thr3ads.net - Secure testing commits - [Secure-testing-commits] r15721

If this information is useful, please help other people find it:
Share via:
Raphael Geissert
2010-Dec-21 08:54 UTC
[Secure-testing-commits] r15721 - data/CVE

Author: geissert
Date: 2010-12-21 08:54:30 +0000 (Tue, 21 Dec 2010)
New Revision: 15721

Modified:
   data/CVE/list
Log:
mantis, dbus, jboss, gitweb, cups, NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-12-20 21:14:34 UTC (rev 15720)
+++ data/CVE/list	2010-12-21 08:54:30 UTC (rev 15721)
@@ -501,33 +501,34 @@
 CVE-2010-4398 (Stack-based buffer overflow in the RtlQueryRegistryValues
function in ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-4397 (Integer overflow in the pnen3260.dll module in RealNetworks
RealPlayer ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4396 (Cross-zone scripting vulnerability in the HandleAction method in
a ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4395 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0
through ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4394 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0
through ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4393
 	RESERVED
+	NOT-FOR-US: RealPlayer
 CVE-2010-4392 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0
through ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4391 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0
through ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4390 (Multiple heap-based buffer overflows in RealNetworks RealPlayer
11.0 ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4389 (Heap-based buffer overflow in the cook codec in RealNetworks
...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4388 (The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html
components ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4387 (The RealAudio codec in RealNetworks RealPlayer 11.0 through
11.1, ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4386 (RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0
through ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4385 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1,
...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4384 (Array index error in RealNetworks RealPlayer 11.0 through 11.1,
...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2010-4383 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0
through ...)
 	NOT-FOR-US: RealPlayer
 CVE-2010-4382 (Multiple heap-based buffer overflows in RealNetworks RealPlayer
11.0 ...)
@@ -612,16 +613,24 @@
 	NOT-FOR-US: Cisco ASA
 CVE-2010-4353
 	RESERVED
-CVE-2010-4352
+CVE-2010-4352 [dbus stack overflow on excessive number of nested variants]
 	RESERVED
+	- dbus <unfixed>
+	TODO: check
 CVE-2010-4351
 	RESERVED
-CVE-2010-4350
+CVE-2010-4350 [mantisbt local file inclusion]
 	RESERVED
-CVE-2010-4349
+	- mantis <unfixed>
+	TODO: check
+CVE-2010-4349 [mantisbt path disclosure]
 	RESERVED
-CVE-2010-4348
+	- mantis <unfixed>
+	TODO: check
+CVE-2010-4348 [mantisbt XSS]
 	RESERVED
+	- mantis <unfixed>
+	TODO: check
 CVE-2010-4347
 	RESERVED
 	- linux-2.6 <not-affected> (Introduced in 2.6.33 and fixed in 2.6.36.2,
we never released an affected kernel)
@@ -819,8 +828,9 @@
 	RESERVED
 CVE-2010-4266
 	RESERVED
-CVE-2010-4265
+CVE-2010-4265 [jboss: CVE-2010-3862 not actually fixed]
 	RESERVED
+	- jbossas4 <not-affected> (Red Hat issue, they didn''t include
the fix for CVE-2010-3862 in the update)
 CVE-2010-4264
 	RESERVED
 CVE-2010-4263 [linux: igb panics when receiving tag vlan packet]
@@ -1692,6 +1702,8 @@
 CVE-2010-3907
 	RESERVED
 CVE-2010-3906 (Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and
earlier ...)
+	- git-core <removed>
+	- git <unfixed>
 	TODO: check
 CVE-2010-3905
 	RESERVED
@@ -1754,8 +1766,10 @@
 CVE-2010-3879 [fuse: unprivileged user can unmount arbitrary locations via
symlink attack]
 	RESERVED
 	- fuse <unfixed> (bug #602333)
-CVE-2010-3878
+CVE-2010-3878 [JBoss EAP jmx console FileDeployment CSRF]
 	RESERVED
+	- jbossas4a <unfixed>
+	TODO: check
 CVE-2010-3877
 	RESERVED
 	{DSA-2126-1}
@@ -1800,8 +1814,10 @@
 	- openssl 0.9.8o-3
 CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not
canonicalize ...)
 	NOT-FOR-US: Apache Shiro / JSecurity
-CVE-2010-3862
+CVE-2010-3862 [JBoss Remoting Denial-Of-Service]
 	RESERVED
+	- jbossas4 <unfixed>
+	TODO: check
 CVE-2010-3861 (The ethtool_get_rxnfc function in net/core/ethtool.c in the
Linux ...)
 	- linux-2.6 2.6.32-29
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
@@ -2279,8 +2295,10 @@
 	- php5 5.3.3-3 (bug #601619)
 CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through
5.2.14 ...)
 	- php5 5.3.3-4 (bug #603751)
-CVE-2010-3708
+CVE-2010-3708 [JBoss drools deserialization remote code execution]
 	RESERVED
+	- jbossas4 <unfixed>
+	TODO: check
 CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15
and ...)
 	- dovecot 1.2.15-1
 	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
@@ -15855,6 +15873,7 @@
 	NOTE:
http://www.cups.org/newsgroups.php/s1+gcups.bugs?s1+gcups.bugs+v4+T+Q3200
 CVE-2009-3552
 	RESERVED
+	NOT-FOR-US: Red Hat Enterprise Virtualization Manager
 CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in
...)
 	- wireshark 1.2.3-1 (low; bug #553583)
 	[lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
@@ -34705,7 +34724,8 @@
 CVE-2008-3274 (The default configuration of Red Hat Enterprise IPA 1.0.0 and
FreeIPA ...)
 	NOT-FOR-US: FreeIPA
 CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP)
before ...)
-	NOT-FOR-US: JBoss
+	- jbossas4 <undetermined>
+	TODO: check
 CVE-2008-3272 (The snd_seq_oss_synth_make_info function in ...)
 	{DSA-1636-1 DSA-1630-1}
 	- linux-2.6.24 2.6.24-6~etchnhalf.5
@@ -40124,7 +40144,8 @@
 CVE-2008-1034 (Integer underflow in Help Viewer in Apple Mac OS X before 10.5
allows ...)
 	NOT-FOR-US: Apple Mac OS
 CVE-2008-1033 (The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when
debug ...)
-	NOT-FOR-US: Apple Mac OS
+	- cups <unfixed>
+	TODO: check
 CVE-2008-1032 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS
X ...)
 	NOT-FOR-US: Apple Mac OS
 CVE-2008-1031 (CoreGraphics in Apple Mac OS X before 10.5.3 allows remote
attackers ...)
@@ -40210,7 +40231,7 @@
 CVE-2008-0993 (Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2
invokes ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0992 (Array index error in pax in Apple Mac OS X 10.5.2 allows ...)
-	NOT-FOR-US: Apple Mac OS X
+	- pax <not-affected> (issue specific to Apple''s version of pax)
 CVE-2008-0991
 	RESERVED
 CVE-2008-0990 (notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port
death ...)
Secure testing commits - Dec 2010 - r15721 - data/CVE

[Secure-testing-commits] r15721 - data/CVE
