[Secure-testing-commits] r11548 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Fri Apr 3 15:27:19 UTC 2009 

Author: nion
Date: 2009-04-03 15:27:18 +0000 (Fri, 03 Apr 2009)
New Revision: 11548

Modified:
   data/CVE/list
Log:
- NFUs
- CVE-2009-117{6,7},CVE-2009-08[39-43] fixed in mapserver 5.2.2-1
- new krb5 issue (CVE-2009-0845)
- new lcms issues (CVE-2009-0733/CVE-2009-0723)
- two new ghostscript issues (CVE-2009-058{3,4})


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-03 13:38:13 UTC (rev 11547)
+++ data/CVE/list	2009-04-03 15:27:18 UTC (rev 11548)
@@ -109,9 +109,9 @@
 CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage Manager ...)
 	NOT-FOR-US: Tivoli
 CVE-2009-1177 (Multiple stack-based buffer overflows in maptemplate.c in mapserv in ...)
-	TODO: check
+	- mapserver 5.2.2-1 (medium)
 CVE-2009-1176 (mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before ...)
-	TODO: check
+	- mapserver 5.2.2-1 (low)
 CVE-2008-6572 (SQL injection vulnerability in search_results.php in ABK-Soft ...)
 	NOT-FOR-US: ABK-Soft AbleDating
 CVE-2008-6571 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
@@ -1086,19 +1086,22 @@
 CVE-2009-0846
 	RESERVED
 CVE-2009-0845 (The spnego_gss_accept_sec_context function in ...)
-	TODO: check
+	- krb5 <unfixed>
+	NOTE: maintainer in contact with the security team
 CVE-2009-0844
 	RESERVED
 CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and ...)
-	TODO: check
+	- mapserver 5.2.2-1 (unimportant)
+	NOTE: this can only probe for files that are not present, useless when not
+	NOTE: in combination with another attack
 CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows ...)
-	TODO: check
+	- mapserver 5.2.2-1 (low)
 CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in MapServer ...)
-	TODO: check
+	- mapserver 5.2.2-1 (low)
 CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in cgiutil.c ...)
-	TODO: check
+	- mapserver 5.2.2-1 (medium)
 CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x ...)
-	TODO: check
+	- mapserver 5.2.2-1 (medium)
 CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris ...)
 	NOT-FOR-US: Solaris
 CVE-2009-0837 (Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, ...)
@@ -1703,7 +1706,7 @@
 	NOT-FOR-US: MultimediaPlayer.exe
 CVE-2009-0733 (Multiple stack-based buffer overflows in the ReadSetOfCurves function ...)
 	{DSA-1745-1}
-	TODO: check
+	- lcms <unfixed>
 CVE-2009-0732 (Downloadcenter 2.1 stores common.h under the web root with ...)
 	NOT-FOR-US: Downloadcenter
 CVE-2009-0731 (Directory traversal vulnerability in pages/play.php in Free Arcade ...)
@@ -1724,7 +1727,7 @@
 	RESERVED
 CVE-2009-0723 (Multiple integer overflows in LittleCMS (aka lcms or liblcms) before ...)
 	{DSA-1745-1}
-	TODO: check
+	- lcms <unfixed>
 CVE-2009-0722 (Directory traversal vulnerability in admin.php in Potato News 1.0.0 ...)
 	NOT-FOR-US: Potato News
 CVE-2009-0721
@@ -1798,7 +1801,7 @@
 CVE-2009-0687
 	RESERVED
 CVE-2009-0686 (The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro Internet Pro
 CVE-2009-0685
 	RESERVED
 CVE-2009-0684
@@ -2195,29 +2198,29 @@
 CVE-2009-0638
 	RESERVED
 CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2009-0636 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2009-0635 (Memory leak in the Cisco Tunneling Control Protocol (cTCP) ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2009-0634 (Multiple unspecified vulnerabilities in the home agent (HA) ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2009-0633 (Multiple unspecified vulnerabilities in the (1) Mobile IP NAT ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2009-0632 (The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
 CVE-2009-0631 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2009-0630 (The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2009-0629 (The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2009-0628 (Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2009-0627
 	RESERVED
 CVE-2009-0626 (The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control Engine ...)
 	NOT-FOR-US: Cisco
 CVE-2009-0624 (Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE ...)
@@ -2346,10 +2349,12 @@
 	- libsoup 2.2.105-4 (medium; bug #520039)
 CVE-2009-0584 (icc.c in the International Color Consortium (ICC) Format library (aka ...)
 	{DSA-1746-1}
-	TODO: check
+	- ghostscript <unfixed> (medium; bug #522416)
+	- gs-gpl <removed>
 CVE-2009-0583 (Multiple integer overflows in icc.c in the International Color ...)
 	{DSA-1746-1}
-	TODO: check
+	- ghostscript <unfixed> (medium; bug #522416)
+	- gs-gpl <removed>
 CVE-2009-0582 (The ntlm_challenge function in the NTLM SASL authentication mechanism ...)
 	TODO: check
 CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as ...)

More information about the Secure-testing-commits mailing list