thr3ads.net - Secure testing commits - [Secure-testing-commits] r15935

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Jan-21 21:14 UTC
[Secure-testing-commits] r15935 - data/CVE

Author: joeyh
Date: 2011-01-21 21:14:41 +0000 (Fri, 21 Jan 2011)
New Revision: 15935

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-01-20 21:14:58 UTC (rev 15934)
+++ data/CVE/list	2011-01-21 21:14:41 UTC (rev 15935)
@@ -1,5 +1,289 @@
-CVE-2011-0495
+CVE-2011-0634
 	RESERVED
+CVE-2011-0633
+	RESERVED
+CVE-2011-0632
+	RESERVED
+CVE-2011-0631
+	RESERVED
+CVE-2011-0630
+	RESERVED
+CVE-2011-0629
+	RESERVED
+CVE-2011-0628
+	RESERVED
+CVE-2011-0627
+	RESERVED
+CVE-2011-0626
+	RESERVED
+CVE-2011-0625
+	RESERVED
+CVE-2011-0624
+	RESERVED
+CVE-2011-0623
+	RESERVED
+CVE-2011-0622
+	RESERVED
+CVE-2011-0621
+	RESERVED
+CVE-2011-0620
+	RESERVED
+CVE-2011-0619
+	RESERVED
+CVE-2011-0618
+	RESERVED
+CVE-2011-0617
+	RESERVED
+CVE-2011-0616
+	RESERVED
+CVE-2011-0615
+	RESERVED
+CVE-2011-0614
+	RESERVED
+CVE-2011-0613
+	RESERVED
+CVE-2011-0612
+	RESERVED
+CVE-2011-0611
+	RESERVED
+CVE-2011-0610
+	RESERVED
+CVE-2011-0609
+	RESERVED
+CVE-2011-0608
+	RESERVED
+CVE-2011-0607
+	RESERVED
+CVE-2011-0606
+	RESERVED
+CVE-2011-0605
+	RESERVED
+CVE-2011-0604
+	RESERVED
+CVE-2011-0603
+	RESERVED
+CVE-2011-0602
+	RESERVED
+CVE-2011-0601
+	RESERVED
+CVE-2011-0600
+	RESERVED
+CVE-2011-0599
+	RESERVED
+CVE-2011-0598
+	RESERVED
+CVE-2011-0597
+	RESERVED
+CVE-2011-0596
+	RESERVED
+CVE-2011-0595
+	RESERVED
+CVE-2011-0594
+	RESERVED
+CVE-2011-0593
+	RESERVED
+CVE-2011-0592
+	RESERVED
+CVE-2011-0591
+	RESERVED
+CVE-2011-0590
+	RESERVED
+CVE-2011-0589
+	RESERVED
+CVE-2011-0588
+	RESERVED
+CVE-2011-0587
+	RESERVED
+CVE-2011-0586
+	RESERVED
+CVE-2011-0585
+	RESERVED
+CVE-2011-0584
+	RESERVED
+CVE-2011-0583
+	RESERVED
+CVE-2011-0582
+	RESERVED
+CVE-2011-0581
+	RESERVED
+CVE-2011-0580
+	RESERVED
+CVE-2011-0579
+	RESERVED
+CVE-2011-0578
+	RESERVED
+CVE-2011-0577
+	RESERVED
+CVE-2011-0576
+	RESERVED
+CVE-2011-0575
+	RESERVED
+CVE-2011-0574
+	RESERVED
+CVE-2011-0573
+	RESERVED
+CVE-2011-0572
+	RESERVED
+CVE-2011-0571
+	RESERVED
+CVE-2011-0570
+	RESERVED
+CVE-2011-0569
+	RESERVED
+CVE-2011-0568
+	RESERVED
+CVE-2011-0567
+	RESERVED
+CVE-2011-0566
+	RESERVED
+CVE-2011-0565
+	RESERVED
+CVE-2011-0564
+	RESERVED
+CVE-2011-0563
+	RESERVED
+CVE-2011-0562
+	RESERVED
+CVE-2011-0561
+	RESERVED
+CVE-2011-0560
+	RESERVED
+CVE-2011-0559
+	RESERVED
+CVE-2011-0558
+	RESERVED
+CVE-2011-0557
+	RESERVED
+CVE-2011-0556
+	RESERVED
+CVE-2011-0555
+	RESERVED
+CVE-2011-0554
+	RESERVED
+CVE-2011-0553
+	RESERVED
+CVE-2011-0552
+	RESERVED
+CVE-2011-0551
+	RESERVED
+CVE-2011-0550
+	RESERVED
+CVE-2011-0549
+	RESERVED
+CVE-2011-0548
+	RESERVED
+CVE-2011-0547
+	RESERVED
+CVE-2011-0546
+	RESERVED
+CVE-2011-0545
+	RESERVED
+CVE-2011-0544
+	RESERVED
+CVE-2011-0543
+	RESERVED
+CVE-2011-0542
+	RESERVED
+CVE-2011-0541
+	RESERVED
+CVE-2011-0540
+	RESERVED
+CVE-2011-0539
+	RESERVED
