[Secure-testing-commits] r12054 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Fri Jun 5 22:31:21 UTC 2009
Author: derevko-guest
Date: 2009-06-05 22:31:21 +0000 (Fri, 05 Jun 2009)
New Revision: 12054
Modified:
data/CVE/list
Log:
- NFUs
- gst-plugins-good0.10 cveified
- CVE-2009-138{6,7}: openssl DoS
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-06-05 21:14:15 UTC (rev 12053)
+++ data/CVE/list 2009-06-05 22:31:21 UTC (rev 12054)
@@ -1,5 +1,5 @@
CVE-2009-1932 (Multiple integer overflows in the (1) user_info_callback, (2) ...)
- TODO: check
+ - gst-plugins-good0.10 0.10.15-2 (bug #531631)
CVE-2009-1931
RESERVED
CVE-2009-1930
@@ -31,31 +31,31 @@
CVE-2009-1917
RESERVED
CVE-2009-1916 (dig.php in GScripts.net DNS Tools allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: GScripts.net DNS Tools
CVE-2009-1915 (Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ...)
- TODO: check
+ NOT-FOR-US: ICQ
CVE-2009-1914 (The pci_register_iommu_region function in ...)
TODO: check
CVE-2009-1913 (SQL injection vulnerability in manager.php in LuxBum 0.5.5, when ...)
- TODO: check
+ NOT-FOR-US: LuxBum
CVE-2009-1912 (Directory traversal vulnerability in src/func/language.php in webSPELL ...)
- TODO: check
+ NOT-FOR-US: webSPELL
CVE-2009-1911 (Directory traversal vulnerability in .include/init.php (aka ...)
- TODO: check
+ NOT-FOR-US: QuiXplorer
CVE-2009-1910 (SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows ...)
- TODO: check
+ NOT-FOR-US: RTWebalbum
CVE-2009-1909 (SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and ...)
- TODO: check
+ NOT-FOR-US: Skip
CVE-2009-1908 (Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, ...)
- TODO: check
+ NOT-FOR-US: Skip
CVE-2009-1907 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Claroline
CVE-2008-6824 (The management interface on the A-LINK WL54AP3 and WL54AP2 access ...)
- TODO: check
+ NOT-FOR-US: A-LINK WL54AP3 and WL54AP2 access points
CVE-2008-6823 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: A-LINK WL54AP3 and WL54AP2 access points
CVE-2008-6822 (Unrestricted file upload vulnerability in uploadp.php in New Earth ...)
- TODO: check
+ NOT-FOR-US: NEPT Image Uploader
CVE-2009-1906 (The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before ...)
NOT-FOR-US: IBM DB2
CVE-2009-1905 (The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 ...)
@@ -217,8 +217,6 @@
NOT-FOR-US: Historic issues in proprietary Java
CVE-2003-1572 (Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned ...)
NOT-FOR-US: Historic issues in proprietary Java
-CVE-2009-XXXX [GStreamer Good Plug-ins PNG Processing Integer Overflow]
- - gst-plugins-good0.10 0.10.15-2 (bug #531631)
CVE-2009-XXXX [strongSwan Two Denial of Service Vulnerabilities]
- strongswan <unfixed> (medium; bug #531612)
[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3)
@@ -1380,9 +1378,11 @@
CVE-2009-1388
RESERVED
CVE-2009-1387 (The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in ...)
- TODO: check
+ - openssl <unfixed> (low; bug #532037)
+ - openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1386 (ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause ...)
- TODO: check
+ - openssl 0.9.8k-1 (low; bug #532037)
+ - openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1385 (Integer underflow in the e1000_clean_rx_irq function in ...)
TODO: check
CVE-2009-1384 (pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux ...)
More information about the Secure-testing-commits
mailing list