[Secure-testing-commits] r13563 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Tue Dec 15 21:24:38 UTC 2009
Author: derevko-guest
Date: 2009-12-15 21:24:38 +0000 (Tue, 15 Dec 2009)
New Revision: 13563
Modified:
data/CVE/list
Log:
- NFUs
- CVE-2009-0689 fixed in kde4libs 4:4.3.4-1
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-15 21:14:19 UTC (rev 13562)
+++ data/CVE/list 2009-12-15 21:24:38 UTC (rev 13563)
@@ -71,35 +71,35 @@
CVE-2009-4324 (Unspecified vulnerability in Adobe Reader and Acrobat 9.2 and earlier ...)
TODO: check
CVE-2009-4323 (The installation for Zen Cart stores sensitive information and ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2009-4322 (extras/ipn_test_return.php in Zen Cart allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2009-4321 (extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2009-4320 (Cross-site scripting (XSS) vulnerability in searchform.php in The Next ...)
- TODO: check
+ NOT-FOR-US: The Next Generation of Genealogy Sitebuilding
CVE-2009-4319 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: eoCMS
CVE-2009-4318 (Cross-site scripting (XSS) vulnerability in index.php in Real Estate ...)
- TODO: check
+ NOT-FOR-US: Real Estate Manager
CVE-2009-4317 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...)
- TODO: check
+ NOT-FOR-US: ScriptsEz
CVE-2009-4316 (Cross-site scripting (XSS) vulnerability in searchresults_main.php in ...)
- TODO: check
+ NOT-FOR-US: ZeeLyrics
CVE-2009-4315 (Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS ...)
- TODO: check
+ NOT-FOR-US: Nuggetz CMS
CVE-2009-4314 (Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group ...)
- TODO: check
+ NOT-FOR-US: Sun Ray Server Software
CVE-2009-4313 (ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-4312 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-4311 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-4310 (Stack-based buffer overflow in the Intel Indeo41 codec for Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-4309 (Heap-based buffer overflow in the Intel Indeo41 codec for Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-4308 (The ext4_decode_error function in fs/ext4/super.c in the ext4 ...)
- linux-2.6 2.6.32-1 (medium)
[etch] - linux-2.6 <not-affected> (ext4 introduced in 2.6.19)
@@ -378,7 +378,7 @@
CVE-2009-4211 (The U.S. Defense Information Systems Agency (DISA) Security Readiness ...)
NOT-FOR-US: U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script
CVE-2009-4210 (The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-4209 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
NOT-FOR-US: moziloCMS
CVE-2009-4208 (SQL injection vulnerability in the os_news module in Open-school (OS) ...)
@@ -462,25 +462,25 @@
CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in tagcloud.swf in the ...)
NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
CVE-2009-4167 (Unspecified vulnerability in the Automatic Base Tags for RealUrl ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2009-4166 (SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2009-4165 (SQL injection vulnerability in the simple Glossar (simple_glossar) ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2009-4164 (Cross-site scripting (XSS) vulnerability in the simple Glossar ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2009-4163 (SQL injection vulnerability in the TW Productfinder (tw_productfinder) ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2009-4162 (Unspecified vulnerability in the DB Integration (wfqbe) extension ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2009-4161 (Cross-site scripting (XSS) vulnerability in the [AN] Search it! ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2009-4160 (Unspecified vulnerability in the Simple download-system with counter ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2009-4159 (Cross-site scripting (XSS) vulnerability in the newsletter ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2009-4158 (SQL injection vulnerability in the Calendar Base (cal) extension ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2009-4157 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
NOT-FOR-US: Joomla
CVE-2009-4156 (PHP remote file inclusion vulnerability in modules/pms/index.php in ...)
@@ -11827,7 +11827,7 @@
- nspr 4.8-2
[etch] - nspr <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
- kdelibs <unfixed> (medium; bug #559265)
- - kde4libs <unfixed> (medium; bug #559266)
+ - kde4libs 4:4.3.4-1 (medium; bug #559266)
TODO: check and merge with 2009-1563?
TODO: Someone posted a long list of dtoa embedded to debian-devel some time ago
NOTE: CVE-2009-1563 will be marked REJECTED by MITRE.
More information about the Secure-testing-commits
mailing list