[Secure-testing-commits] r12264 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Fri Jul 3 18:56:36 UTC 2009
Author: derevko-guest
Date: 2009-07-03 18:56:34 +0000 (Fri, 03 Jul 2009)
New Revision: 12264
Modified:
data/CVE/list
Log:
- NFUs
- CVE-2009-2285 already fixed in tiff 3.8.2-12
- CVE-2008-6845 fixed in clamav 0.94.dfsg-1
- CVE-2009-2210, CVE-2009-1392 fixed in icedove 2.0.0.22-1
- CVE-2008-6838 seems a duplicate of CVE-2008-3258
- zoph upstream reported another Cross-Site Scripting Vulnerability
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-07-03 18:45:28 UTC (rev 12263)
+++ data/CVE/list 2009-07-03 18:56:34 UTC (rev 12264)
@@ -51,7 +51,8 @@
CVE-2009-2287 (The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel ...)
TODO: check
CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 ...)
- TODO: check
+ - tiff 3.8.2-12 (low; bug #534137)
+ NOTE: this doesn't allow code execution, only a crash.
CVE-2009-2283 (Multiple cross-site scripting (XSS) vulnerabilities in the help jsp ...)
NOT-FOR-US: Sun Java Web Console in Solaris
CVE-2009-2282 (The Virtual Network Terminal Server daemon (vntsd) for Logical Domains ...)
@@ -61,17 +62,17 @@
CVE-2008-6846 (Multiple stack-based buffer overflows in avast! Linux Home Edition ...)
NOT-FOR-US: avast! Linux Home Edition
CVE-2008-6845 (The unpack feature in ClamAV 0.93.3 and earlier allows remote ...)
- TODO: check
+ - clamav 0.94.dfsg-1
CVE-2008-6844 (The registration view (/user/register) in eZ Publish 3.5.6 and ...)
- TODO: check
+ NOT-FOR-US: eZ Publish
CVE-2008-6843 (Directory traversal vulnerability in index.php in Fantastico, as used ...)
NOT-FOR-US: Fantastico
CVE-2008-6842 (Directory traversal vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Pluck
CVE-2008-6841 (PHP remote file inclusion vulnerability in the Green Mountain ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2008-6840 (Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 ...)
- TODO: check
+ NOT-FOR-US: V-webmail
CVE-2009-XXXX [multiple drupal issues]
- drupal6 <unfixed> (bug #535435)
- drupal5 <unfixed> (bug #535476)
@@ -179,7 +180,7 @@
CVE-2009-2234 (Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call ...)
NOT-FOR-US: VICIDIAL Call Center Suite
CVE-2009-2210 (Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow ...)
- - icedove <unfixed>
+ - icedove 2.0.0.22-1
- iceape <unfixed>
- kompozer <not-affected> (mail suite not compiled)
TODO: check on the details once the Mozilla bug has been made public
@@ -189,9 +190,14 @@
NOT-FOR-US: TGS Content Management
CVE-2008-6838 (Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 ...)
- zoph <unfixed> (low; bug #535188)
+ NOTE: it seems a duplicate of CVE-2008-3258
CVE-2008-6837 (SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to ...)
- zoph <unfixed> (bug #535188)
NOTE: the details are unknown
+CVE-2009-XXXX [Zoph Cross-Site Scripting Vulnerability]
+ - zoph <unfixed> (low; bug #535188)
+ NOTE: http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249
+ NOTE: http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128
CVE-2008-6836 (Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before ...)
NOT-FOR-US: OpenID module for Drupal
CVE-2008-6835 (Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, ...)
@@ -2353,7 +2359,7 @@
- xulrunner 1.9.0.11-1
[squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
- - icedove <unfixed>
+ - icedove 2.0.0.22-1
TODO: determine whether icedove truely affected or whether issue solely within xulrunner
CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in ...)
- perl 5.10.0-23 (medium; bug #532736)
More information about the Secure-testing-commits
mailing list