+CVE-2011-0538
+	RESERVED
+CVE-2011-0537
+	RESERVED
+CVE-2011-0536
+	RESERVED
+CVE-2011-0535
+	RESERVED
+CVE-2011-0534
+	RESERVED
+CVE-2011-0533
+	RESERVED
+CVE-2011-0532
+	RESERVED
+CVE-2011-0531
+	RESERVED
+CVE-2011-0530
+	RESERVED
+CVE-2011-0529
+	RESERVED
+CVE-2011-0528
+	RESERVED
+CVE-2011-0527
+	RESERVED
+CVE-2011-0526
+	RESERVED
+CVE-2011-0525
+	RESERVED
+CVE-2011-0524
+	RESERVED
+CVE-2011-0523
+	RESERVED
+CVE-2011-0522
+	RESERVED
+CVE-2011-0521
+	RESERVED
+CVE-2011-0520
+	RESERVED
+CVE-2011-0519 (SQL injection vulnerability in gallery.php in Gallarific PHP
Photo ...)
+	TODO: check
+CVE-2011-0518 (Directory traversal vulnerability in core/lib/router.php in
LotusCMS ...)
+	TODO: check
+CVE-2011-0517 (Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00
and ...)
+	TODO: check
+CVE-2011-0516 (SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore
Site ...)
+	TODO: check
+CVE-2011-0515 (KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011
SP5.2 ...)
+	TODO: check
+CVE-2011-0514 (The RDS service (rds.exe) in HP Data Protector Manager 6.11
allows ...)
+	TODO: check
+CVE-2011-0513 (DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier
allows ...)
+	TODO: check
+CVE-2011-0512 (SQL injection vulnerability in team.php in the Teams Structure
module ...)
+	TODO: check
+CVE-2011-0511 (SQL injection vulnerability in the allCineVid component ...)
+	TODO: check
+CVE-2011-0510 (SQL injection vulnerability in cart.php in Advanced Webhost
Billing ...)
+	TODO: check
+CVE-2011-0509 (Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9
allows ...)
+	TODO: check
+CVE-2011-0508 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2011-0507 (FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736
...)
+	TODO: check
+CVE-2011-0506 (Directory traversal vulnerability in modules/profile/user.php in
Ax ...)
+	TODO: check
+CVE-2011-0505 (Directory traversal vulnerability in system/system.php in Zwii
2.1.1, ...)
+	TODO: check
+CVE-2011-0504 (Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop
1.6, ...)
+	TODO: check
+CVE-2011-0503 (Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6,
...)
+	TODO: check
+CVE-2011-0502 (Music Animation Machine MIDI Player 2006aug19 Release 035 and
possibly ...)
+	TODO: check
+CVE-2011-0501 (Stack-based buffer overflow in Music Animation Machine MIDI
Player ...)
+	TODO: check
+CVE-2011-0500 (Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier;
and ...)
+	TODO: check
+CVE-2011-0499 (Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier
...)
+	TODO: check
+CVE-2011-0498 (Stack-based buffer overflow in Nokia Multimedia Player
1.00.55.5010, ...)
+	TODO: check
+CVE-2011-0497 (Directory traversal vulnerability in Sybase EAServer 6.x before
6.3 ...)
+	TODO: check
+CVE-2011-0496 (Unspecified vulnerability in Sybase EAServer 5.x and 6.x before
6.3 ...)
+	TODO: check
+CVE-2010-4703 (SQL injection vulnerability in default.asp in HotWebScripts
HotWeb ...)
