[Secure-testing-commits] r11737 - data/CVE

Tue Apr 28 20:04:50 UTC 2009

Author: gilbert-guest
Date: 2009-04-28 20:04:50 +0000 (Tue, 28 Apr 2009)
New Revision: 11737

Modified:
   data/CVE/list
Log:
bugs submitted for CVE-2008-4539, CVE-2008-5525, and CVE-2009-1241


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-04-28 19:37:12 UTC (rev 11736)
+++ data/CVE/list	2009-04-28 20:04:50 UTC (rev 11737)
@@ -766,7 +766,7 @@
 CVE-2008-6605 (Cross-site request forgery (CSRF) vulnerability in the xslt script in ...)
 	NOT-FOR-US: 2wire
 CVE-2009-1241 (Unspecified vulnerability in ClamAV before 0.95 allows remote ...)
-	- clamav 0.95+dfsg-1
+	- clamav 0.95+dfsg-1 (medium; bug #526042)
 CVE-2009-1240 (Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 ...)
 	NOT-FOR-US: IBM Proventia
 CVE-2009-1239 (IBM DB2 9.1 before FP7 returns incorrect query results in certain ...)
@@ -6034,8 +6034,7 @@
 CVE-2008-5526 (DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, ...)
 	NOT-FOR-US: DrWeb Anti-virus
 CVE-2008-5525 (ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is ...)
-	- clamav <unfixed>
-	NOTE: CVE claims it only happens when Internet Explorer 6 or 7 is used, but ClamAV doesn't have any special code for IE
+	- clamav <unfixed> (medium; bug #526041)
 CVE-2008-5524 (CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 ...)
 	NOT-FOR-US: CAT-QuickHeal
 CVE-2008-5523 (avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, ...)
@@ -8509,7 +8508,7 @@
 CVE-2008-4540 (Windows Mobile 6 on the HTC Hermes device makes WLAN passwords ...)
 	NOT-FOR-US: Windows Mobile
 CVE-2008-4539 (Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM ...)
-	- qemu 0.9.1+svn20081101-1
+	- qemu 0.9.1+svn20081101-1 (low; bug #526040)
 CVE-2008-4538
 	RESERVED
 CVE-2008-4537 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ...)


