[Secure-testing-commits] r12237 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Wed Jul 1 06:41:44 UTC 2009 

Author: derevko-guest
Date: 2009-07-01 06:41:41 +0000 (Wed, 01 Jul 2009)
New Revision: 12237

Modified:
   data/CVE/list
Log:
- NFUs
- stardict issue got a CVE id
- CVE-2009-1888 and CVE-2009-1886 fixed in unstable


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-30 21:14:25 UTC (rev 12236)
+++ data/CVE/list	2009-07-01 06:41:41 UTC (rev 12237)
@@ -3,25 +3,25 @@
 CVE-2009-2264
 	RESERVED
 CVE-2009-2263 (Directory traversal vulnerability in index.php in Awesome PHP Mega ...)
-	TODO: check
+	NOT-FOR-US: Mega File Manager
 CVE-2009-2262 (PHP remote file inclusion vulnerability in install/di.php in ...)
-	TODO: check
+	NOT-FOR-US: AjaxPortal
 CVE-2009-2261 (PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted ...)
-	TODO: check
+	NOT-FOR-US: PeaZIP
 CVE-2009-2260 (stardict 3.0.1, when Enable Net Dict is configured, sends the contents ...)
-	TODO: check
+	- stardict (low; bug #534731)
 CVE-2009-2259 (Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow ...)
-	TODO: check
+	NOT-FOR-US: PHP Address Book
 CVE-2009-2258 (Directory traversal vulnerability in cgi-bin/webcm in the ...)
-	TODO: check
+	NOT-FOR-US: Netgear DG632
 CVE-2009-2257 (The administrative web interface on the Netgear DG632 with firmware ...)
-	TODO: check
+	NOT-FOR-US: Netgear DG632
 CVE-2009-2256 (The administrative web interface on the Netgear DG632 with firmware ...)
-	TODO: check
+	NOT-FOR-US: Netgear DG632
 CVE-2009-2255 (Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative ...)
-	TODO: check
+	NOT-FOR-US: Zen Cart
 CVE-2009-2254 (Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative ...)
-	TODO: check
+	NOT-FOR-US: Zen Cart
 CVE-2009-2253
 	RESERVED
 CVE-2009-2252
@@ -879,14 +879,15 @@
 	RESERVED
 CVE-2009-1888 (The acl_group_override function in smbd/posix_acls.c in smbd in Samba ...)
 	{DSA-1823-1}
-	- samba <unfixed>
+	- samba 2:3.3.6-1 (low)
 	[etch] - samba <not-affected> (Vulnerable code not present)
+	NOTE: Successful exploitation requires that "dos filemode" is set to "yes" in smb.conf.
 CVE-2009-1887 (agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise ...)
 	- net-snmp <not-affected> (Vulnerable code not present)
 	NOTE: Red Hat incorrect fix for CVE-2008-4309. Checked code in oldstable and stable.
 CVE-2009-1886 (Multiple format string vulnerabilities in client/client.c in smbclient ...)
 	{DSA-1823-1}
-	- samba 2:3.3.0
+	- samba 2:3.3.6-1
 	[etch] - samba <not-affected> (Vulnerable code not present)
 CVE-2009-1885
 	RESERVED

More information about the Secure-testing-commits mailing list