+	TODO: check
+CVE-2010-4702 (SQL injection vulnerability in JRadio (com_jradio) component
before ...)
+	TODO: check
+CVE-2010-4701 (Heap-based buffer overflow in the CDrawPoly::Serialize function
in ...)
+	TODO: check
+CVE-2011-0495 (Stack-based buffer overflow in the ast_uri_encode function in
...)
+	TODO: check
 CVE-2011-0494 (Directory traversal vulnerability in WebSEAL in IBM Tivoli
Access ...)
 	TODO: check
 CVE-2011-0489 (The server components in Objectivity/DB 10.0 do not require ...)
@@ -1218,7 +1502,7 @@
 	- chromium-browser 6.0.472.63~r59945-4
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/73432
-CVE-2010-4577 (Google Chrome before 8.0.552.224 and Chrome OS before
8.0.552.343 do ...)
+CVE-2010-4577 (The CSSParser::parseFontFaceSrc function in
WebCore/css/CSSParser.cpp ...)
 	- chromium-browser 6.0.472.63~r59945-4
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/72685
@@ -1554,8 +1838,7 @@
 	NOTE: http://www.sudo.ws/sudo/alerts/runas_group_pw.html
 CVE-2011-0009
 	RESERVED
-CVE-2011-0008
-	RESERVED
+CVE-2011-0008 (A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14
on ...)
 	- sudo <not-affected> (Fedora-specific issue)
 CVE-2011-0007 (pimd 2.1.5 and possibly earlier versions allows user-assisted
local ...)
 	{DSA-2147-1}
@@ -1920,8 +2203,7 @@
 	[lenny] - awstats <no-dsa> (Minor issue)
 CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95
...)
 	- awstats 6.9.5~dfsg-1 (unimportant)
-CVE-2010-4338 [ocrodjvu insecure temp files handling]
-	RESERVED
+CVE-2010-4338 (ocrodjvu 0.4.6-1 on Debian GNU/Linux, when using Cuneiform as
the OCR ...)
 	- ocrodjvu 0.4.6-2 (low; bug #598134)
 CVE-2010-4339 (Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0
allows ...)
 	- hypermail <removed> (low; bug #598743)
@@ -1969,8 +2251,7 @@
 CVE-2010-4352 (Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1
...)
 	{DSA-2149-1}
 	- dbus 1.2.24-4
-CVE-2010-4351 [IcedTea JNLP SecurityManager bypass]
-	RESERVED
+CVE-2010-4351 (The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before
1.7.7, 1.8 ...)
 	- openjdk-6 6b18-1.8.4-1
 CVE-2010-4350 (Directory traversal vulnerability in
admin/upgrade_unattended.php in ...)
 	- mantis <not-affected> (admin dir procected in Apache config, see
#607159)
@@ -1999,8 +2280,8 @@
 	NOT-FOR-US: Pointter PHP Micro-Blogging Social Network
 CVE-2010-4332 (Pointter PHP Content Management System 1.0 allows remote
attackers to ...)
 	NOT-FOR-US: Pointter PHP Content Management System
-CVE-2010-4331
-	RESERVED
+CVE-2010-4331 (Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel
2.2.0 ...)
+	TODO: check
 CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in
Pulse ...)
 	NOT-FOR-US: Pulse CMS Basic
 CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton
...)
@@ -2169,8 +2450,8 @@
 	NOT-FOR-US: Collabtive
 CVE-2010-4268 (SQL injection vulnerability in the Pulse Infotech Flip Wall ...)
 	NOT-FOR-US: Pulse Infotech
-CVE-2010-4267
-	RESERVED
+CVE-2010-4267 (Stack-based buffer overflow in the hpmud_get_pml function in
...)
+	TODO: check
 CVE-2010-4266
 	RESERVED
 CVE-2010-4265 (The ...)
@@ -2319,7 +2600,7 @@
 	- yui 2.8.2r1~squeeze-1 (bug #603513)
 CVE-2010-4207 (Cross-site scripting (XSS) vulnerability in the Flash component
...)
 	- yui 2.8.2r1~squeeze-1 (bug #603513)
-CVE-2010-4206 (Google Chrome before 7.0.517.44 accesses memory at an
out-of-bounds ...)
+CVE-2010-4206 (Array index error in the FEBlend::apply function in ...)
