[Secure-testing-commits] r13648 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Sat Dec 26 04:10:52 UTC 2009 

Author: geissert
Date: 2009-12-26 04:10:51 +0000 (Sat, 26 Dec 2009)
New Revision: 13648

Modified:
   data/CVE/list
Log:
fast-process some issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-26 01:55:34 UTC (rev 13647)
+++ data/CVE/list	2009-12-26 04:10:51 UTC (rev 13648)
@@ -9,20 +9,25 @@
 CVE-2009-4419 (Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the ...)
 	TODO: check
 CVE-2009-4418 (The unserialize function in PHP 5.3.0 and earlier allows ...)
-	TODO: check
+	- php5 <unfixed> (low)
 CVE-2009-4417 (The shutdown function in the Zend_Log_Writer_Mail class in Zend ...)
-	TODO: check
+	NOTE: the CVE talks about the Zend Framework, but the culprit
+	NOTE: is actually piwik
+	TODO: discuss it on oss-sec
 CVE-2009-4416 (Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare ...)
+	- phpgroupware <unfixed>
 	TODO: check
 CVE-2009-4415 (Multiple directory traversal vulnerabilities in phpGroupWare ...)
+	- phpgroupware <unfixed>
 	TODO: check
 CVE-2009-4414 (SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in ...)
+	- phpgroupware <unfixed>
 	TODO: check
-CVE-2009-4413 (The httpClientDiscardBody function in client.c in Polipo 0.9.8, ...)
-	TODO: check
 CVE-2009-4412 (Unrestricted file upload vulnerability in Serendipity before 1.5 ...)
+	- serendipity <unfixed>
 	TODO: check
 CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when ...)
+	- acl <unfixed> (bug #499076)
 	TODO: check
 CVE-2009-4409 (The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP ...)
 	TODO: check
@@ -33,6 +38,7 @@
 CVE-2009-4406 (Cross-site scripting (XSS) vulnerability in Forms/login1 in American ...)
 	TODO: check
 CVE-2009-4405 (Multiple unspecified vulnerabilities in Trac before 0.11.6 have ...)
+	- trac <unfixed>
 	TODO: check
 CVE-2009-4404 (Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 ...)
 	TODO: check
@@ -263,8 +269,9 @@
 	NOT-FOR-US: IBM DB2
 CVE-2009-4325 (The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before ...)
 	NOT-FOR-US: IBM DB2
-CVE-2009-XXXX [apache2: potential disclosure of private php files]
-	- apache2 <unfixed> (low; bug #562006)
+CVE-2009-XXXX [libapache2-mod-php5: potential disclosure of private php files]
+	- php5 5.2.11.dfsg.1-2 (low; bug #562006)
+	NOTE: not sure if it should be treated as an issue, probably not
 CVE-2009-XXXX [Wireshark: Daintree SNA buffer overflow]
 	- wireshark 1.2.5-1
 	[lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
@@ -700,7 +707,7 @@
 	[lenny] - xfig <no-dsa> (Minor issue)
 	[etch] - xfig <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905
-CVE-2009-XXXX [polipo crash/DoS via overly-large content-length header]
+CVE-2009-4413 [polipo crash/DoS via overly-large content-length header]
 	- polipo <unfixed> (medium; bug #560779)
 CVE-2009-4224 (Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, ...)
 	NOT-FOR-US: SweetRice

More information about the Secure-testing-commits mailing list