[Secure-testing-commits] r13616 - in data: CVE DSA

Giuseppe Iuculano derevko-guest at alioth.debian.org
Mon Dec 21 18:09:04 UTC 2009 

Author: derevko-guest
Date: 2009-12-21 18:09:03 +0000 (Mon, 21 Dec 2009)
New Revision: 13616

Modified:
   data/CVE/list
   data/DSA/list
Log:
CVE-2009-4151 already fixed
phpldapadmin issue triage
moodle issues triage
CVE-2009-4077 and CVE-2009-4076 fixed in roundcube 0.3-1
NFU


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-21 17:47:22 UTC (rev 13615)
+++ data/CVE/list	2009-12-21 18:09:03 UTC (rev 13616)
@@ -9,8 +9,8 @@
 CVE-2009-XXXX [Wireshark: IPMI dissector could crash on Windows]
 	- wireshark <not-affected> (Windows-specific)
 CVE-2009-XXXX [phpldapadmin local file inclusion vuln]
-	- phpldapadmin <unfixed>
-	TODO: check
+	- phpldapadmin <unfixed> (medium; bug #561975)
+	NOTE: CVE id requested
 	NOTE: http://www.exploit-db.com/exploits/10410
 CVE-2009-XXXX [php5 uksort() interruption memory corruption]
 	- php5 <unfixed> (low)
@@ -159,7 +159,7 @@
 CVE-2010-0001
 	RESERVED
 CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method in ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader and Acrobat 8.0
 CVE-2009-4323 (The installation for Zen Cart stores sensitive information and ...)
 	NOT-FOR-US: Zen Cart
 CVE-2009-4322 (extras/ipn_test_return.php in Zen Cart allows remote attackers to ...)
@@ -317,41 +317,32 @@
 	[etch] - php-net-ping 2.4.2-1+etch1
 	[lenny] - php-net-ping 2.4.2-1+lenny1
 CVE-2009-4305 (SQL injection vulnerability in the SCORM module in Moodle 1.8 before ...)
-	- moodle <unfixed> (bug #559531)
+	- moodle <unfixed> (medium; bug #559531)
 	NOTE: MSA-09-0031
-	TODO: check
 CVE-2009-4304 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0029
-	TODO: check
 CVE-2009-4303 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0028
-	TODO: check
 CVE-2009-4302 (login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0027
-	TODO: check
 CVE-2009-4301 (mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0026
-	TODO: check
 CVE-2009-4300 (Multiple unspecified authentication plugins in Moodle 1.8 before ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0025
-	TODO: check
 CVE-2009-4299 (mod/glossary/showentry.php in the Glossary module for Moodle 1.8 ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0024
-	TODO: check
 CVE-2009-4298 (The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0023
-	TODO: check
 CVE-2009-4297 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0022
-	TODO: check
 CVE-2009-XXXX [docutils insecure usage of temporary files]
 	- python-docutils 0.6-2 (low; bug #560755)
 	[etch] - python-docutils <not-affected> (vulnerable code introduced in 0.5)
@@ -587,9 +578,8 @@
 CVE-2009-4152 (Cross-site scripting (XSS) vulnerability in the Collaboration ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2009-4151 (Session fixation vulnerability in html/Elements/SetupSessionCookie in ...)
-	- request-tracker3.6 <unfixed>
-	- request-tracker3.4 <removed>
-	TODO: check
+	- request-tracker3.6 3.6.9-2 (low)
+	- request-tracker3.4 <removed> 
 CVE-2009-4150 (dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and ...)
 	NOT-FOR-US: IBM DB2
 CVE-2009-4149 (Cross-site scripting (XSS) vulnerability in the web interface in CA ...)
@@ -763,11 +753,9 @@
 	- redmine <unfixed>
 	TODO: check
 CVE-2009-4077 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...)
-	- roundcube <unfixed>
-	TODO: check
+	- roundcube 0.3-1
 CVE-2009-4076 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...)
-	- roundcube <unfixed>
-	TODO: check
+	- roundcube 0.3-1
 CVE-2009-4075 (Unspecified vulnerability in the timeout mechanism in sshd in Sun ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2009-12-21 17:47:22 UTC (rev 13615)
+++ data/DSA/list	2009-12-21 18:09:03 UTC (rev 13616)
@@ -52,7 +52,7 @@
 	[etch] - gforge 4.5.14-22etch13
 	[lenny] - gforge 4.7~rc2-7lenny3
 [03 Dec 2009] DSA-1944-1 request-tracker3.4 request-tracker3.6 - session hijack vulnerability
-	{CVE-2009-3585}
+	{CVE-2009-3585 CVE-2009-4151}
 	[etch] - request-tracker3.6 3.6.1-4+etch1
 	[etch] - request-tracker3.4 3.4.5-2+etch1
 	[lenny] - request-tracker3.6 3.6.7-5+lenny3

More information about the Secure-testing-commits mailing list