[Secure-testing-commits] r9745 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Thu Sep 4 11:54:42 UTC 2008 

Author: nion
Date: 2008-09-04 11:54:41 +0000 (Thu, 04 Sep 2008)
New Revision: 9745

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-389{5,6} non-issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-09-04 11:38:59 UTC (rev 9744)
+++ data/CVE/list	2008-09-04 11:54:41 UTC (rev 9745)
@@ -7,25 +7,27 @@
 CVE-2008-3901 (Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, ...)
 	TODO: check
 CVE-2008-3900 (Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot ...)
-	TODO: check
+	NOT-FOR-US: Intel firmware
 CVE-2008-3899 (TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS ...)
-	TODO: check
+	NOT-FOR-US: TrueCrypt
 CVE-2008-3898 (Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication ...)
-	TODO: check
+	NOT-FOR-US: Secu Star DriveCrypt
 CVE-2008-3897 (DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords ...)
-	TODO: check
+	NOT-FOR-US: DiskCryptor
 CVE-2008-3896 (Grub Legacy 0.97 and earlier stores pre-boot authentication passwords ...)
-	TODO: check
+	- grub <unfixed> (unimportant)
+	NOTE: you need to be root on linux to do this, root can easily edit menu.lst anyway
 CVE-2008-3895 (LILO 22.6.1 and earlier stores pre-boot authentication passwords in ...)
-	TODO: check
+	- lilo <unfixed> (unimportant)
+	NOTE: you need to be root on linux to do this, root can edit the configuration anyway
 CVE-2008-3894 (IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication ...)
-	TODO: check
+	NOT-FOR-US: IBM Lenovo firmware
 CVE-2008-3893 (Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot ...)
-	TODO: check
+	NOT-FOR-US: Bitlocker
 CVE-2008-3892 (Buffer overflow in a certain ActiveX control in the COM API in VMware ...)
-	TODO: check
+	NOT-FOR-US: VMware COM API
 CVE-2008-3891 (The SAML Single Sign-On (SSO) Service for Google Apps allows remote ...)
-	TODO: check
+	NOT-FOR-US: SAML Service for Google Apps
 CVE-2008-3890
 	RESERVED
 CVE-2008-3888 (SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 ...)
@@ -39,7 +41,7 @@
 CVE-2008-3884 (Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN) 1.9.7 and ...)
 	NOT-FOR-US: Blogn
 CVE-2008-3883 (configvar in Caudium 1.4.12 allows local users to overwrite arbitrary ...)
-	- caudium 1.4.12-11.1 (low; bug #496404)
+	- caudium <unfixed> (low; bug #496404)
 CVE-2008-3882 (ZoneMinder 1.23.3 and earlier allows remote attackers to execute ...)
 	- zoneminder <unfixed> (bug #497640)
 CVE-2008-3881 (Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder ...)

More information about the Secure-testing-commits mailing list