[Secure-testing-commits] r13671 - in data: CVE packages
Raphael Geissert
geissert at alioth.debian.org
Tue Dec 29 05:50:43 UTC 2009
Author: geissert
Date: 2009-12-29 05:50:43 +0000 (Tue, 29 Dec 2009)
New Revision: 13671
Modified:
data/CVE/list
data/packages/new-packages
Log:
Two ITPs, one NEW package, NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-28 21:14:20 UTC (rev 13670)
+++ data/CVE/list 2009-12-29 05:50:43 UTC (rev 13671)
@@ -865,6 +865,7 @@
CVE-2009-4141
RESERVED
CVE-2009-4140 (Unrestricted file upload vulnerability in ofc_upload_image.php in Open ...)
+ - piwik <itp> (bug #506933)
TODO: check
CVE-2009-4139
RESERVED
@@ -886,6 +887,7 @@
CVE-2009-4134
RESERVED
CVE-2009-4133 (Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for ...)
+ - condor <itp> (bug #233482)
TODO: check
CVE-2009-4132
REJECTED
@@ -1760,25 +1762,25 @@
NOTE: but the "fixes" linked from the advisory only change code in kdelibs
NOTE: more info at oss-sec threads
CVE-2009-3800 (Multiple unspecified vulnerabilities in Adobe Flash Player before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2009-3799 (Integer overflow in the Verifier::parseExceptionHandlers function in ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2009-3798 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2009-3797 (Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2009-3796 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2009-3795
RESERVED
CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2009-3793
RESERVED
CVE-2009-3792 (Directory traversal vulnerability in Adobe Flash Media Server (FMS) ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Media Server
CVE-2009-3791 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Media Server
CVE-2009-3790 (Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation ...)
NOT-FOR-US: FormMax
CVE-2009-3789 (Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan ...)
@@ -4915,17 +4917,17 @@
[lenny] - burn 0.4.3-2.1+lenny1
[etch] - burn <no-dsa> (Minor issue)
CVE-2009-2880 (Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x ...)
- TODO: check
+ NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2879 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
- TODO: check
+ NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2878 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
- TODO: check
+ NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2877 (Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF ...)
- TODO: check
+ NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2876 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
- TODO: check
+ NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2875 (Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x ...)
- TODO: check
+ NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2874 (The TimesTenD process in Cisco Unified Presence 1.x, 6.x before ...)
NOT-FOR-US: Cisco Unified Presence
CVE-2009-2873 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...)
@@ -40801,9 +40803,9 @@
CVE-2007-2282 (Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before ...)
NOT-FOR-US: Cisco
CVE-2007-2281 (Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2007-2280 (Stack-based buffer overflow in OmniInet.exe (aka the backup client ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage ...)
NOT-FOR-US: Symantec
CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 ...)
Modified: data/packages/new-packages
===================================================================
--- data/packages/new-packages 2009-12-28 21:14:20 UTC (rev 13670)
+++ data/packages/new-packages 2009-12-29 05:50:43 UTC (rev 13671)
@@ -123,3 +123,4 @@
uanytun
xblast-tnt
xblast-tnt-sounds
+dnsjava
More information about the Secure-testing-commits
mailing list