[Secure-testing-commits] r12235 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Tue Jun 30 17:33:37 UTC 2009 

Author: derevko-guest
Date: 2009-06-30 17:33:30 +0000 (Tue, 30 Jun 2009)
New Revision: 12235

Modified:
   data/CVE/list
Log:
- NFUs
- CVE-2009-2044: non-issue, browser crash
- CVE-2009-1887: net-snmp is not-affected


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-30 15:48:44 UTC (rev 12234)
+++ data/CVE/list	2009-06-30 17:33:30 UTC (rev 12235)
@@ -53,9 +53,9 @@
 	- zoph <unfixed> (bug #535188)
 	NOTE: the details are unknown
 CVE-2008-6836 (Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before ...)
-	TODO: check
+	NOT-FOR-US: OpenID module for Drupal
 CVE-2008-6835 (Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, ...)
-	TODO: check
+	NOT-FOR-US: OpenID module for Drupal
 CVE-2009-XXXX [udev: creates aacraid devices that are rw by group floppy]
 	- udev 0.141-1 (medium; bug #530245; bug #462655; bug #404927)
 CVE-2009-XXXX [command injection in nagios]
@@ -490,8 +490,8 @@
 CVE-2009-2045 (The Cisco Video Surveillance Stream Manager firmware before 5.3, as ...)
 	NOT-FOR-US: Cisco
 CVE-2009-2044 (Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to ...)
-	- xulrunner <unfixed> (unknown)
-	TODO: check on the details once the Mozilla bug has been made public
+	- xulrunner <unfixed> (unimportant)
+	NOTE: Browser crashes not treated as security issues
 CVE-2009-2043 (nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows ...)
 	- xulrunner <unfixed> (unimportant)
 	NOTE: Browser crashes not treated as security issues
@@ -858,7 +858,8 @@
 	- samba <unfixed>
 	[etch] - samba <not-affected> (Vulnerable code not present)
 CVE-2009-1887 (agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise ...)
-	TODO: check
+	- net-snmp <not-affected> (Vulnerable code not present)
+	NOTE: Red Hat incorrect fix for CVE-2008-4309. Checked code in oldstable and stable.
 CVE-2009-1886 (Multiple format string vulnerabilities in client/client.c in smbclient ...)
 	{DSA-1823-1}
 	- samba 2:3.3.0

More information about the Secure-testing-commits mailing list