diff options
author | Joey Hess <joeyh@debian.org> | 2010-04-05 21:15:05 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2010-04-05 21:15:05 +0000 |
commit | 026da81da23210575b2d929a6ecd035d3ab5aa83 (patch) | |
tree | 62787410ba82219f773e451e976ba67676752d31 /data/CVE | |
parent | 01d42b9a4ebc64958e86c3965ba2cc91279f2ce4 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@14411 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2000.list | 4 | ||||
-rw-r--r-- | data/CVE/2001.list | 2 | ||||
-rw-r--r-- | data/CVE/2002.list | 6 | ||||
-rw-r--r-- | data/CVE/2003.list | 12 | ||||
-rw-r--r-- | data/CVE/2004.list | 2 | ||||
-rw-r--r-- | data/CVE/2005.list | 4 | ||||
-rw-r--r-- | data/CVE/2007.list | 4 | ||||
-rw-r--r-- | data/CVE/2008.list | 5 | ||||
-rw-r--r-- | data/CVE/2009.list | 21 | ||||
-rw-r--r-- | data/CVE/2010.list | 72 |
10 files changed, 85 insertions, 47 deletions
diff --git a/data/CVE/2000.list b/data/CVE/2000.list index 7ea3e35b76..911c96aaf6 100644 --- a/data/CVE/2000.list +++ b/data/CVE/2000.list @@ -1,3 +1,7 @@ +CVE-2000-1246 (NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 ...) + TODO: check +CVE-2000-1245 (Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the ...) + TODO: check CVE-2000-1244 (Computer Associates InoculateIT Agent for Exchange Server does not ...) NOT-FOR-US: Exchange Server CVE-2000-1243 (Privacy leak in Dansie Shopping Cart 3.04, and probably earlier ...) diff --git a/data/CVE/2001.list b/data/CVE/2001.list index 7df6c3086d..d579b9f588 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -1,3 +1,5 @@ +CVE-2001-1587 (NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows ...) + TODO: check CVE-2001-1586 (Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1585 (SSH protocol 2 (aka SSH-2) public key authentication in the ...) diff --git a/data/CVE/2002.list b/data/CVE/2002.list index aefc44d807..e7a3d51082 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -1,3 +1,9 @@ +CVE-2002-2434 (NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not ...) + TODO: check +CVE-2002-2433 (NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows ...) + TODO: check +CVE-2002-2432 (Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server ...) + TODO: check CVE-2002-2431 (Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows ...) NOT-FOR-US: GoAhead WebServer CVE-2002-2430 (GoAhead WebServer before 2.1.1 allows remote attackers to cause a ...) diff --git a/data/CVE/2003.list b/data/CVE/2003.list index e8744be24c..c3c44f7787 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -1,3 +1,15 @@ +CVE-2003-1596 (NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not ...) + TODO: check +CVE-2003-1595 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...) + TODO: check +CVE-2003-1594 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...) + TODO: check +CVE-2003-1593 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...) + TODO: check +CVE-2003-1592 (Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell ...) + TODO: check +CVE-2003-1591 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...) + TODO: check CVE-2003-1590 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 ...) NOT-FOR-US: Sun ONE Web Server CVE-2003-1589 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 ...) diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 3a265d2e9f..781c85e576 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -1,3 +1,5 @@ +CVE-2004-2767 (NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not ...) + TODO: check CVE-2004-2766 (Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server ...) NOT-FOR-US: iPlanet Messaging Server/Sun ONE Messaging Server CVE-2004-2765 (Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE ...) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index a4714bc228..413801b122 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -1,3 +1,7 @@ +CVE-2005-4888 (NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows ...) + TODO: check +CVE-2005-4887 (NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 ...) + TODO: check CVE-2005-4886 (The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the ...) - linux-2.6 2.6.12-1 - linux-2.6.24 <not-affected> (fixed before 2.6.24) diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 3137a8bb02..5d081214cc 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1,3 +1,7 @@ +CVE-2007-6735 (NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not ...) + TODO: check +CVE-2007-6734 (NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 ...) + TODO: check CVE-2007-6733 (The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does ...) - linux-2.6 2.6.10-1 CVE-2007-6732 (Multiple buffer overflows in the dtt_load function in ...) diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 9dc017c8ef..248173a59b 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -2495,6 +2495,7 @@ CVE-2008-6081 (SQL injection vulnerability in contact.php in Simple Customer 1.2 CVE-2008-6080 (Directory traversal vulnerability in download.php in the ionFiles ...) NOT-FOR-US: Joomla CVE-2008-6079 (Multiple unspecified vulnerabilities in imlib2 before 1.4.2 have ...) + {DSA-2029-1} - imlib2 1.4.2-1 (bug #576469) NOTE: poked upstream for more details CVE-2008-6078 (SQL injection vulnerability in open.php in the Private Messaging ...) @@ -9284,8 +9285,8 @@ CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion dur - libxml2 2.6.32.dfsg-3 (medium) CVE-2008-3280 RESERVED -CVE-2008-3279 - RESERVED +CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 ...) + TODO: check CVE-2008-3278 RESERVED CVE-2008-3277 diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 033cfea4b8..a9d987f9ca 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -1,3 +1,5 @@ +CVE-2009-4764 (Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that ...) + TODO: check CVE-2009-4763 (Unspecified vulnerability in the ClickHeat plugin, as used in ...) NOT-FOR-US: ClickHeat plugin CVE-2009-4762 (MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs ...) @@ -3069,13 +3071,13 @@ CVE-2009-3612 (The tcf_fill_node function in net/sched/cls_api.c in the netlink CVE-2009-3611 (common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes ...) - backintime 0.9.26-3 (bug #543785) CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc ...) - {DSA-1941-1} + {DSA-2028-1 DSA-1941-1} - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) - swftools <removed> (medium; bug #551291) CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...) - {DSA-1941-1} + {DSA-2028-1 DSA-1941-1} - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) @@ -3084,7 +3086,7 @@ CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data functi {DSA-1941-1} - poppler 0.12.2-1 (medium; bug #551289) CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf ...) - {DSA-1941-1} + {DSA-2028-1 DSA-1941-1} - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) @@ -3093,13 +3095,13 @@ CVE-2009-3605 (Multiple integer overflows in Poppler 0.10.5 and earlier allow re {DSA-1941-1} - poppler 0.12.2-1 (medium; bug #551289) CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...) - {DSA-1941-1} + {DSA-2028-1 DSA-1941-1} - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) - swftools <removed> (medium; bug #551291) CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...) - {DSA-1941-1} + {DSA-2028-1 DSA-1941-1} - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) @@ -4837,8 +4839,7 @@ CVE-2009-2937 (Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet - planet-venus 0~bzr116-1 (low; bug #546179) [lenny] - planet-venus 0~bzr95-2+lenny1 [etch] - planet-venus <no-dsa> (Minor issue) -CVE-2009-2936 [varnish] - RESERVED +CVE-2009-2936 (** DISPUTED ** The Command Line Interface (aka Server CLI or ...) - varnish 2.1.0-2 (unimportant) NOTE: Only a security issue if used against best practices CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote ...) @@ -5127,8 +5128,8 @@ CVE-2009-2824 (Multiple buffer overflows in Apple Type Services (ATS) in Apple M NOT-FOR-US: Apple Mac OS X CVE-2009-2823 (The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the ...) NOT-FOR-US: Apple Mac OS X -CVE-2009-2822 - RESERVED +CVE-2009-2822 (AirPort Utility before 5.5.1 for Apple AirPort Base Station does not ...) + TODO: check CVE-2009-2821 RESERVED CVE-2009-2820 (The web interface in CUPS before 1.4.2, as used on Apple Mac OS X ...) @@ -9580,7 +9581,7 @@ CVE-2009-1189 (The _dbus_validate_signature_with_reason function ...) NOTE: remote signature spoofing possible, and this was supposed to be NOTE: originally fixed with the updates for CVE-2008-3834 CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the ...) - {DSA-1941-1} + {DSA-2028-1 DSA-1941-1} - poppler 0.10.6-1 (medium; bug #524806) [etch] - poppler <not-affected> (SplashBitmap code not present) - xpdf 3.02-2 (bug #575779) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 9c32126f65..e40ddc3709 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -1,3 +1,17 @@ +CVE-2010-1244 (Cross-site request forgery (CSRF) vulnerability in ...) + TODO: check +CVE-2010-1243 (The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 ...) + TODO: check +CVE-2010-1242 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web ...) + TODO: check +CVE-2010-1241 (The custom heap management system in Adobe Reader 9.3.1 allows remote ...) + TODO: check +CVE-2010-1240 (Adobe Reader 9.3.1 on Windows does not restrict the contents of one ...) + TODO: check +CVE-2010-1239 (Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute ...) + TODO: check +CVE-2010-1238 (MoinMoin 1.7.1 allows remote attackers to bypass the textcha ...) + TODO: check CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to ...) - webkit 1.1.90-1 - kdelibs <undetermined> @@ -959,16 +973,14 @@ CVE-2010-0830 RESERVED CVE-2010-0829 RESERVED -CVE-2010-0828 [moin despam action xss] - RESERVED +CVE-2010-0828 (Cross-site scripting (XSS) vulnerability in action/Despam.py in the ...) {DSA-2024-1} - moin 1.9.2-3 (low; bug #575995) CVE-2010-0827 RESERVED -CVE-2010-0826 - RESERVED -CVE-2010-0825 [emacs Race condition] - RESERVED +CVE-2010-0826 (The Free Software Foundation (FSF) Berkeley DB NSS module (aka ...) + TODO: check +CVE-2010-0825 (lib-src/movemail.c in movemail in emacs 22 and 23 allows local users ...) - emacs21 <removed> - emacs22 <unfixed> - xemacs21 <unfixed> @@ -1165,7 +1177,7 @@ CVE-2010-0752 (The week_post_page function in the Weekly Archive by Node Type mo CVE-2010-1144 [zabbix SQL injection] RESERVED - zabbix <unfixed> - TODO: File bug + TODO: File bug CVE-2010-0750 [policykit information disclosure] RESERVED - policykit <not-affected> (pkexec introduced in 0.92) @@ -1179,10 +1191,10 @@ CVE-2010-0748 [lenny] - transmission <not-affected> (Support for Magnet links not yet available) CVE-2010-0746 [DeviceKit privilege escalation via pluggable storage device labels] RESERVED - - devicekit-disks 1.0.0~git20100212.aae17d9-1 - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178 - NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2 - NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235 + - devicekit-disks 1.0.0~git20100212.aae17d9-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178 + NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2 + NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235 CVE-2010-0745 [dovecot DoS] RESERVED - dovecot 1:1.2.11-1 (low) @@ -1332,8 +1344,8 @@ CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source - asterisk <unfixed> [lenny] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed) [squeeze] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed) -CVE-2010-0684 - RESERVED +CVE-2010-0684 (Cross-site scripting (XSS) vulnerability in createDestination.action ...) + TODO: check CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator ...) NOT-FOR-US: TIBCO Administrator CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...) @@ -1515,8 +1527,8 @@ CVE-2010-0627 RESERVED CVE-2010-0626 RESERVED -CVE-2010-0625 - RESERVED +CVE-2010-0625 (Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP ...) + TODO: check CVE-2010-0624 (Heap-based buffer overflow in the rmt_read__ function in ...) - cpio 2.11-1 (low) - tar 1.23-1 (low) @@ -2606,57 +2618,48 @@ CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in TIBC NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent CVE-2010-0183 RESERVED -CVE-2010-0182 [XMLDocument::load() doesn't check nsIContentPolicy] - RESERVED +CVE-2010-0182 (The XMLDocument::load function in Mozilla Firefox before 3.5.9 and ...) - xulrunner <unfixed> (low) [lenny] - xulrunner <no-dsa> (Minor issue, no upstream fix for 3.0 series) - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0181 [Image src redirect to mailto: URL opens email editor] - RESERVED +CVE-2010-0181 (Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey ...) - xulrunner 1.9.1.9-1 (unimportant) - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) CVE-2010-0180 RESERVED -CVE-2010-0179 - RESERVED +CVE-2010-0179 (Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0178 [Chrome privilege escalation via forced URL drag and drop] - RESERVED +CVE-2010-0178 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0177 [Dangling pointer vulnerability in nsPluginArray] - RESERVED +CVE-2010-0177 (The window.navigator.plugins object in Mozilla Firefox before 3.0.19, ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0176 [Dangling pointer vulnerability in nsTreeContentView] - RESERVED +CVE-2010-0176 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0175 [Remote code execution with use-after-free in nsTreeSelection] - RESERVED +CVE-2010-0175 (Use-after-free vulnerability in the nsTreeSelection implementation in ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0174 [crashes in the browser engine] - RESERVED +CVE-2010-0174 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) -CVE-2010-0173 [crashes in the browser engine] - RESERVED +CVE-2010-0173 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) @@ -3081,8 +3084,7 @@ CVE-2010-0010 (Integer overflow in the ap_proxy_send_fb function in ...) NOTE: Exploitability is fairly limited: Can only be exploited by a malicious server, NOTE: not by a client. No sane person uses apache 1.3 as forward proxy and in reverse NOTE: proxy situations, the backend server is usually trusted, anyway. -CVE-2010-0009 [Apache CouchDB Timing Attack Vulnerability] - RESERVED +CVE-2010-0009 (Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain ...) - couchdb <unfixed> (bug #576304) NOTE: I don't really see the security implications? CVE-2010-0008 (The SCTP implementation in the Linux kernel before 2.6.23 allows ...) |