[Secure-testing-commits] r12702 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Sat Aug 29 08:30:49 UTC 2009
Author: derevko-guest
Date: 2009-08-29 08:30:49 +0000 (Sat, 29 Aug 2009)
New Revision: 12702
Modified:
data/CVE/list
Log:
- NFU
- CVE-2009-2975 is unimportant
- CVE-2008-7068 no-dsa candidate
- CVE-2008-7002 is unimportant
- CVE-2009-272{1,2,3,4} fixed in sun-java5 1.5.0-20-1
- CVE-2009-271{16,17,18,19} and CVE-2009-2720 fixed in sun-java6 6-15-1
- CVE-2009-2409: gnutls13 is affected
- Added some notes in WebKit related issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-29 06:13:31 UTC (rev 12701)
+++ data/CVE/list 2009-08-29 08:30:49 UTC (rev 12702)
@@ -47,7 +47,9 @@
CVE-2009-2976 (Cisco Aironet Lightweight Access Point (AP) devices send the contents ...)
NOT-FOR-US: Cisco
CVE-2009-2975 (Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly ...)
- TODO: check
+ - xulrunner <not-affected> (unimportant)
+ NOTE: browser crashes not treated as security issues
+ NOTE: not reproducible, probably only Firefox in Windows XP is affected
CVE-2009-2974 (Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote ...)
- chromium-browser <itp> (bug #520324)
CVE-2009-2973 (Google Chrome before 2.0.172.43 does not prevent SSL connections to a ...)
@@ -173,7 +175,9 @@
CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information ...)
NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...)
- TODO: check
+ - php5 5.2.6.dfsg.1-3 (low; bug #507101)
+ - php4 <removed> (low)
+ NOTE: no-dsa candidate, if a user has write access to a file he simply can use fopen()
CVE-2008-7067 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: PageTree CMS
CVE-2008-7066 (OpenForum 0.66 Beta allows remote attackers to bypass authentication ...)
@@ -329,7 +333,7 @@
CVE-2008-7016 (tnftpd before 20080929 splits large command strings into multiple ...)
NOT-FOR-US: tnftpd
CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication by ...)
- TODO: check
+ NOT-FOR-US: TikiWiki
CVE-2009-XXXX [pidgin does not honour SSL/TLS]
- pidgin 2.6.1-1 (low; bug #542891)
[lenny] - pidgin <no-dsa> (Minor issue)
@@ -689,7 +693,8 @@
CVE-2008-7003 (Multiple SQL injection vulnerabilities in login.php in The Rat CMS ...)
NOT-FOR-US: The Rat CMS
CVE-2008-7002 (PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...)
- TODO: check
+ - php5 (unimportant)
+ NOTE: safe-mode and basedir violations not treated as security issues
CVE-2008-7001 (Unrestricted file upload vulnerability in the file manager in Creative ...)
NOT-FOR-US: Creative Mind Creator CMS
CVE-2008-7000 (PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 ...)
@@ -968,23 +973,32 @@
CVE-2009-2725
RESERVED
CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0 before ...)
- TODO: check
+ - sun-java5 1.5.0-20-1 (unknown)
+ NOTE: unknown impact and attack vectors
CVE-2009-2723 (Unspecified vulnerability in deserialization in the Provider class in ...)
- TODO: check
+ - sun-java5 1.5.0-20-1 (unknown)
+ NOTE: unknown impact and attack vectors
CVE-2009-2722 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...)
- TODO: check
+ - sun-java5 1.5.0-20-1 (unknown)
+ NOTE: unknown impact and attack vectors
CVE-2009-2721 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...)
- TODO: check
+ - sun-java5 1.5.0-20-1 (unknown)
+ NOTE: unknown impact and attack vectors
CVE-2009-2720 (Unspecified vulnerability in the ...)
- TODO: check
+ - sun-java6 6-15-1
+ TODO: check openjdk-6
CVE-2009-2719 (The Java Web Start implementation in Sun Java SE 6 before Update 15 ...)
- TODO: check
+ - sun-java6 6-15-1
+ TODO: check openjdk-6
CVE-2009-2718 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...)
- TODO: check
+ - sun-java6 6-15-1
+ TODO: check openjdk-6
CVE-2009-2717 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...)
- TODO: check
+ - sun-java6 6-15-1
+ TODO: check openjdk-6
CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does not ...)
- TODO: check
+ - sun-java6 6-15-1
+ TODO: check openjdk-6
CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: cPanel
CVE-2008-6926 (Directory traversal vulnerability in ...)
@@ -1014,7 +1028,7 @@
- libxerces2-java <unfixed> (low; bug #540862)
[etch] - libxerces2-java <no-dsa> (minor issue)
[lenny] - libxerces2-java <no-dsa> (minor issue)
- TODO: request cve it
+ TODO: request cve id
CVE-2009-XXXX [gri: insecure temp file generation]
- gri 2.12.18-1 (low)
CVE-2009-2715 (Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause ...)
@@ -2020,7 +2034,7 @@
- nss 3.12.3-1 (low; bug #539895)
- openssl 0.9.8k-4 (low; bug #539899)
- gnutls26 2.4.2-5 (low; bug #539901)
- TODO: check - gnutls13 <removed>
+ - gnutls13 <removed>
CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in ...)
{DSA-1845-1 DSA-1844-1}
- linux-2.6 2.6.30-5 (medium)
@@ -2494,7 +2508,6 @@
[lenny] - iceape <not-affected> (Only provides a stub for XPCOM)
[etch] - iceape <no-dsa> (Mozilla from Etch no longer covered by security support)
- kompozer <not-affected> (mail suite not compiled)
- TODO: check on the details once the Mozilla bug has been made public
NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-33.html
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=495057
CVE-2008-6839 (Multiple cross-site scripting (XSS) vulnerabilities in TGS Content ...)
@@ -2595,6 +2608,8 @@
CVE-2009-2200 (WebKit in Apple Safari before 4.0.3 does not properly restrict the URL ...)
TODO: check
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
+ NOTE: http://trac.webkit.org/changeset/44905
+ NOTE: http://trac.webkit.org/changeset/44909
CVE-2009-2199 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...)
NOT-FOR-US: Apple Safari
CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all cookies ...)
@@ -2606,6 +2621,7 @@
CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote ...)
TODO: check
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
+ NOTE: http://trac.webkit.org/changeset/45696
CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file ...)
NOT-FOR-US: Apple Mac OS X
CVE-2009-2193 (Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 ...)
More information about the Secure-testing-commits
mailing list