[Secure-testing-commits] r12199 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Thu Jun 25 17:34:33 UTC 2009 

Author: derevko-guest
Date: 2009-06-25 17:34:32 +0000 (Thu, 25 Jun 2009)
New Revision: 12199

Modified:
   data/CVE/list
Log:
- new xcftools, gupnp, ocsinventory-server issues
- adjust impact of OCS Inventory NG SQL Injection Vulnerability, it 
  can be exploited only if magic_quotes is off
- remove superfluous distribution tags in CVE-2009-0153, it was fixed in 
  icu 4.0.1-1 and stable and oldstable have a lower version
- CVE-2009-2121: track chromium-browser itp


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-25 16:51:46 UTC (rev 12198)
+++ data/CVE/list	2009-06-25 17:34:32 UTC (rev 12199)
@@ -23,9 +23,9 @@
 CVE-2009-2176 (Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a ...)
 	NOT-FOR-US: fuzzylime
 CVE-2009-2175 (Stack-based buffer overflow in the flattenIncrementally function in ...)
-	TODO: check
+	- xcftools <unfixed> (bug #533361)
 CVE-2009-2174 (GUPnP 0.12.7 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	- gupnp <unfixed> (low; bug #534594)
 CVE-2009-2173 (The LAN game feature in Carom3D 5.06 allows remote authenticated users ...)
 	NOT-FOR-US: Carom3D
 CVE-2009-2172 (Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in ...)
@@ -37,7 +37,7 @@
 CVE-2009-2167 (Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus ...)
 	NOT-FOR-US: EgyPlus 7ammel (aka 7ml)
 CVE-2009-2166 (Absolute path traversal vulnerability in cvs.php in OCS Inventory NG ...)
-	TODO: check
+	- ocsinventory-server 1.02.1-1 (medium; bug #531735)
 CVE-2009-2165 (SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and ...)
 	NOT-FOR-US: SerendipityNZ (aka SimpleBoxes) Serene Bach
 CVE-2009-2164 (Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, ...)
@@ -131,7 +131,7 @@
 CVE-2009-2122 (SQL injection vulnerability in viewimg.php in the Paolo Palmonari ...)
 	NOT-FOR-US: Photoracer plugin for WordPress
 CVE-2009-2121 (Buffer overflow in the browser kernel in Google Chrome before ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520324)
 CVE-2009-2170 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 ...)
 	{DSA-1822-1}
 	- mahara 1.1.5-1 (low)
@@ -718,7 +718,8 @@
 CVE-2009-1880 (Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows ...)
 	NOT-FOR-US: MT312
 CVE-2009-XXXX [OCS Inventory NG SQL Injection Vulnerability]
-	- ocsinventory-server 1.02.1-1 (medium; bug #531735)
+	- ocsinventory-server 1.02.1-1 (low; bug #531735)
+	NOTE: can be exploited only if magic_quotes is off
 CVE-2009-3870
 	REJECTED
 CVE-2009-1879
@@ -6946,9 +6947,7 @@
 CVE-2009-0154 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...)
 	NOT-FOR-US: Apple Type Services
 CVE-2009-0153 (International Components for Unicode (ICU) 4.0, 3.6, and other 3.x ...)
-	- icu 4.0.1-1
-	[lenny] - icu <unfixed> (low; bug #534590)
-	[etch] - icu <unfixed> (low; bug #534590)
+	- icu 4.0.1-1 (low; bug #534590)
 CVE-2009-0152 (iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL ...)
 	NOT-FOR-US: iChat in Apple Mac OS X
 CVE-2009-0151

More information about the Secure-testing-commits mailing list