[Secure-testing-commits] r12302 - in data: . CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Tue Jul 7 06:49:25 UTC 2009 

Author: derevko-guest
Date: 2009-07-07 06:49:21 +0000 (Tue, 07 Jul 2009)
New Revision: 12302

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
NFUs
CVE-2009-2175 fixed in spu
two new fckeditor issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-06 21:50:29 UTC (rev 12301)
+++ data/CVE/list	2009-07-07 06:49:21 UTC (rev 12302)
@@ -5,49 +5,49 @@
 CVE-2009-2334
 	RESERVED
 CVE-2009-2333 (Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and ...)
-	TODO: check
+	NOT-FOR-US: CMS Chainuk
 CVE-2009-2332 (CMS Chainuk 1.2 and earlier allows remote attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: CMS Chainuk
 CVE-2009-2331 (Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and ...)
-	TODO: check
+	NOT-FOR-US: CMS Chainuk
 CVE-2009-2330 (Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in ...)
-	TODO: check
+	NOT-FOR-US: CMS Chainuk
 CVE-2009-2329 (KerviNet Forum 1.1 and earlier allows remote attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: KerviNet Forum
 CVE-2009-2328 (admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require ...)
-	TODO: check
+	NOT-FOR-US: KerviNet Forum
 CVE-2009-2327 (Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet ...)
-	TODO: check
+	NOT-FOR-US: KerviNet Forum
 CVE-2009-2326 (Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and ...)
-	TODO: check
+	NOT-FOR-US: KerviNet Forum
 CVE-2009-2325 (Directory traversal vulnerability in index.php in Clicknet CMS 2.1 ...)
-	TODO: check
+	NOT-FOR-US: Clicknet CMS
 CVE-2009-2324 (Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor ...)
-	TODO: check
+	- fckeditor 1:2.6.4.1-1 (medium; bug #536051)
 CVE-2009-2323 (The web interface on the Axesstel MV 410R redirects users back to the ...)
-	TODO: check
+	NOT-FOR-US: Axesstel MV 410R
 CVE-2009-2322 (Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the ...)
-	TODO: check
+	NOT-FOR-US: Axesstel MV 410R
 CVE-2009-2321 (cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Axesstel MV 410R
 CVE-2009-2320 (The web interface on the Axesstel MV 410R relies on client-side ...)
-	TODO: check
+	NOT-FOR-US: Axesstel MV 410R
 CVE-2009-2319 (The default configuration of the Wi-Fi component on the Axesstel MV ...)
-	TODO: check
+	NOT-FOR-US: Axesstel MV 410R
 CVE-2009-2318 (The Axesstel MV 410R allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: Axesstel MV 410R
 CVE-2009-2317 (The Axesstel MV 410R has a certain default administrator password, and ...)
-	TODO: check
+	NOT-FOR-US: Axesstel MV 410R
 CVE-2009-2316 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli
 CVE-2009-2315 (Unspecified vulnerability in Apple iPhone OS allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iPhone OS
 CVE-2009-2314 (Race condition in the Sun Lightweight Availability Collection Tool 3.0 ...)
-	TODO: check
+	NOT-FOR-US: Lightweight Availability Collection Tool
 CVE-2007-6728 (Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote ...)
-	TODO: check
+	NOT-FOR-US: XMB
 CVE-2007-6727 (SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows ...)
-	TODO: check
+	NOT-FOR-US: KerviNet Forum
 CVE-2009-XXXX [rails: password bypass]
 	- rails <not-affected> (high; bug #535896)
 	TODO: check after 2.3.x upload
@@ -212,7 +212,7 @@
 	- mapserver <unfixed> (medium; bug #535340)
 	NOTE: http://www.openwall.com/lists/oss-security/2009/06/22/2
 CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before ...)
-	TODO: check
+	- fckeditor 1:2.6.4.1-1 (medium; bug #536051)
 CVE-2009-2264
 	RESERVED
 CVE-2009-2263 (Directory traversal vulnerability in index.php in Awesome PHP Mega ...)
@@ -440,6 +440,7 @@
 	- xcftools <unfixed> (low; bug #533361)
 	[lenny] - xcftools <no-dsa> (Minor issue)
 	[etch] - xcftools <no-dsa> (Minor issue)
+	TODO: add after r3 [lenny] - xcftools 1.0.4-1+lenny1
 CVE-2009-2174 (GUPnP 0.12.7 allows remote attackers to cause a denial of service ...)
 	- gupnp 0.12.6-3.1 (low; bug #534594)
 CVE-2009-2173 (The LAN game feature in Carom3D 5.06 allows remote authenticated users ...)
@@ -1740,7 +1741,7 @@
 CVE-2009-1649 (Directory traversal vulnerability in arch.php in beLive 0.2.3 allows ...)
 	NOT-FOR-US: beLive
 CVE-2009-1648 (The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise ...)
-	TODO: check
+	NOT-FOR-US: yast2-ldap-server on SUSE
 CVE-2009-1647 (Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 ...)
 	NOT-FOR-US: Ultrafunk Popcorn
 CVE-2009-1646 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 ...)
@@ -4406,7 +4407,7 @@
 CVE-2009-0905
 	RESERVED
 CVE-2009-0904 (The IBM Stax XMLStreamWriter in the Web Services component in IBM ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2009-0903 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the ...)
 	NOT-FOR-US: WebSphere
 CVE-2009-0902

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-07-06 21:50:29 UTC (rev 12301)
+++ data/spu-candidates.txt	2009-07-07 06:49:21 UTC (rev 12302)
@@ -163,13 +163,6 @@
 
 --
 
-xcftools (CVE-2009-2175)
-#533361
-orphaned
-Jan Hauke Rahm will prepare a package for stable and oldstable (#533361)
-
---
-
 xemacs21 (CVE-2008-2142)
 bug #480877
 notified maintainer

More information about the Secure-testing-commits mailing list