[Secure-testing-commits] r12701 - in data: . CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Sat Aug 29 06:13:32 UTC 2009
Author: derevko-guest
Date: 2009-08-29 06:13:31 +0000 (Sat, 29 Aug 2009)
New Revision: 12701
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- NFUs
- some issues fixed in spu
- chromium-browser itp
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-28 21:14:17 UTC (rev 12700)
+++ data/CVE/list 2009-08-29 06:13:31 UTC (rev 12701)
@@ -41,43 +41,43 @@
CVE-2009-2979
RESERVED
CVE-2009-2978 (SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and ...)
- TODO: check
+ NOT-FOR-US: SugarCRM
CVE-2009-2977 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2009-2976 (Cisco Aironet Lightweight Access Point (AP) devices send the contents ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2009-2975 (Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly ...)
TODO: check
CVE-2009-2974 (Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote ...)
- TODO: check
+ - chromium-browser <itp> (bug #520324)
CVE-2009-2973 (Google Chrome before 2.0.172.43 does not prevent SSL connections to a ...)
- TODO: check
+ - chromium-browser <itp> (bug #520324)
CVE-2009-2972 (in.lpd in the print service in Sun Solaris 8 and 9 allows remote ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2008-7106 (The installation of Sophos PureMessage for Microsoft Exchange 3.0 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Exchange
CVE-2008-7105 (Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows ...)
- TODO: check
+ NOT-FOR-US: Sophos PureMessage for Microsoft Exchange
CVE-2008-7104 (Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for ...)
- TODO: check
+ NOT-FOR-US: Sophos PureMessage Scanner service
CVE-2008-7103 (Stack-based buffer overflow in an ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: Toolbar 2.0.4.1
CVE-2008-7102 (DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx ...)
- TODO: check
+ NOT-FOR-US: DotNetNuke
CVE-2008-7101 (Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 ...)
- TODO: check
+ NOT-FOR-US: DotNetNuke
CVE-2008-7100 (Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows ...)
- TODO: check
+ NOT-FOR-US: DotNetNuke
CVE-2008-7099 (Unspecified vulnerability in the Manage Templates feature in Qsoft ...)
- TODO: check
+ NOT-FOR-US: Qsoft K-Rate Premium
CVE-2008-7098 (Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate ...)
- TODO: check
+ NOT-FOR-US: Qsoft K-Rate Premium
CVE-2008-7097 (Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow ...)
- TODO: check
+ NOT-FOR-US: Qsoft K-Rate Premium
CVE-2008-7096 (Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, ...)
- TODO: check
+ NOT-FOR-US: Intel Desktop and Intel Mobile Boards
CVE-2008-7095 (The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does ...)
- TODO: check
+ NOT-FOR-US: ArubaOS
CVE-2009-2971
RESERVED
CVE-2009-2970
@@ -235,7 +235,7 @@
CVE-2009-2936
RESERVED
CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote ...)
- TODO: check
+ - chromium-browser <itp> (bug #520324)
CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in Programmed ...)
NOT-FOR-US: Programmed Integration PIPL
CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before 2.0.3 ...)
@@ -478,7 +478,7 @@
CVE-2009-2862
RESERVED
CVE-2009-2861 (The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2009-2860 (Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows ...)
NOT-FOR-US: db2jds in IBM DB2
CVE-2009-2859 (IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access ...)
@@ -2434,6 +2434,7 @@
- stardict 3.0.1-5 (low; bug #534731)
[lenny] - stardict <no-dsa> (Minor issue)
[etch] - stardict <not-affected> (netdict plugin not yet present)
+ TODO: add after r3 [lenny] - stardict 3.0.1-4+lenny1
CVE-2009-2259 (Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow ...)
NOT-FOR-US: PHP Address Book
CVE-2009-2258 (Directory traversal vulnerability in cgi-bin/webcm in the ...)
@@ -2933,15 +2934,15 @@
CVE-2009-2055 (Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a ...)
NOT-FOR-US: Cisco IOS
CVE-2009-2054 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2009-2053 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2009-2052 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2009-2051 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2009-2050 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2009-2049 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through ...)
NOT-FOR-US: Cisco IOS
CVE-2009-2048 (Cross-site scripting (XSS) vulnerability in the Administration ...)
@@ -3377,6 +3378,7 @@
- xerces27 <removed>
CVE-2009-1884 (Off-by-one error in the bzinflate function in Bzip2.xs in the ...)
- libcompress-raw-bzip2-perl 2.018-1 (medium; bug #542777)
+ TODO: add after r3 [lenny] - libcompress-raw-bzip2-perl 2.011-2lenny1
CVE-2009-1883
RESERVED
CVE-2009-1882 (Integer overflow in the XMakeImage function in magick/xwindow.c in ...)
@@ -4746,6 +4748,8 @@
[lenny] - perl <no-dsa> (Minor issue)
[etch] - perl <not-affected> (Doesn't yet include Compress-Raw-Zlib)
- libcompress-raw-zlib-perl 2.015-2 (low; bug #532738)
+ TODO: add after r3 [lenny] - libcompress-raw-zlib-perl 2.012-1lenny1
+ TODO: add after r3 [lenny] - perl 5.10.0-19lenny1
CVE-2009-1390 (Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) ...)
- mutt 1.5.20-1
[lenny] - mutt <not-affected> (Affected code was introduced in 1.5.19)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-08-28 21:14:17 UTC (rev 12700)
+++ data/spu-candidates.txt 2009-08-29 06:13:31 UTC (rev 12701)
@@ -144,12 +144,6 @@
--
-stardict (CVE-2009-2260)
-#534731
-notified maintainer
-
---
-
net-snmp (CVE-2008-6123)
Noah will see to it.
More information about the Secure-testing-commits
mailing list