[Secure-testing-commits] r11652 - data/CVE
Raphael Geissert
atomo64-guest at alioth.debian.org
Sun Apr 19 23:22:45 UTC 2009
Author: atomo64-guest
Date: 2009-04-19 23:22:45 +0000 (Sun, 19 Apr 2009)
New Revision: 11652
Modified:
data/CVE/list
Log:
NFUs, atmailopen is also vulnerable to roundcube's html2text issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-19 23:10:32 UTC (rev 11651)
+++ data/CVE/list 2009-04-19 23:22:45 UTC (rev 11652)
@@ -1,25 +1,25 @@
CVE-2009-XXXX [slurm-llnl doesn't drop supplementary groups]
- slumn-llnl 1.3.15-1
CVE-2009-1330 (Stack-based buffer overflow in Easy RM to MP3 Converter allows remote ...)
- TODO: check
+ NOT-FOR-US: Easy RM to MP3 Converter
CVE-2009-1329 (Stack-based buffer overflow in Mini-stream Shadow Stream Recorder ...)
- TODO: check
+ NOT-FOR-US: Mini-stream
CVE-2009-1328 (Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 ...)
- TODO: check
+ NOT-FOR-US: Mini-stream
CVE-2009-1327 (Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 ...)
- TODO: check
+ NOT-FOR-US: Mini-stream
CVE-2009-1326 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 ...)
- TODO: check
+ NOT-FOR-US: Mini-stream
CVE-2009-1325 (Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows ...)
- TODO: check
+ NOT-FOR-US: Mini-stream
CVE-2009-1324 (Stack-based buffer overflow in Mini-stream ASX to MP3 Converter ...)
- TODO: check
+ NOT-FOR-US: Mini-stream
CVE-2009-1323 (SQL injection vulnerability in body.asp in Web File Explorer 3.1 ...)
- TODO: check
+ NOT-FOR-US: Web File Explorer
CVE-2009-1322 (ASP Product Catalog 1.0 stores sensitive information under the web ...)
- TODO: check
+ NOT-FOR-US: ASP Product Catalog
CVE-2009-1321 (Cross-site scripting (XSS) vulnerability in search.asp in ASP Product ...)
- TODO: check
+ NOT-FOR-US: ASP Product Catalog
CVE-2009-1320 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
TODO: check
CVE-2009-1319 (Directory traversal vulnerability in includes/ini.inc.php in GuestCal ...)
@@ -27,13 +27,13 @@
CVE-2009-1318 (Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 ...)
TODO: check
CVE-2009-1317 (Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when ...)
- TODO: check
+ NOT-FOR-US: Aqua CMS
CVE-2009-1316 (Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote ...)
- TODO: check
+ NOT-FOR-US: AbleSpace
CVE-2009-1315 (Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 ...)
- TODO: check
+ NOT-FOR-US: Ablespace
CVE-2009-1314 (body.asp in Web File Explorer 3.1 allows remote attackers to create ...)
- TODO: check
+ NOT-FOR-US: CVE-2009-1314
CVE-2009-1313
RESERVED
CVE-2009-1312
@@ -63,11 +63,11 @@
CVE-2009-1300 (apt 0.7.20 does not check when the date command returns an "invalid ...)
- apt 0.7.21 (bug #523213)
CVE-2008-6726 (Multiple directory traversal vulnerabilities in CMScout 2.06, when ...)
- TODO: check
+ NOT-FOR-US: CMScout
CVE-2008-6725 (Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote ...)
- TODO: check
+ NOT-FOR-US: CMScout
CVE-2008-6724 (Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste ...)
- TODO: check
+ NOT-FOR-US: Perl Nopaste
CVE-2009-1299
RESERVED
CVE-2009-1298
@@ -5831,6 +5831,8 @@
NOTE: moodle recently copied roundcube's html2text due to their copy being non-free
- mahara <unfixed> (bug #524778)
[lenny] - mahara <not-affected> (Vulnerable code not present)
+ - atmailopen <unfixed>
+ NOTE: maintainer is aware of it and an upload is pending
CVE-2008-5485
RESERVED
CVE-2008-5484
More information about the Secure-testing-commits
mailing list