[Secure-testing-commits] r13527 - data/CVE
Kees Cook
kees at alioth.debian.org
Sat Dec 12 20:12:16 UTC 2009
Author: kees
Date: 2009-12-12 20:12:13 +0000 (Sat, 12 Dec 2009)
New Revision: 13527
Modified:
data/CVE/list
Log:
NFUs: 44
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-12 19:32:17 UTC (rev 13526)
+++ data/CVE/list 2009-12-12 20:12:13 UTC (rev 13527)
@@ -444,7 +444,7 @@
- roundcube <unfixed>
TODO: check
CVE-2009-4075 (Unspecified vulnerability in the timeout mechanism in sshd in Sun ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote ...)
NOT-FOR-US: Microsoft Internet Explorer 8
CVE-2008-7247 (sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, ...)
@@ -812,7 +812,7 @@
CVE-2009-3935 (Multiple unspecified vulnerabilities in the Advanced Management Module ...)
NOT-FOR-US: IBM BladeCenter
CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function ...)
- TODO: check
+ NOT-FOR-US: Google Chrome
CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before 3.0.195.32, ...)
- webkit <not-affected> (chromium-specific issue in their timer)
- qt4-x11 <not-affected> (chromium-specific issue in their timer)
@@ -820,9 +820,9 @@
- kde4libs <not-affected> (chromium-specific issue in their timer)
- chromium-browser <itp> (low; bug #520324)
CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...)
- TODO: check
+ NOT-FOR-US: Google Chrome
CVE-2009-3931 (Incomplete blacklist vulnerability in browser/download/download_exe.cc ...)
- TODO: check
+ NOT-FOR-US: Google Chrome
CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02 allow ...)
- file 5.03-1
[lenny] - file <not-affected>
@@ -956,7 +956,7 @@
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Web Server
CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
- openjdk <unfixed>
- sun-java6 <unfixed>
@@ -1776,7 +1776,7 @@
CVE-2009-3587 (Unspecified vulnerability in the arclib component in the Anti-Virus ...)
NOT-FOR-US: eTrust Antivirus
CVE-2009-3586 (Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: CoreHTTP
CVE-2009-3585 (Session fixation vulnerability in html/Elements/SetupSessionCookie in ...)
{DSA-1944-1}
- request-tracker3.4 <removed>
@@ -1792,11 +1792,11 @@
CVE-2009-3580
RESERVED
CVE-2009-3578 (Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya ...)
- TODO: check
+ NOT-FOR-US: Autodesk Maya
CVE-2009-3577 (Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2009-3576 (Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Autodesk Softimage
CVE-2009-3575 (Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, ...)
- aria2 1.2.0-1 (low; bug #551070)
[etch] - aria2 <not-affected> (Vulnerable code not present)
@@ -1908,7 +1908,7 @@
[lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
[etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
CVE-2009-3548 (The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 ...)
- TODO: check
+ NOT-FOR-US: Apache Tomcat (Windows only)
CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before ...)
{DSA-1929-1 DSA-1928-1 DSA-1927-1}
- linux-2.6 2.6.31-2 (high)
@@ -3522,7 +3522,7 @@
CVE-2009-3034
RESERVED
CVE-2009-3033 (Buffer overflow in the RunCmd method in the Altiris eXpress NS Console ...)
- TODO: check
+ NOT-FOR-US: ActiveX
CVE-2009-3032
RESERVED
CVE-2009-3031 (Stack-based buffer overflow in the BrowseAndSaveFile method in the ...)
@@ -4263,49 +4263,49 @@
[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
- linux-2.6.24 <not-affected> (vulnerability introduced in 2.6.30)
CVE-2009-2843 (Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2009-2842 (Apple Safari before 4.0.4 does not properly implement certain (1) Open ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2009-2841 (WebKit in Apple Safari before 4.0.4 on Mac OS X does not perform the ...)
