[Secure-testing-commits] r11570 - data/CVE

Nico Golde nion at alioth.debian.org
Mon Apr 6 17:28:18 UTC 2009 

Author: nion
Date: 2009-04-06 17:28:18 +0000 (Mon, 06 Apr 2009)
New Revision: 11570

Modified:
   data/CVE/list
Log:
- NFU
- CVE-2008-654{8,9} fixed in moin 1.6.2-1
- CVE-2008-653{2,3} fixed in drupal6/drupal5 6.9-1/5.14-1
- CVE-2009-0364 fixed in webcit 7.38b-dfsg-2
- new multipath-tools issue (CVE-2009-0115)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-06 16:40:24 UTC (rev 11569)
+++ data/CVE/list	2009-04-06 17:28:18 UTC (rev 11570)
@@ -380,9 +380,9 @@
 CVE-2008-6550 (Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire ...)
 	NOT-FOR-US: Glossaire
 CVE-2008-6549 (The password_checker function in config/multiconfig.py in MoinMoin ...)
-	TODO: check
+	- moin 1.6.2-1 (low)
 CVE-2008-6548 (The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check ...)
-	TODO: check
+	- moin 1.6.2-1 (low)
 CVE-2008-6547 (schema.py in FormEncode for Python (python-formencode) 1.0 does not ...)
 	- python-formencode 1.0.1-1
 	[etch] - python-formencode <not-affected> (Vulnerable code was introduced in 1.0)
@@ -413,9 +413,11 @@
 CVE-2008-6534 (Incomplete blacklist vulnerability in NULL FTP Server Free and Pro ...)
 	NOT-FOR-US: NULL FTP Server
 CVE-2008-6533 (Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related ...)
-	TODO: check
+	- drupal5 5.14-1 (low)
+	- drupal6 6.9-1 (low)
 CVE-2008-6532 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
-	TODO: check
+	- drupal5 5.14-1 (low)
+	- drupal6 6.9-1 (low)
 CVE-2008-6531 (The WebWork 1 web application framework in Atlassian JIRA before ...)
 	NOT-FOR-US: Atlassian JIRA 
 CVE-2008-6530 (Unrestricted file upload vulnerability in editimage.php in ...)
@@ -3253,7 +3255,7 @@
 	- network-manager 0.7.0.99-1 (medium)
 CVE-2009-0364 (Format string vulnerability in the mini_calendar component in ...)
 	{DSA-1752-1}
-	TODO: check
+	- webcit 7.38b-dfsg-2 (low)
 CVE-2009-0363 (Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl ...)
 	{DTSA-197-1}
 	- barnowl 1.0.5-1
@@ -3845,7 +3847,7 @@
 CVE-2009-0194
 	RESERVED
 CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Acrobat Reader
 CVE-2009-0192
 	RESERVED
 CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, ...)
@@ -4063,7 +4065,7 @@
 CVE-2009-0116
 	RESERVED
 CVE-2009-0115 (multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE Linux ...)
-	TODO: check
+	- multipath-tools <unfixed> (low; bug #522813)
 CVE-2008-5901 (iyzi Forum 1.0 beta 3 stores sensitive information under the web root ...)
 	NOT-FOR-US: iyzi Forum
 CVE-2008-5900 (CodeAvalanche Articles stores sensitive information under the web root ...)

More information about the Secure-testing-commits mailing list