[Secure-testing-commits] r11652 - data/CVE

Raphael Geissert atomo64-guest at alioth.debian.org
Sun Apr 19 23:22:45 UTC 2009


Author: atomo64-guest
Date: 2009-04-19 23:22:45 +0000 (Sun, 19 Apr 2009)
New Revision: 11652

Modified:
   data/CVE/list
Log:
NFUs, atmailopen is also vulnerable to roundcube's html2text issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-19 23:10:32 UTC (rev 11651)
+++ data/CVE/list	2009-04-19 23:22:45 UTC (rev 11652)
@@ -1,25 +1,25 @@
 CVE-2009-XXXX [slurm-llnl doesn't drop supplementary groups]
 	- slumn-llnl 1.3.15-1
 CVE-2009-1330 (Stack-based buffer overflow in Easy RM to MP3 Converter allows remote ...)
-	TODO: check
+	NOT-FOR-US: Easy RM to MP3 Converter
 CVE-2009-1329 (Stack-based buffer overflow in Mini-stream Shadow Stream Recorder ...)
-	TODO: check
+	NOT-FOR-US: Mini-stream
 CVE-2009-1328 (Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 ...)
-	TODO: check
+	NOT-FOR-US: Mini-stream
 CVE-2009-1327 (Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 ...)
-	TODO: check
+	NOT-FOR-US: Mini-stream
 CVE-2009-1326 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 ...)
-	TODO: check
+	NOT-FOR-US: Mini-stream
 CVE-2009-1325 (Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows ...)
-	TODO: check
+	NOT-FOR-US: Mini-stream
 CVE-2009-1324 (Stack-based buffer overflow in Mini-stream ASX to MP3 Converter ...)
-	TODO: check
+	NOT-FOR-US: Mini-stream
 CVE-2009-1323 (SQL injection vulnerability in body.asp in Web File Explorer 3.1 ...)
-	TODO: check
+	NOT-FOR-US: Web File Explorer
 CVE-2009-1322 (ASP Product Catalog 1.0 stores sensitive information under the web ...)
-	TODO: check
+	NOT-FOR-US: ASP Product Catalog
 CVE-2009-1321 (Cross-site scripting (XSS) vulnerability in search.asp in ASP Product ...)
-	TODO: check
+	NOT-FOR-US: ASP Product Catalog
 CVE-2009-1320 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	TODO: check
 CVE-2009-1319 (Directory traversal vulnerability in includes/ini.inc.php in GuestCal ...)
@@ -27,13 +27,13 @@
 CVE-2009-1318 (Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 ...)
 	TODO: check
 CVE-2009-1317 (Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when ...)
-	TODO: check
+	NOT-FOR-US: Aqua CMS
 CVE-2009-1316 (Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote ...)
-	TODO: check
+	NOT-FOR-US: AbleSpace
 CVE-2009-1315 (Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 ...)
-	TODO: check
+	NOT-FOR-US: Ablespace
 CVE-2009-1314 (body.asp in Web File Explorer 3.1 allows remote attackers to create ...)
-	TODO: check
+	NOT-FOR-US: CVE-2009-1314
 CVE-2009-1313
 	RESERVED
 CVE-2009-1312
@@ -63,11 +63,11 @@
 CVE-2009-1300 (apt 0.7.20 does not check when the date command returns an "invalid ...)
 	- apt 0.7.21 (bug #523213)
 CVE-2008-6726 (Multiple directory traversal vulnerabilities in CMScout 2.06, when ...)
-	TODO: check
+	NOT-FOR-US: CMScout
 CVE-2008-6725 (Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote ...)
-	TODO: check
+	NOT-FOR-US: CMScout
 CVE-2008-6724 (Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste ...)
-	TODO: check
+	NOT-FOR-US: Perl Nopaste
 CVE-2009-1299
 	RESERVED
 CVE-2009-1298
@@ -5831,6 +5831,8 @@
 	NOTE: moodle recently copied roundcube's html2text due to their copy being non-free
 	- mahara <unfixed> (bug #524778)
 	[lenny] - mahara <not-affected> (Vulnerable code not present)
+	- atmailopen <unfixed>
+	NOTE: maintainer is aware of it and an upload is pending
 CVE-2008-5485
 	RESERVED
 CVE-2008-5484




More information about the Secure-testing-commits mailing list