diff options
author | Joey Hess <joeyh@debian.org> | 2010-02-15 21:14:57 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2010-02-15 21:14:57 +0000 |
commit | a62dffb52c019bd132c5e8d385c6aff7e68b5956 (patch) | |
tree | 178a2980eb568f60dcfb6bff0af4bc5c99ffc3b9 /data | |
parent | 6b43abfaddf74fc78d86039b19fc97a16beb9228 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@14103 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2001.list | 4 | ||||
-rw-r--r-- | data/CVE/2009.list | 3 | ||||
-rw-r--r-- | data/CVE/2010.list | 35 |
3 files changed, 21 insertions, 21 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list index 4544222043..7df6c3086d 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -1,5 +1,5 @@ -CVE-2001-1586 - RESERVED +CVE-2001-1586 (Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier ...) + NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1585 (SSH protocol 2 (aka SSH-2) public key authentication in the ...) - openssh <not-affected> (fixed in 2001) CVE-2001-1584 (CardBoard 2.4 greeting card CGI by Michael Barretto allows remote ...) diff --git a/data/CVE/2009.list b/data/CVE/2009.list index e6e66b546c..b22461d80d 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -858,8 +858,7 @@ CVE-2009-4276 RESERVED CVE-2009-4275 RESERVED -CVE-2009-4274 [stack-based buffer overflow in netpbm's XPM reader] - RESERVED +CVE-2009-4274 (Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm ...) - netpbm-free <unfixed> (medium; bug #569060) CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to execute ...) - systemtap 1.1-1 diff --git a/data/CVE/2010.list b/data/CVE/2010.list index e35b95f08b..2d6ef12ee3 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -1,21 +1,27 @@ +CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) ...) + TODO: check +CVE-2010-0629 + RESERVED +CVE-2010-0628 + RESERVED CVE-2010-XXXX [CouchDB: browser interface has XSS, CSRF issues] - couchdb <unfixed> (bug #570013) [lenny] - couchdb <no-dsa> (does not support authentication at all) NOTE: http://mail-archives.apache.org/mod_mbox/couchdb-dev/201002.mbox/%3C87bpfz5t39.fsf@mid.deneb.enyo.de%3E NOTE: http://www.openwall.com/lists/oss-security/2010/02/15/5 -CVE-2010-0637 +CVE-2010-0637 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) TODO: check, webcalendar is in the archive -CVE-2010-0636 +CVE-2010-0636 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...) TODO: check, webcalendar is in the archive -CVE-2010-0635 +CVE-2010-0635 (SQL injection vulnerability in the plgSearchEventsearch::onSearch ...) NOT-FOR-US: JEvents Search plugin for Joomla! -CVE-2010-0633 +CVE-2010-0633 (Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and ...) NOT-FOR-US: Citrix XenServer -CVE-2010-0632 +CVE-2010-0632 (SQL injection vulnerability in the Parkview Consultants SimpleFAQ ...) NOT-FOR-US: Parkview Consultants SimpleFAQ component for Joomla! -CVE-2010-0631 +CVE-2010-0631 (Multiple SQL injection vulnerabilities in index.php in Eicra Car ...) NOT-FOR-US: Eicra Car Rental-Script -CVE-2010-0630 +CVE-2010-0630 (SQL injection vulnerability in viewjokes.php in Evernew Free Joke ...) NOT-FOR-US: Evernew Free Joke Script CVE-2010-0627 RESERVED @@ -410,8 +416,7 @@ CVE-2010-0448 RESERVED CVE-2010-0447 RESERVED -CVE-2010-0446 - RESERVED +CVE-2010-0446 (Unspecified vulnerability on the HP DreamScreen 100 and 130 with ...) NOT-FOR-US: HP DreamScreen CVE-2010-0445 (Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, ...) NOT-FOR-US: HP Network Node Manager @@ -784,8 +789,7 @@ CVE-2010-XXXX [zenoss sql injection] CVE-2010-XXXX [zenoss csrf] - zenoss <itp> (bug #361253) NOTE: http://seclists.org/fulldisclosure/2010/Jan/296 -CVE-2010-0309 [linux kvm pit_ioport_read() DoS] - RESERVED +CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer (PIT) ...) {DSA-1996-1} - linux-2.6 2.6.32-8 [etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25) @@ -802,8 +806,7 @@ CVE-2010-0307 [denial-of-service on amd64] {DSA-1996-1} - linux-2.6 2.6.32-8 - linux-2.6.24 <removed> -CVE-2010-0306 [kvm privilege escalation] - RESERVED +CVE-2010-0306 (The x86 emulator in KVM 83, when a guest is configured for Symmetric ...) {DSA-1996-1} - linux-2.6 2.6.32-8 [etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25) @@ -830,15 +833,13 @@ CVE-2010-0299 [unrestrictive permissions for devtmpfs root directory could lead RESERVED - linux-2.6 <unfixed> - linux-2.6.24 <removed> -CVE-2010-0298 [kvm privilege escalation] - RESERVED +CVE-2010-0298 (The x86 emulator in KVM 83 does not use the Current Privilege Level ...) {DSA-1996-1} - linux-2.6 2.6.32-8 [etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25) - linux-2.6.24 <not-affected> (kvm introduced in 2.6.25) - kvm <removed> -CVE-2010-0297 [kvm userspace usb-linux.c buffer overflow] - RESERVED +CVE-2010-0297 (Buffer overflow in the usb_host_handle_control function in the USB ...) - qemu-kvm 0.11.1+dfsg-1 - kvm <removed> CVE-2010-0296 |