
RESERVED
+ - fuse <unfixed>
+ TODO: check
CVE-2010-3878
RESERVED
CVE-2010-3877
@@ -1834,6 +1840,7 @@
NOT-FOR-US: Apache Qpid
CVE-2009-5004
RESERVED
+ NOT-FOR-US: Apache Qpid
CVE-2010-3845
RESERVED
- libapache-authenhook-perl 2.00-04+pristine-2 (low; bug #599712)
@@ -3364,6 +3371,7 @@
NOT-FOR-US: HP System Management Homepage
CVE-2010-3282
RESERVED
+ NOT-FOR-US: Red Hat Directory Server
CVE-2010-3281 (Stack-based buffer overflow in the HTTP proxy service in ...)
NOT-FOR-US: Alcatel-Lucent OmniVista
CVE-2010-3280 (The CCAgent option 9.0.8.4 and earlier in the management server
(aka ...)
@@ -4679,7 +4687,7 @@
CVE-2010-2794 (The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local
users ...)
NOT-FOR-US: SPICE plugin for Firefox
CVE-2010-2793 (Race condition in the SPICE (aka spice-activex) plug-in for
Internet ...)
- TODO: check
+ NOT-FOR-US: SPICE plugin for Internet Explorer
CVE-2010-2792 (Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for
Firefox ...)
NOT-FOR-US: SPICE plugin for Firefox
CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on
Unix, ...)
@@ -6226,6 +6234,7 @@
NOT-FOR-US: Red Hat Enterprise Virtualization Hypervisor (RHEV-H)
CVE-2010-2222
RESERVED
+ NOT-FOR-US: Red Hat Directory Server
CVE-2010-2221 (Multiple buffer overflows in the iSNS implementation in isns.c
in (1) ...)
- iscsitarget <undetermined>
CVE-2010-2220 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before
3.5.4, ...)
@@ -11477,6 +11486,7 @@
- kvm <not-affected> (QXL support not yet present in Debian packages)
CVE-2010-0430
RESERVED
+ - spice <itp> (bug #560721)
CVE-2010-0429 (libspice, as used in QEMU-KVM in the Hypervisor (aka
rhev-hypervisor) ...)
- spice <itp> (bug #560721)
CVE-2010-0428 (libspice, as used in QEMU-KVM in the Hypervisor (aka
rhev-hypervisor) ...)
@@ -12232,10 +12242,18 @@
NOT-FOR-US: Adobe Flash Plugin
CVE-2010-0208
RESERVED
-CVE-2010-0207
+CVE-2010-0207 [xpdf: XRef table parsing infinite loop]
RESERVED
-CVE-2010-0206
+ - kdegraphics 4.0
+ - xpdf <unfixed>
+ - poppler <unfixed>
+ NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=28172
+CVE-2010-0206 [xpdf: Invalid pointer dereference by processing JBIG2 PDF stream
objects]
RESERVED
+ - kdegraphics 4.0
+ - xpdf <unfixed>
+ - poppler <unfixed>
+ NOTE: https://bugzilla.redhat.com/CVE-2010-0206
CVE-2010-0205 (The png_decompress_chunk function in pngrutil.c in libpng 1.0.x
before ...)
{DSA-2032-1}
- libpng 1.2.43-1 (low; bug #572308)