[Secure-testing-commits] r12396 - data/CVE

Fri Jul 24 10:02:09 UTC 2009

Author: derevko-guest
Date: 2009-07-24 10:02:07 +0000 (Fri, 24 Jul 2009)
New Revision: 12396

Modified:
   data/CVE/list
Log:
- NFUs
- verlihub XSS vulnerabilities
- Wireshark Multiple Vulnerabilities
- Adobe Flash Player Remote Code Execution Vulnerability
- CVE-2009-2419 fixed in webkit 1.1.10-1


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-07-24 02:15:28 UTC (rev 12395)
+++ data/CVE/list	2009-07-24 10:02:07 UTC (rev 12396)
@@ -1,68 +1,68 @@
 CVE-2009-2584 (Off-by-one error in the options_write function in ...)
 	TODO: check
 CVE-2009-2583 (Multiple session fixation vulnerabilities in IBM Tivoli Identity ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli
 CVE-2009-2582 (Stack-based buffer overflow in manager.exe in Akamai Download Manager ...)
-	TODO: check
+	NOT-FOR-US: Akamai Download Manager
 CVE-2009-2581 (Cross-site scripting (XSS) vulnerability in modifier.php in ...)
-	TODO: check
+	NOT-FOR-US: EditeurScripts EsNews
 CVE-2009-2580
 	REJECTED
-	TODO: check
 CVE-2009-2579
 	RESERVED
 CVE-2009-2578 (Google Chrome 2.x through 2.0.172 allows remote attackers to cause a ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520324)
 CVE-2009-2577 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2009-2576 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-2575 (The Research In Motion (RIM) BlackBerry 8800 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: BlackBerry
 CVE-2009-2574 (index.php in MiniTwitter 0.2 beta allows remote authenticated users to ...)
-	TODO: check
+	NOT-FOR-US: MiniTwitter
 CVE-2009-2573 (Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when ...)
-	TODO: check
+	NOT-FOR-US: MiniTwitter
 CVE-2009-2572 (Cross-site request forgery (CSRF) vulnerability in the Fivestar module ...)
-	TODO: check
+	NOT-FOR-US: Drupal Module
 CVE-2009-2571 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
-	TODO: check
+	NOT-FOR-US: VerliAdmin
 CVE-2009-2570 (Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX ...)
-	TODO: check
+	NOT-FOR-US: Symantec WinFax Pro
 CVE-2009-2569 (Multiple cross-site scripting (XSS) vulnerabilities in Verlihub ...)
-	TODO: check
+	- verlihub <unfixed> (low; bug #538234)
+	NOTE: http://packetstorm.linuxsecurity.com/0905-exploits/verlihub-xss.txt
 CVE-2009-2568 (Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) ...)
-	TODO: check
+	NOT-FOR-US: Sorinara Streaming Audio Player
 CVE-2009-2567 (SQL injection vulnerability in the Almond Classifieds (com_aclassf) ...)
-	TODO: check
+	NOT-FOR-US: Joomla! component
 CVE-2008-6873 (SQL injection vulnerability in Active Web Mail 4.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Active Web Mail 4.0
 CVE-2008-6872 (ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the ...)
-	TODO: check
+	NOT-FOR-US: ASPThai.NET ASPThai Forums
 CVE-2008-6871 (Merlix Educate Server stores db.mdb under the web root with ...)
-	TODO: check
+	NOT-FOR-US: Merlix Educate Server
 CVE-2008-6870 (Merlix Educate Server allows remote attackers to bypass intended ...)
-	TODO: check
+	NOT-FOR-US: Merlix Educate Server
 CVE-2008-6869 (Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive ...)
-	TODO: check
+	NOT-FOR-US: Oramon Oracle Database Monitoring Tool
 CVE-2008-6868 (Cross-site scripting (XSS) vulnerability in default/login.php in ...)
-	TODO: check
+	NOT-FOR-US: EsBaseAdmin
 CVE-2009-2566 (Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly ...)
-	TODO: check
+	NOT-FOR-US: TFM MMPlayer
 CVE-2009-2565 (Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. ...)
 	NOT-FOR-US: Perl CGI's By Mrs. Shiromuku shiromuku
 CVE-2009-2564 (NOS Microsystems getPlus Download Manager for Adobe 1.6.2.36, and ...)
 	NOT-FOR-US: Adobe
 CVE-2009-2563 (Unspecified vulnerability in the Infiniband dissector in Wireshark ...)
-	TODO: check
+	- wireshark <unfixed> (bug #538234)
 CVE-2009-2562 (Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 ...)
-	TODO: check
+	- wireshark <unfixed> (bug #538234)
 CVE-2009-2561 (Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 ...)
-	TODO: check
+	- wireshark <unfixed> (bug #538234)
 CVE-2009-2560 (Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote ...)
-	TODO: check
+	- wireshark <unfixed> (bug #538234)
 CVE-2009-2559 (Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote ...)
-	TODO: check
+	- wireshark <unfixed> (bug #538234)
 CVE-2009-2558 (system/message.php in Admin News Tools 2.5 does not properly restrict ...)
 	NOT-FOR-US: Admin News Tools 
 CVE-2009-2557 (Directory traversal vulnerability in system/download.php in Admin News ...)
@@ -248,7 +248,8 @@
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 	NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-37.html
 CVE-2009-2468 (Integer overflow in CoreGraphics in Apple Mac OS X, as used in Mozilla ...)
-	TODO: check
+	NOT-FOR-US: CoreGraphics in Apple Mac OS X
+	NOTE: related issue to CVE-2009-1194
 CVE-2009-2467 (Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote ...)
 	{DSA-1840-1}
 	- xulrunner 1.9.0.12-1
@@ -431,7 +432,7 @@
 CVE-2009-2420 (Apple Safari 3.2.3 does not properly implement the file: protocol ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-2419 (Use-after-free vulnerability in the servePendingRequests function in ...)
-	TODO: check
+	- webkit 1.1.10-1
 CVE-2009-2418
 	RESERVED
 CVE-2009-2417
@@ -1823,7 +1824,7 @@
 CVE-2009-1863
 	RESERVED
 CVE-2009-1862 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x through ...)
-	TODO: check
+	- flashplugin-nonfree <unfixed> (bug #538240)
 CVE-2009-1861 (Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2009-1860 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 ...)


