[Secure-testing-commits] r12568 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Tue Aug 11 19:43:11 UTC 2009 

Author: derevko-guest
Date: 2009-08-11 19:43:11 +0000 (Tue, 11 Aug 2009)
New Revision: 12568

Modified:
   data/CVE/list
Log:
- NFUs
- several security issue fixed in wordpress


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-11 19:20:39 UTC (rev 12567)
+++ data/CVE/list	2009-08-11 19:43:11 UTC (rev 12568)
@@ -20,23 +20,23 @@
 CVE-2009-2714 (Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows ...)
 	TODO: check
 CVE-2009-2713 (The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Access Manager
 CVE-2009-2712 (Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Access Manager
 CVE-2009-2711 (XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and ...)
-	TODO: check
+	NOT-FOR-US: XScreenSaver in Sun Solaris
 CVE-2008-6917 (SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 ...)
-	TODO: check
+	NOT-FOR-US: ExoPHPDesk
 CVE-2008-6916 (Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Siemens SpeedStream 5200
 CVE-2008-6915 (Cross-site scripting (XSS) vulnerability in view_prop_details.php in ...)
-	TODO: check
+	NOT-FOR-US: Zeeways ZEEPROPERTY
 CVE-2008-6914 (Unrestricted file upload vulnerability in viewprofile.php in Zeeways ...)
-	TODO: check
+	NOT-FOR-US: Zeeways ZEEPROPERTY
 CVE-2008-6913 (Unrestricted file upload vulnerability in editresume_next.php in ...)
-	TODO: check
+	NOT-FOR-US: Zeeways ZEEPROPERTY
 CVE-2008-6912 (Zeeways SHAADICLONE 2.0 allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: Zeeways SHAADICLONE
 CVE-2009-XXXX [mantis: information leak]
 	- mantis 1.1.8+dfsg-2 (medium; bug #425010)
 	[lenny] - mantis 1.1.6+dfsg-2lenny1
@@ -953,10 +953,10 @@
 CVE-2009-2433 (Stack-based buffer overflow in the AddFavorite method in Microsoft ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-2432 (WordPress and WordPress MU before 2.8.1 allow remote attackers to ...)
-	- wordpress <unfixed> (unimportant; bug #537146)
+	- wordpress 2.8.3-1 (unimportant; bug #537146)
 	NOTE: Installation path is a known fact on a Debian package installation
 CVE-2009-2431 (WordPress 2.7.1 places the username of a post's author in an HTML ...)
-	- wordpress <unfixed> (unimportant; bug #537146)
+	- wordpress 2.8.3-1 (unimportant; bug #537146)
 	NOTE: Minor information leak
 CVE-2009-2430 (Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and ...)
 	NOT-FOR-US: Sun Solaris
@@ -1195,13 +1195,13 @@
 CVE-2008-6848 (Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards ...)
 	NOT-FOR-US: phpGreetCards
 CVE-2009-2336 (The forgotten mail interface in WordPress and WordPress MU before ...)
-	- wordpress <unfixed> (low; bug #536724)
+	- wordpress 2.8.3-1 (low; bug #536724)
 	NOTE: fixed in upstream 2.8.1, which is not yet in unstable
 CVE-2009-2335 (WordPress and WordPress MU before 2.8.1 exhibit different behavior for ...)
-	- wordpress <unfixed> (low; bug #536724)
+	- wordpress 2.8.3-1 (low; bug #536724)
 	NOTE: fixed in upstream 2.8.1, which is not yet in unstable
 CVE-2009-2334 (wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not ...)
-	- wordpress <unfixed> (low; bug #536724)
+	- wordpress 2.8.3-1 (low; bug #536724)
 	NOTE: initial fix in 2.8.1 is incomplete (see bug report)
 	NOTE: claimed to be fully fixed in upstream in 2.8.3
 	TODO: recheck when 2.8.x enters unstable
@@ -3597,7 +3597,7 @@
 CVE-2009-1450 (PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 ...)
 	NOT-FOR-US: SMA-DB 
 CVE-2008-6767 (wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote ...)
-	- wordpress <unfixed> (low; bug #531736)
+	- wordpress 2.8.3-1 (low; bug #531736)
 	NOTE: low impact, probably no-dsa
 CVE-2008-6766 (cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote ...)
 	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
@@ -3608,7 +3608,7 @@
 CVE-2008-6763 (login2.php in Silentum LoginSys 1.0.0 allows remote attackers to ...)
 	NOT-FOR-US: Silentum LoginSys
 CVE-2008-6762 (Open redirect vulnerability in wp-admin/upgrade.php in WordPress, ...)
-	- wordpress <unfixed> (low; bug #531736)
+	- wordpress 2.8.3-1 (low; bug #531736)
 	NOTE: low impact, probably no-dsa
 CVE-2008-6761 (Static code injection vulnerability in admin/install.php in ...)
 	NOT-FOR-US: Flexcustomer

More information about the Secure-testing-commits mailing list