[Secure-testing-commits] r11273 - data/CVE

thijs at alioth.debian.org thijs at alioth.debian.org
Fri Feb 27 09:22:23 UTC 2009 

Author: thijs
Date: 2009-02-27 09:22:22 +0000 (Fri, 27 Feb 2009)
New Revision: 11273

Modified:
   data/CVE/list
Log:
new optipng, opensc issues.
clean up rejected issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-02-26 09:14:13 UTC (rev 11272)
+++ data/CVE/list	2009-02-27 09:22:22 UTC (rev 11273)
@@ -1,3 +1,6 @@
+CVE-2009-XXXX [optipng array overflow]
+	- optipng 0.6.2.1-1 (low)
+	NOTE: http://secunia.com/advisories/34035/
 CVE-2009-0741 (SQL injection vulnerability in Login.asp in Craft Silicon Banking at Home ...)
 	TODO: check
 CVE-2009-0740 (SQL injection vulnerability in login.php in BlueBird Prelease allows ...)
@@ -140,7 +143,6 @@
 	TODO: check
 CVE-2009-0671
 	REJECTED
-	TODO: check
 CVE-2009-0670
 	RESERVED
 CVE-2009-0669
@@ -1409,8 +1411,10 @@
 	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=253493
 	NOTE: CVE id requested
 	[lenny] - audacity 1.3.5-2+lenny1
-CVE-2009-0368
+CVE-2009-0368 [opensc information leak]
 	RESERVED
+	- opensc <unfixed>
+	NOTE: Unclear yet which versions are affected, asked maintainer
 CVE-2009-0367
 	RESERVED
 CVE-2009-0366
@@ -1906,8 +1910,6 @@
 	- typo3-src 4.2.4-1
 CVE-2009-0242
 	REJECTED
-	- ganglia-monitor-core <not-affected> (Only affects 3.1.1 branch, currently in experimental under different name)
-	- ganglia-monitor <unfixed> (low; bug #512637)
 CVE-2009-0241 (Stack-based buffer overflow in the process_path function in ...)
 	{DSA-1710-1}
 	- ganglia-monitor-core 2.5.7-5 (medium; bug #512637)
@@ -4807,7 +4809,6 @@
 	NOT-FOR-US: Chipmunk CMS
 CVE-2008-4920
 	REJECTED
-	NOT-FOR-US: Agavi
 CVE-2008-4919 (Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ...)
 	NOT-FOR-US: eXPert PDF Viewer X ActiveX
 CVE-2008-4918 (Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced ...)
@@ -5950,7 +5951,6 @@
 	NOT-FOR-US: IceBB
 CVE-2008-4430
 	REJECTED
-	NOTE: duplicate of CVE-2008-3699, will be rejected soon
 CVE-2008-4429 (Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 ...)
 	NOT-FOR-US: SOURCENEXT Virus Security ZERO
 CVE-2008-4428 (Unrestricted file upload vulnerability in upload.php in Phlatline's ...)
@@ -5967,7 +5967,6 @@
 	NOT-FOR-US: Ovidentia
 CVE-2008-4422
 	REJECTED
-	NOT-FOR-US: ** REJECT **
 CVE-2008-4421 (Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably ...)
 	NOT-FOR-US: MetaGauge
 CVE-2008-4420

More information about the Secure-testing-commits mailing list