[Secure-testing-commits] r11520 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Wed Apr 1 11:35:20 UTC 2009


Author: nion
Date: 2009-04-01 11:35:19 +0000 (Wed, 01 Apr 2009)
New Revision: 11520

Modified:
   data/CVE/list
Log:
- NFUs
- CVE-2009-1175 non-issue
- new xfig issue (tmp race)
- CVE-2009-1046/CVE-2009-0859 fixed in linux.2.6 2.6.29-1
- new vlc issue (CVE-2009-1045)
- CVE-2009-0930 fixed in imp4 4.2-4


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-01 09:14:12 UTC (rev 11519)
+++ data/CVE/list	2009-04-01 11:35:19 UTC (rev 11520)
@@ -1,5 +1,7 @@
 CVE-2009-1175 (Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in ...)
-	TODO: check
+	- banshee <unfixed> (unimportant)
+	NOTE: banshee is intented as a desktop music player with no serious
+	NOTE: login credentials that an attacker could use remote
 CVE-2009-1174 (The Web Services Security component in IBM WebSphere Application ...)
 	NOT-FOR-US: WebSphere
 CVE-2009-1173 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak ...)
@@ -262,7 +264,7 @@
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-XXXX [unspecified xfig temp issue]
 	- xfig 1:3.2.5.a-1
-	TODO: check
+	NOTE: requested CVE id
 CVE-2009-XXXX [auth2db: SQL injection]
 	- auth2db 0.2.5-2+dfsg-1.1 (bug #521823; low)
 	[lenny] - auth2db 0.2.5-2+dfsg-1+lenny1
@@ -395,9 +397,9 @@
 CVE-2009-1047 (Cross-site scripting (XSS) vulnerability in the Send by e-mail module ...)
 	NOT-FOR-US: Send by e-mail module for Drupal
 CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before ...)
-	TODO: check
+	- linux.2.6 2.6.29-1
 CVE-2009-1045 (requests/status.xml in VLC 0.9.8a allows remote attackers to cause a ...)
-	TODO: check
+	- vlc <unfixed> (low; bug #522170)
 CVE-2009-1044 (Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute ...)
 	{DSA-1756-1}
 	- xulrunner 1.9.0.8-1
@@ -689,11 +691,11 @@
 	- horde3 3.2.2+debian0-2 (bug #513265)
 	[etch] - horde3 <not-affected> (Vulnerable code not present)
 CVE-2009-0930 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP ...)
-	TODO: check
+	- imp4 4.2-4 (medium; bug #513266)
 CVE-2009-0929 (Directory traversal vulnerability in the media manager in Nucleus CMS ...)
 	NOT-FOR-US: Nucleus CMS
 CVE-2009-0928 (Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat ...)
-	TODO: check
+	NOT-FOR-US: Adobe Acrobat Reader
 CVE-2009-0927 (Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before ...)
 	NOT-FOR-US: Adobe Reader and Adobe Acrobat
 CVE-2009-0926 (Unspecified vulnerability in the UFS filesystem functionality in Sun ...)
@@ -786,7 +788,7 @@
 CVE-2009-0893
 	RESERVED
 CVE-2009-0892 (The administrative console in IBM WebSphere Application Server (WAS) ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2009-0891 (The Web Services Security component in IBM WebSphere Application ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2009-0890
@@ -902,7 +904,7 @@
 CVE-2009-0860 (Cross-site scripting (XSS) vulnerability in the web user interface in ...)
 	NOT-FOR-US: NetMRI
 CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in the ...)
-	TODO: check
+	- linux-2.6 2.6.29-1
 CVE-2009-0858 (The response_addname function in response.c in Daniel J. Bernstein ...)
 	- djbdns 1:1.05-5 (low; bug #518169; bug #517631)
 CVE-2009-0857 (Cross-site scripting (XSS) vulnerability in /prm/reports in the ...)




More information about the Secure-testing-commits mailing list