- webkit <unfixed> (medium; bug #559759)
TODO: work with upstream to determine affected/not-affected versions
TODO: check qt4-x11, kdelibs, kde4libs
CVE-2009-2840 (Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2839 (Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2838 (Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2837 (Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2836 (Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2835 (The kernel in Apple Mac OS X before 10.6.2 does not properly handle ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2834 (IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2833 (Buffer overflow in the UCCompareTextDefault API in International ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2832 (Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2831 (Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2830 (Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2829 (Event Monitor in Apple Mac OS X 10.5.8 does not properly handle ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2828 (The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2827 (Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2826 (Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2825 (Certificate Assistant in Apple Mac OS X before 10.6.2 does not ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2824 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2823 (The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2822
RESERVED
CVE-2009-2821
@@ -4315,9 +4315,9 @@
- cups 1.4.2-1 (low; bug #555666)
- cupsys <removed>
CVE-2009-2819 (AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2818 (Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers ...)
NOT-FOR-US: Apple iTunes
CVE-2009-2816 (The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, ...)
@@ -4338,11 +4338,11 @@
CVE-2009-2811 (Incomplete blacklist vulnerability in Launch Services in Apple Mac OS ...)
NOT-FOR-US: Apple Mac OS X
CVE-2009-2810 (Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2809 (ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers ...)
NOT-FOR-US: ImageIO in Apple Mac OS X
CVE-2009-2808 (Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2009-2807 (Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS ...)
- cupsys <not-affected> (issue in darwin-specific code; bug #550150)
- cups <not-affected> (issue in darwin-specific code; bug #550150)
@@ -4569,13 +4569,13 @@
CVE-2009-2750
RESERVED
CVE-2009-2749 (Feature Pack for Communications Enabled Applications (CEA) before ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2748
RESERVED
CVE-2009-2747
RESERVED
CVE-2009-2746 (Cross-site request forgery (CSRF) vulnerability in the administrative ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2745
RESERVED
CVE-2009-2744 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
@@ -4948,7 +4948,7 @@
CVE-2009-2679 (Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and ...)
NOT-FOR-US: HP HP-UX
CVE-2009-2678 (Unspecified vulnerability in Open System Services (OSS) Name Server on ...)
- TODO: check
+ NOT-FOR-US: Open System Services (OSS) Name Server on HP NonStop
CVE-2009-2677 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...)
NOT-FOR-US: HP Insight Control Suite For Linux (aka ICE-LX)
CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ...)
@@ -5166,7 +5166,7 @@
- kolab-cyrus-imapd 2.2.13-5.1 (medium; bug #547712)
- dovecot 1:1.2.1-1 (medium; bug #546656)
CVE-2009-2631 (Multiple clientless SSL VPN products that run in web browsers, ...)
- TODO: check
+ NOT-FOR-US: Commercial SSL VPN products
CVE-2009-2630
RESERVED
CVE-2009-2629 (Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through ...)
@@ -8043,11 +8043,11 @@
CVE-2009-1570 (Integer overflow in the ReadImage function in ...)
- gimp 2.6.7-1.1 (medium; bug #555929)
CVE-2009-1569 (Multiple stack-based buffer overflows in Novell iPrint Client 4.38, ...)
- TODO: check
+ NOT-FOR-US: Novell iPrint Client
CVE-2009-1568 (Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client ...)
- TODO: check
+ NOT-FOR-US: Novell iPrint Client
CVE-2009-1567 (Multiple stack-based buffer overflows in the Lateral Arts Photobox ...)
- TODO: check
+ NOT-FOR-US: ActiveX
CVE-2009-1566 (Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio ...)
NOT-FOR-US: Roxio Easy Media Creator
CVE-2009-1565
@@ -10483,7 +10483,7 @@
CVE-2009-0896 (Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before ...)
NOT-FOR-US: IBM WebSphere
CVE-2009-0895 (Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and ...)
- TODO: check
+ NOT-FOR-US: Novell eDirectory
CVE-2009-0894 (Heap-based buffer overflow in the decoder_create function in the ...)
- xvidcore <itp> (bug #531040)
CVE-2009-0893 (Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the ...)
@@ -13920,7 +13920,7 @@
CVE-2009-0053 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before ...)
NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0052 (The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access ...)
- TODO: check
+ NOT-FOR-US: Atheros wireless driver
CVE-2009-0051 (ZXID 0.29 and earlier does not properly check the return value from ...)
NOT-FOR-US: ZXID
CVE-2009-0050 (Lasso 2.2.1 and earlier does not properly check the return value from ...)
More information about the Secure-testing-commits
mailing list