[Secure-testing-commits] r15206 - data/CVE

Giuseppe Iuculano Wed, 25 Aug 2010 00:53:12 -0700

Author: iuculano
Date: 2010-08-25 07:52:37 +0000 (Wed, 25 Aug 2010)
New Revision: 15206


Modified:
   data/CVE/list
Log:
- NFUs
- Filed bugs for CVE-2010-2790 CVE-2010-2809 and CVE-2010-2810

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-08-25 07:12:02 UTC (rev 15205)
+++ data/CVE/list       2010-08-25 07:52:37 UTC (rev 15206)
@@ -1,15 +1,15 @@
 CVE-2010-XXXX [two BGP DoS issues]
        - quagga <unfixed> (bug #594262)
 CVE-2010-3109 (Stack-based buffer overflow in the browser plugin in Novell 
iPrint ...)
-       TODO: check
+       NOT-FOR-US: browser plugin in Novell iPrint Client
 CVE-2010-3108 (Buffer overflow in the browser plugin in Novell iPrint Client 
before ...)
-       TODO: check
+       NOT-FOR-US: browser plugin in Novell iPrint Client
 CVE-2010-3107 (A certain ActiveX control in ienipp.ocx in the browser plugin 
in ...)
-       TODO: check
+       NOT-FOR-US: browser plugin in Novell iPrint Client
 CVE-2010-3106 (The ienipp.ocx ActiveX control in the browser plugin in Novell 
iPrint ...)
-       TODO: check
+       NOT-FOR-US: browser plugin in Novell iPrint Client
 CVE-2010-3105 (The PluginGetDriverFile function in Novell iPrint Client before 
5.44 ...)
-       TODO: check
+       NOT-FOR-US: browser plugin in Novell iPrint Client
 CVE-2010-3104 (Directory traversal vulnerability in DeskShare AutoFTP Manager 
4.31, ...)
        NOT-FOR-US: DeskShare AutoFTP Manager
 CVE-2010-3103 (Directory traversal vulnerability in FTPGetter Team FTPGetter 
...)
@@ -166,25 +166,25 @@
 CVE-2010-3033
        RESERVED
 CVE-2010-3032 (Integer overflow in the OBGIOPServerWorker::extractHeader 
function in ...)
-       TODO: check
+       NOT-FOR-US: SAP Crystal Reports 2008
 CVE-2010-3031 (Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other 
...)
-       TODO: check
+       NOT-FOR-US: Wyse ThinOS 
 CVE-2010-3030 (Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus 
Open ...)
-       TODO: check
+       NOT-FOR-US: Tomaz Muraus Open Blog
 CVE-2010-3029 (SQL injection vulnerability in statistics.php in PHPKick 0.8 
allows ...)
-       TODO: check
+       NOT-FOR-US: PHPKick
 CVE-2010-3028 (The Aardvertiser component before 2.2.1 for Joomla! uses 
insecure ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2010-3027 (SQL injection vulnerability in index.php in Tycoon Baseball 
Script ...)
-       TODO: check
+       NOT-FOR-US: Tycoon Baseball Script
 CVE-2010-3026 (Cross-site request forgery (CSRF) vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: Tomaz Muraus Open Blog
 CVE-2010-3025 (Multiple cross-site scripting (XSS) vulnerabilities in Tomaz 
Muraus ...)
-       TODO: check
+       NOT-FOR-US: Tomaz Muraus Open Blog
 CVE-2010-3024 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
...)
-       TODO: check
+       NOT-FOR-US: DiamondList
 CVE-2010-3023 (Multiple cross-site scripting (XSS) vulnerabilities in 
DiamondList ...)
-       TODO: check
+       NOT-FOR-US: DiamondList
 CVE-2010-3022 (Cross-site scripting (XSS) vulnerability in the Performance 
logging ...)
        TODO: check
 CVE-2010-3021 (Unspecified vulnerability in Opera before 10.61 allows remote 
...)
@@ -200,7 +200,7 @@
 CVE-2010-3016
        REJECTED
 CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 
1.1.1 ...)
-       TODO: check
+       NOT-FOR-US: Pligg
 CVE-2010-3012
        RESERVED
 CVE-2010-3011
@@ -697,12 +697,12 @@
 CVE-2010-2811
        RESERVED
 CVE-2010-2810 (Heap-based buffer overflow in the convert_to_idna function in 
...)
-       - lynx-cur <unfixed>
+       - lynx-cur <unfixed> (bug #594300)
        [lenny] - lynx-cur <no-dsa> (Minor issue)
        NOTE: exploit scenario really obscure
        TODO: File bug
 CVE-2010-2809 (The default configuration of the &lt;Button2&gt; binding in 
Uzbl before ...)
-       - uzbl <unfixed> 
+       - uzbl <unfixed> (bug #594301)
        TODO: File bug
 CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in ...)
        - freetype 2.4.2-1
@@ -747,7 +747,7 @@
 CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on 
Unix, ...)
        - apache2 2.2.10-1 (low)
 CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the 
formatQuery ...)
-       - zabbix <unfixed>
+       - zabbix <unfixed> (bug #594304)
        NOTE: https://support.zabbix.com/browse/ZBX-2326
        [lenny] - zabbix <no-dsa> (Minor issue)
 CVE-2010-2789 [mediawiki "register_globals arbitrary inclusion"]


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r15206 - data/CVE

Reply via email to