Author: iuculano Date: 2010-12-29 18:11:31 +0000 (Wed, 29 Dec 2010) New Revision: 15765 Modified: data/CVE/list Log: Filed some bugs NFUs CVE-2010-1707 is fixed mysql triage Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-12-29 16:27:52 UTC (rev 15764) +++ data/CVE/list 2010-12-29 18:11:31 UTC (rev 15765) @@ -716,11 +716,11 @@ CVE-2010-4522 RESERVED CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x ...) - TODO: check + NOT-FOR-US: mod for Drupal CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...) - TODO: check + NOT-FOR-US: mod for Drupal CVE-2010-4519 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) - TODO: check + NOT-FOR-US: mod for Drupal CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Safe Search plugin for WordPress CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) ...) @@ -895,10 +895,10 @@ NOTE: unimportant, bypass the pop-up blocker NOTE: http://trac.webkit.org/changeset/69990 CVE-2010-4481 (phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass ...) - - phpmyadmin <unfixed> + - phpmyadmin <unfixed> (bug #608290) TODO: check CVE-2010-4480 (error.php in PhpMyAdmin 3.3.8.1, and other versions before ...) - - phpmyadmin <unfixed> + - phpmyadmin <unfixed> (bug #608290) TODO: check CVE-2010-4510 REJECTED @@ -1282,7 +1282,7 @@ CVE-2010-4313 (Unrestricted file upload vulnerability in fileman_file_upload.php in ...) NOT-FOR-US: Orbis CMS CVE-2010-4312 (The default configuration of Apache Tomcat 6.x does not include the ...) - - tomcat6 <unfixed> + - tomcat6 <unfixed> (bug #608286) TODO: check CVE-2010-4311 (Free Simple Software 1.0 stores passwords in cleartext, which allows ...) NOT-FOR-US: Free Simple Software @@ -1393,7 +1393,7 @@ CVE-2010-4278 (operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows ...) NOT-FOR-US: Pandora FMS CVE-2010-4277 (Cross-site scripting (XSS) vulnerability in lembedded-video.php in the ...) - TODO: check + NOT-FOR-US: Embedded Video plugin 4.1 for WordPress CVE-2010-4276 RESERVED CVE-2010-4275 (Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager ...) @@ -1450,8 +1450,7 @@ RESERVED - linux-2.6 <unfixed> CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is ...) - - moon <unfixed> - TODO: check + - moon <unfixed> (bug #608288) NOTE: 201011251552.17678.thomas at suse.de CVE-2010-4253 RESERVED @@ -2294,7 +2293,7 @@ - git-core <removed> - git 1:1.7.2.3-2.2 CVE-2010-3905 (The password reset feature in the administrator interface for ...) - - eucalyptus <unfixed> + - eucalyptus <unfixed> (bug #608289) CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the Reliable ...) - linux-2.6 2.6.32-26 [lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.30) @@ -2496,6 +2495,7 @@ RESERVED - mysql-5.1 5.1.49-3 (bug #599937) - mysql-dfsg-5.0 <removed> + [lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present) CVE-2010-3838 RESERVED - mysql-5.1 5.1.49-3 (bug #599937) @@ -2974,6 +2974,7 @@ RESERVED - mysql-5.1 5.1.49-1 (bug #598580) - mysql-dfsg-5.0 <removed> + [lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present) CVE-2010-3682 RESERVED - mysql-5.1 5.1.49-1 (bug #598580) @@ -8282,8 +8283,7 @@ CVE-2010-1708 (Multiple SQL injection vulnerabilities in agentadmin.php in Free ...) NOT-FOR-US: Free Realty CVE-2010-1707 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) - - piwigo <undetermined> - TODO: check + - piwigo 2.0.10-1 CVE-2010-1706 (Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction ...) NOT-FOR-US: 2daybiz Auction Script CVE-2010-1705 (SQL injection vulnerability in casting_view.php in Modelbook allows ...) @@ -8789,7 +8789,7 @@ CVE-2010-1520 (Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! ...) NOT-FOR-US: TaskFreak! Original multi user CVE-2010-1519 (Multiple integer overflows in glpng.c in glpng 1.45 allow ...) - - libglpng <unfixed> (low; bug filed) + - libglpng <unfixed> (low; bug #595171) [lenny] - libglpng <no-dsa> (Minor issue) CVE-2010-1518 (Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ...) NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control