[Secure-testing-commits] r15765 - data/CVE

Wed, 29 Dec 2010 10:13:06 -0800 

Author: iuculano
Date: 2010-12-29 18:11:31 +0000 (Wed, 29 Dec 2010)
New Revision: 15765

Modified:
   data/CVE/list
Log:
Filed some bugs
NFUs
CVE-2010-1707 is fixed
mysql triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-12-29 16:27:52 UTC (rev 15764)
+++ data/CVE/list       2010-12-29 18:11:31 UTC (rev 15765)
@@ -716,11 +716,11 @@
 CVE-2010-4522
        RESERVED
 CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 
6.x ...)
-       TODO: check
+       NOT-FOR-US: mod for Drupal
 CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Views ...)
-       TODO: check
+       NOT-FOR-US: mod for Drupal
 CVE-2010-4519 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
the ...)
-       TODO: check
+       NOT-FOR-US: mod for Drupal
 CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in ...)
        NOT-FOR-US: Safe Search plugin for WordPress
 CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto 
(com_jeauto) ...)
@@ -895,10 +895,10 @@
        NOTE: unimportant, bypass the pop-up blocker
        NOTE: http://trac.webkit.org/changeset/69990
 CVE-2010-4481 (phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass 
...)
-       - phpmyadmin <unfixed>
+       - phpmyadmin <unfixed> (bug #608290)
        TODO: check
 CVE-2010-4480 (error.php in PhpMyAdmin 3.3.8.1, and other versions before ...)
-       - phpmyadmin <unfixed>
+       - phpmyadmin <unfixed> (bug #608290)
        TODO: check
 CVE-2010-4510
        REJECTED
@@ -1282,7 +1282,7 @@
 CVE-2010-4313 (Unrestricted file upload vulnerability in 
fileman_file_upload.php in ...)
        NOT-FOR-US: Orbis CMS
 CVE-2010-4312 (The default configuration of Apache Tomcat 6.x does not include 
the ...)
-       - tomcat6 <unfixed>
+       - tomcat6 <unfixed> (bug #608286)
        TODO: check
 CVE-2010-4311 (Free Simple Software 1.0 stores passwords in cleartext, which 
allows ...)
        NOT-FOR-US: Free Simple Software
@@ -1393,7 +1393,7 @@
 CVE-2010-4278 (operation/agentes/networkmap.php in Pandora FMS before 3.1.1 
allows ...)
        NOT-FOR-US: Pandora FMS
 CVE-2010-4277 (Cross-site scripting (XSS) vulnerability in lembedded-video.php 
in the ...)
-       TODO: check
+       NOT-FOR-US: Embedded Video plugin 4.1 for WordPress 
 CVE-2010-4276
        RESERVED
 CVE-2010-4275 (Multiple cross-site scripting (XSS) vulnerabilities in Radius 
Manager ...)
@@ -1450,8 +1450,7 @@
        RESERVED
        - linux-2.6 <unfixed>
 CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 
is ...)
-       - moon <unfixed>
-       TODO: check
+       - moon <unfixed> (bug #608288)
        NOTE: 201011251552.17678.tho...@suse.de
 CVE-2010-4253
        RESERVED
@@ -2294,7 +2293,7 @@
        - git-core <removed>
        - git 1:1.7.2.3-2.2
 CVE-2010-3905 (The password reset feature in the administrator interface for 
...)
-       - eucalyptus <unfixed>
+       - eucalyptus <unfixed> (bug #608289)
 CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the 
Reliable ...)
        - linux-2.6 2.6.32-26
        [lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 
2.6.30)
@@ -2496,6 +2495,7 @@
        RESERVED
        - mysql-5.1 5.1.49-3 (bug #599937) 
        - mysql-dfsg-5.0 <removed>
+       [lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
 CVE-2010-3838
        RESERVED
        - mysql-5.1 5.1.49-3 (bug #599937) 
@@ -2974,6 +2974,7 @@
        RESERVED
        - mysql-5.1 5.1.49-1 (bug #598580)
        - mysql-dfsg-5.0 <removed>
+       [lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
 CVE-2010-3682
        RESERVED
        - mysql-5.1 5.1.49-1 (bug #598580)
@@ -8282,8 +8283,7 @@
 CVE-2010-1708 (Multiple SQL injection vulnerabilities in agentadmin.php in 
Free ...)
        NOT-FOR-US: Free Realty
 CVE-2010-1707 (Multiple cross-site scripting (XSS) vulnerabilities in 
register.php in ...)
-       - piwigo <undetermined>
-       TODO: check
+       - piwigo 2.0.10-1
 CVE-2010-1706 (Multiple SQL injection vulnerabilities in login.php in 2daybiz 
Auction ...)
        NOT-FOR-US: 2daybiz Auction Script
 CVE-2010-1705 (SQL injection vulnerability in casting_view.php in Modelbook 
allows ...)
@@ -8789,7 +8789,7 @@
 CVE-2010-1520 (Cross-site scripting (XSS) vulnerability in logout.php in 
TaskFreak! ...)
        NOT-FOR-US: TaskFreak! Original multi user
 CVE-2010-1519 (Multiple integer overflows in glpng.c in glpng 1.45 allow ...)
-       - libglpng <unfixed> (low; bug filed)
+       - libglpng <unfixed> (low; bug #595171)
        [lenny] - libglpng <no-dsa> (Minor issue)
 CVE-2010-1518 (Array index error in the SetDLInfo method in the GIGABYTE 
Dldrv2 ...)
        NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to