Author: jmm Date: 2011-01-19 22:09:39 +0000 (Wed, 19 Jan 2011) New Revision: 15932 Modified: data/CVE/list Log: - new php5 issues - one of the php issues is probably an issue in libgd2, but our copy and the impact needs to be verified - there''ll be a DSA for pcsc-lite - bip not affected - bugnum for gif2png Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-01-19 21:15:29 UTC (rev 15931) +++ data/CVE/list 2011-01-19 22:09:39 UTC (rev 15932) @@ -9,13 +9,13 @@ CVE-2011-0486 (Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 ...) TODO: check CVE-2010-4700 (The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...) - TODO: check + - php5 <unfixed> CVE-2010-4699 (The iconv_mime_decode_headers function in the Iconv extension in PHP ...) - TODO: check + - php5 <unfixed> CVE-2010-4698 (Stack-based buffer overflow in the GD extension in PHP before 5.2.15 ...) - TODO: check + - libgd2 <undetermined> CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 ...) - TODO: check + - php5 <unfixed> CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...) TODO: check CVE-2009-5051 (Hastymail2 before RC 8 does not set the secure flag for the session ...) @@ -144,11 +144,11 @@ CVE-2011-0446 RESERVED CVE-2010-4695 (A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as ...) - - gif2png <unfixed> (low; bug filed) + - gif2png <unfixed> (low; bug #610479) [lenny] - gif2png <no-dsa> (Minor issue) [squeeze] - gif2png <no-dsa> (Minor issue) CVE-2010-4694 (Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow ...) - - gif2png <unfixed> (low; bug filed) + - gif2png <unfixed> (low; bug #610479) [lenny] - gif2png <no-dsa> (Minor issue) [squeeze] - gif2png <no-dsa> (Minor issue) CVE-2008-7271 (Multiple cross-site scripting (XSS) vulnerabilities in the Help ...) @@ -1415,9 +1415,7 @@ RESERVED - offlineimap <unfixed> (bug #603450) CVE-2010-4531 (Stack-based buffer overflow in the ATRDecodeAtr function in the ...) - - pcsc-lite 1.6.6-1 (unimportant; bug #607781) - NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356 - NOTE: Theoretical attack + - pcsc-lite 1.6.6-1 (low; bug #607781) CVE-2010-4530 (Signedness error in ccid_serial.c in libccid in the USB Chip/Smart ...) - ccid <unfixed> (unimportant; bug #607780) NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356 @@ -1425,6 +1423,7 @@ CVE-2011-XXXX [unspecified denial of service] - bip 0.8.7-1 [squeeze] - bip 0.8.2-1squeeze3 + [lenny] - bip <not-affected> (Vulnerable code not present) CVE-2010-4529 (Integer underflow in the irda_getsockopt function in ...) - linux-2.6 2.6.32-30 CVE-2010-4528 (directconn.c in the MSN protocol plugin in libpurple 2.7.6 through ...)