[Secure-testing-commits] r13516 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Sat Dec 12 07:22:28 UTC 2009
Author: geissert
Date: 2009-12-12 07:22:27 +0000 (Sat, 12 Dec 2009)
New Revision: 13516
Modified:
data/CVE/list
Log:
NFUs
expat, java, rt issues
polipo issue verified and reported
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-12 03:52:41 UTC (rev 13515)
+++ data/CVE/list 2009-12-12 07:22:27 UTC (rev 13516)
@@ -121,9 +121,7 @@
TODO: check
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905
CVE-2009-XXXX [polipo crash/DoS via overly-large content-length header]
- - polipo <unfixed>
- TODO: report bug, check affected versions
- NOTE: http://www.exploit-db.com/exploits/10338
+ - polipo <unfixed> (medium; bug #560779)
CVE-2009-4224 (Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, ...)
NOT-FOR-US: SweetRice
CVE-2009-4223 (PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web ...)
@@ -267,6 +265,8 @@
CVE-2009-4152 (Cross-site scripting (XSS) vulnerability in the Collaboration ...)
NOT-FOR-US: IBM WebSphere
CVE-2009-4151 (Session fixation vulnerability in html/Elements/SetupSessionCookie in ...)
+ - request-tracker3.6 <unfixed>
+ - request-tracker3.4 <removed>
TODO: check
CVE-2009-4150 (dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and ...)
NOT-FOR-US: IBM DB2
@@ -953,6 +953,9 @@
CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...)
TODO: check
CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
+ - openjdk <unfixed>
+ - sun-java6 <unfixed>
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
TODO: check
CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
- openjdk <unfixed>
@@ -1042,7 +1045,7 @@
CVE-2009-3845
RESERVED
CVE-2009-3844 (Unspecified vulnerability in HP OpenView Data Protector Application ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Data Protector Application
CVE-2009-3843 (HP Operations Manager 8.10 on Windows contains a "hidden account" in ...)
NOT-FOR-US: HP Operations Manager
CVE-2009-3842 (Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction ...)
@@ -1527,19 +1530,19 @@
CVE-2009-3678
RESERVED
CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows 2000 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Authentication Service
CVE-2009-3676 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows ...)
NOT-FOR-US: Microsoft Windows Server
CVE-2009-3675 (LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Local Security Authority Subsystem Service
CVE-2009-3674 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3673 (Microsoft Internet Explorer 7 and 8 does not properly handle objects ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3671 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3670 (Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 ...)
NOT-FOR-US: KSP Sound Player
CVE-2009-3669 (SQL injection vulnerability in the foobla Suggestions ...)
@@ -1864,6 +1867,7 @@
CVE-2009-3561 (Directory traversal vulnerability in Xerver HTTP Server 4.32 allows ...)
NOT-FOR-US: Xerver HTTP Server
CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...)
+ - expat <unfixed>
TODO: check
CVE-2009-3559 (** DISPUTED ** ...)
- php5 <unfixed> (unimportant)
@@ -4923,7 +4927,7 @@
[etch] - xemacs21 <no-dsa> (Minor issue, obscure attack vector)
[lenny] - xemacs21 <no-dsa> (Minor issue, obscure attack vector)
CVE-2009-2686 (Unspecified vulnerability in HP NonStop G06.12.00 through G06.32.00, ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2685 (Stack-based buffer overflow in the login form in the management web ...)
NOT-FOR-US: HP Power Manager
CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and ...)
@@ -5460,15 +5464,15 @@
CVE-2009-2510 (The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 ...)
NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2509 (Active Directory Federation Services (ADFS) in Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Active Directory Federation Services
CVE-2009-2508 (The single sign-on implementation in Active Directory Federation ...)
- TODO: check
+ NOT-FOR-US: Microsoft Active Directory Federation Services
CVE-2009-2507 (A certain ActiveX control in the Indexing Service in Microsoft Windows ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-2506 (The text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2009-2505 (The Internet Authentication Service (IAS) in Microsoft Windows Vista ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2009-2504 (Multiple integer overflows in unspecified APIs in GDI+ in Microsoft ...)
NOT-FOR-US: Microsoft products
CVE-2009-2503 (GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, ...)
@@ -8040,7 +8044,7 @@
CVE-2009-1567 (Multiple stack-based buffer overflows in the Lateral Arts Photobox ...)
TODO: check
CVE-2009-1566 (Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio ...)
- TODO: check
+ NOT-FOR-US: Roxio Easy Media Creator
CVE-2009-1565
RESERVED
CVE-2009-1564
@@ -13782,7 +13786,7 @@
CVE-2008-5881 (Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow ...)
NOT-FOR-US: playSMS
CVE-2009-0102 (Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0101
RESERVED
CVE-2009-0100 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; ...)
More information about the Secure-testing-commits
mailing list