[Secure-testing-commits] r11115 - in data: . CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Fri Jan 30 16:35:56 UTC 2009
Author: jmm-guest
Date: 2009-01-30 16:35:55 +0000 (Fri, 30 Jan 2009)
New Revision: 11115
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
new kernel issues
NFUs
gnumeric fixed
evolution no-dsa
ktorrent CVEfied
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-30 09:14:21 UTC (rev 11114)
+++ data/CVE/list 2009-01-30 16:35:55 UTC (rev 11115)
@@ -1,11 +1,12 @@
CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and ...)
- TODO: check
+ - linux-2.6 <unfixed>
+ - linux-2.6.24 <removed>
CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote ...)
NOT-FOR-US: Apple Safari on Windows
CVE-2009-0320 (Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-0319 (Unspecified vulnerability in the autofs module in the kernel in Sun ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2008-6004 (Cross-site scripting (XSS) vulnerability in search.php in AJ Auction ...)
NOT-FOR-US: AJ Auction Pro Platinum
CVE-2008-6003 (SQL injection vulnerability in sellers_othersitem.php in AJ Auction ...)
@@ -17,15 +18,15 @@
CVE-2008-6000 (The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity ...)
NOT-FOR-US: G DATA AntiVirus
CVE-2008-5999 (Cross-site scripting (XSS) vulnerability in the Ajax Checklist module ...)
- TODO: check
+ NOT-FOR-US: Ajax Checklist module for Drupal
CVE-2008-5998 (Multiple SQL injection vulnerabilities in the ajax_checklist_save ...)
- TODO: check
+ NOT-FOR-US: Ajax Checklist module for Drupal
CVE-2008-5997 (Absolute path traversal vulnerability in ...)
NOT-FOR-US: Omnicom Content Platform
CVE-2008-5996 (Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x ...)
- TODO: check
+ NOT-FOR-US: Simplenews module for Drupal
CVE-2008-5995 (Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA ...)
- TODO: check
+ NOT-FOR-US: freeCap CAPTCHA extension for Typo3
CVE-2008-5994 (Cross-site scripting (XSS) vulnerability in index.php in Check Point ...)
NOT-FOR-US: Check Point Connectra
CVE-2008-5993 (Directory traversal vulnerability in image.php in Barcode Generator 1D ...)
@@ -33,7 +34,7 @@
CVE-2008-5992 (Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) ...)
NOT-FOR-US: Jetik Emlak Sistem
CVE-2008-5991 (Directory traversal vulnerability in docs.php in MailWatch for ...)
- TODO: check
+ NOT-FOR-US: MailWatch for MailScanner
CVE-2008-5990 (Directory traversal vulnerability in connect/init.inc in emergecolab ...)
NOT-FOR-US: emergecolab
CVE-2008-5989 (Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and ...)
@@ -56,7 +57,7 @@
CVE-2009-XXXX [file inclusion vuln in util/barcode.php and XSS in horde3]
- horde3 3.2.2+debian0-2 (bug #513265)
CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python interpreter ...)
- - gnumeric <unfixed> (low; bug #513418)
+ - gnumeric 1.8.4-3 (low; bug #513418)
TODO: next point release: [etch] - gnumeric 1.6.3-5.1+etch2
[etch] - gnumeric <no-dsa> (Minor issue)
CVE-2009-0317 (Untrusted search path vulnerability in the Python language bindings ...)
@@ -176,7 +177,9 @@
CVE-2009-0272
RESERVED
CVE-2009-0269 (fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel ...)
- TODO: check
+ - linux-2.6 <unfixed>
+ [etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
+ - linux-2.6.24 <removed>
CVE-2009-0265 (Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not ...)
- bind9 <not-affected> (vulnerable code not present, introduced in 9.6.x)
CVE-2008-5968 (Directory traversal vulnerability in print.php in PHP iCalendar 2.24 ...)
@@ -652,13 +655,15 @@
CVE-2009-0122 (hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and ...)
- hplip <not-affected> (only a bug in ubuntus postinst script, we use our own postinst which is not vulnerable)
CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 1.0.42, ...)
- - libpng <unfixed> (low; bug #512665)
+ - libpng <unfixed> (unimportant; bug #512665)
CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in KTorrent ...)
- - ktorrent2.2 2.2.8.dfsg.1-1
+ - ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
- ktorrent 3.1.4+dfsg.1-1
+ [etch] - ktorrent <not-affected> (Doesn't include the web interface)
CVE-2008-5905 (The web interface plugin in KTorrent before 3.1.4 allows remote ...)
- - ktorrent2.2 2.2.8.dfsg.1-1
+ - ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
- ktorrent 3.1.4+dfsg.1-1
+ [etch] - ktorrent <not-affected> (Doesn't include the web interface)
CVE-2009-XXXX [unspecified multiple Drupal vulnerabilies, likely some overlap with the next temp entry]
- drupal6 6.6-3
CVE-2009-XXXX [unspecified Drupal SQL injection]
@@ -3556,11 +3561,6 @@
NOT-FOR-US: Simple PHP Scripts gallery
CVE-2008-4802 (Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP ...)
NOT-FOR-US: Simple PHP Scripts blog
-CVE-2008-XXXX [ktorrent issues]
- - ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
- - ktorrent 3.1.4+dfsg.1-1
- [etch] - ktorrent <not-affected> (Doesn't include the web interface)
- NOTE: CVE requested
CVE-2008-5076 (htop 0.7 writes process names to a terminal without sanitizing ...)
- htop <unfixed> (unimportant; bug #504144)
NOTE: That scenario is too constructed to call it a security issue, especially
@@ -9037,6 +9037,7 @@
- courier-authlib 0.60.1-2.1 (bug #485424)
CVE-2008-XXXX [missing sanity checks allow DoS via mis-formated timestamp]
- evolution 2.22.2-1.1 (low; bug #484639)
+ [etch] - evolution <no-dsa> (Minor issue)
CVE-2008-2559 (Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows ...)
NOT-FOR-US: Borland Interbase
CVE-2008-2558 (CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute ...)
@@ -12486,10 +12487,12 @@
[sarge] - xine-lib <not-affected> (Not affected per assessment of maintainer)
CVE-2008-1109 (Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted ...)
- evolution 2.22.2-1.1 (low; bug #484639)
+ [etch] - evolution <no-dsa> (Minor issue)
NOTE: Requires that the user accepts the iCalendar request and replies
NOTE: to it from the "Calendars" window.
CVE-2008-1108 (Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is ...)
- evolution 2.22.2-1.1 (low; bug #484639)
+ [etch] - evolution <no-dsa> (Minor issue)
NOTE: Requires that the ITip Formatter plugin is disabled, which is enabled by default.
CVE-2008-1107
RESERVED
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-01-30 09:14:21 UTC (rev 11114)
+++ data/spu-candidates.txt 2009-01-30 16:35:55 UTC (rev 11115)
@@ -167,6 +167,14 @@
--
+evolution (CVE-2008-1108, CVE-2008-1109)
+#484639
+
+evolution (no CVE)
+#484639
+
+--
+
exiv2 (CVE-2008-2696)
bug #486328
http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
More information about the Secure-testing-commits
mailing list