[Secure-testing-commits] r12670 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Mon Aug 24 07:00:58 UTC 2009


Author: derevko-guest
Date: 2009-08-24 07:00:54 +0000 (Mon, 24 Aug 2009)
New Revision: 12670

Modified:
   data/CVE/list
Log:
- NFUs
- CVE-2009-2732: ntop DoS


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-24 01:48:47 UTC (rev 12669)
+++ data/CVE/list	2009-08-24 07:00:54 UTC (rev 12670)
@@ -1,34 +1,34 @@
 CVE-2009-2962
 	REJECTED
-	TODO: check
+	NOT-FOR-US: duplicate of CVE-2009-2692
 CVE-2009-2925 (Directory traversal vulnerability in DJcalendar.cgi in DJCalendar ...)
-	TODO: check
+	NOT-FOR-US: DJCalendar
 CVE-2009-2924 (Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 ...)
-	TODO: check
+	NOT-FOR-US: Videos Broadcast Yourself 2
 CVE-2009-2923 (Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance ...)
-	TODO: check
+	NOT-FOR-US: BitmixSoft PHP-Lance
 CVE-2009-2922 (Absolute path traversal vulnerability in pixaria.image.php in Pixaria ...)
-	TODO: check
+	NOT-FOR-US: Pixaria Gallery
 CVE-2009-2921 (Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP ...)
-	TODO: check
+	NOT-FOR-US: MOC Designs PHP News
 CVE-2009-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 ...)
-	TODO: check
+	NOT-FOR-US: Elvin
 CVE-2009-2919 (Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 ...)
-	TODO: check
+	NOT-FOR-US: Boonex Orca
 CVE-2009-2918 (The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows ...)
-	TODO: check
+	NOT-FOR-US: TheGreenBow IPSec VPN Client
 CVE-2009-2917 (Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote ...)
-	TODO: check
+	NOT-FOR-US: ImTOO MPEG Encoder
 CVE-2009-2916 (Format string vulnerability in the CNS_AddTxt function in logs.dll in ...)
-	TODO: check
+	NOT-FOR-US: 2K Games Vietcong
 CVE-2009-2915 (SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery ...)
-	TODO: check
+	NOT-FOR-US: 2FLY Gift Delivery System
 CVE-2009-2914 (Cross-site scripting (XSS) vulnerability in index.php in XZero ...)
-	TODO: check
+	NOT-FOR-US: XZero Community Classified
 CVE-2009-2913 (Cross-site scripting (XSS) vulnerability in index.php in XZero ...)
-	TODO: check
+	NOT-FOR-US: XZero Community Classified
 CVE-2009-2912 (The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through ...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris
 CVE-2009-2911
 	RESERVED
 CVE-2009-2910
@@ -60,37 +60,37 @@
 CVE-2009-2897
 	RESERVED
 CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: KMPlayer: http://www.kmplayer.com
 CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate ...)
-	TODO: check
+	NOT-FOR-US: Ultimate Regnow Affiliate
 CVE-2009-2894 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...)
-	TODO: check
+	NOT-FOR-US: Ebay Clone 2009
 CVE-2009-2893 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
-	TODO: check
+	NOT-FOR-US: XZero Community Classifieds
 CVE-2009-2892 (Multiple SQL injection vulnerabilities in header.php in Scripteen Free ...)
-	TODO: check
+	NOT-FOR-US: Scripteen Free Image Hosting Script
 CVE-2009-2891 (SQL injection vulnerability in list.php in PHP Scripts Now Riddles ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Now Riddles 
 CVE-2009-2890 (Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Now Riddles 
 CVE-2009-2889 (Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Now Riddles 
 CVE-2009-2888 (SQL injection vulnerability in index.php in PHP Scripts Now Hangman ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Now Hangman
 CVE-2009-2887 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Now President Bios 
 CVE-2009-2886 (SQL injection vulnerability in bios.php in PHP Scripts Now President ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Now President
 CVE-2009-2885 (SQL injection vulnerability in bios.php in PHP Scripts Now World's ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Now World's
 CVE-2009-2884 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Now World's Tallest Buildings
 CVE-2009-2883 (SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, ...)
-	TODO: check
+	NOT-FOR-US: SaphpLesson
 CVE-2009-2882 (Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking ...)
-	TODO: check
+	NOT-FOR-US: PG MatchMaking
 CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote ...)
-	TODO: check
+	NOT-FOR-US: Basilic
 CVE-2009-XXXX [BackupPC ClientNameAlias ssh rsync backup security bypass]
 	- backuppc <unfixed> (low; bug #542218)
 	NOTE: no-dsa candidate
@@ -600,7 +600,8 @@
 CVE-2009-2733
 	RESERVED
 CVE-2009-2732 (The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier ...)
-	TODO: check
+	- ntop <unfixed> (low; bug #543312)
+	NOTE: no-dsa candidate
 CVE-2009-2731
 	RESERVED
 CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' ...)
@@ -7650,7 +7651,7 @@
 CVE-2005-4878 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
 	- acidbase 1.2.1-1
 CVE-2009-0638 (The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 ...)
-	TODO: check
+	NOT-FOR-US: Cisco Firewall Services Module
 CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2009-0636 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP ...)
@@ -22782,7 +22783,6 @@
 	NOTE: The blog has to provide user accounts
 	NOTE: A crafted XML-RPC request referring to a valid user can exploit this
 	TODO: check if packages embedding xmlrpc share this code
-	TODO: DSA-1601-1 introduced a regression in the etch version (#491846). That patch should be removed in the next DSA.
 CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in ...)
 	{DSA-1598-1 DSA-1491-1 DSA-1490-1 DTSA-140-1}
 	- tk8.5 8.5.0-3




More information about the Secure-testing-commits mailing list