 	- webkit 1.2.6-1
 	- chromium-browser 6.0.472.63~r59945-2
 	NOTE: http://trac.webkit.org/changeset/70652
@@ -2328,7 +2609,7 @@
 	- chromium-browser 6.0.472.63~r59945-2
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=48159
 	NOTE: http://trac.webkit.org/changeset/70550
-CVE-2010-4204 (Google Chrome before 7.0.517.44 accesses a frame object after
this ...)
+CVE-2010-4204 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk
before ...)
 	- webkit 1.2.6-1
 	- chromium-browser 6.0.472.63~r59945-2
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=48281
@@ -2348,12 +2629,12 @@
 	- webkit <undetermined>
 	- chromium-browser 6.0.472.63~r59945-2
 	NOTE: http://trac.webkit.org/changeset/69936
-CVE-2010-4198 (Google Chrome before 7.0.517.44 does not properly handle large
text ...)
+CVE-2010-4198 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk
before ...)
 	- webkit 1.2.6-1
 	- chromium-browser 6.0.472.63~r59945-2
 	NOTE: http://trac.webkit.org/changeset/69735
 	NOTE: style fix change set: http://trac.webkit.org/changeset/69801
-CVE-2010-4197 (Use-after-free vulnerability in Google Chrome before 7.0.517.44
allows ...)
+CVE-2010-4197 (Use-after-free vulnerability in WebKit, as used in Google Chrome
...)
 	- webkit 1.2.6-1
 	- chromium-browser 6.0.472.63~r59945-2
 	NOTE: http://trac.webkit.org/changeset/70594
@@ -2644,8 +2925,7 @@
 CVE-2010-4072 (The copy_shmid_to_user function in ipc/shm.c in the Linux kernel
...)
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-29 (low)
-CVE-2010-4071
-	RESERVED
+CVE-2010-4071 (Cross-site scripting (XSS) vulnerability in AgentTicketZoom in
OTRS ...)
 	- otrs2 2.4.9+dfsg1-1
 CVE-2010-4070 (Integer overflow in librpc.dll in portmap.exe (aka the ISM
Portmapper ...)
 	NOT-FOR-US: portmap.exe
@@ -2985,15 +3265,15 @@
 CVE-2010-3933 (Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested
...)
 	- rails <not-affected> (Only affects >= 2.3.9, which is not yet in
the archive)
 CVE-2010-3932
-	RESERVED
-CVE-2010-3931
-	RESERVED
+	REJECTED
+CVE-2010-3931 (Cross-site scripting (XSS) vulnerability in multiple Rocomotion
...)
+	TODO: check
 CVE-2010-3930
 	RESERVED
 CVE-2010-3929
 	RESERVED
-CVE-2010-3928
-	RESERVED
+CVE-2010-3928 (Ruby Version Manager (RVM) before 1.2.1 writes file contents to
a ...)
+	TODO: check
 CVE-2010-3927
 	RESERVED
 CVE-2010-3926 (Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi
in ...)
@@ -3307,10 +3587,10 @@
 	RESERVED
 CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c
in ...)
 	- freetype 2.4.2-2.1 (bug #602221)
-CVE-2010-3813 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
+CVE-2010-3813 (The WebCore::HTMLLinkElement::process function in ...)
 	- webkit 1.2.6-1
 	- chromium-browser <undetermined>
-CVE-2010-3812 (Integer overflow in the wholeText method in WebKit in Apple
Safari ...)
+CVE-2010-3812 (Integer overflow in the Text::wholeText method in dom/Text.cpp
in ...)
 	- webkit 1.2.6-1
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser <undetermined>
@@ -6333,8 +6613,8 @@
 	NOT-FOR-US: Microsoft Windows Media Player
 CVE-2010-2744 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3,
Windows ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2010-2743
-	RESERVED
+CVE-2010-2743 (The kernel-mode drivers in Microsoft Windows XP SP3 do not
properly ...)
+	TODO: check
 CVE-2010-2742 (The Netlogon RPC Service in Microsoft Windows Server 2003 SP2
and ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-2741 (The OpenType Font (OTF) format driver in Microsoft Windows XP
SP2 and ...)
Secure testing commits - Jan 2011 - r15935 - data/CVE

[Secure-testing-commits] r15935 - data/CVE
