[Secure-testing-commits] r11531 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Wed Apr 1 21:33:40 UTC 2009 

Author: jmm-guest
Date: 2009-04-01 21:33:39 +0000 (Wed, 01 Apr 2009)
New Revision: 11531

Modified:
   data/CVE/list
Log:
- new bugzilla CSRF
- new wireshark issue
- new amaya issues
- auth2db CVEfied
- NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-01 21:23:59 UTC (rev 11530)
+++ data/CVE/list	2009-04-01 21:33:39 UTC (rev 11531)
@@ -3,25 +3,29 @@
 CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with ...)
 	- screen <unfixed> (bug #521123)
 CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...)
-	TODO: check
+	- bugzilla <unfixed> (low)
+	[etch] - bugzilla <no-dsa> (Minor issue)
+	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2009-1212 (Multiple insecure method vulnerabilities in PRECIS~2.DLL in the ...)
-	TODO: check
+	NOT-FOR-US: PrecisionID Datamatrix ActiveX control
 CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is enabled, uses ...)
-	TODO: check
+	NOT-FOR-US: Blue Coat ProxySG
 CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector ...)
-	TODO: check
+	- wireshark <unfixed>
+        TODO: File bug
 CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows ...)
-	TODO: check
+	- amaya <unfixed> (bug filed)
 CVE-2009-1208 (SQL injection vulnerability in auth2db 0.2.5, and possibly other ...)
-	TODO: check
+	- auth2db 0.2.5-2+dfsg-1.1 (bug #521823; low)
+	[lenny] - auth2db 0.2.5-2+dfsg-1+lenny1
 CVE-2009-1207 (Race condition in the dircmp script in Sun Solaris 8 through 10, and ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2009-1206 (Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI ...)
-	TODO: check
+	NOT-FOR-US: Cafe Access Analyzer CGI Professional
 CVE-2009-1205 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control ...)
-	TODO: check
+	NOT-FOR-US: EAI WebViewer3D ActiveX control
 CVE-2009-1204 (Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) ...)
-	TODO: check
+	NOT-FOR-US: TikiWiki
 CVE-2009-1203
 	RESERVED
 CVE-2009-1202
@@ -387,10 +391,6 @@
 CVE-2009-XXXX [unspecified xfig temp issue]
 	- xfig 1:3.2.5.a-1
 	NOTE: requested CVE id
-CVE-2009-XXXX [auth2db: SQL injection]
-	- auth2db 0.2.5-2+dfsg-1.1 (bug #521823; low)
-	[lenny] - auth2db 0.2.5-2+dfsg-1+lenny1
-	NOTE: CVE id requested
 CVE-2009-1092 (Use after free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX ...)
 	NOT-FOR-US: LIVEAUDIO.LiveAudioCtrl.1 ActiveX
 CVE-2009-1091 (Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech ...)

More information about the Secure-testing-commits mailing list